CN106161481A - A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk - Google Patents
A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk Download PDFInfo
- Publication number
- CN106161481A CN106161481A CN201610862710.4A CN201610862710A CN106161481A CN 106161481 A CN106161481 A CN 106161481A CN 201610862710 A CN201610862710 A CN 201610862710A CN 106161481 A CN106161481 A CN 106161481A
- Authority
- CN
- China
- Prior art keywords
- trigger
- result
- triggering
- data
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/02—Constructional features of telephone sets
- H04M1/23—Construction or mounting of dials or of equivalent devices; Means for facilitating the use thereof
- H04M1/236—Construction or mounting of dials or of equivalent devices; Means for facilitating the use thereof including keys on side or rear faces
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/72409—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of mobile terminal physical button isolation safe module and take precautions against the device of security risk, described device includes: security module, physical switch, authentication module, device hardware communication interface, mobile terminal operating system and application module, by with physical switch isolation or communication information security module and mobile terminal, make information security module can realize data communication according to the wish of mobile phone users, and after using, thoroughly disconnect communication connection, take precautions against the Malware in mobile terminal system, the security risk that leak or back door unauthorized access information security module cause.
Description
Technical field
The present invention relates to the device of a kind of field of computer technology communication security, particularly relate to a kind of mobile terminal physical by
Key isolation safe module takes precautions against the device of security risk.
Background technology
Along with the development of mobile Internet, mobile terminal system has increasing software support to move finance, mobile card
The purposes such as certificate and superencipherment, these softwares need to call hardware security module and realize DEA or storage/reading
Confidential information.But the Malwares such as the viral wooden horse on mobile terminal emerge in an endless stream, all-pervasive, make even if user closes
With the software of security module, but Malware is likely to be hidden in backstage, has intercepted and captured the access password of security module, and has privately connected
Connect security module steal secret information or access encryption function, cause serious threat to privacy of user or fund.
Conventional mobile device uses the common form of security module to have two kinds: one be security module is directly welded or
Prefabricated on the circuit board of mobile device, user cannot realizing self disassembling or disconnect circuit;Another kind is security module to be inserted
(such as SD card/TF card slot etc.) in the expansion slot of mobile device, user can pull out voluntarily or install, but user is general not
Security module can be pulled out easily and carry with, be easily lost because the security module volume after pulling out is the least.Therefore the most often
Rule mobile device is difficulty with user and disconnects security module fast, easily, this just to Malware with opportunity.
Chinese patent: a kind of network safety isolator (application number: 201610349446.4) discloses a kind of network peace
Full isolating device, including connector, the input of the outfan electrical connection fire wall of connector, the outfan electrical connection of fire wall
The input of data extraction apparatus, the outfan of the input electrical connection hard disk of data extraction apparatus, the input electrical connection number of hard disk
According to the outfan of updating device, the outfan of the input electrical connection Internet of data update apparatus.This network security is isolated
Device, the RJ45 interface using network general is input and the port of output, can be together in series with computer when in use,
Being easily installed and dismantle, easy to use, the information of virus and fire wall by downloading network high in the clouds in real time is compared, then
Through feedback circuit, information is fed back to control switch, control switch and automatically control its Guan Bi, thus block network.This patent
Or the technological means of the traditional firewall used, the information of virus and fire wall by downloading network high in the clouds in real time compares
To thus control the invasion of Malware, if the virus once occurred or rogue program, the isolation features of its isolating device then has
May not realize, thus cause the loss of system significant data, system sensitive data are connected with network in real time simultaneously, only depend on
By Firewall Protection, it also it is a kind of unsafe data guard method.
Summary of the invention
For the deficiency of prior art, the present invention provides a kind of mobile terminal physical button isolation safe module to take precautions against safety
The device of risk, it is possible to make user operate the physical switch on mobile terminal, the disconnection of safety or attachment security mould easily
Block, thus realize safer preventions, it is to avoid Malware silently calls security module and causes damage, described mobile terminal
At least include mobile terminal operating system, application module, security module, physical switch and device hardware communication interface;
Mobile terminal physical button isolation safe module takes precautions against the device of security risk, it is characterised in that described mobile whole
End at least includes application module, mobile terminal operating system, device hardware communication interface, physical switch and security module;
Described physical switch is used for the connecting path controlling between described security module and described device hardware communication interface,
Or, described physical switch is for controlling the power supply of described security module;
Be additionally provided with between described physical switch and security module for verify that described physical switch sends for disconnecting/connecting
Connect the authentication module of connecting path bind command information between security module and device hardware communication interface, and/or described thing
Be additionally provided with between reason switch and security module for verify that described physical switch sends for disconnecting/attachment security module for power supply
The authentication module of bind command information, and the proof procedure of described authentication module relates to the ciphering process of described bind command
And decrypting process.
According to one preferred embodiment, described authentication module is adopted including at least trigger data library unit, trigger message
Collection unit, triggering result timing unit and ciphertext unit;
Described trigger data library unit at least includes the first trigger data storehouse, the second trigger data storehouse, the 3rd trigger data
Storehouse and the 4th trigger data storehouse, wherein, described first trigger data storehouse includes at least containing fingerprint image, palmprint image and face
Contour images is in interior one or more image informations;Described second trigger data storehouse include at least containing compression frequency and/or
The pressure information of pressing duration;Described 3rd trigger data storehouse includes at least containing acceleration direction and/or acceleration change
Acceleration information;Described 4th trigger data storehouse include the one at least contained including sound frequency, tone color and intensity of sound or
Muli-sounds information.
According to one preferred embodiment, the ciphering process of described bind command includes: described authentication module is by described
Bind command information is divided into four data segments, and using the arrangement information of the data corresponding to each data segment and data segment as many
Individual be-encrypted data block;In ciphering process, the first triggering result when utilizing the first trigger data storehouse to successfully trigger completes the
The encryption of one data block, the information after its encryption is as the first ciphertext blocks;Utilize first data block and the second trigger data
The second triggering result when storehouse successfully triggers completes the encryption of second data block, and the information after its encryption is as the second ciphertext
Block;The 3rd triggering result when utilizing second data block and the 3rd trigger data storehouse to successfully trigger realizes the 3rd data block
Encryption, the information after its encryption is as the 3rd ciphertext blocks;When utilizing the 3rd data block and the 4th trigger data storehouse to successfully trigger
The 4th triggering result complete the encryption of fourth data block.
According to one preferred embodiment, the decrypting process of described bind command includes: described first trigger data storehouse
Image information based on mobile terminal trigger message collecting unit collection completes triggering and obtains the first triggering result, and by described
One triggers result sends to triggering result timing unit;Described second trigger data storehouse gathers single based on mobile terminal trigger message
The pressure information that unit gathers completes triggering and obtains the second triggering result, and triggers result transmission by described second to when triggering result
Sequence unit;Described 3rd trigger data storehouse acceleration information based on mobile terminal trigger message collecting unit collection completes to trigger
Obtain the 3rd triggering result, and trigger result transmission by the described 3rd to triggering result timing unit;Described 4th trigger data
Storehouse acoustic information based on mobile terminal trigger message collecting unit collection completes triggering and obtains the 4th triggering result, and by described
4th triggers result sends to triggering result timing unit.
According to one preferred embodiment, the decrypting process of described bind command also includes;Described triggering result sequential
Unit receives described first and triggers result, described second triggering result, described 3rd triggering result and described 4th triggering result,
And reception order is set with it reception order compare, when described triggering result timing unit reception order arrange with it
When reception order is identical, trigger result, described second triggering result, described 3rd triggering result and the described 4th by described first
Trigger result to send to ciphertext unit, occur 3 when the reception order of described triggering result timing unit arranges reception order with it
Secondary or more than 3 times different time, described trigger message collecting unit locks, no longer trigger collection information.
According to one preferred embodiment, the decrypting process of described bind command also includes: described ciphertext unit will connect
The the first triggering result received completes the first ciphertext blocks deciphering as initial key, it is thus achieved that the first data block;Described ciphertext unit will
The the second triggering result and the first data block that receive complete the second ciphertext blocks deciphering as two grades of beginning keys, it is thus achieved that the second data
Block;Receive the 3rd triggering result and the second data block are completed the 3rd ciphertext blocks solution as three grades of beginning keys by described ciphertext unit
Close, it is thus achieved that the 3rd data block;Described ciphertext unit is using complete as level Four key for the 4th triggering result and the 3rd data block received
Become the 4th ciphertext blocks deciphering, it is thus achieved that the 4th data block;And by described ciphertext unit based on the first data block, the second data block,
Connect described in the arrangement information of data segment in three data blocks and the 4th data block and the corresponding Data Synthesis of each data segment
Command information Data Concurrent deliver to security module in order to realize the disconnection of described device hardware communication interface and described security module/
Connect, or realize the power supply of disconnection/attachment security module.
According to one preferred embodiment, described mobile terminal operating system is used for supporting mobile terminal module and normally transports
The system environments of row;Described application module is the application program providing the user direct service function, and described application module is at place
Need to call security module during reason sensitive data carry out data operation or secret information storage and/or read;Described security module
It is responsible for mobile terminal and information password computing and/or secret information storage are provided;Described device hardware communication interface is responsible for and peace
Full module is connected and communicate with, and responds from the control instruction of operating system and to carry out information mutual with security module.
According to one preferred embodiment, described trigger message collecting unit is connected also with described trigger data library unit
For realizing the triggering to the information of collection;Described trigger data library unit is connected with described triggering result timing unit, for real
Now to the timing verification triggering result;Described triggering result timing unit is connected with ciphertext unit, is used for realizing utilizing triggering knot
Ciphertext blocks is deciphered by fruit.
According to one preferred embodiment, described physical switch is used for disconnecting security module and device hardware communication interface
Between connecting path, or disconnect the connection powered of security module, it is not necessary to can be straight by the proof procedure of authentication module
Connect and disconnect;
Physical switch described in user operation disconnects the path between described security module and described device hardware communication interface
Or after the power supply of security module, use what the described application module of described security module cannot be direct or indirect to call described safety
The function services that the data operation of module or secret information store and/or read.
According to one preferred embodiment, described physical switch is used for disconnecting security module and device hardware communication interface
Between connecting path, or disconnect the connection powered of security module, it is not necessary to can be straight by the proof procedure of authentication module
Connect and disconnect;
Physical switch described in user operation disconnects the path between described security module and described device hardware communication interface
Or after the power supply of security module, use what the described application module of described security module cannot be direct or indirect to call described safety
The function services that the data operation of module or secret information store and/or read.
According to one preferred embodiment, described device is to realize isolation safe module in the following way to take precautions against safety
Risk: be provided with between physical switch and the security module of described mobile terminal for verify that described physical switch sends for
The authentication module of the connecting path bind command information between disconnection/attachment security module and device hardware communication interface, or,
Be provided with between described physical switch and security module for verify that described physical switch sends for disconnecting/attachment security module
The authentication module of the bind command information of power supply, proof procedure relates to ciphering process and the decrypting process of described bind command;
The ciphering process of described bind command includes: described bind command information is divided into four data segments, and by each
The corresponding data of data segment and the arrangement information of data segment are as multiple be-encrypted data blocks;In ciphering process, utilize
The first triggering result when one trigger data storehouse successfully triggers completes the encryption of first data block, the information conduct after its encryption
First ciphertext blocks;The second triggering result when utilizing first data block and the second trigger data storehouse to successfully trigger completes second
The encryption of data block, the information after its encryption is as the second ciphertext blocks;Utilize second data block and the 3rd trigger data Kucheng
The 3rd triggering result when merit triggers realizes the encryption of the 3rd data block, and the information after its encryption is as the 3rd ciphertext blocks;Profit
The 4th triggering result when successfully triggering by the 3rd data block and the 4th trigger data storehouse completes the encryption of fourth data block;
The decrypting process of described bind command includes, described first trigger data storehouse gathers based on mobile terminal trigger message
The image information of unit collection completes triggering and obtains the first triggering result, and triggers result transmission by described first to triggering result
Timing unit;Described second trigger data storehouse pressure information based on mobile terminal trigger message collecting unit collection completes to trigger
Obtain the second triggering result, and trigger result transmission by described second to triggering result timing unit;Described 3rd trigger data
Storehouse acceleration information based on mobile terminal trigger message collecting unit collection completes triggering and obtains the 3rd triggering result, and by institute
State the 3rd triggering result to send to triggering result timing unit;Described 4th trigger data storehouse is adopted based on mobile terminal trigger message
The acoustic information of collection unit collection completes triggering and obtains the 4th triggering result, and triggers result transmission by the described 4th to triggering knot
Really timing unit;
Described triggering result timing unit receive described first trigger result, described second trigger result, the described 3rd touch
Send out result and described 4th trigger result, and reception order is set with it reception order compare, when described triggering result
The reception order of timing unit arrange with it reception order identical time, will described first triggering result, described second triggering result,
Described 3rd triggering result and the described 4th triggers result and sends to ciphertext unit, when the reception of described triggering result timing unit
Order arrange from it reception order occur 3 times or more than 3 times different time, the locking of described trigger message collecting unit, no longer gather
Trigger message;
Receive first triggering result is completed the first ciphertext blocks deciphering as initial key by described ciphertext unit, it is thus achieved that the
One data block;It is close that receive second triggering result and the first data block are completed second as two grades of beginning keys by described ciphertext unit
Literary composition block deciphering, it is thus achieved that the second data block;Described ciphertext unit triggers result and the second data block as three grades using the receive the 3rd
Beginning key completes the 3rd ciphertext blocks deciphering, it is thus achieved that the 3rd data block;The 4th triggering result and that described ciphertext unit will receive
Three data blocks complete the 4th ciphertext blocks deciphering as level Four key, it is thus achieved that the 4th data block;And by described ciphertext unit based on
The arrangement information of the data segment in one data block, the second data block, the 3rd data block and the 4th data block and each data segment
Bind command information data described in corresponding Data Synthesis sends to security module, in order to realize described device hardware communication interface
Disconnection with described security module/be connected, or realize the power supply of disconnection/attachment security module.
The invention have the advantages that
(1) present invention provides a kind of mobile terminal physical button isolation safe module to take precautions against the device of security risk, it is possible to
Make user operate the physical switch on mobile terminal, the disconnection of safety or attachment security module easily, thus realize more pacifying
Full preventions, it is to avoid Malware silently calls security module and causes damage, described mobile terminal at least includes mobile whole
End operating system, application module, security module, physical switch and device hardware communication interface.
(2) be provided with between physical switch the most of the present invention and security module for verify that described physical switch sends for
The authentication module of the connecting path bind command information between disconnection/attachment security module and device hardware communication interface, or behaviour
Disconnecting/the authentication module of the bind command information of attachment security module for power supply, proof procedure relates to described bind command
Ciphering process and decrypting process, thus ensure that the connection or the safety of ON-and OFF-command that physical switch sends;Simultaneously, it is to avoid
The connection produced during unconscious touching physical switch or ON-and OFF-command.
Accompanying drawing explanation
Fig. 1 is mobile terminal each functional module structure relation schematic diagram of the present invention;
Fig. 2 is the authentication module structural relation schematic diagram of the present invention;
Fig. 3 is the first trigger data library structure relation schematic diagram of the present invention;
Fig. 4 is the second trigger data library structure relation schematic diagram of the present invention;
Fig. 5 is the 3rd trigger data library structure relation schematic diagram of the present invention;With
Fig. 6 is the 4th trigger data library structure relation schematic diagram of the present invention.
Reference numerals list
101: mobile terminal 102: application module
103: mobile terminal operating system 104: device hardware communication interface
105: physical switch 106: security module
107: authentication module 201: trigger message collecting unit
202: trigger data library unit 203: trigger result timing unit
204: ciphertext unit 301: the first trigger data storehouse
302: image receiving unit 303: image storage unit
304: image identification unit 305: the first output arranges unit
306: the first output unit 401: the second trigger data storehouses
402: pressure information reception unit 403: pressure information memory element
404: pressure information recognition unit 405: the second output arranges unit
406: the second output unit 501: the three trigger data storehouses
502: acceleration information reception unit 503: acceleration information memory element
504: acceleration information recognition unit 505: the three output arranges unit
506: the three output unit 601: the four trigger data storehouses
602: acoustic information reception unit 603: sound information storage unit
604: acoustic information recognition unit 605: the four output arranges unit
606: the four output units
Detailed description of the invention
It is described in detail with embodiment below in conjunction with the accompanying drawings.
The invention provides a kind of mobile terminal physical button isolation safe module and take precautions against the device of security risk, described dress
Put and enable to the physical switch 105 that user operates on mobile terminal easily, the disconnection of safety or attachment security module 106,
Thus realizing safer preventions, it is to avoid Malware silently calls security module 106 and causes damage.The movement of the present invention
Terminal 101 can be implemented in a variety of manners.Such as, the terminal described in the present invention can include such as mobile phone, intelligence
Phone, notebook computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP (portable many matchmakers
Body player), the mobile terminal of guider etc. and such as numeral TV, desk computer etc. terminal unit.Below, false
If terminal is mobile terminal.However, it will be understood by those skilled in the art that, except be used in particular for mobile purpose element it
Outward, structure according to the embodiment of the present invention can also apply to the terminal of fixed type.
Fig. 1 shows mobile terminal 101 of the present invention each functional module structure relation schematic diagram, described mobile terminal
101 at least include application module 102, mobile terminal operating system 103, device hardware communication interface 104, physical switch 105, peace
Full module 106 and authentication module 107.It is properly functioning that described mobile terminal operating system 103 is used for supporting mobile terminal 101 software
System environments.According to one preferred embodiment, described operating system can be that iOS operating system, Android operate system
System or Windows Phone operating system, Windows operating system or (SuSE) Linux OS etc..Described application module 102 is
Providing the user the software program of direct service function, it needs to call security module 106 when processing sensitive data and counts
Store according to computing or secret information/read.Described security module 106 be responsible for mobile terminal 101 provide information password computing or
The functions such as secret information storage.Described physical switch 105, operable its of user be used for disconnecting/attachment security module 106 and equipment
Connecting path between hardware communication interface 104, or operation disconnection/attachment security module 106 power.Described device hardware communication
Interface 104 is responsible for being connected and communicate with security module 106, response from operating system control instruction and with security module 106
Alternately.Be additionally provided with between described physical switch 105 and security module 106 for verify that described physical switch 105 sends for
The authentication module of the connecting path bind command information between disconnection/attachment security module 106 and device hardware communication interface 104
107, or the authentication module 107 of the bind command information of operation disconnection/attachment security module 106 power supply, proof procedure relates to right
The ciphering process of described bind command and decrypting process.According to one preferred embodiment, described physical switch 105 is used for breaking
Open the connecting path between security module 106 and device hardware communication interface 104, or operation disconnects security module 106 power supply
During connection, it is not necessary to can directly be disconnected by the proof procedure of authentication module, it is achieved thereby that described authentication module 107
And the function connecting quickly disconnection between mobile terminal 101.
As in figure 2 it is shown, described authentication module 107 is including at least trigger message collecting unit 201, trigger data library unit
202, result timing unit 203 and ciphertext unit 204 are triggered., described trigger message collecting unit 201 and described trigger data storehouse
Unit 202 is connected, for realizing the triggering of collection information.Described trigger data library unit 202 and described triggering result sequential list
Unit 203 is connected, and in described trigger data library unit 202, each trigger data storehouse is single for realizing respectively the collection of described trigger message
First 201 information gathered are identified triggering, and export triggering result extremely triggering result timing unit 203, realize triggering simultaneously
The timing verification of result.Described triggering result timing unit 203 is connected with ciphertext unit 204, is used for realizing utilizing triggering result
Carry out ciphertext blocks decrypting process.According to one preferred embodiment, described first output arranges unit to the 4th output setting
The result data that triggers of unit arranges triggering when triggering result data content and trigger unsuccessfully including arranging when triggering successfully
Result data content.
Described trigger message acquisition database 201 includes image information, pressure information, acceleration information harmony for collection
Message ceases at the interior trigger message corresponding with trigger data library unit 202.Described trigger message collecting unit 201 will gather
Information data sends to data bases different in trigger data library unit 202.Described trigger data library unit 202 is for comprising image
Four trigger data storehouses of information, pressure information, acceleration information and acoustic information.Including at least contain fingerprint image,
Palmprint image and face contour image are in the first trigger data storehouse 301 of interior one or more image informations.Including at least
Containing compression frequency and/or the second trigger data storehouse 401 of pressing duration information.Including at least containing acceleration direction
And/or the 3rd trigger data storehouse 501 of size variation information.Including at least containing sound frequency, tone color and intensity of sound
The 4th trigger data storehouse 601 in one or more interior information.Described triggering result timing unit 203 receives the first triggering knot
Fruit triggers result to the 4th.And described reception order is set reception order with it compare.When its reception order sets with it
Put reception order the most identical time, by first trigger result to the 4th trigger result send to ciphertext unit 204.When its reception order with
When it arranges reception order 3 times or more than 3 times differences of appearance, the trigger message collecting unit 201 of locking mobile terminal 101, no
Trigger collection information again.Described ciphertext unit 204 triggers, for receiving, the trigger data storehouse 202 that result timing unit 203 sends
In the triggering result in each trigger data storehouse.Described ciphertext unit 204 triggers result based on each and completes what physical switch 105 sent
Described bind command information decrypting process, thus realize the disconnected of described device hardware communication interface 104 and described security module 106
Open/connect, or realize the power supply of disconnection/attachment security module 106.
Described trigger data library unit 202 includes first trigger data storehouse the 301, second trigger data storehouse the 401, the 3rd triggering
Data base 501 and the 4th trigger data storehouse 601, in described trigger data library unit 202, each trigger data storehouse is for realizing respectively
The information gathering described trigger message collecting unit 201 is identified triggering, and exports triggering result to triggering result sequential
Unit 203.In described trigger data library unit 202, each trigger data storehouse is for realizing described trigger message collecting unit respectively
201 information gathered are identified triggering, and export triggering result to triggering result timing unit 203.
As it is shown on figure 3, described first trigger data storehouse 301 includes image receiving unit 302, image storage unit 303, figure
As recognition unit the 304, first output arranges unit 305 and the first output unit 306.Wherein, described image receiving unit 302 is used
In receiving the image information that trigger message collecting unit 201 gathers, and send it to image identification unit 304.Described image
Memory element 303 is for storing the fingerprint image of user setup, palmprint image or face contour image information.Described image recognition
Unit 304 is for realizing the image storing or arranging in the image to image receiving unit 302 transmission and image storage unit 303
Information carries out contrast and identifies, and sends the result identifying success or recognition failures to the first output unit 306.Wherein said
One output arranges unit 305 and is configured for the concrete data content realized exporting result, and described setting includes arranging knowledge
Output information during success and output information time recognition failures is set.Described first output unit 306 is based on image recognition
The identification success of unit 304 transmission or recognition failures information and the first output arrange the data content of unit 305 setting and complete number
According to output, these data output result is the first triggering result.
As shown in Figure 4, described second trigger data storehouse 401 includes that pressure information receives unit 402, pressure information storage list
Unit 403, pressure information recognition unit 404, second output arrange unit 405 and the second output unit 406, wherein said second defeated
Go out to arrange unit 405 for arranging the data content of the second triggering result.Wherein, described pressure information reception unit 402 is used for
Receive the pressure information that trigger message collecting unit 201 gathers, and send it to pressure information recognition unit 404.Described pressure
Force information memory element 403 is for storing the pressure information including compression frequency and/or pressing duration of user setup.Institute
State pressure information recognition unit 404 to deposit for the pressure information and pressure information realizing pressure information is received unit 402 transmission
The pressure information stored in storage unit 403 or arrange carries out contrast and identifies, and the result identifying success or recognition failures is sent
To the second output unit 406.Wherein said second output arranges unit 405 for realizing the concrete data content to output result
It is configured, output information when described setting includes the output information arranged when identifying successfully and arranges recognition failures.Described
Identification success or recognition failures information and second that second output unit 406 sends based on pressure information recognition unit 404 export
The data content arranging unit 405 setting completes data output, and these data output result is the second triggering result.
As it is shown in figure 5, described 3rd trigger data storehouse 501 includes that acceleration information receives unit 502, acceleration information is deposited
The output of storage unit 503, acceleration information recognition unit the 504, the 3rd arranges unit 505 and the 3rd output unit 506, wherein said
3rd output arranges unit 505 for arranging the data content of the 3rd triggering result.Wherein, described acceleration information receives unit
502 for receiving the acceleration information that trigger message collecting unit 201 gathers, and sends it to acceleration information recognition unit
504.Described acceleration information memory element 503 includes acceleration direction and/or acceleration magnitude for store user setup
Change information is at interior acceleration information.Described acceleration information recognition unit 504 is single for realizing acceleration information reception
The acceleration information storing or arranging in the acceleration information of unit 502 transmission and acceleration information memory element 503 contrasts
Identify, and the result identifying success or recognition failures is sent to the 3rd output unit 506.Wherein said 3rd output arranges list
The concrete data content of output result is configured for realizing by unit 505, and it is defeated that described setting includes arranging when identifying successfully
Output information when going out information and recognition failures is set.Described 3rd output unit 506 is based on acceleration information recognition unit 504
The identification success sent or recognition failures information and the 3rd output arrange the data content of unit 505 setting and complete data output,
These data output result is the 3rd triggering result.
As shown in Figure 6, described 4th trigger data storehouse 601 includes that acoustic information receives unit 602, acoustic information storage list
Unit 603, acoustic information recognition unit the 604, the 4th output arrange unit 605 and the 4th output unit 606, wherein said 4th defeated
Go out to arrange unit 605 for arranging the data content of the 4th triggering result.Wherein, described acoustic information reception unit 602 is used for
Receive the acoustic information that trigger message collecting unit 201 gathers, and send it to acoustic information recognition unit 604.Described sound
Sound information memory cell 603 is for storing the one including sound frequency, tone color and intensity of sound or many of user setup
The information of kind.Described acoustic information recognition unit 604 is for realizing receiving acoustic information the acoustic information harmony of unit 602 transmission
Storage or the acoustic information of setting in sound information memory cell 603 carry out contrast and identify, and will identify success or recognition failures
Result send to the 4th output unit 606.Wherein said 4th output arranges unit 605 for realizing the tool to output result
Volume data content is configured, output when described setting includes the output information arranged when identifying successfully and arranges recognition failures
Information.Identification success that described 4th output unit 606 sends based on acoustic information recognition unit 604 or recognition failures information and
4th output arranges the data content of unit 605 setting and completes data output, and these data output result is the 4th triggering result.
Meanwhile, it is additionally provided with between described physical switch 105 and security module 106 for verifying described physical switch 105
Send for disconnecting/connecting path bind command information between attachment security module 106 and device hardware communication interface 104
Authentication module 107, or the authentication module 107 of the bind command information of operation disconnection/attachment security module 106 power supply, authenticated
Journey relates to the ciphering process to described bind command and decrypting process.Described ciphering process includes: by described bind command information
It is divided into four data segments, and using the corresponding data of each data segment and the arrangement information of data segment as multiple be-encrypted data
Block.In ciphering process, the first triggering object information when utilizing the first trigger data storehouse 301 to successfully trigger completes the first number
Encryption according to block.Information after its encryption is as the first ciphertext blocks.First data block is utilized to become with the second trigger data storehouse 401
The second triggering object information when merit triggers completes the encryption of second data block.Information after its encryption is as the second ciphertext
Block.The 3rd triggering object information when utilizing second data block and the 3rd trigger data storehouse 501 to successfully trigger realizes the 3rd
The encryption of data block, the information after its encryption is as the 3rd ciphertext blocks.Utilize the 3rd data block and the 4th trigger data storehouse 601
The 4th triggering object information when successfully triggering completes the encryption of fourth data block.
Described decrypting process includes, described first trigger data storehouse 301 is based on mobile terminal 101 trigger message collecting unit
201 image informations gathered complete to trigger, and will trigger result transmission to triggering result timing unit 203.It triggers result
First triggers result.The pressure that described second trigger data storehouse 401 gathers based on mobile terminal 101 trigger message collecting unit 201
Force information completes to trigger, and will trigger result transmission to triggering result timing unit 203.It triggers result is the second triggering knot
Really.The acceleration information that described 3rd trigger data storehouse 501 gathers based on mobile terminal 101 trigger message collecting unit 201 is complete
Become to trigger, and result transmission will be triggered to triggering result timing unit 203.It triggers result is the 3rd triggering result.Described
Four trigger data storehouses 601 complete to trigger based on the acoustic information that mobile terminal 101 trigger message collecting unit 201 gathers, and will
Triggering result sends to triggering result timing unit 203, and it triggers result is the 4th triggering result.Described triggering result sequential list
Unit 203 receives the first triggering result and triggers result to the 4th.And described reception order is set reception order with it compare.
When its reception order arrange with it reception order identical time, trigger result by first and trigger result transmission to ciphertext unit to the 4th
204.When its reception order arrange from it reception order occur 3 times or more than 3 times different time, lock the triggering of mobile terminal 101
Information acquisition unit 201, no longer trigger collection information.Described ciphertext unit 204 is used for receiving triggering result timing unit 203
The triggering result in each trigger data storehouse in the trigger data storehouse 202 sent.The first triggering result that described ciphertext unit 204 will receive
The first ciphertext blocks deciphering is completed, it is thus achieved that the first data block as initial key.The second triggering that described ciphertext unit 204 will receive
Result and the first data block complete the second ciphertext blocks deciphering as two grades of beginning keys, it is thus achieved that the second data block.Described ciphertext unit
Receive the 3rd triggering result and the second data block are completed the 3rd ciphertext blocks deciphering as three grades of beginning keys by 204, it is thus achieved that the 3rd
Data block.It is close that receive the 4th triggering result and the 3rd data block are completed the 4th as level Four key by described ciphertext unit 204
Literary composition block deciphering, it is thus achieved that the 4th data block.And by described ciphertext unit 204 based on the first data block, the second data block, the 3rd data
Bind command letter described in the arrangement information of data segment in block and the 4th data block and the corresponding Data Synthesis of each data segment
Breath data send to security module 106 unit.Realize the disconnected of described device hardware communication interface 104 and described security module 106
Open/connect, or realize the power supply of disconnection/attachment security module 106.
According to one preferred embodiment, physical switch 105 described in user operation disconnects described security module 106 and institute
After stating the power supply of the path between device hardware communication interface 104 or security module 106, use the institute of described security module 106
State the data operation calling described security module 106 or secret information storage that application module 102 cannot be direct or indirect and/or
The function services read.
Embodiment 1
Realized between attachment security module 106 and device hardware communication interface 104 by physical switch 105 with the present invention
Illustrate as a example by connecting path, or the connection of operation attachment security module 106 power supply.Physical switch of the present invention 105 with
Be provided with between security module 106 for verify that described physical switch 105 sends for attachment security module 106 and device hardware
The authentication module 107 of the connecting path bind command information between communication interface 104, or operation attachment security module 106 power
The authentication module 107 of bind command information, proof procedure relates to the ciphering process to described bind command and decrypting process.Institute
State ciphering process to include: described bind command information is divided into four data segments, and by the corresponding data of each data segment and
The arrangement information of data segment is as 4 be-encrypted data blocks.In ciphering process, the first trigger data storehouse 301 is utilized successfully to touch
The first triggering object information when sending out completes the encryption of first data block.Information after its encryption is as the first ciphertext blocks.Root
According to one preferred embodiment, described first triggering object information can be " image information is proved to be successful ", " first triggers number
Trigger successfully according to storehouse " etc. information.The second triggering knot when utilizing first data block and the second trigger data storehouse 401 to successfully trigger
Really information completes the encryption of second data block.Information after its encryption is as the second ciphertext blocks.According to a preferred enforcement
Mode, described second triggering object information can be " pressure information is proved to be successful ", " the second trigger data storehouse is triggered successfully " etc.
Information.The 3rd triggering object information when utilizing second data block and the 3rd trigger data storehouse 501 to successfully trigger realizes the 3rd
The encryption of individual data block, the information after its encryption is as the 3rd ciphertext blocks.According to one preferred embodiment, the described 3rd touch
Sending out object information can be the information such as " acceleration information is proved to be successful " and " the 3rd trigger data storehouse is triggered successfully ".Utilize the 3rd
The 4th triggering object information when individual data block and the 4th trigger data storehouse 601 successfully trigger completes adding of fourth data block
Close.Information after its encryption is as the 4th ciphertext blocks.According to one preferred embodiment, described 4th triggering object information can
To be the information such as " acoustic information is proved to be successful " and " the 4th trigger data storehouse is triggered successfully ".
Described decrypting process includes, described first trigger data storehouse 301 is based on mobile terminal 101 trigger message collecting unit
201 image informations gathered complete to trigger, and will trigger result transmission to triggering result timing unit 203.It triggers result
First triggers result.According to one preferred embodiment, its image information gathered includes the finger of mobile terminal 101 user
Print image, palmprint image and face contour image.According to one preferred embodiment, adopt when trigger message collecting unit 201
When the image information of collection is successfully completed the triggering with the first trigger data storehouse 301, its first triggering result is that the first output is arranged
Output information when identifying successfully that unit 305 is arranged.
The pressure information that described second trigger data storehouse 401 gathers based on mobile terminal 101 trigger message collecting unit 201
Complete to trigger, and result transmission will be triggered to triggering result timing unit 203.It triggers result is the second triggering result.According to
One preferred embodiment, and its pressure information gathered includes the frequency of the pressing physical switch 105 of mobile terminal 101 user
Rate and/or the duration of pressing physical switch 105.Such as, its compression frequency can be to realize 5 pressings in 3 seconds, during its pressing
Length can be that single depression is more than 0.5 second etc..According to one preferred embodiment, gather when trigger message collecting unit 201
Pressure information when being successfully completed the triggering with the second trigger data storehouse 401, second to trigger result be that the second output arranges list for it
Output information when identifying successfully that unit 405 is arranged.
The acceleration letter that described 3rd trigger data storehouse 501 gathers based on mobile terminal 101 trigger message collecting unit 201
Cease triggering, and result transmission will have been triggered to triggering result timing unit 203.It triggers result is the 3rd triggering result.Root
According to one preferred embodiment, its acceleration information gathered includes acceleration magnitude and/or direction change information.Such as,
Its acceleration magnitude is changed in continuous 3 seconds the acceleration signal providing twice more than acceleration of gravity, or realizes in 3 seconds
Double acceleration direction variable signal etc..According to one preferred embodiment, adopt when trigger message collecting unit 201
When the acceleration information of collection is successfully completed the triggering with the 3rd trigger data storehouse 501, its 3rd triggering result is that the 3rd output sets
Put output information when identifying successfully that unit 505 is arranged.
The acoustic information that described 4th trigger data storehouse 601 gathers based on mobile terminal 101 trigger message collecting unit 201
Completing to trigger, and send triggering result to triggering result timing unit 203, it triggers result is the 4th triggering result.According to
One preferred embodiment, and its acoustic information gathered includes the frequency of sound, tone color and intensity of sound information.Such as, its
Acoustic contrast's checking can provide one section of individual's recording to contrast with the acoustic information gathered, or provide a song and adopt
The acoustic information of collection contrasts.According to one preferred embodiment, when the sound letter that trigger message collecting unit 201 gathers
Breath is when being successfully completed the triggering with the 4th trigger data storehouse 601, and the 4th to trigger result be that the 4th output arranges unit 605 and arranges for it
Output information when identifying successfully.
Described triggering result timing unit 203 receives the first triggering result and triggers result to the 4th.And by suitable for described reception
Sequence sets reception order and compares with it.When its reception order arrange with it reception order identical time, by the first triggering result
Trigger result to the 4th to send to ciphertext unit 204.Occur 3 times or more than 3 times when its reception order arranges reception order with it
Time different, the trigger message collecting unit 201 of locking mobile terminal 101, no longer trigger collection information.
Ciphertext unit 204 triggers each trigger data in the trigger data storehouse 202 that result timing unit 203 sends for receiving
The triggering result in storehouse.Receive first triggering result is completed the first ciphertext blocks deciphering as initial key by ciphertext unit 204, obtains
Obtain the first data block.Receive second triggering result and the first data block are completed the as two grades of beginning keys by ciphertext unit 204
Two ciphertext blocks deciphering, it is thus achieved that the second data block.Ciphertext unit 204 triggers result and the second data block as three using the receive the 3rd
Level beginning key completes the 3rd ciphertext blocks deciphering, it is thus achieved that the 3rd data block.The 4th triggering result and that ciphertext unit 204 will receive
Three data blocks complete the 4th ciphertext blocks deciphering as level Four key, it is thus achieved that the 4th data block.And by ciphertext unit 204 based on first
The arrangement information of the data segment in data block, the second data block, the 3rd data block and the 4th data block and the institute of each data segment
Corresponding data synthesizes described bind command information data and sends to security module 106 unit.Realize described device hardware communication to connect
Mouth 104 and the connection of described security module 106, or realize the power supply of attachment security module 106.
It should be noted that above-mentioned specific embodiment is exemplary, those skilled in the art can be open in the present invention
Find out various solution under the inspiration of content, and these solutions also belong to disclosure of the invention scope and fall into this
Within bright protection domain.It will be understood by those skilled in the art that description of the invention and accompanying drawing thereof be illustrative and not
Constitute limitations on claims.Protection scope of the present invention is limited by claim and equivalent thereof.
Claims (10)
1. the device of a mobile terminal physical button isolation safe module strick precaution security risk, it is characterised in that described movement
Terminal (101) at least includes application module (102), mobile terminal operating system (103), device hardware communication interface (104), thing
Reason switch (105) and security module (106);
Described physical switch (105) is used for controlling between described security module (106) and described device hardware communication interface (104)
Connecting path, or, described physical switch (105) is used for controlling the power supply of described security module (106);
It is additionally provided with between described physical switch (105) and security module (106) for verifying what described physical switch (105) sent
For disconnecting/connecting path bind command information between attachment security module (106) and device hardware communication interface (104)
It is additionally provided with for verifying described physics between authentication module (107), and/or described physical switch (105) and security module (106)
Switch (105) send for disconnecting/authentication module (107) of bind command information powered of attachment security module (106), and
And the proof procedure of described authentication module (107) relates to ciphering process and the decrypting process of described bind command.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special
Levying and be, described authentication module (107) includes at least trigger data library unit (202), trigger message collecting unit (201), touches
Send out result timing unit (203) and ciphertext unit (204);
Described trigger data library unit (202) at least include the first trigger data storehouse (301), the second trigger data storehouse (401),
Three trigger data storehouses (501) and the 4th trigger data storehouse (601), wherein, described first trigger data storehouse (301) includes at least containing
There are fingerprint image, palmprint image and face contour image in interior one or more image informations;Described second trigger data storehouse
(401) include at least containing compression frequency and/or the pressure information of pressing duration;Described 3rd trigger data storehouse (501) includes
At least contain the acceleration information of acceleration direction and/or acceleration change;Described 4th trigger data storehouse (601) includes at least
Containing sound frequency, tone color and intensity of sound at one or more interior acoustic informations.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special
Levying and be, the ciphering process of described bind command includes: described bind command information is divided into four by described authentication module (105)
Data segment, and using the arrangement information of the data corresponding to each data segment and data segment as multiple be-encrypted data blocks;Adding
During close, the first triggering result when utilizing the first trigger data storehouse (301) to successfully trigger completes adding of first data block
Close, the information after its encryption is as the first ciphertext blocks;First data block and the second trigger data storehouse (401) is utilized to successfully trigger
Time the second triggering result complete the encryption of second data block, the information after its encryption is as the second ciphertext blocks;Utilize second
The 3rd triggering result when individual data block and the 3rd trigger data storehouse (501) successfully trigger realizes the encryption of the 3rd data block,
Information after its encryption is as the 3rd ciphertext blocks;When utilizing the 3rd data block and the 4th trigger data storehouse (601) to successfully trigger
The 4th triggering result complete the encryption of fourth data block.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special
Levying and be, the decrypting process of described bind command includes: described first trigger data storehouse (301) is based on mobile terminal trigger message
The image information that collecting unit (201) gathers completes triggering and obtains the first triggering result, and triggers result transmission by described first
To triggering result timing unit (203);Described second trigger data storehouse (401) is based on mobile terminal trigger message collecting unit
(201) pressure information gathered completes triggering and obtains the second triggering result, and triggers result transmission by described second to triggering knot
Really timing unit (203);Described 3rd trigger data storehouse (501) gathers based on mobile terminal trigger message collecting unit (201)
Acceleration information complete triggering obtain the 3rd triggering result, and will described 3rd trigger result send to triggering result sequential list
Unit (203);The sound letter that described 4th trigger data storehouse (601) gathers based on mobile terminal trigger message collecting unit (201)
Cease triggering and obtained the 4th triggering result, and trigger result transmission by the described 4th to triggering result timing unit (203).
Mobile terminal physical button isolation safe module the most according to claim 4 takes precautions against the device of security risk, and it is special
Levying and be, the decrypting process of described bind command also includes: described triggering result timing unit (203) receives described first and triggers
Result, described second triggering result, described 3rd triggering result and the described 4th trigger result, and reception order are set with it
Reception order is compared, when the reception order of described triggering result timing unit (203) arrange with it reception order identical time,
Trigger result, described second triggering result, described 3rd triggering result and described 4th triggering result to send described first extremely
Ciphertext unit (204), occurs 3 times or 3 when the reception order of described triggering result timing unit (203) arranges reception order with it
During secondary above difference, described trigger message collecting unit (201) locks, no longer trigger collection information.
Mobile terminal physical button isolation safe module the most according to claim 5 takes precautions against the device of security risk, and it is special
Levying and be, the decrypting process of described bind command also includes: described ciphertext unit (204) using receive first triggering result as
Initial key completes the first ciphertext blocks deciphering, it is thus achieved that the first data block;The second triggering knot that described ciphertext unit (204) will receive
Fruit and the first data block complete the second ciphertext blocks deciphering as two grades of beginning keys, it is thus achieved that the second data block;Described ciphertext unit
(204) the receive the 3rd triggering result and the second data block are completed the 3rd ciphertext blocks deciphering as three grades of beginning keys, it is thus achieved that the
Three data blocks;Receive the 4th triggering result and the 3rd data block are completed the as level Four key by described ciphertext unit (204)
Four ciphertext blocks deciphering, it is thus achieved that the 4th data block;And by described ciphertext unit (204) based on the first data block, the second data block,
Connect described in the arrangement information of data segment in three data blocks and the 4th data block and the corresponding Data Synthesis of each data segment
Command information Data Concurrent delivers to security module (106) in order to realize described device hardware communication interface (104) and described safety
Disconnection/the connection of module (106), or realize the power supply of disconnection/attachment security module (106).
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special
Levying and be, described mobile terminal operating system (103) is for supporting the system environments that mobile terminal module is properly functioning;Described should
Being the application program providing the user direct service function by module (102), described application module (102) is processing sensitive data
Time need to call security module (106) and carry out data operation or secret information storage and/or read;Described security module (106)
It is responsible for mobile terminal (101) and information password computing and/or secret information storage are provided;Described device hardware communication interface
(104) it is responsible for being connected and communicate with security module (106), responds the control instruction from operating system and security module
(106) information is carried out mutual.
Mobile terminal physical button isolation safe module the most according to claim 2 takes precautions against the device of security risk, and it is special
Levying and be, described trigger message collecting unit (201) is connected with described trigger data library unit (202) and for realizing collection
The triggering of information;Described trigger data library unit (202) is connected with described triggering result timing unit (203), and it is right to be used for realizing
Trigger the timing verification of result;Described triggering result timing unit (203) is connected with ciphertext unit (204), is used for realizing utilizing
Trigger result ciphertext blocks is deciphered.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special
Levying and be, described physical switch (105) is used for disconnecting the company between security module (106) and device hardware communication interface (104)
Connect road, or disconnect the connection that security module (106) is powered, it is not necessary to by the proof procedure of authentication module (107)
Directly disconnect;
Physical switch described in user operation (105) disconnects described security module (106) and described device hardware communication interface (104)
Between path or security module (106) power supply after, use described application module (102) nothing of described security module (106)
What method was direct or indirect calls the data operation of described security module (106) or the function clothes of secret information storage and/or reading
Business.
10. the dress of security risk is taken precautions against according to the mobile terminal physical button isolation safe module one of claim 1 to 9 Suo Shu
Put, it is characterised in that described device is to realize isolation safe module strick precaution security risk in the following way:
The ciphering process of described bind command includes: described bind command information is divided into four data segments, and by each data
The corresponding data of section and the arrangement information of data segment are as multiple be-encrypted data blocks;In ciphering process, first is utilized to touch
Sending out the first triggering result when data base (301) successfully triggers and complete the encryption of first data block, the information after its encryption is made
It it is the first ciphertext blocks;The second triggering result when utilizing first data block and the second trigger data storehouse (401) to successfully trigger is complete
Becoming the encryption of second data block, the information after its encryption is as the second ciphertext blocks;Utilize second data block and the 3rd triggering
The 3rd triggering result when data base (501) successfully triggers realizes the encryption of the 3rd data block, the information conduct after its encryption
3rd ciphertext blocks;The 4th triggering result when utilizing the 3rd data block and the 4th trigger data storehouse (601) to successfully trigger completes
The encryption of fourth data block;
The decrypting process of described bind command includes, described first trigger data storehouse (301) is adopted based on mobile terminal trigger message
The image information that collection unit (201) gathers completes triggering and obtains the first triggering result, and triggers result transmission by described first extremely
Trigger result timing unit (203);Described second trigger data storehouse (401) is based on mobile terminal trigger message collecting unit
(201) pressure information gathered completes triggering and obtains the second triggering result, and triggers result transmission by described second to triggering knot
Really timing unit (203);Described 3rd trigger data storehouse (501) gathers based on mobile terminal trigger message collecting unit (201)
Acceleration information complete triggering obtain the 3rd triggering result, and will described 3rd trigger result send to triggering result sequential list
Unit (203);The sound letter that described 4th trigger data storehouse (601) gathers based on mobile terminal trigger message collecting unit (201)
Cease triggering and obtained the 4th triggering result, and trigger result transmission by the described 4th to triggering result timing unit (203);
Described triggering result timing unit (203) receive described first trigger result, described second trigger result, the described 3rd touch
Send out result and described 4th trigger result, and reception order is set with it reception order compare, when described triggering result
The reception order of timing unit (203) arrange with it reception order identical time, will described first triggering result, described second triggering
Result, described 3rd triggering result and the described 4th trigger result and send to ciphertext unit (204), when described triggering result sequential
The reception order of unit (203) arrange from it reception order occur 3 times or more than 3 times different time, described trigger message gathers list
Unit (201) locking, no longer trigger collection information;
Receive first triggering result is completed the first ciphertext blocks deciphering as initial key by described ciphertext unit (204), it is thus achieved that
First data block;Described ciphertext unit (204) is using complete as two grades of beginning keys for the second triggering result and the first data block received
Become the second ciphertext blocks deciphering, it is thus achieved that the second data block;Described ciphertext unit (204) is by the 3rd triggering result received and the second number
The 3rd ciphertext blocks deciphering is completed as three grades of beginning keys, it is thus achieved that the 3rd data block according to block;Described ciphertext unit (204) is by reception
4th triggers result and the 3rd data block completes the 4th ciphertext blocks deciphering as level Four key, it is thus achieved that the 4th data block;And by institute
State ciphertext unit (204) row based on the data segment in the first data block, the second data block, the 3rd data block and the 4th data block
Bind command information data described in the corresponding Data Synthesis of column information and each data segment sends to security module (106), uses
To realize the disconnection of described device hardware communication interface (104) and described security module (106)/be connected, or realize disconnecting/even
Connect the power supply of security module (106).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610862710.4A CN106161481B (en) | 2016-09-28 | 2016-09-28 | A kind of device of mobile terminal physical button isolation safe module prevention security risk |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610862710.4A CN106161481B (en) | 2016-09-28 | 2016-09-28 | A kind of device of mobile terminal physical button isolation safe module prevention security risk |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106161481A true CN106161481A (en) | 2016-11-23 |
CN106161481B CN106161481B (en) | 2019-08-30 |
Family
ID=57341266
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610862710.4A Active CN106161481B (en) | 2016-09-28 | 2016-09-28 | A kind of device of mobile terminal physical button isolation safe module prevention security risk |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161481B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107332989A (en) * | 2017-06-27 | 2017-11-07 | 中国联合网络通信集团有限公司 | The data protection system and data guard method of mobile terminal |
CN111046414A (en) * | 2018-10-15 | 2020-04-21 | 中兴通讯股份有限公司 | Mobile terminal, switch control method, and computer-readable storage medium |
CN113821774A (en) * | 2021-09-07 | 2021-12-21 | 安徽继远软件有限公司 | Terminal security risk module matching and verifying system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101171860A (en) * | 2005-04-07 | 2008-04-30 | 法国电信公司 | Security method and device for managing access to multimedia contents |
CN101277230A (en) * | 2008-04-22 | 2008-10-01 | 华为技术有限公司 | Method and device for statistic of layering flow |
CN201365347Y (en) * | 2008-12-12 | 2009-12-16 | 东莞市智盾电子技术有限公司 | Mobile telephone with independent built-in data assistant device |
CN101939963A (en) * | 2007-12-07 | 2011-01-05 | 法国电信公司 | Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server |
US20140355562A1 (en) * | 2013-05-31 | 2014-12-04 | Research In Motion Limited | Systems and methods for data offload in wireless networks |
CN104916022A (en) * | 2015-06-16 | 2015-09-16 | 广州杰赛科技股份有限公司 | Intelligent lock control method, mobile terminal and intelligent lock system |
-
2016
- 2016-09-28 CN CN201610862710.4A patent/CN106161481B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101171860A (en) * | 2005-04-07 | 2008-04-30 | 法国电信公司 | Security method and device for managing access to multimedia contents |
CN101939963A (en) * | 2007-12-07 | 2011-01-05 | 法国电信公司 | Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server |
CN101277230A (en) * | 2008-04-22 | 2008-10-01 | 华为技术有限公司 | Method and device for statistic of layering flow |
CN201365347Y (en) * | 2008-12-12 | 2009-12-16 | 东莞市智盾电子技术有限公司 | Mobile telephone with independent built-in data assistant device |
US20140355562A1 (en) * | 2013-05-31 | 2014-12-04 | Research In Motion Limited | Systems and methods for data offload in wireless networks |
CN104916022A (en) * | 2015-06-16 | 2015-09-16 | 广州杰赛科技股份有限公司 | Intelligent lock control method, mobile terminal and intelligent lock system |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107332989A (en) * | 2017-06-27 | 2017-11-07 | 中国联合网络通信集团有限公司 | The data protection system and data guard method of mobile terminal |
CN107332989B (en) * | 2017-06-27 | 2020-09-15 | 中国联合网络通信集团有限公司 | Data protection system and data protection method of mobile terminal |
CN111046414A (en) * | 2018-10-15 | 2020-04-21 | 中兴通讯股份有限公司 | Mobile terminal, switch control method, and computer-readable storage medium |
WO2020078317A1 (en) * | 2018-10-15 | 2020-04-23 | 中兴通讯股份有限公司 | Mobile terminal, switch control method, and computer readable storage medium |
CN113821774A (en) * | 2021-09-07 | 2021-12-21 | 安徽继远软件有限公司 | Terminal security risk module matching and verifying system |
Also Published As
Publication number | Publication date |
---|---|
CN106161481B (en) | 2019-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11070364B2 (en) | Secure communication method and smart lock system based thereof | |
WO2017034312A1 (en) | Apparatus and method for trusted execution environment based secure payment transactions | |
CN103336924B (en) | Startup for application program for mobile terminal is locked | |
CN101529366A (en) | Identification and visualization of trusted user interface objects | |
US10615973B2 (en) | Systems and methods for detecting data insertions in biometric authentication systems using encryption | |
CN110533807A (en) | A kind of decentralization door-locking system based on block chain | |
US20210351920A1 (en) | Secure communication method and smart lock system based thereof | |
CN108027853B (en) | Multi-user strong authentication token | |
CN108322310A (en) | It is a kind of to utilize safety equipment Card Reader login method and Security Login System | |
CN107864124A (en) | A kind of end message method for security protection, terminal and bluetooth lock | |
CN103973437A (en) | Method, device and system for acquiring RSA secret key authorization when terminal is locked | |
CN107169368A (en) | A kind of computer system ensured information security | |
CN106161481A (en) | A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk | |
CN111475832A (en) | Data management method and related device | |
CN106951757A (en) | A kind of method and apparatus for operating application program | |
CN105787319A (en) | Iris recognition-based portable terminal and method for same | |
KR101272349B1 (en) | User authentication method using plural one time password | |
CN111698253A (en) | Computer network safety system | |
CN107026817B (en) | System for automatically inputting password | |
CN112636914B (en) | Identity verification method, identity verification device and smart card | |
CN108334794A (en) | A kind of information input encryption method and system for information input equipment | |
CN106203081A (en) | A kind of safety protecting method and device | |
CN113554793A (en) | Temporary access method, equipment, storage medium and system of intelligent access control system | |
CN107392035B (en) | Method for protecting data security, mobile terminal and computer readable storage medium | |
CN101123506B (en) | Sensitive information monitoring and automatic recovery system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |