CN106407835A - Mobile terminal, data protection method and device - Google Patents
Mobile terminal, data protection method and device Download PDFInfo
- Publication number
- CN106407835A CN106407835A CN201610755553.7A CN201610755553A CN106407835A CN 106407835 A CN106407835 A CN 106407835A CN 201610755553 A CN201610755553 A CN 201610755553A CN 106407835 A CN106407835 A CN 106407835A
- Authority
- CN
- China
- Prior art keywords
- data
- request
- target data
- identity
- proof
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012795 verification Methods 0.000 claims abstract description 23
- 230000008676 import Effects 0.000 claims abstract description 19
- 230000005540 biological transmission Effects 0.000 claims abstract description 7
- 238000012937 correction Methods 0.000 claims description 17
- 238000009795 derivation Methods 0.000 claims description 13
- 238000012360 testing method Methods 0.000 claims description 6
- 239000003999 initiator Substances 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000009471 action Effects 0.000 description 4
- 238000000429 assembly Methods 0.000 description 4
- 230000000712 assembly Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 244000035744 Hura crepitans Species 0.000 description 1
- 229910017435 S2 In Inorganic materials 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure relates to a mobile terminal, a data protection method and a data protection device. The data protection method comprises the following steps: setting a data protection area in a built-in storage medium of the mobile terminal, and configuring the data protection area to only allow preset application access; when an import request for importing target data is received, carrying out identity verification on an initiator of the import request; and after the identity verification is passed, acquiring the target data by using the preset application and importing the target data into the data protection area through a transmission interface. The present disclosure may provide higher security.
Description
Technical field
It relates to technical field of mobile terminals, in particular to a kind of data guard method, data protecting device
And apply the mobile terminal of this data guard method and device.
Background technology
With developing rapidly of integrated circuit technique and communication network technology, mobile terminal gradually has powerful place
Reason ability and communication function.At present, mobile terminal is changed into an integrated information processing platform from simple call instrument, becomes
For infiltration extensively, popularization is rapid, impact is huge, deeply to the end product of human society life every aspect.
Under the background that mobile phone users amount increases rapidly, its security is also widely paid close attention to by increasingly.For example,
The user data of mobile terminal storage gets more and more, and is wherein no lack of many important, sensitive data, for example, message, mail, photograph
Piece, video, audio frequency or the sensitive information such as other privacy informations and business secret.But, operate in the part of mobile terminal
Application may stealthily access the user data that should not access, and causes user sensitive information to reveal.In this regard, a solution is
Allow user that important or sensitive data are placed on deedbox by way of deedbox is set and be encrypted storage,
To reach the purpose of protection user data.
However, deedbox of the prior art is all to store to need number to be protected by way of hidden folder
According to;Therefore, deedbox storage data can by by other application programs by access hidden folder in the way of obtain, very
Extremely hidden folder can be deleted to destroy protected data.Therefore, technical scheme of the prior art also exists and needs to be changed
Enter part.
It should be noted that information is only used for strengthening the reason of background of this disclosure disclosed in above-mentioned background section
Solution, therefore can include not constituting the information to prior art known to persons of ordinary skill in the art.
Content of the invention
The purpose of the disclosure is to provide a kind of data guard method, data protecting device and applies this data protection side
Method and the mobile terminal of device, and then at least overcome leading to due to restriction and the defect of correlation technique to a certain extent
Individual or multiple problems.
Other characteristics of the disclosure and advantage will be apparent from by detailed description below, or partially by this public affairs
The practice opened and acquistion.
According to an aspect of this disclosure, provide a kind of data guard method, including:
Protected data area is set in the built-in storage medium of mobile terminal, and described protected data area is configured to only permit
Permitted default application to access;
When receiving the importing request that request imports target data, identity school is carried out to the described promoter importing request
Test;
After described proof of identity is passed through, incite somebody to action using the described default application described target data of acquisition and by coffret
Described target data is directed into described protected data area.
In a kind of exemplary embodiment of the disclosure, described data guard method also includes:
When receiving the derivation request that described target data is derived in request, body is carried out to the described promoter deriving request
Part verification;
After described proof of identity is passed through, using described default application by described coffret by described target data from
Described protected data area is derived.
In a kind of exemplary embodiment of the disclosure, described data guard method also includes:
When receiving the access request of the described target data that request accesses described protected data area, please to described access
The promoter asking carries out proof of identity;
After described proof of identity is passed through, pass through described coffret from described protected data area using described default application
Access described target data.
In a kind of exemplary embodiment of the disclosure, described data guard method also includes:
When described target data is imported described protected data area by described default application, record described default application and obtain
The mode of described target data;
When described default application derives described target data from described protected data area, the described mode according to record will
Described target data derives.
In a kind of exemplary embodiment of the disclosure, described data guard method also includes:
Described target data in described protected data area is encrypted.
In a kind of exemplary embodiment of the disclosure, described target data derive from described mobile terminal in first should
With, and described default application dynamic load in the form of interface card supports described first application.
In a kind of exemplary embodiment of the disclosure, wherein, by request promoter input checking password or
The biological information of the promoter of request carries out proof of identity to the promoter of request.
According to an aspect of this disclosure, provide a kind of data protecting device, including:
Protection zone configuration module, for arranging protected data area in the built-in storage medium of mobile terminal, and will be described
Protected data area is configured to only allow default application to access;
First correction verification module, for when receiving the importing request that request imports target data, importing request to described
Promoter carry out proof of identity;
Data import modul, for, after described proof of identity is passed through, obtaining described number of targets using described default application
According to and described target data is directed into by described protected data area by coffret.
In a kind of exemplary embodiment of the disclosure, described data protecting device also includes:
Second correction verification module, for when receiving the derivation request that described target data is derived in request, to described derivation
The promoter of request carries out proof of identity;
Data export module, for, after described proof of identity is passed through, being connect by described transmission using described default application
Described target data is derived by mouth from described protected data area.
In a kind of exemplary embodiment of the disclosure, described data protecting device also includes:
3rd correction verification module, for asking in the access receiving the described target data that request accesses described protected data area
When asking, proof of identity is carried out to the promoter of described access request;
Data access module, for, after described proof of identity is passed through, being connect by described transmission using described default application
Mouth accesses described target data from described protected data area.
In a kind of exemplary embodiment of the disclosure, described data protecting device also includes:
Transmission log module, for when described target data is imported described protected data area by described default application, remembering
Record the mode that described default application obtains described target data;
Described data export module described default application from described protected data area derive described target data when, according to
Described target data is derived by the described mode of record.
In a kind of exemplary embodiment of the disclosure, described data protecting device also includes:
Data encryption module, for being encrypted to the described target data in described protected data area.
In a kind of exemplary embodiment of the disclosure, described target data derive from described mobile terminal in first should
With, and described default application dynamic load in the form of interface card supports described first application.
In a kind of exemplary embodiment of the disclosure, described first correction verification module, the second correction verification module and the 3rd school
The biological information testing the promoter verifying password or request of promoter's input that module passes through request is sent out to request
Play person and carry out proof of identity.
According to an aspect of this disclosure, provide a kind of mobile terminal, including:
Processor;And
Memory, for storing the executable instruction of described processor;
Wherein said processor is configured to execute following operation via executing described executable instruction:
Protected data area is set in the built-in storage medium of mobile terminal, and described protected data area is configured to only permit
Permitted default application to access;
When receiving the importing request that request imports target data, identity school is carried out to the described promoter importing request
Test;
After described proof of identity is passed through, incite somebody to action using the described default application described target data of acquisition and by coffret
Described target data is directed into described protected data area.
In the data guard method that a kind of example embodiment of the disclosure is provided, just may be used by the only default application of setting
With the protected data area accessing, and for the access of protected data area, authentication is carried out to default application.Therefore, a side
Face is it can be ensured that data in protected data area and mobile terminal are with the security of lifting data;On the other hand, can be true
The data protected in protected data area cannot be accessed by other application, lifts the security of data further;Another further aspect, Ke Yishi
Existing legitimate verification and scope check are so that the request promoter not passing through authentication cannot access the mesh in protected data area
Mark data, lifts the security of data further.Therefore, compared to the data protection in prior art, this example embodiment
Scheme can realize higher security.
It should be appreciated that above general description and detailed description hereinafter are only exemplary and explanatory, not
The disclosure can be limited.
Brief description
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the enforcement meeting the disclosure
Example, and be used for explaining the principle of the disclosure together with specification.It should be evident that drawings in the following description are only the disclosure
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of data guard method in disclosure exemplary embodiment.
Fig. 2 is a kind of schematic flow sheet of data guard method in disclosure exemplary embodiment.
Fig. 3 is a kind of block diagram of data protecting device in disclosure exemplary embodiment.
Fig. 4 is a kind of block diagram of data protecting device in disclosure exemplary embodiment.
Fig. 5 is a kind of movement applying above-mentioned data guard method or data protecting device in disclosure exemplary embodiment
The block diagram of terminal.
Specific embodiment
It is described more fully with example embodiment referring now to accompanying drawing.However, example embodiment can be with multiple shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, these embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively convey to those skilled in the art.Described feature, knot
Structure or characteristic can combine in one or more embodiments in any suitable manner.In the following description, provide perhaps
Many details are thus provide fully understanding of embodiment of this disclosure.It will be appreciated, however, by one skilled in the art that can
Omit one of described specific detail or more to put into practice the technical scheme of the disclosure, or other sides can be adopted
Method, constituent element, device, step etc..In other cases, be not shown in detail or describe known solution a presumptuous guest usurps the role of the host avoiding and
The each side making the disclosure thickens.
Additionally, accompanying drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.In figure identical accompanying drawing mark
Note represents same or similar part, thus will omit repetition thereof.Some block diagrams shown in accompanying drawing are work(
Energy entity, not necessarily must be corresponding with physically or logically independent entity.These work(can be realized using software form
Energy entity, or realize these functional entitys in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
Provide firstly a kind of data guard method in this example embodiment, can apply to a mobile terminal.Originally show
In example embodiment, described mobile terminal can be for example mobile phone, panel computer and PDA etc..The operation of described mobile terminal
System can be the operating system based on Linux, such as other operating systems such as Android operation system or IOS, this
In exemplary embodiment, this is not done with particular determination.With reference to shown in Fig. 1, in this example embodiment, described data protection side
Method may comprise steps of:
Step S1. arranges protected data area in the built-in storage medium of mobile terminal, and described protected data area is joined
It is set to and only allow default application to access.
In this example embodiment, for example, can pass through memory management component and the application program management group of inner nuclear layer
Part etc. service the built-in storage medium (the inoperative internal memory of such as mobile terminal) of mobile terminal is configured so as in specify
The memory space of size, that is, protected data area only allow default application to access, thereby may be ensured that the data in protected data area
With mobile terminal with the security of lifting data.
Above-mentioned default application can be for example deedbox application.Deedbox application is to need number to be protected
According to the software systems conducting interviews and manage, it is unique valid application of data in user operation protected data area.By data
The operations such as safety box application can carry out to the data in protected data area deleting, renaming, modification, preview, derivation, importing.
Additionally, in this example embodiment, deedbox application dynamic load can support mobile terminal in the form of interface card
In other application, this will be subsequently further detailed.
Step S2., when receiving the importing request that request imports target data, is entered to the described promoter importing request
Row proof of identity.
In this example embodiment, the importing request that request imports target data can be answered by deedbox by user
Above-mentioned interface card is called to initiate with initiation or user by other application in mobile terminal, this exemplary embodiment
In this is not done with particular determination.Described target data needs data to be protected, for example, can include message, mail, photo, regard
Frequently, the sensitive information such as audio frequency or other privacy informations and business secret.
In this example embodiment, can be asked to importing by way of importing the checking password of the promoter's input asked
The promoter asking carries out proof of identity, thus realize legitimate verification and scope check it is ensured that in protected data area data peace
Quan Xing.Checking password is protected data area addressable unique identity symbol, can avoid system by setting checking password
Unification empties the data that data is deleted in protected data area by mistake, has also prevented other application or illegal request promoter simultaneously
Malicious access.But skilled addressee readily understands that, it is also possible to pass through in other exemplary embodiments of the disclosure
Other modes carry out proof of identity to the promoter of access request, for example, by importing the biological characteristic letter of the promoter asking
Breath (as finger print information) carries out proof of identity etc. to the promoter importing request.
Step S3., after described proof of identity is passed through, obtains described target data and by passing using described default application
Described target data is directed into described protected data area by defeated interface.
In this example embodiment, just allow to carry out target data by rear in the proof of identity of the promoter importing request
Import operation, import request promoter proof of identity failure after then can refuse to carry out the import operation of target data,
And the promoter importing request can be pointed out to re-start proof of identity.
Deedbox can be passed through for general data in flat file data in mobile terminal storage card, database etc.
Application is directly directed into protected data area from original storage position by coffret.For by mobile terminal other application
The data of program sandbox protection or the non-files classes data from mobile terminal other application programs, then can call plug-in unit
Target data is directed into protected data area by the coffret during interface is applied by deedbox.In addition it is readily appreciated that
It is that, in this example embodiment, while target data is directed into protected data area, the described target data in home position will
It is deleted.Wherein, the importing for target data can be by shared drive, by Socket or by the side such as file access
Formula is realized, and in this exemplary embodiment, this is not done with particular determination.
Additionally, the described target data in described protected data area can also be encrypted in this example embodiment.
By being encrypted to target data it can be ensured that target data (for example directly extracts built-in depositing in destroyed property mode
Card storage be transplanted to other-end obtain data) access when be secrecy.The mode encrypted for target data may be referred to existing
In technology, available any cipher mode, is not repeated to this in this example embodiment.
With reference to shown in Fig. 2, the safety in order to realize target data derives, data protection described in this example embodiment
Method can also include step S4 and step S5.Wherein:
Initiation when receiving the derivation request that described target data is derived in request, to described derivation request for step S4.
Person carries out proof of identity.
In this example embodiment, in order to ensure the safety of data, the derivation that can set request derivation target data please
Ask to be applied by deedbox by user and initiate.Implementing of authentication for the promoter deriving request can
With the specific implementation of the authentication with reference to the promoter asking for importing in above-mentioned steps S2, therefore no longer heavy herein
Repeat again.
Step S5., after described proof of identity is passed through, passes through described coffret by described mesh using described default application
Mark data derives from described protected data area.
In this example embodiment, just allow to carry out target data by rear in the proof of identity of the promoter deriving request
Derivation operation, then can refuse to carry out the derivation operation of target data after deriving the failure of the proof of identity of promoter of request,
And the promoter deriving request can be pointed out to re-start proof of identity.
Further, in described default application, described target data can also be imported described number in this example embodiment
During according to protection zone, record the mode that described default application obtains described target data.For example, target data described in record is literary composition
The mode of part safety box applications exploiting file access is directly directed into data from original storage position by coffret and protects
Shield area, then, when described default application derives described target data from described protected data area, the mode using file access will
Target data is directly derived to original storage position from protected data area by coffret.Again for example, target described in record
Data is that deedbox application call card i/f is conducted into data protection by coffret using Socket mode
Area, then, when described default application derives described target data from described protected data area, adjust back above-mentioned card i/f and utilize
Target data is derived to original storage position from protected data area by Socket mode by coffret.In addition it is readily appreciated that
, described number of targets in this example embodiment, while target data is derived to home position, in protected data area
According to will be deleted.
Shown in Fig. 2, in order to realize the secure access of target data, data described in this example embodiment
Guard method can also include step S6 and step S7.Wherein:
Step S6. receive request access described protected data area described target data access request when, to institute
The promoter stating access request carries out proof of identity.
In this example embodiment, the access request of request access target data can pass through deedbox by user should
Above-mentioned interface card is called to initiate with initiation or user by other application in mobile terminal, this exemplary embodiment
In this is not done with particular determination.Implementing of authentication for the promoter of access request may be referred to above-mentioned steps S2
In for import request promoter authentication specific implementation, therefore it is no longer repeated herein.
Step S7., after described proof of identity is passed through, passes through described coffret from described number using described default application
Access described target data according to protection zone.
In this example embodiment, just allow to carry out target data by rear in the proof of identity of the promoter of access request
Access operation, then can refuse to carry out the access operation of target data after the proof of identity failure of the promoter of access request,
And the promoter that can point out access request re-starts proof of identity.
In sum, in the data guard method that this example embodiment is provided, by the only default application of setting
The protected data area that can access, and for the access of protected data area, authentication is carried out to default application.Therefore, a side
Face is it can be ensured that data in protected data area and mobile terminal are with the security of lifting data;On the other hand, can be true
The data protected in protected data area cannot be accessed by other application, lifts the security of data further;Another further aspect, Ke Yishi
Existing legitimate verification and scope check are so that the request promoter not passing through authentication cannot access the mesh in protected data area
Mark data, lifts the security of data further.Therefore, compared to the data protection in prior art, this example embodiment
Scheme can realize higher security.
Further, additionally provide a kind of data protecting device in this example embodiment, can apply to one mobile whole
End.With reference to shown in Fig. 3, described data protecting device 1 can include protection zone configuration module 10, the first correction verification module 20 and
Data import modul 30.Wherein:
Protection zone configuration module 10 can be used for arranging protected data area in the built-in storage medium of mobile terminal, and will
Described protected data area is configured to only allow default application to access;
First correction verification module 20 can be used for when receiving the importing request that request imports target data, to described importing
The promoter of request carries out proof of identity;
Data import modul 30 can be used for, after described proof of identity is passed through, obtaining described mesh using described default application
Described target data is simultaneously directed into described protected data area by coffret by mark data.
With reference to shown in Fig. 4, in this example embodiment, described data protecting device can also include the second calibration mode
Block 40 and data export module 50.Wherein:
Second correction verification module 40 can be used for when receiving the derivation request that described target data is derived in request, to described
The promoter deriving request carries out proof of identity;
Data export module 50 can be used for after described proof of identity is passed through, using described default application by described biography
Described target data is derived by defeated interface from described protected data area.
With reference to shown in Fig. 4, in this example embodiment, described data protecting device can also include the 3rd school to type
Test module 60 and Data access module 70.Wherein:
3rd correction verification module 60 can be used in the described target data receiving the described protected data area of request access
During access request, proof of identity is carried out to the promoter of described access request;
Data access module 70 can be used for after described proof of identity is passed through, using described default application by described biography
Defeated interface accesses described target data from described protected data area.
In this example embodiment, described data protecting device can also include transmission log module.Wherein:
Transmission log module can be used for when described target data is imported described protected data area by described default application,
Record the mode that described default application obtains described target data;
Described data export module described default application from described protected data area derive described target data when, according to
Described target data is derived by the described mode of record.
In this example embodiment, described data protecting device can also include data encryption module.Wherein:
Data encryption module can be used for the described target data in described protected data area is encrypted.
In this example embodiment, described target data derives from the first application in described mobile terminal, and described
Default application dynamic load in the form of interface card supports described first application.
In this example embodiment, described first correction verification module 20, the second correction verification module 40 and the 3rd correction verification module
60 can be sent out to request by the biological information of the checking password of promoter's input of request or the promoter of request
Play person and carry out proof of identity.
In above-mentioned data protecting device, the detail of each module/unit is carried out in corresponding data guard method
Detailed description, therefore here is omitted.
Although it should be noted that being referred to some modules or the list of the equipment for action executing in above-detailed
Unit, but this division is not enforceable.In fact, according to embodiment of the present disclosure, above-described two or more
The feature of module or unit and function can embody in a module or unit.Conversely, an above-described mould
The feature of block or unit and function can be to be embodied by multiple modules or unit with Further Division.
Although additionally, describe each step of method in the disclosure in the accompanying drawings with particular order, this does not really want
Ask or imply and must execute these steps according to this particular order, or having to carry out all shown step just enables
Desired result.Additional or alternative, it is convenient to omit some steps, multiple steps are merged into a step execution, and/
Or a step is decomposed into execution of multiple steps etc..
With reference to Fig. 5, apply the mobile terminal 300 of above-mentioned Data Protection Scheme can include following one or more assemblies:
Process assembly 302, memory 304, power supply module 306, multimedia groupware 308, audio-frequency assembly 310, input/output (I/O)
Interface 312, sensor cluster 314, and communication component 316.
Process assembly 302 generally controls the integrated operation of mobile terminal 300, such as with display, call, and data is led to
The associated operation of letter, camera operation and record operation.Process assembly 302 can include one or more processors 320 to hold
Row instruction, to complete all or part of step of above-mentioned method.Additionally, process assembly 302 can include one or more moulds
Block, is easy to the interaction between process assembly 302 and other assemblies.For example, process assembly 302 can include multi-media module, with
Facilitate the interaction between multimedia groupware 304 and process assembly 302.
Memory 304 is configured to store various types of data to support the operation in equipment 300.The showing of these data
Example includes the instruction for any application program of operation or method on mobile terminal 300, contact data, telephone directory number
According to, message, picture, video etc..Memory 304 can by any kind of volatibility or non-volatile memory device or they
Combination realize, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), erasable
Programmable read only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, quick flashing
Memory, disk or CD.
Power supply module 306 provides electric power for the various assemblies of mobile terminal 300.Power supply module 306 can include power supply pipe
Reason system, one or more power supplys, and other generate, manage and distribute, with for mobile terminal 300, the assembly that electric power is associated.
Multimedia groupware 308 includes the screen of one output interface of offer between described mobile terminal 300 and user.
In certain embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch surface
Plate, screen may be implemented as touch-screen, to receive the input signal from user.Touch panel includes one or more touches
Sensor is with the gesture on sensing touch, slip and touch panel.Described touch sensor can not only sensing touch or slip
The border of action, but also the detection duration related to described touch or slide and pressure.In certain embodiments,
Multimedia groupware 308 includes a front-facing camera and/or post-positioned pick-up head.When equipment 300 is in operator scheme, such as shoot mould
When formula or video mode, front-facing camera and/or post-positioned pick-up head can receive outside multi-medium data.Each preposition shooting
Head and post-positioned pick-up head can be the optical lens system of a fixation or have focusing and optical zoom capabilities.
Audio-frequency assembly 310 is configured to output and/or input audio signal.For example, audio-frequency assembly 310 includes a Mike
Wind (MIC), when mobile terminal 300 is in operator scheme, during as call model, logging mode and speech recognition mode, microphone
It is configured to receive external audio signal.The audio signal being received can be further stored in memory 304 or via logical
Letter assembly 316 sends.In certain embodiments, audio-frequency assembly 310 also includes a loudspeaker, for exports audio signal.
, for providing interface between process assembly 302 and peripheral interface module, above-mentioned peripheral interface module can for I/O interface 312
To be keyboard, click wheel, button etc..These buttons may include but be not limited to:Home button, volume button, start button and lock
Determine button.
Sensor cluster 314 includes one or more sensors, for providing the state of various aspects for mobile terminal 300
Assessment.For example, sensor cluster 314 can detect/the closed mode of opening of equipment 300, the relative positioning of assembly, such as institute
State the display that assembly is mobile terminal 300 and keypad, sensor cluster 314 can also detect mobile terminal 300 or mobile
The position of 300 1 assemblies of terminal changes, and user is presence or absence of with what mobile terminal 300 contacted, mobile terminal 300 orientation
Or the temperature change of acceleration/deceleration and mobile terminal 300.Sensor cluster 314 can include proximity transducer, is configured to
The presence of object near the detection when not having any physical contact.Sensor cluster 314 can also include optical sensor, such as
CMOS or ccd image sensor, for using in imaging applications.In certain embodiments, this sensor cluster 314 is acceptable
Including acceleration transducer, gyro sensor, Magnetic Sensor, pressure sensor or temperature sensor.
Communication component 316 is configured to facilitate the communication of wired or wireless way between mobile terminal 300 and other equipment.
Mobile terminal 300 can access the wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof.Show at one
In example property embodiment, communication component 316 receives broadcast singal or the broadcast from external broadcasting management system via broadcast channel
Relevant information.In one exemplary embodiment, described communication component 316 also includes near-field communication (NFC) module, short to promote
Cheng Tongxin.For example, RF identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra broadband can be based in NFC module
(UWB) technology, bluetooth (BT) technology and other technologies are realizing.
In the exemplary embodiment, mobile terminal 300 can be by one or more application specific integrated circuits (ASIC), number
Word signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array
(FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for executing said method.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided
As included the memory 304 instructing, above-mentioned instruction can be executed by the processor 320 of mobile terminal 300 to complete the enforcement of this example
Technique scheme in mode.For example, described non-transitorycomputer readable storage medium can be that ROM, arbitrary access are deposited
Reservoir (RAM), CD-ROM, tape, floppy disk and optical data storage devices etc..
Those skilled in the art, after considering specification and putting into practice invention disclosed herein, will readily occur to its of the disclosure
Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or
Person's adaptations are followed the general principle of the disclosure and are included the undocumented common knowledge in the art of the disclosure
Or conventional techniques.Description and embodiments be considered only as exemplary, the true scope of the disclosure and spirit by appended
Claim is pointed out.
Claims (13)
1. a kind of data guard method is it is characterised in that include:
Protected data area is set in the built-in storage medium of mobile terminal, and described protected data area is configured to only to allow pre-
If application accesses;
When receiving the importing request that request imports target data, proof of identity is carried out to the described promoter importing request;
After described proof of identity is passed through, obtain described target data will be described by coffret using described default application
Target data is directed into described protected data area.
2. data guard method according to claim 1 is it is characterised in that described data guard method also includes:
When receiving the derivation request that described target data is derived in request, identity school is carried out to the described promoter deriving request
Test;
After described proof of identity is passed through, using described default application by described coffret by described target data from described
Protected data area is derived.
3. data guard method according to claim 1 is it is characterised in that described data guard method also includes:
When receiving the access request of the described target data that request accesses described protected data area, to described access request
Promoter carries out proof of identity;
After described proof of identity is passed through, accessed from described protected data area by described coffret using described default application
Described target data;
When described target data is imported described protected data area by described default application, record described default application acquisition described
The mode of target data;
When described default application derives described target data from described protected data area, the described mode according to record will be described
Target data derives.
4. data guard method according to claim 1 and 2 is it is characterised in that described data guard method also includes:
Described target data in described protected data area is encrypted.
5. data guard method according to claim 1 and 2 is it is characterised in that described target data derives from described shifting
The first application in dynamic terminal, and described default application dynamic load in the form of interface card supports described first application.
6. data guard method according to claim 1 and 2 it is characterised in that wherein, is inputted by the promoter of request
Checking password or request promoter biological information to request promoter carry out proof of identity.
7. a kind of data protecting device is it is characterised in that include:
Protection zone configuration module, for arranging protected data area, and by described data in the built-in storage medium of mobile terminal
Protection zone is configured to only allow default application to access;
First correction verification module, for when receiving the importing request that request imports target data, sending out to described importing request
Play person and carry out proof of identity;
Data import modul, for, after described proof of identity is passed through, obtaining described target data simultaneously using described default application
Described target data is directed into by described protected data area by coffret.
8. data protecting device according to claim 8 is it is characterised in that described data protecting device also includes:
Second correction verification module, for when receiving the derivation request that described target data is derived in request, deriving request to described
Promoter carry out proof of identity;
Data export module, for, after described proof of identity is passed through, passing through described coffret using described default application will
Described target data derives from described protected data area;
3rd correction verification module, for receiving the access request that request accesses the described target data of described protected data area
When, proof of identity is carried out to the promoter of described access request;
Data access module, for after described proof of identity is passed through, using described default application pass through described coffret from
Described protected data area accesses described target data.
9. the data protecting device according to claim 7 or 8 is it is characterised in that described data protecting device also includes:
Transmission log module, for when described target data is imported described protected data area by described default application, recording institute
State the mode that default application obtains described target data;
Described data export module described default application from described protected data area derive described target data when, according to record
Described mode described target data is derived.
10. the data protecting device according to claim 7 or 8 is it is characterised in that described data protecting device also includes:
Data encryption module, for being encrypted to the described target data in described protected data area.
11. data protecting devices according to claim 7 or 8 are it is characterised in that described target data derives from described shifting
The first application in dynamic terminal, and described default application dynamic load in the form of interface card supports described first application.
12. data protecting devices according to claim 7 or 8 are it is characterised in that described first correction verification module, the second school
Test module and the 3rd correction verification module passes through the checking password of promoter's input of request or the biology of the promoter of request is special
Reference breath carries out proof of identity to the promoter of request.
A kind of 13. mobile terminals are it is characterised in that include:
Processor;And
Memory, for storing the executable instruction of described processor;
Wherein said processor is configured to execute following operation via executing described executable instruction:
Protected data area is set in the built-in storage medium of mobile terminal, and described protected data area is configured to only to allow pre-
If application accesses;
When receiving the importing request that request imports target data, proof of identity is carried out to the described promoter importing request;
After described proof of identity is passed through, obtain described target data will be described by coffret using described default application
Target data is directed into described protected data area.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610755553.7A CN106407835A (en) | 2016-08-29 | 2016-08-29 | Mobile terminal, data protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610755553.7A CN106407835A (en) | 2016-08-29 | 2016-08-29 | Mobile terminal, data protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106407835A true CN106407835A (en) | 2017-02-15 |
Family
ID=58003774
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610755553.7A Pending CN106407835A (en) | 2016-08-29 | 2016-08-29 | Mobile terminal, data protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106407835A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107770150A (en) * | 2017-08-25 | 2018-03-06 | 北京元心科技有限公司 | Terminal protecting methdo and device |
| WO2019210758A1 (en) * | 2018-05-02 | 2019-11-07 | 中兴通讯股份有限公司 | Data protection method and device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678959A (en) * | 2013-11-12 | 2014-03-26 | 杭州晟元芯片技术有限公司 | Data protecting method based on portable storage device |
| CN104123506A (en) * | 2013-04-28 | 2014-10-29 | 北京壹人壹本信息科技有限公司 | Data access method and device and data encryption storage and access method and device |
| US20140351886A1 (en) * | 2013-05-22 | 2014-11-27 | Qualcomm Incorporated | Methods and apparatuses for protecting positioning related information |
| CN104376273A (en) * | 2014-11-18 | 2015-02-25 | 乐视致新电子科技(天津)有限公司 | Data access control method and device |
| CN104657674A (en) * | 2015-01-16 | 2015-05-27 | 北京邮电大学 | Isolation protection system and isolation protection method of private data in mobile phone |
-
2016
- 2016-08-29 CN CN201610755553.7A patent/CN106407835A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104123506A (en) * | 2013-04-28 | 2014-10-29 | 北京壹人壹本信息科技有限公司 | Data access method and device and data encryption storage and access method and device |
| US20140351886A1 (en) * | 2013-05-22 | 2014-11-27 | Qualcomm Incorporated | Methods and apparatuses for protecting positioning related information |
| CN103678959A (en) * | 2013-11-12 | 2014-03-26 | 杭州晟元芯片技术有限公司 | Data protecting method based on portable storage device |
| CN104376273A (en) * | 2014-11-18 | 2015-02-25 | 乐视致新电子科技(天津)有限公司 | Data access control method and device |
| CN104657674A (en) * | 2015-01-16 | 2015-05-27 | 北京邮电大学 | Isolation protection system and isolation protection method of private data in mobile phone |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107770150A (en) * | 2017-08-25 | 2018-03-06 | 北京元心科技有限公司 | Terminal protecting methdo and device |
| CN107770150B (en) * | 2017-08-25 | 2020-09-22 | 北京元心科技有限公司 | Terminal protection method and device |
| WO2019210758A1 (en) * | 2018-05-02 | 2019-11-07 | 中兴通讯股份有限公司 | Data protection method and device and storage medium |
| CN110443059A (en) * | 2018-05-02 | 2019-11-12 | 中兴通讯股份有限公司 | Data guard method and device |
| US11392586B2 (en) | 2018-05-02 | 2022-07-19 | Zte Corporation | Data protection method and device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104765552B (en) | Right management method and device | |
| CN103916233B (en) | A kind of information ciphering method and device | |
| CN108269334A (en) | Method for unlocking, terminal device and smart lock | |
| CN105389516A (en) | Sensitive picture reminding method and apparatus | |
| CN104391870B (en) | Logistics information acquisition methods and device | |
| CN104112091A (en) | File locking method and device | |
| CN105844470A (en) | Payment method and device | |
| CN104933351A (en) | Information security processing method and information security processing device | |
| CN105095847A (en) | Iris identification method and apparatus for mobile terminal | |
| CN104168277A (en) | File security maintaining method and device | |
| CN104376273A (en) | Data access control method and device | |
| CN107767133B (en) | Virtual card opening method, device and system and storage medium | |
| CN106210238A (en) | short message storage method and device | |
| CN106446653A (en) | Application authority management method and device and electronic equipment | |
| RU2653253C1 (en) | Method and device for online payment | |
| CN106101105A (en) | Data processing method, Apparatus and system | |
| CN106600768A (en) | Intelligent door lock authentication method, device and terminal | |
| CN109801065A (en) | Virtual card opens chucking method, apparatus and system, storage medium | |
| CN106599676A (en) | Trusted process identification method and device | |
| CN105912922A (en) | Information management method and device, and terminal | |
| CN106682524A (en) | Data privacy protection method of mobile terminal | |
| CN106372943A (en) | Message processing method and device | |
| CN106535190A (en) | Network connection method and apparatus | |
| CN106407835A (en) | Mobile terminal, data protection method and device | |
| CN106534551A (en) | Information display method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170215 |
|
| RJ01 | Rejection of invention patent application after publication |