CN106161481A - A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk - Google Patents

A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk Download PDF

Info

Publication number
CN106161481A
CN106161481A CN201610862710.4A CN201610862710A CN106161481A CN 106161481 A CN106161481 A CN 106161481A CN 201610862710 A CN201610862710 A CN 201610862710A CN 106161481 A CN106161481 A CN 106161481A
Authority
CN
China
Prior art keywords
trigger
result
triggering
data
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610862710.4A
Other languages
Chinese (zh)
Other versions
CN106161481B (en
Inventor
张建国
宋斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comerica Mobei Software (beijing) Co Ltd
Original Assignee
Comerica Mobei Software (beijing) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comerica Mobei Software (beijing) Co Ltd filed Critical Comerica Mobei Software (beijing) Co Ltd
Priority to CN201610862710.4A priority Critical patent/CN106161481B/en
Publication of CN106161481A publication Critical patent/CN106161481A/en
Application granted granted Critical
Publication of CN106161481B publication Critical patent/CN106161481B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/02Constructional features of telephone sets
    • H04M1/23Construction or mounting of dials or of equivalent devices; Means for facilitating the use thereof
    • H04M1/236Construction or mounting of dials or of equivalent devices; Means for facilitating the use thereof including keys on side or rear faces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of mobile terminal physical button isolation safe module and take precautions against the device of security risk, described device includes: security module, physical switch, authentication module, device hardware communication interface, mobile terminal operating system and application module, by with physical switch isolation or communication information security module and mobile terminal, make information security module can realize data communication according to the wish of mobile phone users, and after using, thoroughly disconnect communication connection, take precautions against the Malware in mobile terminal system, the security risk that leak or back door unauthorized access information security module cause.

Description

A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk
Technical field
The present invention relates to the device of a kind of field of computer technology communication security, particularly relate to a kind of mobile terminal physical by Key isolation safe module takes precautions against the device of security risk.
Background technology
Along with the development of mobile Internet, mobile terminal system has increasing software support to move finance, mobile card The purposes such as certificate and superencipherment, these softwares need to call hardware security module and realize DEA or storage/reading Confidential information.But the Malwares such as the viral wooden horse on mobile terminal emerge in an endless stream, all-pervasive, make even if user closes With the software of security module, but Malware is likely to be hidden in backstage, has intercepted and captured the access password of security module, and has privately connected Connect security module steal secret information or access encryption function, cause serious threat to privacy of user or fund.
Conventional mobile device uses the common form of security module to have two kinds: one be security module is directly welded or Prefabricated on the circuit board of mobile device, user cannot realizing self disassembling or disconnect circuit;Another kind is security module to be inserted (such as SD card/TF card slot etc.) in the expansion slot of mobile device, user can pull out voluntarily or install, but user is general not Security module can be pulled out easily and carry with, be easily lost because the security module volume after pulling out is the least.Therefore the most often Rule mobile device is difficulty with user and disconnects security module fast, easily, this just to Malware with opportunity.
Chinese patent: a kind of network safety isolator (application number: 201610349446.4) discloses a kind of network peace Full isolating device, including connector, the input of the outfan electrical connection fire wall of connector, the outfan electrical connection of fire wall The input of data extraction apparatus, the outfan of the input electrical connection hard disk of data extraction apparatus, the input electrical connection number of hard disk According to the outfan of updating device, the outfan of the input electrical connection Internet of data update apparatus.This network security is isolated Device, the RJ45 interface using network general is input and the port of output, can be together in series with computer when in use, Being easily installed and dismantle, easy to use, the information of virus and fire wall by downloading network high in the clouds in real time is compared, then Through feedback circuit, information is fed back to control switch, control switch and automatically control its Guan Bi, thus block network.This patent Or the technological means of the traditional firewall used, the information of virus and fire wall by downloading network high in the clouds in real time compares To thus control the invasion of Malware, if the virus once occurred or rogue program, the isolation features of its isolating device then has May not realize, thus cause the loss of system significant data, system sensitive data are connected with network in real time simultaneously, only depend on By Firewall Protection, it also it is a kind of unsafe data guard method.
Summary of the invention
For the deficiency of prior art, the present invention provides a kind of mobile terminal physical button isolation safe module to take precautions against safety The device of risk, it is possible to make user operate the physical switch on mobile terminal, the disconnection of safety or attachment security mould easily Block, thus realize safer preventions, it is to avoid Malware silently calls security module and causes damage, described mobile terminal At least include mobile terminal operating system, application module, security module, physical switch and device hardware communication interface;
Mobile terminal physical button isolation safe module takes precautions against the device of security risk, it is characterised in that described mobile whole End at least includes application module, mobile terminal operating system, device hardware communication interface, physical switch and security module;
Described physical switch is used for the connecting path controlling between described security module and described device hardware communication interface, Or, described physical switch is for controlling the power supply of described security module;
Be additionally provided with between described physical switch and security module for verify that described physical switch sends for disconnecting/connecting Connect the authentication module of connecting path bind command information between security module and device hardware communication interface, and/or described thing Be additionally provided with between reason switch and security module for verify that described physical switch sends for disconnecting/attachment security module for power supply The authentication module of bind command information, and the proof procedure of described authentication module relates to the ciphering process of described bind command And decrypting process.
According to one preferred embodiment, described authentication module is adopted including at least trigger data library unit, trigger message Collection unit, triggering result timing unit and ciphertext unit;
Described trigger data library unit at least includes the first trigger data storehouse, the second trigger data storehouse, the 3rd trigger data Storehouse and the 4th trigger data storehouse, wherein, described first trigger data storehouse includes at least containing fingerprint image, palmprint image and face Contour images is in interior one or more image informations;Described second trigger data storehouse include at least containing compression frequency and/or The pressure information of pressing duration;Described 3rd trigger data storehouse includes at least containing acceleration direction and/or acceleration change Acceleration information;Described 4th trigger data storehouse include the one at least contained including sound frequency, tone color and intensity of sound or Muli-sounds information.
According to one preferred embodiment, the ciphering process of described bind command includes: described authentication module is by described Bind command information is divided into four data segments, and using the arrangement information of the data corresponding to each data segment and data segment as many Individual be-encrypted data block;In ciphering process, the first triggering result when utilizing the first trigger data storehouse to successfully trigger completes the The encryption of one data block, the information after its encryption is as the first ciphertext blocks;Utilize first data block and the second trigger data The second triggering result when storehouse successfully triggers completes the encryption of second data block, and the information after its encryption is as the second ciphertext Block;The 3rd triggering result when utilizing second data block and the 3rd trigger data storehouse to successfully trigger realizes the 3rd data block Encryption, the information after its encryption is as the 3rd ciphertext blocks;When utilizing the 3rd data block and the 4th trigger data storehouse to successfully trigger The 4th triggering result complete the encryption of fourth data block.
According to one preferred embodiment, the decrypting process of described bind command includes: described first trigger data storehouse Image information based on mobile terminal trigger message collecting unit collection completes triggering and obtains the first triggering result, and by described One triggers result sends to triggering result timing unit;Described second trigger data storehouse gathers single based on mobile terminal trigger message The pressure information that unit gathers completes triggering and obtains the second triggering result, and triggers result transmission by described second to when triggering result Sequence unit;Described 3rd trigger data storehouse acceleration information based on mobile terminal trigger message collecting unit collection completes to trigger Obtain the 3rd triggering result, and trigger result transmission by the described 3rd to triggering result timing unit;Described 4th trigger data Storehouse acoustic information based on mobile terminal trigger message collecting unit collection completes triggering and obtains the 4th triggering result, and by described 4th triggers result sends to triggering result timing unit.
According to one preferred embodiment, the decrypting process of described bind command also includes;Described triggering result sequential Unit receives described first and triggers result, described second triggering result, described 3rd triggering result and described 4th triggering result, And reception order is set with it reception order compare, when described triggering result timing unit reception order arrange with it When reception order is identical, trigger result, described second triggering result, described 3rd triggering result and the described 4th by described first Trigger result to send to ciphertext unit, occur 3 when the reception order of described triggering result timing unit arranges reception order with it Secondary or more than 3 times different time, described trigger message collecting unit locks, no longer trigger collection information.
According to one preferred embodiment, the decrypting process of described bind command also includes: described ciphertext unit will connect The the first triggering result received completes the first ciphertext blocks deciphering as initial key, it is thus achieved that the first data block;Described ciphertext unit will The the second triggering result and the first data block that receive complete the second ciphertext blocks deciphering as two grades of beginning keys, it is thus achieved that the second data Block;Receive the 3rd triggering result and the second data block are completed the 3rd ciphertext blocks solution as three grades of beginning keys by described ciphertext unit Close, it is thus achieved that the 3rd data block;Described ciphertext unit is using complete as level Four key for the 4th triggering result and the 3rd data block received Become the 4th ciphertext blocks deciphering, it is thus achieved that the 4th data block;And by described ciphertext unit based on the first data block, the second data block, Connect described in the arrangement information of data segment in three data blocks and the 4th data block and the corresponding Data Synthesis of each data segment Command information Data Concurrent deliver to security module in order to realize the disconnection of described device hardware communication interface and described security module/ Connect, or realize the power supply of disconnection/attachment security module.
According to one preferred embodiment, described mobile terminal operating system is used for supporting mobile terminal module and normally transports The system environments of row;Described application module is the application program providing the user direct service function, and described application module is at place Need to call security module during reason sensitive data carry out data operation or secret information storage and/or read;Described security module It is responsible for mobile terminal and information password computing and/or secret information storage are provided;Described device hardware communication interface is responsible for and peace Full module is connected and communicate with, and responds from the control instruction of operating system and to carry out information mutual with security module.
According to one preferred embodiment, described trigger message collecting unit is connected also with described trigger data library unit For realizing the triggering to the information of collection;Described trigger data library unit is connected with described triggering result timing unit, for real Now to the timing verification triggering result;Described triggering result timing unit is connected with ciphertext unit, is used for realizing utilizing triggering knot Ciphertext blocks is deciphered by fruit.
According to one preferred embodiment, described physical switch is used for disconnecting security module and device hardware communication interface Between connecting path, or disconnect the connection powered of security module, it is not necessary to can be straight by the proof procedure of authentication module Connect and disconnect;
Physical switch described in user operation disconnects the path between described security module and described device hardware communication interface Or after the power supply of security module, use what the described application module of described security module cannot be direct or indirect to call described safety The function services that the data operation of module or secret information store and/or read.
According to one preferred embodiment, described physical switch is used for disconnecting security module and device hardware communication interface Between connecting path, or disconnect the connection powered of security module, it is not necessary to can be straight by the proof procedure of authentication module Connect and disconnect;
Physical switch described in user operation disconnects the path between described security module and described device hardware communication interface Or after the power supply of security module, use what the described application module of described security module cannot be direct or indirect to call described safety The function services that the data operation of module or secret information store and/or read.
According to one preferred embodiment, described device is to realize isolation safe module in the following way to take precautions against safety Risk: be provided with between physical switch and the security module of described mobile terminal for verify that described physical switch sends for The authentication module of the connecting path bind command information between disconnection/attachment security module and device hardware communication interface, or, Be provided with between described physical switch and security module for verify that described physical switch sends for disconnecting/attachment security module The authentication module of the bind command information of power supply, proof procedure relates to ciphering process and the decrypting process of described bind command;
The ciphering process of described bind command includes: described bind command information is divided into four data segments, and by each The corresponding data of data segment and the arrangement information of data segment are as multiple be-encrypted data blocks;In ciphering process, utilize The first triggering result when one trigger data storehouse successfully triggers completes the encryption of first data block, the information conduct after its encryption First ciphertext blocks;The second triggering result when utilizing first data block and the second trigger data storehouse to successfully trigger completes second The encryption of data block, the information after its encryption is as the second ciphertext blocks;Utilize second data block and the 3rd trigger data Kucheng The 3rd triggering result when merit triggers realizes the encryption of the 3rd data block, and the information after its encryption is as the 3rd ciphertext blocks;Profit The 4th triggering result when successfully triggering by the 3rd data block and the 4th trigger data storehouse completes the encryption of fourth data block;
The decrypting process of described bind command includes, described first trigger data storehouse gathers based on mobile terminal trigger message The image information of unit collection completes triggering and obtains the first triggering result, and triggers result transmission by described first to triggering result Timing unit;Described second trigger data storehouse pressure information based on mobile terminal trigger message collecting unit collection completes to trigger Obtain the second triggering result, and trigger result transmission by described second to triggering result timing unit;Described 3rd trigger data Storehouse acceleration information based on mobile terminal trigger message collecting unit collection completes triggering and obtains the 3rd triggering result, and by institute State the 3rd triggering result to send to triggering result timing unit;Described 4th trigger data storehouse is adopted based on mobile terminal trigger message The acoustic information of collection unit collection completes triggering and obtains the 4th triggering result, and triggers result transmission by the described 4th to triggering knot Really timing unit;
Described triggering result timing unit receive described first trigger result, described second trigger result, the described 3rd touch Send out result and described 4th trigger result, and reception order is set with it reception order compare, when described triggering result The reception order of timing unit arrange with it reception order identical time, will described first triggering result, described second triggering result, Described 3rd triggering result and the described 4th triggers result and sends to ciphertext unit, when the reception of described triggering result timing unit Order arrange from it reception order occur 3 times or more than 3 times different time, the locking of described trigger message collecting unit, no longer gather Trigger message;
Receive first triggering result is completed the first ciphertext blocks deciphering as initial key by described ciphertext unit, it is thus achieved that the One data block;It is close that receive second triggering result and the first data block are completed second as two grades of beginning keys by described ciphertext unit Literary composition block deciphering, it is thus achieved that the second data block;Described ciphertext unit triggers result and the second data block as three grades using the receive the 3rd Beginning key completes the 3rd ciphertext blocks deciphering, it is thus achieved that the 3rd data block;The 4th triggering result and that described ciphertext unit will receive Three data blocks complete the 4th ciphertext blocks deciphering as level Four key, it is thus achieved that the 4th data block;And by described ciphertext unit based on The arrangement information of the data segment in one data block, the second data block, the 3rd data block and the 4th data block and each data segment Bind command information data described in corresponding Data Synthesis sends to security module, in order to realize described device hardware communication interface Disconnection with described security module/be connected, or realize the power supply of disconnection/attachment security module.
The invention have the advantages that
(1) present invention provides a kind of mobile terminal physical button isolation safe module to take precautions against the device of security risk, it is possible to Make user operate the physical switch on mobile terminal, the disconnection of safety or attachment security module easily, thus realize more pacifying Full preventions, it is to avoid Malware silently calls security module and causes damage, described mobile terminal at least includes mobile whole End operating system, application module, security module, physical switch and device hardware communication interface.
(2) be provided with between physical switch the most of the present invention and security module for verify that described physical switch sends for The authentication module of the connecting path bind command information between disconnection/attachment security module and device hardware communication interface, or behaviour Disconnecting/the authentication module of the bind command information of attachment security module for power supply, proof procedure relates to described bind command Ciphering process and decrypting process, thus ensure that the connection or the safety of ON-and OFF-command that physical switch sends;Simultaneously, it is to avoid The connection produced during unconscious touching physical switch or ON-and OFF-command.
Accompanying drawing explanation
Fig. 1 is mobile terminal each functional module structure relation schematic diagram of the present invention;
Fig. 2 is the authentication module structural relation schematic diagram of the present invention;
Fig. 3 is the first trigger data library structure relation schematic diagram of the present invention;
Fig. 4 is the second trigger data library structure relation schematic diagram of the present invention;
Fig. 5 is the 3rd trigger data library structure relation schematic diagram of the present invention;With
Fig. 6 is the 4th trigger data library structure relation schematic diagram of the present invention.
Reference numerals list
101: mobile terminal 102: application module
103: mobile terminal operating system 104: device hardware communication interface
105: physical switch 106: security module
107: authentication module 201: trigger message collecting unit
202: trigger data library unit 203: trigger result timing unit
204: ciphertext unit 301: the first trigger data storehouse
302: image receiving unit 303: image storage unit
304: image identification unit 305: the first output arranges unit
306: the first output unit 401: the second trigger data storehouses
402: pressure information reception unit 403: pressure information memory element
404: pressure information recognition unit 405: the second output arranges unit
406: the second output unit 501: the three trigger data storehouses
502: acceleration information reception unit 503: acceleration information memory element
504: acceleration information recognition unit 505: the three output arranges unit
506: the three output unit 601: the four trigger data storehouses
602: acoustic information reception unit 603: sound information storage unit
604: acoustic information recognition unit 605: the four output arranges unit
606: the four output units
Detailed description of the invention
It is described in detail with embodiment below in conjunction with the accompanying drawings.
The invention provides a kind of mobile terminal physical button isolation safe module and take precautions against the device of security risk, described dress Put and enable to the physical switch 105 that user operates on mobile terminal easily, the disconnection of safety or attachment security module 106, Thus realizing safer preventions, it is to avoid Malware silently calls security module 106 and causes damage.The movement of the present invention Terminal 101 can be implemented in a variety of manners.Such as, the terminal described in the present invention can include such as mobile phone, intelligence Phone, notebook computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP (portable many matchmakers Body player), the mobile terminal of guider etc. and such as numeral TV, desk computer etc. terminal unit.Below, false If terminal is mobile terminal.However, it will be understood by those skilled in the art that, except be used in particular for mobile purpose element it Outward, structure according to the embodiment of the present invention can also apply to the terminal of fixed type.
Fig. 1 shows mobile terminal 101 of the present invention each functional module structure relation schematic diagram, described mobile terminal 101 at least include application module 102, mobile terminal operating system 103, device hardware communication interface 104, physical switch 105, peace Full module 106 and authentication module 107.It is properly functioning that described mobile terminal operating system 103 is used for supporting mobile terminal 101 software System environments.According to one preferred embodiment, described operating system can be that iOS operating system, Android operate system System or Windows Phone operating system, Windows operating system or (SuSE) Linux OS etc..Described application module 102 is Providing the user the software program of direct service function, it needs to call security module 106 when processing sensitive data and counts Store according to computing or secret information/read.Described security module 106 be responsible for mobile terminal 101 provide information password computing or The functions such as secret information storage.Described physical switch 105, operable its of user be used for disconnecting/attachment security module 106 and equipment Connecting path between hardware communication interface 104, or operation disconnection/attachment security module 106 power.Described device hardware communication Interface 104 is responsible for being connected and communicate with security module 106, response from operating system control instruction and with security module 106 Alternately.Be additionally provided with between described physical switch 105 and security module 106 for verify that described physical switch 105 sends for The authentication module of the connecting path bind command information between disconnection/attachment security module 106 and device hardware communication interface 104 107, or the authentication module 107 of the bind command information of operation disconnection/attachment security module 106 power supply, proof procedure relates to right The ciphering process of described bind command and decrypting process.According to one preferred embodiment, described physical switch 105 is used for breaking Open the connecting path between security module 106 and device hardware communication interface 104, or operation disconnects security module 106 power supply During connection, it is not necessary to can directly be disconnected by the proof procedure of authentication module, it is achieved thereby that described authentication module 107 And the function connecting quickly disconnection between mobile terminal 101.
As in figure 2 it is shown, described authentication module 107 is including at least trigger message collecting unit 201, trigger data library unit 202, result timing unit 203 and ciphertext unit 204 are triggered., described trigger message collecting unit 201 and described trigger data storehouse Unit 202 is connected, for realizing the triggering of collection information.Described trigger data library unit 202 and described triggering result sequential list Unit 203 is connected, and in described trigger data library unit 202, each trigger data storehouse is single for realizing respectively the collection of described trigger message First 201 information gathered are identified triggering, and export triggering result extremely triggering result timing unit 203, realize triggering simultaneously The timing verification of result.Described triggering result timing unit 203 is connected with ciphertext unit 204, is used for realizing utilizing triggering result Carry out ciphertext blocks decrypting process.According to one preferred embodiment, described first output arranges unit to the 4th output setting The result data that triggers of unit arranges triggering when triggering result data content and trigger unsuccessfully including arranging when triggering successfully Result data content.
Described trigger message acquisition database 201 includes image information, pressure information, acceleration information harmony for collection Message ceases at the interior trigger message corresponding with trigger data library unit 202.Described trigger message collecting unit 201 will gather Information data sends to data bases different in trigger data library unit 202.Described trigger data library unit 202 is for comprising image Four trigger data storehouses of information, pressure information, acceleration information and acoustic information.Including at least contain fingerprint image, Palmprint image and face contour image are in the first trigger data storehouse 301 of interior one or more image informations.Including at least Containing compression frequency and/or the second trigger data storehouse 401 of pressing duration information.Including at least containing acceleration direction And/or the 3rd trigger data storehouse 501 of size variation information.Including at least containing sound frequency, tone color and intensity of sound The 4th trigger data storehouse 601 in one or more interior information.Described triggering result timing unit 203 receives the first triggering knot Fruit triggers result to the 4th.And described reception order is set reception order with it compare.When its reception order sets with it Put reception order the most identical time, by first trigger result to the 4th trigger result send to ciphertext unit 204.When its reception order with When it arranges reception order 3 times or more than 3 times differences of appearance, the trigger message collecting unit 201 of locking mobile terminal 101, no Trigger collection information again.Described ciphertext unit 204 triggers, for receiving, the trigger data storehouse 202 that result timing unit 203 sends In the triggering result in each trigger data storehouse.Described ciphertext unit 204 triggers result based on each and completes what physical switch 105 sent Described bind command information decrypting process, thus realize the disconnected of described device hardware communication interface 104 and described security module 106 Open/connect, or realize the power supply of disconnection/attachment security module 106.
Described trigger data library unit 202 includes first trigger data storehouse the 301, second trigger data storehouse the 401, the 3rd triggering Data base 501 and the 4th trigger data storehouse 601, in described trigger data library unit 202, each trigger data storehouse is for realizing respectively The information gathering described trigger message collecting unit 201 is identified triggering, and exports triggering result to triggering result sequential Unit 203.In described trigger data library unit 202, each trigger data storehouse is for realizing described trigger message collecting unit respectively 201 information gathered are identified triggering, and export triggering result to triggering result timing unit 203.
As it is shown on figure 3, described first trigger data storehouse 301 includes image receiving unit 302, image storage unit 303, figure As recognition unit the 304, first output arranges unit 305 and the first output unit 306.Wherein, described image receiving unit 302 is used In receiving the image information that trigger message collecting unit 201 gathers, and send it to image identification unit 304.Described image Memory element 303 is for storing the fingerprint image of user setup, palmprint image or face contour image information.Described image recognition Unit 304 is for realizing the image storing or arranging in the image to image receiving unit 302 transmission and image storage unit 303 Information carries out contrast and identifies, and sends the result identifying success or recognition failures to the first output unit 306.Wherein said One output arranges unit 305 and is configured for the concrete data content realized exporting result, and described setting includes arranging knowledge Output information during success and output information time recognition failures is set.Described first output unit 306 is based on image recognition The identification success of unit 304 transmission or recognition failures information and the first output arrange the data content of unit 305 setting and complete number According to output, these data output result is the first triggering result.
As shown in Figure 4, described second trigger data storehouse 401 includes that pressure information receives unit 402, pressure information storage list Unit 403, pressure information recognition unit 404, second output arrange unit 405 and the second output unit 406, wherein said second defeated Go out to arrange unit 405 for arranging the data content of the second triggering result.Wherein, described pressure information reception unit 402 is used for Receive the pressure information that trigger message collecting unit 201 gathers, and send it to pressure information recognition unit 404.Described pressure Force information memory element 403 is for storing the pressure information including compression frequency and/or pressing duration of user setup.Institute State pressure information recognition unit 404 to deposit for the pressure information and pressure information realizing pressure information is received unit 402 transmission The pressure information stored in storage unit 403 or arrange carries out contrast and identifies, and the result identifying success or recognition failures is sent To the second output unit 406.Wherein said second output arranges unit 405 for realizing the concrete data content to output result It is configured, output information when described setting includes the output information arranged when identifying successfully and arranges recognition failures.Described Identification success or recognition failures information and second that second output unit 406 sends based on pressure information recognition unit 404 export The data content arranging unit 405 setting completes data output, and these data output result is the second triggering result.
As it is shown in figure 5, described 3rd trigger data storehouse 501 includes that acceleration information receives unit 502, acceleration information is deposited The output of storage unit 503, acceleration information recognition unit the 504, the 3rd arranges unit 505 and the 3rd output unit 506, wherein said 3rd output arranges unit 505 for arranging the data content of the 3rd triggering result.Wherein, described acceleration information receives unit 502 for receiving the acceleration information that trigger message collecting unit 201 gathers, and sends it to acceleration information recognition unit 504.Described acceleration information memory element 503 includes acceleration direction and/or acceleration magnitude for store user setup Change information is at interior acceleration information.Described acceleration information recognition unit 504 is single for realizing acceleration information reception The acceleration information storing or arranging in the acceleration information of unit 502 transmission and acceleration information memory element 503 contrasts Identify, and the result identifying success or recognition failures is sent to the 3rd output unit 506.Wherein said 3rd output arranges list The concrete data content of output result is configured for realizing by unit 505, and it is defeated that described setting includes arranging when identifying successfully Output information when going out information and recognition failures is set.Described 3rd output unit 506 is based on acceleration information recognition unit 504 The identification success sent or recognition failures information and the 3rd output arrange the data content of unit 505 setting and complete data output, These data output result is the 3rd triggering result.
As shown in Figure 6, described 4th trigger data storehouse 601 includes that acoustic information receives unit 602, acoustic information storage list Unit 603, acoustic information recognition unit the 604, the 4th output arrange unit 605 and the 4th output unit 606, wherein said 4th defeated Go out to arrange unit 605 for arranging the data content of the 4th triggering result.Wherein, described acoustic information reception unit 602 is used for Receive the acoustic information that trigger message collecting unit 201 gathers, and send it to acoustic information recognition unit 604.Described sound Sound information memory cell 603 is for storing the one including sound frequency, tone color and intensity of sound or many of user setup The information of kind.Described acoustic information recognition unit 604 is for realizing receiving acoustic information the acoustic information harmony of unit 602 transmission Storage or the acoustic information of setting in sound information memory cell 603 carry out contrast and identify, and will identify success or recognition failures Result send to the 4th output unit 606.Wherein said 4th output arranges unit 605 for realizing the tool to output result Volume data content is configured, output when described setting includes the output information arranged when identifying successfully and arranges recognition failures Information.Identification success that described 4th output unit 606 sends based on acoustic information recognition unit 604 or recognition failures information and 4th output arranges the data content of unit 605 setting and completes data output, and these data output result is the 4th triggering result.
Meanwhile, it is additionally provided with between described physical switch 105 and security module 106 for verifying described physical switch 105 Send for disconnecting/connecting path bind command information between attachment security module 106 and device hardware communication interface 104 Authentication module 107, or the authentication module 107 of the bind command information of operation disconnection/attachment security module 106 power supply, authenticated Journey relates to the ciphering process to described bind command and decrypting process.Described ciphering process includes: by described bind command information It is divided into four data segments, and using the corresponding data of each data segment and the arrangement information of data segment as multiple be-encrypted data Block.In ciphering process, the first triggering object information when utilizing the first trigger data storehouse 301 to successfully trigger completes the first number Encryption according to block.Information after its encryption is as the first ciphertext blocks.First data block is utilized to become with the second trigger data storehouse 401 The second triggering object information when merit triggers completes the encryption of second data block.Information after its encryption is as the second ciphertext Block.The 3rd triggering object information when utilizing second data block and the 3rd trigger data storehouse 501 to successfully trigger realizes the 3rd The encryption of data block, the information after its encryption is as the 3rd ciphertext blocks.Utilize the 3rd data block and the 4th trigger data storehouse 601 The 4th triggering object information when successfully triggering completes the encryption of fourth data block.
Described decrypting process includes, described first trigger data storehouse 301 is based on mobile terminal 101 trigger message collecting unit 201 image informations gathered complete to trigger, and will trigger result transmission to triggering result timing unit 203.It triggers result First triggers result.The pressure that described second trigger data storehouse 401 gathers based on mobile terminal 101 trigger message collecting unit 201 Force information completes to trigger, and will trigger result transmission to triggering result timing unit 203.It triggers result is the second triggering knot Really.The acceleration information that described 3rd trigger data storehouse 501 gathers based on mobile terminal 101 trigger message collecting unit 201 is complete Become to trigger, and result transmission will be triggered to triggering result timing unit 203.It triggers result is the 3rd triggering result.Described Four trigger data storehouses 601 complete to trigger based on the acoustic information that mobile terminal 101 trigger message collecting unit 201 gathers, and will Triggering result sends to triggering result timing unit 203, and it triggers result is the 4th triggering result.Described triggering result sequential list Unit 203 receives the first triggering result and triggers result to the 4th.And described reception order is set reception order with it compare. When its reception order arrange with it reception order identical time, trigger result by first and trigger result transmission to ciphertext unit to the 4th 204.When its reception order arrange from it reception order occur 3 times or more than 3 times different time, lock the triggering of mobile terminal 101 Information acquisition unit 201, no longer trigger collection information.Described ciphertext unit 204 is used for receiving triggering result timing unit 203 The triggering result in each trigger data storehouse in the trigger data storehouse 202 sent.The first triggering result that described ciphertext unit 204 will receive The first ciphertext blocks deciphering is completed, it is thus achieved that the first data block as initial key.The second triggering that described ciphertext unit 204 will receive Result and the first data block complete the second ciphertext blocks deciphering as two grades of beginning keys, it is thus achieved that the second data block.Described ciphertext unit Receive the 3rd triggering result and the second data block are completed the 3rd ciphertext blocks deciphering as three grades of beginning keys by 204, it is thus achieved that the 3rd Data block.It is close that receive the 4th triggering result and the 3rd data block are completed the 4th as level Four key by described ciphertext unit 204 Literary composition block deciphering, it is thus achieved that the 4th data block.And by described ciphertext unit 204 based on the first data block, the second data block, the 3rd data Bind command letter described in the arrangement information of data segment in block and the 4th data block and the corresponding Data Synthesis of each data segment Breath data send to security module 106 unit.Realize the disconnected of described device hardware communication interface 104 and described security module 106 Open/connect, or realize the power supply of disconnection/attachment security module 106.
According to one preferred embodiment, physical switch 105 described in user operation disconnects described security module 106 and institute After stating the power supply of the path between device hardware communication interface 104 or security module 106, use the institute of described security module 106 State the data operation calling described security module 106 or secret information storage that application module 102 cannot be direct or indirect and/or The function services read.
Embodiment 1
Realized between attachment security module 106 and device hardware communication interface 104 by physical switch 105 with the present invention Illustrate as a example by connecting path, or the connection of operation attachment security module 106 power supply.Physical switch of the present invention 105 with Be provided with between security module 106 for verify that described physical switch 105 sends for attachment security module 106 and device hardware The authentication module 107 of the connecting path bind command information between communication interface 104, or operation attachment security module 106 power The authentication module 107 of bind command information, proof procedure relates to the ciphering process to described bind command and decrypting process.Institute State ciphering process to include: described bind command information is divided into four data segments, and by the corresponding data of each data segment and The arrangement information of data segment is as 4 be-encrypted data blocks.In ciphering process, the first trigger data storehouse 301 is utilized successfully to touch The first triggering object information when sending out completes the encryption of first data block.Information after its encryption is as the first ciphertext blocks.Root According to one preferred embodiment, described first triggering object information can be " image information is proved to be successful ", " first triggers number Trigger successfully according to storehouse " etc. information.The second triggering knot when utilizing first data block and the second trigger data storehouse 401 to successfully trigger Really information completes the encryption of second data block.Information after its encryption is as the second ciphertext blocks.According to a preferred enforcement Mode, described second triggering object information can be " pressure information is proved to be successful ", " the second trigger data storehouse is triggered successfully " etc. Information.The 3rd triggering object information when utilizing second data block and the 3rd trigger data storehouse 501 to successfully trigger realizes the 3rd The encryption of individual data block, the information after its encryption is as the 3rd ciphertext blocks.According to one preferred embodiment, the described 3rd touch Sending out object information can be the information such as " acceleration information is proved to be successful " and " the 3rd trigger data storehouse is triggered successfully ".Utilize the 3rd The 4th triggering object information when individual data block and the 4th trigger data storehouse 601 successfully trigger completes adding of fourth data block Close.Information after its encryption is as the 4th ciphertext blocks.According to one preferred embodiment, described 4th triggering object information can To be the information such as " acoustic information is proved to be successful " and " the 4th trigger data storehouse is triggered successfully ".
Described decrypting process includes, described first trigger data storehouse 301 is based on mobile terminal 101 trigger message collecting unit 201 image informations gathered complete to trigger, and will trigger result transmission to triggering result timing unit 203.It triggers result First triggers result.According to one preferred embodiment, its image information gathered includes the finger of mobile terminal 101 user Print image, palmprint image and face contour image.According to one preferred embodiment, adopt when trigger message collecting unit 201 When the image information of collection is successfully completed the triggering with the first trigger data storehouse 301, its first triggering result is that the first output is arranged Output information when identifying successfully that unit 305 is arranged.
The pressure information that described second trigger data storehouse 401 gathers based on mobile terminal 101 trigger message collecting unit 201 Complete to trigger, and result transmission will be triggered to triggering result timing unit 203.It triggers result is the second triggering result.According to One preferred embodiment, and its pressure information gathered includes the frequency of the pressing physical switch 105 of mobile terminal 101 user Rate and/or the duration of pressing physical switch 105.Such as, its compression frequency can be to realize 5 pressings in 3 seconds, during its pressing Length can be that single depression is more than 0.5 second etc..According to one preferred embodiment, gather when trigger message collecting unit 201 Pressure information when being successfully completed the triggering with the second trigger data storehouse 401, second to trigger result be that the second output arranges list for it Output information when identifying successfully that unit 405 is arranged.
The acceleration letter that described 3rd trigger data storehouse 501 gathers based on mobile terminal 101 trigger message collecting unit 201 Cease triggering, and result transmission will have been triggered to triggering result timing unit 203.It triggers result is the 3rd triggering result.Root According to one preferred embodiment, its acceleration information gathered includes acceleration magnitude and/or direction change information.Such as, Its acceleration magnitude is changed in continuous 3 seconds the acceleration signal providing twice more than acceleration of gravity, or realizes in 3 seconds Double acceleration direction variable signal etc..According to one preferred embodiment, adopt when trigger message collecting unit 201 When the acceleration information of collection is successfully completed the triggering with the 3rd trigger data storehouse 501, its 3rd triggering result is that the 3rd output sets Put output information when identifying successfully that unit 505 is arranged.
The acoustic information that described 4th trigger data storehouse 601 gathers based on mobile terminal 101 trigger message collecting unit 201 Completing to trigger, and send triggering result to triggering result timing unit 203, it triggers result is the 4th triggering result.According to One preferred embodiment, and its acoustic information gathered includes the frequency of sound, tone color and intensity of sound information.Such as, its Acoustic contrast's checking can provide one section of individual's recording to contrast with the acoustic information gathered, or provide a song and adopt The acoustic information of collection contrasts.According to one preferred embodiment, when the sound letter that trigger message collecting unit 201 gathers Breath is when being successfully completed the triggering with the 4th trigger data storehouse 601, and the 4th to trigger result be that the 4th output arranges unit 605 and arranges for it Output information when identifying successfully.
Described triggering result timing unit 203 receives the first triggering result and triggers result to the 4th.And by suitable for described reception Sequence sets reception order and compares with it.When its reception order arrange with it reception order identical time, by the first triggering result Trigger result to the 4th to send to ciphertext unit 204.Occur 3 times or more than 3 times when its reception order arranges reception order with it Time different, the trigger message collecting unit 201 of locking mobile terminal 101, no longer trigger collection information.
Ciphertext unit 204 triggers each trigger data in the trigger data storehouse 202 that result timing unit 203 sends for receiving The triggering result in storehouse.Receive first triggering result is completed the first ciphertext blocks deciphering as initial key by ciphertext unit 204, obtains Obtain the first data block.Receive second triggering result and the first data block are completed the as two grades of beginning keys by ciphertext unit 204 Two ciphertext blocks deciphering, it is thus achieved that the second data block.Ciphertext unit 204 triggers result and the second data block as three using the receive the 3rd Level beginning key completes the 3rd ciphertext blocks deciphering, it is thus achieved that the 3rd data block.The 4th triggering result and that ciphertext unit 204 will receive Three data blocks complete the 4th ciphertext blocks deciphering as level Four key, it is thus achieved that the 4th data block.And by ciphertext unit 204 based on first The arrangement information of the data segment in data block, the second data block, the 3rd data block and the 4th data block and the institute of each data segment Corresponding data synthesizes described bind command information data and sends to security module 106 unit.Realize described device hardware communication to connect Mouth 104 and the connection of described security module 106, or realize the power supply of attachment security module 106.
It should be noted that above-mentioned specific embodiment is exemplary, those skilled in the art can be open in the present invention Find out various solution under the inspiration of content, and these solutions also belong to disclosure of the invention scope and fall into this Within bright protection domain.It will be understood by those skilled in the art that description of the invention and accompanying drawing thereof be illustrative and not Constitute limitations on claims.Protection scope of the present invention is limited by claim and equivalent thereof.

Claims (10)

1. the device of a mobile terminal physical button isolation safe module strick precaution security risk, it is characterised in that described movement Terminal (101) at least includes application module (102), mobile terminal operating system (103), device hardware communication interface (104), thing Reason switch (105) and security module (106);
Described physical switch (105) is used for controlling between described security module (106) and described device hardware communication interface (104) Connecting path, or, described physical switch (105) is used for controlling the power supply of described security module (106);
It is additionally provided with between described physical switch (105) and security module (106) for verifying what described physical switch (105) sent For disconnecting/connecting path bind command information between attachment security module (106) and device hardware communication interface (104) It is additionally provided with for verifying described physics between authentication module (107), and/or described physical switch (105) and security module (106) Switch (105) send for disconnecting/authentication module (107) of bind command information powered of attachment security module (106), and And the proof procedure of described authentication module (107) relates to ciphering process and the decrypting process of described bind command.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special Levying and be, described authentication module (107) includes at least trigger data library unit (202), trigger message collecting unit (201), touches Send out result timing unit (203) and ciphertext unit (204);
Described trigger data library unit (202) at least include the first trigger data storehouse (301), the second trigger data storehouse (401), Three trigger data storehouses (501) and the 4th trigger data storehouse (601), wherein, described first trigger data storehouse (301) includes at least containing There are fingerprint image, palmprint image and face contour image in interior one or more image informations;Described second trigger data storehouse (401) include at least containing compression frequency and/or the pressure information of pressing duration;Described 3rd trigger data storehouse (501) includes At least contain the acceleration information of acceleration direction and/or acceleration change;Described 4th trigger data storehouse (601) includes at least Containing sound frequency, tone color and intensity of sound at one or more interior acoustic informations.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special Levying and be, the ciphering process of described bind command includes: described bind command information is divided into four by described authentication module (105) Data segment, and using the arrangement information of the data corresponding to each data segment and data segment as multiple be-encrypted data blocks;Adding During close, the first triggering result when utilizing the first trigger data storehouse (301) to successfully trigger completes adding of first data block Close, the information after its encryption is as the first ciphertext blocks;First data block and the second trigger data storehouse (401) is utilized to successfully trigger Time the second triggering result complete the encryption of second data block, the information after its encryption is as the second ciphertext blocks;Utilize second The 3rd triggering result when individual data block and the 3rd trigger data storehouse (501) successfully trigger realizes the encryption of the 3rd data block, Information after its encryption is as the 3rd ciphertext blocks;When utilizing the 3rd data block and the 4th trigger data storehouse (601) to successfully trigger The 4th triggering result complete the encryption of fourth data block.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special Levying and be, the decrypting process of described bind command includes: described first trigger data storehouse (301) is based on mobile terminal trigger message The image information that collecting unit (201) gathers completes triggering and obtains the first triggering result, and triggers result transmission by described first To triggering result timing unit (203);Described second trigger data storehouse (401) is based on mobile terminal trigger message collecting unit (201) pressure information gathered completes triggering and obtains the second triggering result, and triggers result transmission by described second to triggering knot Really timing unit (203);Described 3rd trigger data storehouse (501) gathers based on mobile terminal trigger message collecting unit (201) Acceleration information complete triggering obtain the 3rd triggering result, and will described 3rd trigger result send to triggering result sequential list Unit (203);The sound letter that described 4th trigger data storehouse (601) gathers based on mobile terminal trigger message collecting unit (201) Cease triggering and obtained the 4th triggering result, and trigger result transmission by the described 4th to triggering result timing unit (203).
Mobile terminal physical button isolation safe module the most according to claim 4 takes precautions against the device of security risk, and it is special Levying and be, the decrypting process of described bind command also includes: described triggering result timing unit (203) receives described first and triggers Result, described second triggering result, described 3rd triggering result and the described 4th trigger result, and reception order are set with it Reception order is compared, when the reception order of described triggering result timing unit (203) arrange with it reception order identical time, Trigger result, described second triggering result, described 3rd triggering result and described 4th triggering result to send described first extremely Ciphertext unit (204), occurs 3 times or 3 when the reception order of described triggering result timing unit (203) arranges reception order with it During secondary above difference, described trigger message collecting unit (201) locks, no longer trigger collection information.
Mobile terminal physical button isolation safe module the most according to claim 5 takes precautions against the device of security risk, and it is special Levying and be, the decrypting process of described bind command also includes: described ciphertext unit (204) using receive first triggering result as Initial key completes the first ciphertext blocks deciphering, it is thus achieved that the first data block;The second triggering knot that described ciphertext unit (204) will receive Fruit and the first data block complete the second ciphertext blocks deciphering as two grades of beginning keys, it is thus achieved that the second data block;Described ciphertext unit (204) the receive the 3rd triggering result and the second data block are completed the 3rd ciphertext blocks deciphering as three grades of beginning keys, it is thus achieved that the Three data blocks;Receive the 4th triggering result and the 3rd data block are completed the as level Four key by described ciphertext unit (204) Four ciphertext blocks deciphering, it is thus achieved that the 4th data block;And by described ciphertext unit (204) based on the first data block, the second data block, Connect described in the arrangement information of data segment in three data blocks and the 4th data block and the corresponding Data Synthesis of each data segment Command information Data Concurrent delivers to security module (106) in order to realize described device hardware communication interface (104) and described safety Disconnection/the connection of module (106), or realize the power supply of disconnection/attachment security module (106).
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special Levying and be, described mobile terminal operating system (103) is for supporting the system environments that mobile terminal module is properly functioning;Described should Being the application program providing the user direct service function by module (102), described application module (102) is processing sensitive data Time need to call security module (106) and carry out data operation or secret information storage and/or read;Described security module (106) It is responsible for mobile terminal (101) and information password computing and/or secret information storage are provided;Described device hardware communication interface (104) it is responsible for being connected and communicate with security module (106), responds the control instruction from operating system and security module (106) information is carried out mutual.
Mobile terminal physical button isolation safe module the most according to claim 2 takes precautions against the device of security risk, and it is special Levying and be, described trigger message collecting unit (201) is connected with described trigger data library unit (202) and for realizing collection The triggering of information;Described trigger data library unit (202) is connected with described triggering result timing unit (203), and it is right to be used for realizing Trigger the timing verification of result;Described triggering result timing unit (203) is connected with ciphertext unit (204), is used for realizing utilizing Trigger result ciphertext blocks is deciphered.
Mobile terminal physical button isolation safe module the most according to claim 1 takes precautions against the device of security risk, and it is special Levying and be, described physical switch (105) is used for disconnecting the company between security module (106) and device hardware communication interface (104) Connect road, or disconnect the connection that security module (106) is powered, it is not necessary to by the proof procedure of authentication module (107) Directly disconnect;
Physical switch described in user operation (105) disconnects described security module (106) and described device hardware communication interface (104) Between path or security module (106) power supply after, use described application module (102) nothing of described security module (106) What method was direct or indirect calls the data operation of described security module (106) or the function clothes of secret information storage and/or reading Business.
10. the dress of security risk is taken precautions against according to the mobile terminal physical button isolation safe module one of claim 1 to 9 Suo Shu Put, it is characterised in that described device is to realize isolation safe module strick precaution security risk in the following way:
The ciphering process of described bind command includes: described bind command information is divided into four data segments, and by each data The corresponding data of section and the arrangement information of data segment are as multiple be-encrypted data blocks;In ciphering process, first is utilized to touch Sending out the first triggering result when data base (301) successfully triggers and complete the encryption of first data block, the information after its encryption is made It it is the first ciphertext blocks;The second triggering result when utilizing first data block and the second trigger data storehouse (401) to successfully trigger is complete Becoming the encryption of second data block, the information after its encryption is as the second ciphertext blocks;Utilize second data block and the 3rd triggering The 3rd triggering result when data base (501) successfully triggers realizes the encryption of the 3rd data block, the information conduct after its encryption 3rd ciphertext blocks;The 4th triggering result when utilizing the 3rd data block and the 4th trigger data storehouse (601) to successfully trigger completes The encryption of fourth data block;
The decrypting process of described bind command includes, described first trigger data storehouse (301) is adopted based on mobile terminal trigger message The image information that collection unit (201) gathers completes triggering and obtains the first triggering result, and triggers result transmission by described first extremely Trigger result timing unit (203);Described second trigger data storehouse (401) is based on mobile terminal trigger message collecting unit (201) pressure information gathered completes triggering and obtains the second triggering result, and triggers result transmission by described second to triggering knot Really timing unit (203);Described 3rd trigger data storehouse (501) gathers based on mobile terminal trigger message collecting unit (201) Acceleration information complete triggering obtain the 3rd triggering result, and will described 3rd trigger result send to triggering result sequential list Unit (203);The sound letter that described 4th trigger data storehouse (601) gathers based on mobile terminal trigger message collecting unit (201) Cease triggering and obtained the 4th triggering result, and trigger result transmission by the described 4th to triggering result timing unit (203);
Described triggering result timing unit (203) receive described first trigger result, described second trigger result, the described 3rd touch Send out result and described 4th trigger result, and reception order is set with it reception order compare, when described triggering result The reception order of timing unit (203) arrange with it reception order identical time, will described first triggering result, described second triggering Result, described 3rd triggering result and the described 4th trigger result and send to ciphertext unit (204), when described triggering result sequential The reception order of unit (203) arrange from it reception order occur 3 times or more than 3 times different time, described trigger message gathers list Unit (201) locking, no longer trigger collection information;
Receive first triggering result is completed the first ciphertext blocks deciphering as initial key by described ciphertext unit (204), it is thus achieved that First data block;Described ciphertext unit (204) is using complete as two grades of beginning keys for the second triggering result and the first data block received Become the second ciphertext blocks deciphering, it is thus achieved that the second data block;Described ciphertext unit (204) is by the 3rd triggering result received and the second number The 3rd ciphertext blocks deciphering is completed as three grades of beginning keys, it is thus achieved that the 3rd data block according to block;Described ciphertext unit (204) is by reception 4th triggers result and the 3rd data block completes the 4th ciphertext blocks deciphering as level Four key, it is thus achieved that the 4th data block;And by institute State ciphertext unit (204) row based on the data segment in the first data block, the second data block, the 3rd data block and the 4th data block Bind command information data described in the corresponding Data Synthesis of column information and each data segment sends to security module (106), uses To realize the disconnection of described device hardware communication interface (104) and described security module (106)/be connected, or realize disconnecting/even Connect the power supply of security module (106).
CN201610862710.4A 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk Active CN106161481B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610862710.4A CN106161481B (en) 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610862710.4A CN106161481B (en) 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk

Publications (2)

Publication Number Publication Date
CN106161481A true CN106161481A (en) 2016-11-23
CN106161481B CN106161481B (en) 2019-08-30

Family

ID=57341266

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610862710.4A Active CN106161481B (en) 2016-09-28 2016-09-28 A kind of device of mobile terminal physical button isolation safe module prevention security risk

Country Status (1)

Country Link
CN (1) CN106161481B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107332989A (en) * 2017-06-27 2017-11-07 中国联合网络通信集团有限公司 The data protection system and data guard method of mobile terminal
CN111046414A (en) * 2018-10-15 2020-04-21 中兴通讯股份有限公司 Mobile terminal, switch control method, and computer-readable storage medium
CN113821774A (en) * 2021-09-07 2021-12-21 安徽继远软件有限公司 Terminal security risk module matching and verifying system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101171860A (en) * 2005-04-07 2008-04-30 法国电信公司 Security method and device for managing access to multimedia contents
CN101277230A (en) * 2008-04-22 2008-10-01 华为技术有限公司 Method and device for statistic of layering flow
CN201365347Y (en) * 2008-12-12 2009-12-16 东莞市智盾电子技术有限公司 Mobile telephone with independent built-in data assistant device
CN101939963A (en) * 2007-12-07 2011-01-05 法国电信公司 Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server
US20140355562A1 (en) * 2013-05-31 2014-12-04 Research In Motion Limited Systems and methods for data offload in wireless networks
CN104916022A (en) * 2015-06-16 2015-09-16 广州杰赛科技股份有限公司 Intelligent lock control method, mobile terminal and intelligent lock system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101171860A (en) * 2005-04-07 2008-04-30 法国电信公司 Security method and device for managing access to multimedia contents
CN101939963A (en) * 2007-12-07 2011-01-05 法国电信公司 Method of controlling applications installed on a security module associated with a mobile terminal, associated security module, mobile terminal and server
CN101277230A (en) * 2008-04-22 2008-10-01 华为技术有限公司 Method and device for statistic of layering flow
CN201365347Y (en) * 2008-12-12 2009-12-16 东莞市智盾电子技术有限公司 Mobile telephone with independent built-in data assistant device
US20140355562A1 (en) * 2013-05-31 2014-12-04 Research In Motion Limited Systems and methods for data offload in wireless networks
CN104916022A (en) * 2015-06-16 2015-09-16 广州杰赛科技股份有限公司 Intelligent lock control method, mobile terminal and intelligent lock system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107332989A (en) * 2017-06-27 2017-11-07 中国联合网络通信集团有限公司 The data protection system and data guard method of mobile terminal
CN107332989B (en) * 2017-06-27 2020-09-15 中国联合网络通信集团有限公司 Data protection system and data protection method of mobile terminal
CN111046414A (en) * 2018-10-15 2020-04-21 中兴通讯股份有限公司 Mobile terminal, switch control method, and computer-readable storage medium
WO2020078317A1 (en) * 2018-10-15 2020-04-23 中兴通讯股份有限公司 Mobile terminal, switch control method, and computer readable storage medium
CN113821774A (en) * 2021-09-07 2021-12-21 安徽继远软件有限公司 Terminal security risk module matching and verifying system

Also Published As

Publication number Publication date
CN106161481B (en) 2019-08-30

Similar Documents

Publication Publication Date Title
US11070364B2 (en) Secure communication method and smart lock system based thereof
WO2017034312A1 (en) Apparatus and method for trusted execution environment based secure payment transactions
CN103336924B (en) Startup for application program for mobile terminal is locked
CN101529366A (en) Identification and visualization of trusted user interface objects
US10615973B2 (en) Systems and methods for detecting data insertions in biometric authentication systems using encryption
CN110533807A (en) A kind of decentralization door-locking system based on block chain
US20210351920A1 (en) Secure communication method and smart lock system based thereof
CN108027853B (en) Multi-user strong authentication token
CN108322310A (en) It is a kind of to utilize safety equipment Card Reader login method and Security Login System
CN107864124A (en) A kind of end message method for security protection, terminal and bluetooth lock
CN103973437A (en) Method, device and system for acquiring RSA secret key authorization when terminal is locked
CN107169368A (en) A kind of computer system ensured information security
CN106161481A (en) A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk
CN111475832A (en) Data management method and related device
CN106951757A (en) A kind of method and apparatus for operating application program
CN105787319A (en) Iris recognition-based portable terminal and method for same
KR101272349B1 (en) User authentication method using plural one time password
CN111698253A (en) Computer network safety system
CN107026817B (en) System for automatically inputting password
CN112636914B (en) Identity verification method, identity verification device and smart card
CN108334794A (en) A kind of information input encryption method and system for information input equipment
CN106203081A (en) A kind of safety protecting method and device
CN113554793A (en) Temporary access method, equipment, storage medium and system of intelligent access control system
CN107392035B (en) Method for protecting data security, mobile terminal and computer readable storage medium
CN101123506B (en) Sensitive information monitoring and automatic recovery system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant