CN105740728B - Mobile terminal, data encryption or decryption method - Google Patents

Mobile terminal, data encryption or decryption method Download PDF

Info

Publication number
CN105740728B
CN105740728B CN201610194784.5A CN201610194784A CN105740728B CN 105740728 B CN105740728 B CN 105740728B CN 201610194784 A CN201610194784 A CN 201610194784A CN 105740728 B CN105740728 B CN 105740728B
Authority
CN
China
Prior art keywords
authorization code
mobile terminal
data
user
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610194784.5A
Other languages
Chinese (zh)
Other versions
CN105740728A (en
Inventor
吕森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yangpu box Digital Network Technology Co., Ltd
Original Assignee
Yangpu Box Digital Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yangpu Box Digital Network Technology Co Ltd filed Critical Yangpu Box Digital Network Technology Co Ltd
Priority to CN201610194784.5A priority Critical patent/CN105740728B/en
Publication of CN105740728A publication Critical patent/CN105740728A/en
Application granted granted Critical
Publication of CN105740728B publication Critical patent/CN105740728B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses a mobile terminal and a data encryption or decryption method, wherein the mobile terminal comprises: an authorization code generation unit that generates an authorization code for encrypting or decrypting data; and the transmission unit sends the authorization code so that the data can be encrypted or decrypted according to the authorization code after the other mobile terminals receiving the authorization code identify the authorization code. According to the invention, even if the user does not hold the mobile terminal, the authorization code can be sent through the mobile terminal held by the user, so that after the mobile terminal not held by the user receives the authorization code, the data in the mobile terminal not held can be encrypted or decrypted according to the authorization code; since the authorization code for encryption or decryption is sent by the mobile terminal held by the user, the encryption or decryption of the data in the mobile terminal not held by the user is controlled by the user, thereby ensuring that the data in the mobile terminal not held by the user can be protected according to the intention of the user.

Description

Mobile terminal, data encryption or decryption method
Technical Field
The invention relates to the technical field of mobile terminals, in particular to a mobile terminal and a data encryption or decryption method.
Background
Nowadays, people pay more and more attention to the security of data, especially the security of data in mobile terminals.
The mobile terminal often stores files of user important information or installs applications recording user important information, and the files or applications should be prevented from being opened by others.
At present, a user can only protect files or applications of a mobile terminal owned by the user, and data in the files or applications of the mobile terminal not owned by the user cannot be protected. Therefore, how to protect data in a mobile terminal that is not held by a user becomes an important issue.
Disclosure of Invention
The invention mainly aims to provide a mobile terminal and a data encryption or decryption method, and aims to solve the technical problem of protecting data of the mobile terminal which is not held by a user.
In order to achieve the above object, the present invention provides a mobile terminal, including: an authorization code generation unit that generates an authorization code for encrypting or decrypting data; and the transmission unit sends the authorization code so that other mobile terminals receiving the authorization code can encrypt or decrypt data according to the authorization code after recognizing the authorization code.
Optionally, in the mobile terminal, the authorization code generating unit generates the authorization code according to a preset secret key, so that the other mobile terminals verify the authorization code according to the password, and encrypt or decrypt data according to the authorization code after verification is successful.
Optionally, in the mobile terminal, after encrypting the authorization code, the transmission unit sends the encrypted authorization code to the other mobile terminals, so that the other mobile terminals encrypt or decrypt data according to the authorization code after decrypting the authorization code.
Optionally, in the mobile terminal, the authorization code generating unit is a secure encryption chip in a hardware form.
To achieve the above object, the present invention also provides a mobile terminal, including: the transmission unit receives and identifies authorization codes which are sent by other mobile terminals and used for encrypting or decrypting data; and the data encryption or decryption unit encrypts or decrypts the data according to the authorization code.
Optionally, the mobile terminal further includes: and the data encryption or decryption unit encrypts or decrypts the data according to the authorization code after the verification is successful.
Optionally, in the mobile terminal, the transmission unit receives the encrypted authorization code and decrypts the authorization code, so that the data encryption or decryption unit encrypts or decrypts data according to the authorization code.
Optionally, in the mobile terminal, the authorization code verifying unit and the data encrypting or decrypting unit are security encryption chips in a hardware form.
In order to achieve the above object, the present invention further provides a data encryption or decryption method, including: the first mobile terminal generates an authorization code for encrypting or decrypting data; and the first mobile terminal sends the authorization code so that other mobile terminals receiving the authorization code can encrypt or decrypt data according to the authorization code after recognizing the authorization code.
Optionally, in the foregoing method, the first mobile terminal generates the authorization code according to a preset secret key, so that the second mobile terminal verifies the authorization code according to the password, and encrypts or decrypts data according to the authorization code after the verification is successful.
Optionally, in the foregoing method, the first mobile terminal encrypts the authorization code and then sends the encrypted authorization code to the second mobile terminal, so that the second mobile terminal decrypts the authorization code and then encrypts or decrypts data according to the authorization code.
Optionally, in the foregoing method, the first mobile terminal generates the authorization code by using a secure encryption chip in a hardware form.
In order to achieve the above object, the present invention further provides a data encryption or decryption method, including: the second mobile terminal receives and identifies an authorization code which is sent by the first mobile terminal and used for encrypting or decrypting data; and the second mobile terminal encrypts or decrypts data according to the authorization code.
Optionally, the foregoing method further includes: and the second mobile terminal verifies the authorization code according to a preset secret key, and encrypts or decrypts data according to the authorization code after the verification is successful.
Optionally, in the foregoing method, the second mobile terminal receives the encrypted authorization code, decrypts the authorization code, and encrypts or decrypts data according to the authorization code.
Optionally, in the foregoing method, the second mobile terminal verifies the authorization code and encrypts or decrypts data by using a secure encryption chip in a hardware form.
According to the technical scheme, the mobile terminal and the data encryption or decryption method have the following advantages:
even if the user does not hold the mobile terminal, the authorization code can be sent through the mobile terminal held by the user, so that after the mobile terminal not held by the user receives the authorization code, the data in the mobile terminal not held can be encrypted or decrypted according to the authorization code; since the authorization code for encryption or decryption is sent by the mobile terminal held by the user, the encryption or decryption of the data in the mobile terminal not held by the user is controlled by the user, thereby ensuring that the data in the mobile terminal not held by the user can be protected according to the intention of the user.
Drawings
Fig. 1 is a schematic diagram of an alternative hardware architecture of a mobile terminal implementing various embodiments of the present invention;
FIG. 2 is a diagram of a wireless communication system for the mobile terminal shown in FIG. 1;
FIG. 3 is a block diagram of a mobile terminal according to one embodiment of the present invention;
FIG. 4 is a block diagram of a mobile terminal according to one embodiment of the present invention;
FIG. 4A is a block diagram of a design framework for a mobile terminal according to an embodiment of the present invention;
FIG. 5 is a block diagram of a mobile terminal according to one embodiment of the present invention;
FIG. 5A is a block diagram of a design framework for a mobile terminal according to an embodiment of the present invention;
FIG. 6 is a flow diagram of a method of encrypting or decrypting data according to one embodiment of the invention;
FIG. 7 is a flow diagram of a method of encrypting or decrypting data according to one embodiment of the invention;
FIG. 8 is a flow diagram of a method of encrypting or decrypting data according to one embodiment of the invention;
fig. 9 is a flowchart of a data encryption or decryption method according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
The mobile terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for moving purposes.
Fig. 1 is a schematic diagram of an alternative hardware structure of a mobile terminal that can implement various embodiments of the present invention.
The mobile terminal 100 may include a wireless communication unit 110, an a/V (audio/video) input unit 120, a user input unit 130, an output unit 150, a memory 160, an interface unit 170, a controller 180, and a power supply unit 190, and the like. Fig. 1 illustrates a mobile terminal having various components, but it is to be understood that not all illustrated components are required to be implemented. More or fewer components may alternatively be implemented. Elements of the mobile terminal will be described in detail below.
The wireless communication unit 110 typically includes one or more components that allow radio communication between the mobile terminal 100 and a wireless communication system or network. For example, the wireless communication unit may include at least one of a broadcast receiving module 111, a mobile communication module 112, a wireless internet module 113, a short-range communication module 114, and a location information module 115.
The broadcast receiving module 111 receives a broadcast signal and/or broadcast associated information from an external broadcast management server via a broadcast channel. The broadcast channel may include a satellite channel and/or a terrestrial channel. The broadcast management server may be a server that generates and transmits a broadcast signal and/or broadcast associated information or a server that receives a previously generated broadcast signal and/or broadcast associated information and transmits it to a terminal. The broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and the like. Also, the broadcast signal may further include a television orA radio broadcast signal. The broadcast associated information may also be provided via a mobile communication network, and in this case, the broadcast associated information may be received by the mobile communication module 112. The broadcast signal may exist in various forms, for example, it may exist in the form of an Electronic Program Guide (EPG) of Digital Multimedia Broadcasting (DMB), an Electronic Service Guide (ESG) of digital video broadcasting-handheld (DVB-H), and the like. The broadcast receiving module 111 may receive a signal broadcast by using various types of broadcasting systems. In particular, the broadcast receiving module 111 may receive a broadcast signal by using a signal such as multimedia broadcasting-terrestrial (DMB-T), digital multimedia broadcasting-satellite (DMB-S), digital video broadcasting-handheld (DVB-H), forward link media (MediaFLO)@) A digital broadcasting system of a terrestrial digital broadcasting integrated service (ISDB-T), etc. receives digital broadcasting. The broadcast receiving module 111 may be constructed to be suitable for various broadcasting systems that provide broadcast signals as well as the above-mentioned digital broadcasting systems. The broadcast signal and/or broadcast associated information received via the broadcast receiving module 111 may be stored in the memory 160 (or other type of storage medium).
The mobile communication module 112 transmits and/or receives radio signals to and/or from at least one of a base station (e.g., access point, node B, etc.), an external terminal, and a server. Such radio signals may include voice call signals, video call signals, or various types of data transmitted and/or received according to text and/or multimedia messages.
The wireless internet module 113 supports wireless internet access of the mobile terminal. The module may be internally or externally coupled to the terminal. The wireless internet access technology to which the module relates may include WLAN (wireless LAN) (Wi-Fi), Wibro (wireless broadband), Wimax (worldwide interoperability for microwave access), HSDPA (high speed downlink packet access), and the like.
The short-range communication module 114 is a module for supporting short-range communication. Some examples of short-range communication technologies include bluetoothTMRadio Frequency Identification (RFID), infrared data association (IrDA), Ultra Wideband (UWB), zigbeeTMAnd so on.
The location information module 115 is a module for checking or acquiring location information of the mobile terminal. A typical example of the location information module is a GPS (global positioning system). According to the current technology, the GPS module 115 calculates distance information and accurate time information from three or more satellites and applies triangulation to the calculated information, thereby accurately calculating three-dimensional current location information according to longitude, latitude, and altitude. Currently, a method for calculating position and time information uses three satellites and corrects an error of the calculated position and time information by using another satellite. In addition, the GPS module 115 can calculate speed information by continuously calculating current position information in real time.
The a/V input unit 120 is used to receive an audio or video signal. The a/V input unit 120 may include a camera 121 and a microphone 1220, and the camera 121 processes image data of still pictures or video obtained by an image capturing apparatus in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 151. The image frames processed by the camera 121 may be stored in the memory 160 (or other storage medium) or transmitted via the wireless communication unit 110, and two or more cameras 1210 may be provided according to the construction of the mobile terminal. The microphone 122 may receive sounds (audio data) via the microphone in a phone call mode, a recording mode, a voice recognition mode, or the like, and can process such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the mobile communication module 112 in case of a phone call mode. The microphone 122 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.
The user input unit 130 may generate key input data according to a command input by a user to control various operations of the mobile terminal. The user input unit 130 allows a user to input various types of information, and may include a keyboard, dome sheet, touch pad (e.g., a touch-sensitive member that detects changes in resistance, pressure, capacitance, and the like due to being touched), scroll wheel, joystick, and the like. In particular, when the touch pad is superimposed on the display unit 151 in the form of a layer, a touch screen may be formed.
The interface unit 170 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The identification module may store various information for authenticating a user using the mobile terminal 100 and may include a User Identity Module (UIM), a Subscriber Identity Module (SIM), a Universal Subscriber Identity Module (USIM), and the like. In addition, a device having an identification module (hereinafter, referred to as an "identification device") may take the form of a smart card, and thus, the identification device may be connected with the mobile terminal 100 via a port or other connection means. The interface unit 170 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal and the external device.
In addition, when the mobile terminal 100 is connected with an external cradle, the interface unit 170 may serve as a path through which power is supplied from the cradle to the mobile terminal 100 or may serve as a path through which various command signals input from the cradle are transmitted to the mobile terminal. Various command signals or power input from the cradle may be used as signals for recognizing whether the mobile terminal is accurately mounted on the cradle. The output unit 150 is configured to provide output signals (e.g., audio signals, video signals, alarm signals, vibration signals, etc.) in a visual, audio, and/or tactile manner. The output unit 150 may include a display unit 151, an audio output module 152, an alarm unit 153, and the like.
The display unit 151 may display information processed in the mobile terminal 100. For example, when the mobile terminal 100 is in a phone call mode, the display unit 151 may display a User Interface (UI) or a Graphical User Interface (GUI) related to a call or other communication (e.g., text messaging, multimedia file downloading, etc.). When the mobile terminal 100 is in a video call mode or an image capturing mode, the display unit 151 may display a captured image and/or a received image, a UI or GUI showing a video or an image and related functions, and the like.
Meanwhile, when the display unit 151 and the touch pad are overlapped with each other in the form of a layer to form a touch screen, the display unit 151 may serve as an input device and an output device. The display unit 151 may include at least one of a Liquid Crystal Display (LCD), a thin film transistor LCD (TFT-LCD), an Organic Light Emitting Diode (OLED) display, a flexible display, a three-dimensional (3D) display, and the like. Some of these displays may be configured to be transparent to allow a user to view from the outside, which may be referred to as transparent displays, and a typical transparent display may be, for example, a TOLED (transparent organic light emitting diode) display or the like. Depending on the particular desired implementation, the mobile terminal 100 may include two or more display units (or other display devices), for example, the mobile terminal may include an external display unit (not shown) and an internal display unit (not shown). The touch screen may be used to detect a touch input pressure as well as a touch input position and a touch input area.
The audio output module 152 may convert audio data received by the wireless communication unit 110 or stored in the memory 160 into an audio signal and output as sound when the mobile terminal is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output module 152 may provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output module 152 may include a speaker, a buzzer, and the like.
The alarm unit 153 may provide an output to notify the mobile terminal 100 of the occurrence of an event. Typical events may include call reception, message reception, key signal input, touch input, and the like. In addition to audio or video output, the alarm unit 153 may provide output in different ways to notify the occurrence of an event. For example, the alarm unit 153 may provide an output in the form of vibration, and when a call, a message, or some other incoming communication (incomingmunication) is received, the alarm unit 153 may provide a tactile output (i.e., vibration) to inform the user thereof. By providing such a tactile output, the user can recognize the occurrence of various events even when the user's mobile phone is in the user's pocket. The alarm unit 153 may also provide an output notifying the occurrence of an event via the display unit 151 or the audio output module 152.
The memory 160 may store software programs and the like for processing and controlling operations performed by the controller 180, or may temporarily store data (e.g., a phonebook, messages, still images, videos, and the like) that has been or will be output. Also, the memory 160 may store data regarding various ways of vibration and audio signals output when a touch is applied to the touch screen.
The memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. Also, the mobile terminal 100 may cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.
The controller 180 generally controls the overall operation of the mobile terminal. For example, the controller 180 performs control and processing related to voice calls, data communications, video calls, and the like. The controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.
The power supply unit 190 receives external power or internal power and provides appropriate power required to operate various elements and components under the control of the controller 180.
The various embodiments described herein may be implemented in a computer-readable medium using, for example, computer software, hardware, or any combination thereof. For a hardware implementation, the embodiments described herein may be implemented using at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a processor, a controller, a microcontroller, a microprocessor, an electronic unit designed to perform the functions described herein, and in some cases, such embodiments may be implemented in the controller 180. For a software implementation, the implementation such as a process or a function may be implemented with a separate software module that allows performing at least one function or operation. The software codes may be implemented by software applications (or programs) written in any suitable programming language, which may be stored in the memory 160 and executed by the controller 180.
Up to this point, mobile terminals have been described in terms of their functionality. Hereinafter, a slide-type mobile terminal among various types of mobile terminals, such as a folder-type, bar-type, swing-type, slide-type mobile terminal, and the like, will be described as an example for the sake of brevity. Accordingly, the present invention can be applied to any type of mobile terminal, and is not limited to a slide type mobile terminal.
The mobile terminal 100 as shown in fig. 1 may be configured to operate with communication systems such as wired and wireless communication systems and satellite-based communication systems that transmit data via frames or packets.
A communication system in which a mobile terminal according to the present invention is operable will now be described with reference to fig. 2.
Such communication systems may use different air interfaces and/or physical layers. For example, the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), and Universal Mobile Telecommunications System (UMTS) (in particular, Long Term Evolution (LTE)), global system for mobile communications (GSM), and the like. By way of non-limiting example, the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
Referring to fig. 2, the CDMA wireless communication system may include a plurality of mobile terminals 100, a plurality of Base Stations (BSs) 270, Base Station Controllers (BSCs) 275, and a Mobile Switching Center (MSC) 280. The MSC280 is configured to interface with a Public Switched Telephone Network (PSTN) 290. The MSC280 is also configured to interface with a BSC275, which may be coupled to the base station 270 via a backhaul. The backhaul may be constructed according to any of several known interfaces including, for example, E1/T1, ATM, IP, PPP, frame Relay, HDSL, ADSL, or xDSL. It will be understood that a system as shown in fig. 2 may include multiple BSCs 2750.
Each BS270 may serve one or more sectors (or regions), each sector covered by a multi-directional antenna or an antenna pointing in a particular direction being radially distant from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS270 may be configured to support multiple frequency allocations, with each frequency allocation having a particular frequency spectrum (e.g., 1.25MHz,5MHz, etc.).
The intersection of partitions with frequency allocations may be referred to as a CDMA channel. The BS270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology. In such a case, the term "base station" may be used to generically refer to a single BSC275 and at least one BS 270. The base stations may also be referred to as "cells". Alternatively, each sector of a particular BS270 may be referred to as a plurality of cell sites.
As shown in fig. 2, a Broadcast Transmitter (BT)295 transmits a broadcast signal to the mobile terminal 100 operating within the system. A broadcast receiving module 111 as shown in fig. 1 is provided at the mobile terminal 100 to receive a broadcast signal transmitted by the BT 295. In fig. 2, several Global Positioning System (GPS) satellites 300 are shown. The satellite 300 assists in locating at least one of the plurality of mobile terminals 100.
In fig. 2, a plurality of satellites 300 are depicted, but it is understood that useful positioning information may be obtained with any number of satellites. The GPS module 115 as shown in fig. 1 is generally configured to cooperate with satellites 300 to obtain desired positioning information. Other techniques that can track the location of the mobile terminal may be used instead of or in addition to GPS tracking techniques. In addition, at least one GPS satellite 300 may selectively or additionally process satellite DMB transmission.
As a typical operation of the wireless communication system, the BS270 receives reverse link signals from various mobile terminals 100. The mobile terminal 100 is generally engaged in conversations, messaging, and other types of communications. Each reverse link signal received by a particular base station 270 is processed within the particular BS 270. The obtained data is forwarded to the associated BSC 275. The BSC provides call resource allocation and mobility management functions including coordination of soft handoff procedures between BSs 270. The BSCs 275 also route the received data to the MSC280, which provides additional routing services for interfacing with the PSTN 290. Similarly, the PSTN290 interfaces with the MSC280, the MSC interfaces with the BSCs 275, and the BSCs 275 accordingly control the BS270 to transmit forward link signals to the mobile terminal 100.
Based on the above mobile terminal hardware structure and communication system, the present invention provides various embodiments of the method.
As shown in fig. 3, a first embodiment of the present invention provides a mobile terminal, including:
the authorization code generation unit 310 generates an authorization code for encrypting or decrypting data.
The transmission unit 320 sends the authorization code, so that after the other mobile terminals receiving the authorization code recognize the authorization code, data is encrypted or decrypted according to the authorization code. In this embodiment, the transmission unit 320 implements transmission of the authorization code in a wireless (WIFI, bluetooth, ZigBee, or the like) or network (4G, or the like) manner, which provides remote transmission in multiple manners. In this embodiment, a preset field may be added to the authorization code, and after the current mobile terminal transmits the authorization code to the network, the corresponding mobile terminal with identification capability can identify the authorization code according to the field in the authorization code, so as to encrypt and decrypt data, thereby preventing an unnecessary encryption and decryption operation from being triggered after an unrelated mobile terminal receives the authorization code.
In this embodiment, the current mobile terminal is equivalent to an authorized mobile terminal, and the other mobile terminals are equivalent to controlled mobile terminals, where the authorized mobile terminal provides an authorization code, the controlled terminal completes encryption and decryption based on the authorization code, and the controlled terminal device realizes control over a required encrypted file or application; and the corresponding data of the controlled terminal equipment becomes privatized by encrypting and decrypting the authorization code, so that the safety of the data is greatly improved. According to the technical scheme of the embodiment, since the authorization code for encryption or decryption is sent by the mobile terminal held by the user, the encryption or decryption of the data in the mobile terminal not held is controlled by the user, so that the data in the mobile terminal not held can be protected according to the intention of the user.
One application scenario according to the present embodiment is as follows: the method comprises the steps that the limitation of a controlled terminal used by children is completed through a mobile terminal of an adult, the adult sends an authorization code to the mobile terminal of the children through the mobile terminal of the adult, so that games or novel files in the mobile terminal of the children are encrypted, the children are limited, and the children cannot open the games and cannot read the novel.
A second embodiment of the present invention provides a mobile terminal, including:
the authorization code generating unit 310 generates an authorization code according to a preset key.
In this embodiment, each user has a unique key, so that it is ensured that the obtained authorization code is only used by the user, and it is avoided that other people obtain the authorization code to interfere with data encryption and decryption controlled by the user. Specifically, in the present embodiment, the authorization code generating unit 310 is a secure encryption chip in a hardware form, i.e., an ESE (embedded secure element) chip, as shown at 140 in fig. 1. The ESE chip takes the unique private key information as a key for generating the authorization code, and a unique authorization code is generated every time the authorization code is generated; in this embodiment, the generation of the authorization code is realized by relying on a high-level security encryption chip, the ESE is encrypted by hardware, the highest security level of EAL5+ + on the hardware is confirmed, and the generation of the authorization code in the ESE can greatly ensure the security; the hardware encryption unit ESE and the single authorization code generation mechanism are adopted to ensure the high level of file encryption and decryption, the method can ensure the dynamic property of the authorization code, and the security level is improved to a certain extent.
And the transmission unit 320 is used for encrypting the authorization code, then sending the authorization code to other mobile terminals, so that the other mobile terminals can verify the authorization code according to the password after decrypting the authorization code, and encrypting or decrypting the data according to the authorization code after successfully verifying the authorization code. In this embodiment, the transmission unit 320 encrypts the authorization code according to a certain authorization encryption algorithm, that is, encrypts the authorization code each time the transmission unit passes through, so as to prevent the authorization code from being intercepted when the transmission unit transmits the authorization code through a wireless or network.
One application scenario according to the present embodiment is as follows: when the controlled terminal equipment is a public use terminal, everyone needs to store own private file or application on the equipment, namely, an authorization code can be sent by an authorization mobile terminal held by the person, and the controlled mobile terminal is encrypted according to the authorization code; therefore, each user generates an authorization code according to the unique key of the user, so that each user can be privatized by a public terminal; when the user is willing to share the encrypted file or application information to the user at that time, the authorization code can be sent again, so that the controlled mobile terminal can decrypt the file or application according to the authorization code.
As shown in fig. 4, a third embodiment of the present invention provides a mobile terminal, including:
the transmission unit 410 receives and identifies an authorization code transmitted by another mobile terminal for encrypting or decrypting data. In this embodiment, the sender may add a preset field to the authorization code, and after the authorization code is propagated in the network, the receiver may identify the field as the authorization code according to the field, so as to encrypt and decrypt data, thereby preventing an unrelated mobile terminal from triggering unnecessary encryption and decryption operations after receiving the authorization code.
The data encryption or decryption unit 420 encrypts or decrypts data according to the authorization code. In this embodiment, the current mobile terminal is equivalent to a controlled mobile terminal, and the other mobile terminals are equivalent to authorized mobile terminals, where the authorized mobile terminal provides an authorization code, the controlled terminal completes encryption and decryption based on the authorization code, and the controlled terminal device realizes control over a required encrypted file or application; and the corresponding data of the controlled terminal equipment becomes privatized by encrypting and decrypting the authorization code, so that the safety of the data is greatly improved. The framework design diagram of the controlled mobile terminal and the authorized mobile terminal of the embodiment is shown in fig. 4A. According to the technical scheme of the embodiment, since the authorization code for encryption or decryption is sent by the mobile terminal held by the user, the encryption or decryption of the data in the mobile terminal not held is controlled by the user, so that the data in the mobile terminal not held can be protected according to the intention of the user.
One application scenario according to the present embodiment is as follows: the method comprises the steps that the limitation of a controlled terminal used by children is completed through a mobile terminal of an adult, the adult sends an authorization code to the mobile terminal of the children through the mobile terminal of the adult, so that games or novel files in the mobile terminal of the children are encrypted, the children are limited, and the children cannot open the games and cannot read the novel.
As shown in fig. 5, a fourth embodiment of the present invention provides a mobile terminal, including:
the transmission unit 510 receives the encrypted authorization code and decrypts the authorization code. In this embodiment, after the transmission unit 510 receives the authorization code, since the authorization code is encrypted, it is necessary to first complete decryption of the authorization code, and then transmit the decrypted authorization code to the authorization code checking unit.
The authorization code checking unit 520 checks the authorization code according to a preset key. In this embodiment, each user has a unique key, so that only the authorization code of one user can be successfully verified according to the preset key, the authorization code is guaranteed to be used by only one user, and the data encryption and decryption controlled by the user is prevented from being interfered by other people who obtain the authorization code. After receiving the authorization code, the authorization code verifying unit 520 verifies the authorized code through the unique private key information to obtain a verification result. Specifically, in this embodiment, the authorization code checking unit 520 is a hardware-type secure encryption chip, which is an ESE chip. The checking result comprises three conditions, namely, checking failure and no operation execution; when the verification result is authorized encryption, the ESE chip generates encryption information for encrypting the file or the application; and when the verification result is authorized decryption, the ESE chip generates decryption information for decrypting the file or the application.
And a data encryption or decryption unit 530 for encrypting or decrypting the data according to the authorization code after the verification is successful. Specifically, in this embodiment, the data encryption or decryption unit 530 is a secure encryption chip in a hardware form; ESE adopts hardware encryption, and hardware passes EAL5+ + highest security level authentication; the encryption and decryption algorithm is realized in the file encryption system, so that the security of file encryption can be greatly ensured. The framework design diagram of the controlled mobile terminal and the authorized mobile terminal of the embodiment is shown in fig. 5A.
One application scenario according to the present embodiment is as follows: when the controlled terminal equipment is a public use terminal, everyone needs to store own private file or application on the equipment, namely, an authorization code can be sent by an authorization mobile terminal held by the person, and the controlled mobile terminal is encrypted according to the authorization code; therefore, each user generates an authorization code according to the unique key of the user, so that each user can be privatized by a public terminal; when the user is willing to share the encrypted file or application information to the user at that time, the authorization code can be sent again, so that the controlled mobile terminal can decrypt the file or application according to the authorization code.
As shown in fig. 6, a fifth embodiment of the present invention provides a data encryption or decryption method, including:
at step 610, an authorization code for encrypting or decrypting data is generated.
Step 620, the authorization code is sent out, so that after other mobile terminals receiving the authorization code recognize the authorization code, data is encrypted or decrypted according to the authorization code. In this embodiment, the transmission of the authorization code is implemented in a wireless (WIFI, bluetooth, ZigBee, or the like) or network (4G, or the like) manner, which provides remote transmission in multiple manners. In this embodiment, a preset field may be added to the authorization code, and after the current mobile terminal transmits the authorization code to the network, the corresponding mobile terminal with identification capability can identify the authorization code according to the field in the authorization code, so as to encrypt and decrypt data, thereby preventing an unnecessary encryption and decryption operation from being triggered after an unrelated mobile terminal receives the authorization code.
In this embodiment, the current mobile terminal is equivalent to an authorized mobile terminal, and the other mobile terminals are equivalent to controlled mobile terminals, where the authorized mobile terminal provides an authorization code, the controlled terminal completes encryption and decryption based on the authorization code, and the controlled terminal device realizes control over a required encrypted file or application; and the corresponding data of the controlled terminal equipment becomes privatized by encrypting and decrypting the authorization code, so that the safety of the data is greatly improved. According to the technical scheme of the embodiment, since the authorization code for encryption or decryption is sent by the mobile terminal held by the user, the encryption or decryption of the data in the mobile terminal not held is controlled by the user, so that the data in the mobile terminal not held can be protected according to the intention of the user.
One application scenario according to the present embodiment is as follows: the method comprises the steps that the limitation of a controlled terminal used by children is completed through a mobile terminal of an adult, the adult sends an authorization code to the mobile terminal of the children through the mobile terminal of the adult, so that games or novel files in the mobile terminal of the children are encrypted, the children are limited, and the children cannot open the games and cannot read the novel.
As shown in fig. 7, a sixth embodiment of the present invention provides a data encryption or decryption method, including:
in step 710, an authorization code is generated according to a preset key.
In this embodiment, each user has a unique key, so that it is ensured that the obtained authorization code is only used by the user, and it is avoided that other people obtain the authorization code to interfere with data encryption and decryption controlled by the user. Specifically, in the present embodiment, the authorization code is generated using an ESE (embedded secure element) chip. The ESE chip takes the unique private key information as a key for generating the authorization code, and a unique authorization code is generated every time the authorization code is generated; in this embodiment, the generation of the authorization code is realized by relying on a high-level security encryption chip, the ESE is encrypted by hardware, the highest security level of EAL5+ + on the hardware is confirmed, and the generation of the authorization code in the ESE can greatly ensure the security; the high level of file encryption and decryption is ensured by adopting an ESE and single authorization code generation mechanism, the dynamism of authorization codes can be ensured, and the security level is improved to a certain extent.
And 720, after the authorization code is encrypted, the authorization code is sent to other mobile terminals, so that the other mobile terminals can verify the authorization code according to the password after decrypting the authorization code, and encrypt or decrypt data according to the authorization code after successfully verifying. In this embodiment, the authorization code is encrypted according to a certain authorization encryption algorithm, that is, the authorization code is encrypted each time, so that the authorization code is prevented from being intercepted when being transmitted through a wireless or network.
One application scenario according to the present embodiment is as follows: when the controlled terminal equipment is a public use terminal, everyone needs to store own private file or application on the equipment, namely, an authorization code can be sent by an authorization mobile terminal held by the person, and the controlled mobile terminal is encrypted according to the authorization code; therefore, each user generates an authorization code according to the unique key of the user, so that each user can be privatized by a public terminal; when the user is willing to share the encrypted file or application information to the user at that time, the authorization code can be sent again, so that the controlled mobile terminal can decrypt the file or application according to the authorization code.
As shown in fig. 8, a seventh embodiment of the present invention proposes a data encryption or decryption method, including:
and step 810, receiving and identifying an authorization code sent by other mobile terminals for encrypting or decrypting data. In this embodiment, the sender may add a preset field to the authorization code, and after the authorization code is propagated in the network, the receiver may identify the field as the authorization code according to the field, so as to encrypt and decrypt data, thereby preventing an unrelated mobile terminal from triggering unnecessary encryption and decryption operations after receiving the authorization code.
At step 820, the data is encrypted or decrypted according to the authorization code. In this embodiment, the current mobile terminal is equivalent to a controlled mobile terminal, and the other mobile terminals are equivalent to authorized mobile terminals, where the authorized mobile terminal provides an authorization code, the controlled terminal completes encryption and decryption based on the authorization code, and the controlled terminal device realizes control over a required encrypted file or application; and the corresponding data of the controlled terminal equipment becomes privatized by encrypting and decrypting the authorization code, so that the safety of the data is greatly improved. According to the technical scheme of the embodiment, since the authorization code for encryption or decryption is sent by the mobile terminal held by the user, the encryption or decryption of the data in the mobile terminal not held is controlled by the user, so that the data in the mobile terminal not held can be protected according to the intention of the user.
One application scenario according to the present embodiment is as follows: the method comprises the steps that the limitation of a controlled terminal used by children is completed through a mobile terminal of an adult, the adult sends an authorization code to the mobile terminal of the children through the mobile terminal of the adult, so that games or novel files in the mobile terminal of the children are encrypted, the children are limited, and the children cannot open the games and cannot read the novel.
As shown in fig. 9, an eighth embodiment of the present invention provides a data encryption or decryption method, including:
at step 910, the encrypted authorization code is received and decrypted. In this embodiment, after receiving the authorization code, since the authorization code is encrypted, the decryption of the authorization code needs to be completed first.
Step 920, the authorization code is checked against a predetermined key. In this embodiment, each user has a unique key, so that only the authorization code of one user can be successfully verified according to the preset key, the authorization code is guaranteed to be used by only one user, and the data encryption and decryption controlled by the user is prevented from being interfered by other people who obtain the authorization code. And after receiving the authorization code, verifying the authorized code through the unique private key information to obtain a verification result. Specifically, in the present embodiment, the ESE chip is used to verify the authorization code. The checking result comprises three conditions, namely, checking failure and no operation execution; when the verification result is authorized encryption, the ESE chip generates encryption information for encrypting the file or the application; and when the verification result is authorized decryption, the ESE chip generates decryption information for decrypting the file or the application.
At step 930, the data is encrypted or decrypted according to the authorization code after the verification is successful. Specifically, in the present embodiment, the ESE chip is used to encrypt or decrypt data; ESE adopts hardware encryption, and hardware passes EAL5+ + highest security level authentication; the encryption and decryption algorithm is realized in the file encryption system, so that the security of file encryption can be greatly ensured.
One application scenario according to the present embodiment is as follows: when the controlled terminal equipment is a public use terminal, everyone needs to store own private file or application on the equipment, namely, an authorization code can be sent by an authorization mobile terminal held by the person, and the controlled mobile terminal is encrypted according to the authorization code; therefore, each user generates an authorization code according to the unique key of the user, so that each user can be privatized by a public terminal; when the user is willing to share the encrypted file or application information to the user at that time, the authorization code can be sent again, so that the controlled mobile terminal can decrypt the file or application according to the authorization code.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (6)

1. A mobile terminal, comprising:
the authorization code generation unit generates an authorization code for encrypting or decrypting data according to a preset secret key, the secret key of each user is unique, the authorization code generation unit is a hardware-form security encryption chip, and a unique authorization code is generated each time the authorization code is generated;
and the transmission unit sends the authorization code so that other mobile terminals receiving the authorization code can encrypt or decrypt data according to the authorization code after recognizing the authorization code.
2. The mobile terminal of claim 1,
and after encrypting the authorization code, the transmission unit sends the authorization code to the other mobile terminals, so that the other mobile terminals can encrypt or decrypt data according to the authorization code after decrypting the authorization code.
3. A mobile terminal, comprising:
the transmission unit receives and identifies authorization codes which are sent by other mobile terminals and used for encrypting or decrypting data;
the authorization code verifying unit is used for verifying an authorization code according to a preset secret key, each user has a unique secret key, and the authorization code verifying unit is a hardware-form security encryption chip;
and the data encryption or decryption unit encrypts or decrypts the data according to the authorization code after the verification is successful, and the data encryption or decryption unit is a hardware-form security encryption chip.
4. The mobile terminal of claim 3,
the transmission unit receives the encrypted authorization code and decrypts the authorization code, so that the data encryption or decryption unit encrypts or decrypts data according to the authorization code.
5. A method for encrypting or decrypting data, comprising:
the first mobile terminal generates an authorization code for encrypting or decrypting data according to a preset secret key, the secret key of each user is unique, a security encryption chip in a hardware form is used for generating the authorization code, and a unique authorization code is generated every time the authorization code is generated;
and the first mobile terminal sends the authorization code, so that after the second mobile terminal receiving the authorization code identifies the authorization code, the data is encrypted or decrypted according to the authorization code.
6. A method for encrypting or decrypting data, comprising:
the second mobile terminal receives and identifies an authorization code which is sent by the first mobile terminal and used for encrypting or decrypting data;
verifying the authorization code according to a preset secret key, wherein the secret key of each user is unique, and a hardware-form security encryption chip is used for verifying the authorization code;
and after the verification is successful, the second mobile terminal encrypts or decrypts the data according to the authorization code.
CN201610194784.5A 2016-03-30 2016-03-30 Mobile terminal, data encryption or decryption method Active CN105740728B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610194784.5A CN105740728B (en) 2016-03-30 2016-03-30 Mobile terminal, data encryption or decryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610194784.5A CN105740728B (en) 2016-03-30 2016-03-30 Mobile terminal, data encryption or decryption method

Publications (2)

Publication Number Publication Date
CN105740728A CN105740728A (en) 2016-07-06
CN105740728B true CN105740728B (en) 2020-09-29

Family

ID=56253522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610194784.5A Active CN105740728B (en) 2016-03-30 2016-03-30 Mobile terminal, data encryption or decryption method

Country Status (1)

Country Link
CN (1) CN105740728B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108217349B (en) * 2017-12-06 2020-10-13 上海新时达电气股份有限公司 Elevator pre-authorization control system and debugging method
CN111539042B (en) * 2020-07-13 2020-10-30 南京云信达科技有限公司 Safe operation method based on trusted storage of core data files

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005662A (en) * 2006-11-15 2007-07-25 深圳凯虹移动通信有限公司 Mobile terminal with long-range control function and its long-range control method
CN101873587A (en) * 2010-05-27 2010-10-27 大唐微电子技术有限公司 Wireless communication device and method for realizing service security thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938490B (en) * 2010-09-17 2013-01-09 浙江大学 Remote control verification method for mobile Internet equipment
CN104063655B (en) * 2014-05-30 2019-08-06 小米科技有限责任公司 A kind of method and apparatus handling child mode
CN105245556A (en) * 2014-06-13 2016-01-13 中兴通讯股份有限公司 Intelligent mobile phone remote control method and device
CN104333544B (en) * 2014-10-26 2017-11-10 重庆智韬信息技术中心 Encryption method based on mobile terminal data file
CN105282148A (en) * 2015-09-17 2016-01-27 褚维戈 Data remote authentication system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005662A (en) * 2006-11-15 2007-07-25 深圳凯虹移动通信有限公司 Mobile terminal with long-range control function and its long-range control method
CN101873587A (en) * 2010-05-27 2010-10-27 大唐微电子技术有限公司 Wireless communication device and method for realizing service security thereof

Also Published As

Publication number Publication date
CN105740728A (en) 2016-07-06

Similar Documents

Publication Publication Date Title
CN104902463B (en) Mobile terminal, multi-card management method of virtual card terminal of mobile terminal and server
CN106027804B (en) Unlocking method and unlocking device of mobile terminal
CN106341817A (en) Access control system, access control method, mobile terminals and access server
CN104992109A (en) Method and device for password setting and method and device for password matching
CN106909851A (en) A kind of secure storage method of data and device
CN105096107B (en) Method and system for carrying out safe transfer through fingerprint identification
CN106529956A (en) Terminal and verification method of terminal payment
CN106375840A (en) Screen projection device, mobile terminal and screen projection connection method
CN106657606A (en) Photograph processing method, device and terminal
CN106332030B (en) A kind of communication means and device based on virtual card
CN106485163A (en) Control method and control device that mobile terminal data storehouse accesses
CN104935577B (en) Authentication method, smart card cloud, the cloud APP, apparatus and system
CN105282155B (en) Authority control method, device and system for interaction between terminals
CN106507343A (en) A kind of information processing method, mobile terminal and server
CN105740728B (en) Mobile terminal, data encryption or decryption method
CN105898736A (en) Mobile terminal and control method
CN105118116A (en) Security protection terminal, device and method
CN106792644A (en) Mobile terminal, server and information processing method
CN105184131B (en) A kind of apparatus and method for carrying out unlocking screen by connecting WI FI
CN105101188B (en) Method, system and device for preventing information leakage
CN106250752A (en) A kind of tripper, unlocking method, terminal and wearable device
CN106506785B (en) Terminal and encryption method for realizing terminal theft prevention
CN106535196A (en) Routing equipment, terminal and method for controlling WiFi access
CN106506786A (en) The terminal and method of protection user privacy information
CN104955091B (en) The method and device of test

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200904

Address after: Room 602a, 6th floor, building 1, Kaifeng City Square, Yuanyang Road, Yangpu Economic Development Zone, Danzhou City, Hainan Province, 578000

Applicant after: Yangpu box Digital Network Technology Co., Ltd

Address before: 518000 Guangdong Province, Shenzhen high tech Zone of Nanshan District City, No. 9018 North Central Avenue's innovation building A, 6-8 layer, 10-11 layer, B layer, C District 6-10 District 6 floor

Applicant before: NUBIA TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant