CN106657158B - A kind of system and method in equipment room progress data security transmission - Google Patents
A kind of system and method in equipment room progress data security transmission Download PDFInfo
- Publication number
- CN106657158B CN106657158B CN201710076184.3A CN201710076184A CN106657158B CN 106657158 B CN106657158 B CN 106657158B CN 201710076184 A CN201710076184 A CN 201710076184A CN 106657158 B CN106657158 B CN 106657158B
- Authority
- CN
- China
- Prior art keywords
- host
- read
- storage region
- data
- rank
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000005540 biological transmission Effects 0.000 title claims abstract description 25
- 238000004891 communication Methods 0.000 claims abstract description 40
- 230000004044 response Effects 0.000 claims abstract description 11
- 238000012795 verification Methods 0.000 claims description 12
- 238000013500 data storage Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 210000003127 knee Anatomy 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of for carrying out the system and method for data security transmission in equipment room, the system comprises: connection unit, for mobile terminal and host to be communicatively coupled;Receiving unit receives the read requests for the encryption data stored in mobile terminal from the host via the communication connection, and the read requests carry host identification and data area;Control unit, storage region involved in read requests is determined according to the data area, it and is that the host assignment reads rank according to host identification, the current authentication mode for being authenticated to the host is selected from a variety of authentication modes based on storage region and reading rank, it is that the encryption data in respective memory regions generates the copy data decrypted when the host passes through current authentication;And transmission unit, the reading response of the copy data including the decryption is sent to host.
Description
Technical field
The present invention relates to information security fields, and relate more specifically to a kind of for carrying out data safety biography in equipment room
Defeated system and method.
Background technique
As the popularity rate of the mobile terminal of such as mobile phone quickly improves, daily life has been increasingly dependent on
The use of mobile terminal.Currently, intelligentized mobile terminal can satisfy people in the demand in various fields, for example, working
Various demands in field, learning areas and commercial field.In this case, user would generally be by a large amount of personal information
It is stored in mobile terminal.In general, this personal information may include address list information, job documentation information, personal picture letter
Breath, individual video information etc..In addition, as the case where user is paid using mobile terminal, is more and more, in mobile terminal
The financial information of user would generally be stored, for example, account information, transfer information etc..
However, information leakage problem relevant to mobile terminal is more and more common at present, so that the information of user is pacified
Face great problems comprehensively.For example, host can obtain user when the host of mobile terminal and such as personal computer is attached
The personal information being stored in mobile terminal.In the prior art, when the host of mobile terminal and such as personal computer carries out
When connection, user can determine whether to trust host by the operation indicating in mobile terminal.If selection is trusted, lead
Machine can read whole personal information in mobile terminal in memory block, if selection is distrusted, host can not read shifting
Any personal information in memory block in dynamic terminal.
When user wishes to read the partial personal information in mobile terminal in memory block by host and is not intended to host
When reading remaining personal information in mobile terminal, the prior art does not provide such function.
For this purpose, there is the demand for carrying out data security transmission to equipment room in the prior art.
Summary of the invention
According to an aspect of the present invention, a kind of system for carrying out data security transmission in equipment room is provided, it is described
System includes:
Connection unit, for mobile terminal and host to be communicatively coupled;
Receiving unit is received from the host for the encryption data stored in mobile terminal via the communication connection
Read requests, the read requests carry host identification and data area;
Control unit determines storage region involved in read requests according to the data area, and according to host mark
Knowing is that the host assignment reads rank, is selected from a variety of authentication modes for described based on storage region with rank is read
The current authentication mode that host is authenticated is the encryption number in respective memory regions when the host passes through current authentication
According to the copy data for generating decryption;And
The reading response of copy data including the decryption is sent to host by transmission unit.
Preferably, the communication connection is that wire communication connects or wirelessly communicate connection.
Preferably, the host identification is: the user name of the MAC Address of host, the letter of identity of host or host.
Preferably, wherein the host is: personal computer, server or mobile terminal.
Preferably, wherein data are at least one of the following contents: text file, image file, audio file, video
File and application program.
Preferably, the data area includes: total data and public data.
Preferably, described to determine that storage region involved in read requests includes: according to the data area
When the data area is total data, determine that storage region involved in read requests is internal storage region;
Or
When the data area is public data, determine that storage region involved in read requests is external memory area.
Preferably, described to include: for host assignment reading rank according to host identification
It is to read completely for the reading rank of the host assignment when host identification indicates that the host is trusted parties
It takes;Or
It is part for the reading rank of the host assignment when host identification indicates that the host is part trusted parties
It reads.
Preferably, a variety of authentication modes include: high-intensitive gesture password certification, the certification of low-intensity gesture password, move
State cipher authentication and registration information authentication.
Preferably, it is described based on storage region and read rank selected from a variety of authentication modes for the host into
Row certification current authentication mode include:
When storage region is internal storage region and to read rank be to read completely, work as to what the host was authenticated
Preceding authentication mode is high-intensitive gesture password certification;
When storage region be internal storage region and read rank be part read when, work as to what the host was authenticated
Preceding authentication mode is dynamic cipher verification;
When storage region is external memory area and to read rank be to read completely, work as to what the host was authenticated
Preceding authentication mode is the certification of low-intensity gesture password;
When storage region be external memory area and read rank be part read when, work as to what the host was authenticated
Preceding authentication mode is registration information authentication.
According to another aspect of the present invention, a kind of mobile terminal is provided, including or for executing system as described above.
According to another aspect of the present invention, a kind of method for carrying out data security transmission in equipment room is provided, it is described
Method includes:
Mobile terminal and host are communicatively coupled;
The read requests for the encryption data stored in mobile terminal are received from the host via the communication connection,
The read requests carry host identification and data area;
Storage region involved in read requests is determined according to the data area, and is the master according to host identification
Rank is read in machine distribution, is selected from a variety of authentication modes for recognizing the host based on storage region and reading rank
The current authentication mode of card is that the encryption data in respective memory regions generates decryption when the host passes through current authentication
Copy data;And
The reading response of copy data including the decryption is sent to host.
Preferably, the communication connection is that wire communication connects or wirelessly communicate connection.
Preferably, the host identification is: the user name of the MAC Address of host, the letter of identity of host or host.
Preferably, wherein the host is: personal computer, server or mobile terminal.
Preferably, wherein data are at least one of the following contents: text file, image file, audio file, video
File and application program.
Preferably, the data area includes: total data and public data.
Preferably, described to determine that storage region involved in read requests includes: according to the data area
When the data area is total data, determine that storage region involved in read requests is internal storage region;
Or
When the data area is public data, determine that storage region involved in read requests is external memory area.
Preferably, described to include: for host assignment reading rank according to host identification
It is to read completely for the reading rank of the host assignment when host identification indicates that the host is trusted parties
It takes;Or
It is part for the reading rank of the host assignment when host identification indicates that the host is part trusted parties
It reads.
Preferably, a variety of authentication modes include: high-intensitive gesture password certification, the certification of low-intensity gesture password, move
State cipher authentication and registration information authentication.
Preferably, it is described based on storage region and read rank selected from a variety of authentication modes for the host into
Row certification current authentication mode include:
When storage region is internal storage region and to read rank be to read completely, work as to what the host was authenticated
Preceding authentication mode is high-intensitive gesture password certification;
When storage region be internal storage region and read rank be part read when, work as to what the host was authenticated
Preceding authentication mode is dynamic cipher verification;
When storage region is external memory area and to read rank be to read completely, work as to what the host was authenticated
Preceding authentication mode is the certification of low-intensity gesture password;
When storage region be external memory area and read rank be part read when, work as to what the host was authenticated
Preceding authentication mode is registration information authentication.
Detailed description of the invention
By reference to the following drawings, exemplary embodiments of the present invention can be more fully understood by:
Fig. 1 is the structural schematic diagram according to the data transmission system of embodiment of the present invention;
Fig. 2 is the structural representation according to the system for carrying out data security transmission in equipment room of embodiment of the present invention
Figure;
Fig. 3 is the schematic diagram according to the data storage method of the preferred embodiment for the present invention;And
Fig. 4 is the flow chart according to the method for carrying out data security transmission in equipment room of embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present invention are introduced referring now to the drawings, however, the present invention can use many different shapes
Formula is implemented, and is not limited to the embodiment described herein, and to provide these embodiments be at large and fully disclose
The present invention, and the scope of the present invention is sufficiently conveyed to person of ordinary skill in the field.Show for what is be illustrated in the accompanying drawings
Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements use identical attached
Icon note.
Unless otherwise indicated, term (including scientific and technical terminology) used herein has person of ordinary skill in the field
It is common to understand meaning.Further it will be understood that with the term that usually used dictionary limits, should be understood as and its
The context of related fields has consistent meaning, and is not construed as Utopian or too formal meaning.
Fig. 1 is the structural schematic diagram according to the data transmission system 100 of embodiment of the present invention.As shown in Figure 1, data pass
Defeated system 100 includes: mobile terminal 101, network connection 103 and host 103-1,103-2...103-N.Preferably, mobile
Terminal 101 is for storing user data with for users to use, and the user data can be various types of data, such as
Address list, job documentation, picture, audio, video, account information and transfer information etc..Mobile terminal 101 can be any class
The mobile device of type, including cell phone, stand, unit, equipment, multimedia plate, communicator, laptop computer, a number
Word assistant (PDA) or any combination thereof.In general, mobile terminal 101 can be communicated by network connection 103 with other equipment
Connection, other equipment are, for example, host 103-1,103-2...103-N.
Preferably, the connection that network connection 103 is established according to various wired or wireless communication agreements.Network connection 103
For establishing communication connection for mobile terminal 101 and host 103-1,103-2...103-N, to form communication network.It is described
Communication network be, for example, data network, wireless network, telephone network, or any combination thereof.Network connection 103 can be data
Various types of connections such as line, cable, telephone wire and wireless connection.Therefore, composed network can be local area network
(LAN), Metropolitan Area Network (MAN) (MAN), wide area network (WAN), public data network (such as internet) or other any suitable packet switches
Network.In addition, wireless network can be such as cellular network, Wireless Fidelity (WiFi).
Preferably, host 103-1,103-2...103-N is connect and energy by network connection 103 with mobile terminal 101
It is enough to send data to mobile terminal 101 via the network connection 103 or read data from mobile terminal 101.Preferably, host
103-1,103-2...103-N can be any type of mobile terminal, fixed terminal or portable terminal, including mobile hand
Machine is stood, unit, equipment, multimedia computer, multimedia plate, the Internet nodes, communicator, desktop computer, meter on knee
Calculation machine, personal digital assistant (PDA), or any combination thereof.
In data transmission system 100 according to the present invention, reading data is set by the opposite end connecting with mobile terminal 101
For what is initiated, this is because the problem to be solved in the present invention is data transmission when accessing opposite equip. mobile terminal 101
Carry out security control.And in the prior art, it usually will not relate to carry out opposite equip. authentication, and only set in opposite end
For by just allowing to carry out reading data or write-in after authentication.
Fig. 2 is the system 200 for carrying out data security transmission in equipment room according to the preferred embodiment for the present invention
Structure chart.When mobile terminal and host are communicatively coupled, system 200 passes through communication connection and receives from host for mobile whole
The read requests of the encryption data of end memory storage.In embodiment of the present invention, read requests carry host identification and request is read
Data area.System 200 determines read requests related storage region in the terminal, Yi Jigen according to data area
It is the host assignment reading rank for issuing read requests according to host identification.System 200 is based on storage region and reads rank from more
Current authentication mode of the selection for being authenticated to the host for issuing read requests in kind authentication mode.When sending read requests
Host when passing through current authentication, system 200 be encryption data in respective memory regions generate decryption copy data and
The reading response of copy data after decryption is sent to host.
Mobile terminal data is stored in different regions by embodiment of the present invention by the way that different storage regions is arranged,
And the reading rank different for different host assignments, and to different data storage areas and different reading ranks
Selection of chiller current authentication mode, realize for distinct device, different types of data and different reading ranks, pass through
Different modes carry out data transmission, and ensure that the safety of data transmission.
As shown in Fig. 2, system 200 includes: connection unit 201, receiving unit 202, control unit 203 and transmission unit
204.Preferably, connection unit 201 is for mobile terminal and host to be communicatively coupled.It is logical between mobile terminal and host
Letter is connected as wire communication connection or wireless communication connection, for example, communication connection passes through data network, wireless network, telephone network
Network, or any combination thereof be attached.It is various types of that communication connection can be data line, cable, telephone wire and wireless connection etc.
The connection of type.
Preferably, receiving unit 202 is received from host for the encryption data stored in mobile terminal via communication connection
Read requests.In general, read requests carry host identification and data area.Preferably, host issues data to mobile terminal
Read requests, requesting the data type read includes at least one of the following contents: text file, image file, audio
File, video file and application program.Host identification may is that the use of the MAC Address of host, the letter of identity of host or host
Name in an account book.It includes: total data and public data that host, which issues the data area that request is read to mobile terminal,.For example, a MAC
Address are as follows: 00-24-BD-16-8B-A2 host is public computer, is issued and is read to 360 mobile phones by this public computer
The request of total data.Alternatively, the office special purpose computer of one entitled " Qihoo 001 ", issues read work field to 360 mobile phones
The request of institute's pictorial information.
Preferably, control unit 203 according to data area determine read requests involved in storage region, and according to master
Machine is identified as host assignment and reads rank, is selected from a variety of authentication modes for host based on storage region and reading rank
The current authentication mode authenticated is that the encryption data in respective memory regions generates solution when host passes through current authentication
Close copy data.Preferably, embodiment of the present invention according to data area determine read requests involved in storage region packet
It includes: when data area is total data, determining that storage region involved in read requests is internal storage region;Or work as data
When range is public data, determine that storage region involved in read requests is external memory area.It is host according to host identification
It includes: when host identification instruction host is trusted parties that rank is read in distribution, be the reading rank of host assignment is to read completely;
Or host identification instruction host be part trusted parties when, be host assignment reading rank be part reading.Preferably, a variety of
Authentication mode includes: that high-intensitive gesture password certification, the certification of low-intensity gesture password, dynamic cipher verification and registration information are recognized
Card.High-intensitive gesture password certification is the embodiment party of the invention by being authenticated in the tag slot graphing password of 9 points
In formula, the points drawn in graphical passwords are high-intensitive gesture password authentication mode when being 5 or more, and the points drawn are no more than
It is authenticated at 5 for low-intensity gesture password.
It is preferably based on storage region and reads rank and select from a variety of authentication modes for being authenticated to host
Current authentication mode includes: to recognize when storage region is internal storage region and to read rank be to read completely host
The current authentication mode of card is high-intensitive gesture password certification.When storage region is internal storage region and to read rank be part
When reading, the current authentication mode authenticated to the host is dynamic cipher verification, such as mobile phone dynamic cipher verification.When
Storage region is external memory area and to read rank be when reading completely, and the current authentication mode authenticated to host is low
The certification of intensity gesture password.When storage region be external memory area and read rank be part read when, host is recognized
The current authentication mode of card is registration information authentication.
For example, a MAC Address are as follows: 00-24-BD-16-8B-A2 host is public computer, passes through this public calculating
Machine issues the request for reading total data to 360 mobile phones, which is total data, control due to the data area of reading
Data area is determined as internal storage region by unit 203 processed.Control unit 203 is by the mark of public computer, by public meter
Calculation machine is designated as part trusted parties, and be public computer distribution reading rank be part read.Control unit 103 is based on depositing
Storage area domain and reading rank select the current authentication mode for being authenticated to host from a variety of authentication modes, deposit due to working as
Storage area domain be internal storage region and read rank be part read when, the current authentication mode authenticated to the host is
Using dynamic cipher verification.Therefore, the request of reading total data public computer issued, by the way of dynamic password
Recognized just.When public computer passes through the certification of dynamic password, control unit is whole encryption numbers in internal storage region
According to the copy data for generating decryption.
For example, the office special purpose computer of one entitled " Qihoo 001 ", issues read work place picture to 360 mobile phones
The request of information.Since " Qihoo 001 " office special purpose computer issues the request of read work place pictorial information, control unit
Data area is determined as external memory area by 203, and control unit 203 will be handled official business dedicated by the mark of office special purpose computer
Computer is designated as trusted parties, and be handle official business special purpose computer distribution reading rank be to read completely.Control unit 203 is based on
Storage region and reading rank select the current authentication mode for being authenticated to host from a variety of authentication modes, work as storage
Region is external memory area and to read rank be when reading completely, and the current authentication mode authenticated to host is low-intensity
Gesture password certification.Therefore, the request of read work place pictorial information office special purpose computer issued, using low-intensity
The mode of gesture password is authenticated.When special purpose computer of handling official business passes through the certification of low-intensity gesture password, control unit is
Workplace pictorial information encryption data in external memory area generates the copy data of decryption.
Preferably, the reading response of the copy data including decryption is sent to host by transmission unit 204.In general, sending
Unit 204, which passes through to be connected to the network as described above, is sent to host for the reading response of the copy data including decryption.Network connects
Connect the connection established according to various wired or wireless communication agreements.Network connection is for establishing communication for mobile terminal and host
Connection, to form communication network.The communication network is, for example, data network, wireless network, telephone network or its any group
It closes.Network connection can be various types of connections such as data line, cable, telephone wire and wireless connection.
Another embodiment according to the present invention, mobile terminal (not shown) include or for executing system as described above
System.In this case, when mobile terminal and host are communicatively coupled, system is directed to by communication connection from host reception
The read requests of the encryption data stored in mobile terminal.In embodiment of the present invention, read requests carry host identification and ask
Seek the data area of reading.System determines read requests related storage region in the terminal according to data area, with
And rank is read according to the host assignment that host identification is sending read requests.System is based on storage region and reads rank from more
Current authentication mode of the selection for being authenticated to the host for issuing read requests in kind authentication mode.When sending read requests
Host when passing through current authentication, system be encryption data in respective memory regions generate decryption copy data and will solution
The reading response of copy data after close is sent to host.
Fig. 3 is the schematic diagram according to the data storage method of the preferred embodiment for the present invention.Embodiment of the present invention passes through
Different storage regions is arranged to be stored in mobile terminal data in different regions.As shown in figure 3,301 He of internal storage region
The relationship of external memory area 302 is inclusion relation, i.e., external memory area 302 is included in internal storage region 301.It can will be external
Regard the region for being suitable for storing disclosure in internal storage region 301 as in memory block 302.Host 303 can be with by communication connection
Request access to internal storage region 301 or external memory area 302.
Fig. 4 is the process according to the method 400 for carrying out data security transmission in equipment room of embodiment of the present invention
Figure.When mobile terminal and host are communicatively coupled, method 400 is received from host in mobile terminal by communication connection
The read requests of the encryption data of storage.In embodiment of the present invention, read requests carry the number of host identification and request reading
According to range.Method 400 determines read requests related storage region in the terminal according to data area, and according to master
Machine is identified as the host assignment reading rank for issuing read requests.Method 400 is based on storage region and reading rank is recognized from a variety of
The current authentication mode for being authenticated to the host for issuing read requests is selected in card mode.As the master for issuing read requests
When machine passes through current authentication, method 400 is that the encryption data in respective memory regions generates the copy data of decryption and will solve
The reading response of copy data after close is sent to host.
Mobile terminal data is stored in different regions by embodiment of the present invention by the way that different storage regions is arranged,
And the reading rank different for different host assignments, and to different data storage areas and different reading ranks
Selection of chiller current authentication mode, realize for distinct device, different types of data and different reading ranks, pass through
Different modes carry out data transmission, and ensure that the safety of data transmission.
As shown in figure 4, method 400 is since step 401 place.Preferably, in step 401, by mobile terminal and host into
Row communication connection.Communication connection between mobile terminal and host is that wire communication connects or wirelessly communicate connection, for example, communication
Connection by data network, wireless network, telephone network, or any combination thereof be attached.Communication connection can be data line,
Various types of connections such as cable, telephone wire and wireless connection.
Preferably, it in step 402, receives via the communication connection from the host and adds for what is stored in mobile terminal
The read requests of ciphertext data, the read requests carry host identification and data area.In general, read requests carry host identification
And data area.Preferably, host issues data read request to mobile terminal, and it includes following for requesting the data type read
At least one of content: text file, image file, audio file, video file and application program.Host identification can be with
It is: the user name of the MAC Address of host, the letter of identity of host or host.Host issues the number that request is read to mobile terminal
It include: total data and public data according to range.For example, a MAC Address are as follows: 00-24-BD-16-8B-A2 host is public
Computer issues the request for reading total data by this public computer to 360 mobile phones.Alternatively, an entitled " Qihoo
001 " office special purpose computer issues the request of read work place pictorial information to 360 mobile phones.
Preferably, in step 403, storage region involved in read requests, and root are determined according to the data area
It is that the host assignment reads rank according to host identification, selects to use from a variety of authentication modes based on storage region and reading rank
It is in respective memory regions when the host passes through current authentication in the current authentication mode authenticated to the host
Encryption data generate decryption copy data.Preferably, embodiment of the present invention determines read requests institute according to data area
The storage region being related to includes: to determine storage region involved in read requests for inside when data area is total data
Memory block;Or when data area is public data, determine that storage region involved in read requests is external memory area.Root
According to host identification be host assignment read rank include: when host identification instruction host be trusted parties when, be host assignment reading
Taking rank is to read completely;Or host identification instruction host is when being part trusted parties, be the reading rank of host assignment is portion
Divide and reads.Preferably, a variety of authentication modes include: high-intensitive gesture password certification, the certification of low-intensity gesture password, dynamic password
Certification and registration information authentication.High-intensitive gesture password certification is the tag slot graphing password progress passed through in 9 points
It authenticates, in embodiments of the present invention, the points drawn in graphical passwords are high-intensitive gesture password authenticating party when being 5 or more
Formula, the points drawn authenticate when being no more than 5 for low-intensity gesture password.
It is preferably based on storage region and reads rank and select from a variety of authentication modes for being authenticated to host
Current authentication mode includes: to recognize when storage region is internal storage region and to read rank be to read completely host
The current authentication mode of card is high-intensitive gesture password certification.When storage region is internal storage region and to read rank be part
When reading, the current authentication mode authenticated to the host is dynamic cipher verification, such as mobile phone dynamic cipher verification.When
Storage region is external memory area and to read rank be when reading completely, and the current authentication mode authenticated to host is low
The certification of intensity gesture password.When storage region be external memory area and read rank be part read when, host is recognized
The current authentication mode of card is registration information authentication.
Preferably, in step 404, the reading response of the copy data including the decryption is sent to host.Method 400
Host is sent to by being connected to the network to respond the reading of the copy data including decryption as described above.Network connection is according to each
The connection that kind wired or wireless communication agreement is established.Network connection is used to establish communication connection for mobile terminal and host, from
And form communication network.The communication network be, for example, data network, wireless network, telephone network, or any combination thereof.Network
Connection can be various types of connections such as data line, cable, telephone wire and wireless connection.
The present invention is described by reference to a small amount of embodiment.However, it is known in those skilled in the art, as
Defined by subsidiary Patent right requirement, in addition to the present invention other embodiments disclosed above equally fall in it is of the invention
In range.
Normally, all terms used in the claims are all solved according to them in the common meaning of technical field
It releases, unless in addition clearly being defined wherein.All references " one/described/be somebody's turn to do [device, component etc.] " are all opened ground
At least one example being construed in described device, component etc., unless otherwise expressly specified.Any method disclosed herein
Step need not all be run with disclosed accurate sequence, unless explicitly stated otherwise.
Claims (17)
1. a kind of system for carrying out data security transmission in equipment room, the system comprises:
Connection unit, for mobile terminal and host to be communicatively coupled;
Receiving unit receives the reading for being directed to the encryption data stored in mobile terminal via the communication connection from the host
Request, the read requests carry host identification and data area;
Control unit determines storage region involved in read requests according to the data area, and is according to host identification
The host assignment reads rank, is selected from a variety of authentication modes for the host based on storage region and reading rank
The current authentication mode authenticated is that the encryption data in respective memory regions is raw when the host passes through current authentication
At the copy data of decryption;Wherein, when the data area is total data, storage region involved in read requests is determined
For internal storage region;When the data area is public data, determine that storage region involved in read requests is deposited for outside
Storage area;And
The reading response of copy data including the decryption is sent to host by transmission unit.
2. system according to claim 1, the communication connection is that wire communication connects or wirelessly communicate connection.
3. system according to claim 1, the host identification is: the MAC Address of host, the letter of identity of host or master
The user name of machine.
4. system according to claim 1, wherein the host is: personal computer, server or mobile terminal.
5. system described in any one of -4 according to claim 1, wherein data are at least one of the following contents: text
File, image file, audio file, video file and application program.
6. system according to claim 1, described to include: for host assignment reading rank according to host identification
It is to read completely for the reading rank of the host assignment when host identification indicates that the host is trusted parties;Or
When the host identification indicates that the host is part trusted parties, the reading rank for the host assignment is that part is read
It takes.
7. system according to claim 6, a variety of authentication modes include: high-intensitive gesture password certification, low-intensity
Gesture password certification, dynamic cipher verification and registration information authentication.
8. system according to claim 7, described to be selected from a variety of authentication modes based on storage region and reading rank
Current authentication mode for being authenticated to the host includes:
When storage region is internal storage region and to read rank be to read completely, currently recognize what the host was authenticated
Card mode is high-intensitive gesture password certification;
When storage region be internal storage region and read rank be part read when, to the host authenticated currently recognize
Card mode is dynamic cipher verification;
When storage region is external memory area and to read rank be to read completely, currently recognize what the host was authenticated
Card mode is the certification of low-intensity gesture password;
When storage region be external memory area and read rank be part read when, to the host authenticated currently recognize
Card mode is registration information authentication.
9. a kind of mobile terminal, including or for system of the execution as described in any one of claim 1-8.
10. a kind of method for carrying out data security transmission in equipment room, which comprises
Mobile terminal and host are communicatively coupled;
The read requests for the encryption data stored in mobile terminal are received from the host via the communication connection, it is described
Read requests carry host identification and data area;
Storage region involved in read requests is determined according to the data area, and is the host point according to host identification
With reading rank, based on storage region and reads rank and select from a variety of authentication modes for being authenticated to the host
Current authentication mode is that the encryption data in respective memory regions generates the pair decrypted when the host passes through current authentication
Notebook data;Wherein, when the data area is total data, determine that storage region involved in read requests is storage inside
Area;When the data area is public data, determine that storage region involved in read requests is external memory area;And
The reading response of copy data including the decryption is sent to host.
11. according to the method described in claim 10, the communication connection is that wire communication connects or wirelessly communicate connection.
12. according to the method described in claim 10, the host identification is: the MAC Address of host, the letter of identity of host or
The user name of host.
13. according to the method described in claim 10, wherein the host is: personal computer, server or mobile terminal.
14. method described in any one of 0-13 according to claim 1, wherein data are at least one of the following contents:
Text file, image file, audio file, video file and application program.
15. according to the method described in claim 10, described include: for host assignment reading rank according to host identification
It is to read completely for the reading rank of the host assignment when host identification indicates that the host is trusted parties;Or
When the host identification indicates that the host is part trusted parties, the reading rank for the host assignment is that part is read
It takes.
16. according to the method for claim 15, a variety of authentication modes include: that high-intensitive gesture password authenticates, is low strong
Spend gesture password certification, dynamic cipher verification and registration information authentication.
17. according to the method for claim 16, described selected from a variety of authentication modes based on storage region and reading rank
Selecting the current authentication mode for being authenticated to the host includes:
When storage region is internal storage region and to read rank be to read completely, currently recognize what the host was authenticated
Card mode is high-intensitive gesture password certification;
When storage region be internal storage region and read rank be part read when, to the host authenticated currently recognize
Card mode is dynamic cipher verification;
When storage region is external memory area and to read rank be to read completely, currently recognize what the host was authenticated
Card mode is the certification of low-intensity gesture password;
When storage region be external memory area and read rank be part read when, to the host authenticated currently recognize
Card mode is registration information authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710076184.3A CN106657158B (en) | 2017-02-13 | 2017-02-13 | A kind of system and method in equipment room progress data security transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710076184.3A CN106657158B (en) | 2017-02-13 | 2017-02-13 | A kind of system and method in equipment room progress data security transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106657158A CN106657158A (en) | 2017-05-10 |
| CN106657158B true CN106657158B (en) | 2019-09-24 |
Family
ID=58844719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710076184.3A Active CN106657158B (en) | 2017-02-13 | 2017-02-13 | A kind of system and method in equipment room progress data security transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106657158B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115175150A (en) | 2019-11-22 | 2022-10-11 | 华为技术有限公司 | Data transmission method, equipment and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101493867A (en) * | 2008-01-25 | 2009-07-29 | 希姆通信息技术(上海)有限公司 | Method and system for mutually transmitting shared data safely between mobile phone and computer |
| CN101867475A (en) * | 2010-05-27 | 2010-10-20 | 华为终端有限公司 | Access authentication method and related device of remote control terminal service and communication system |
| CN103309834A (en) * | 2012-03-15 | 2013-09-18 | 中兴通讯股份有限公司 | Control method, control device and electronic device |
| CN104767882A (en) * | 2015-03-19 | 2015-07-08 | 深圳市金立通信设备有限公司 | Terminal |
| CN106203035A (en) * | 2016-06-28 | 2016-12-07 | 广东欧珀移动通信有限公司 | A kind of data access control method and mobile terminal |
| CN106230828A (en) * | 2016-08-02 | 2016-12-14 | 四川秘无痕信息安全技术有限责任公司 | A kind of data transmission method based on WIFI connected mode |
-
2017
- 2017-02-13 CN CN201710076184.3A patent/CN106657158B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101493867A (en) * | 2008-01-25 | 2009-07-29 | 希姆通信息技术(上海)有限公司 | Method and system for mutually transmitting shared data safely between mobile phone and computer |
| CN101867475A (en) * | 2010-05-27 | 2010-10-20 | 华为终端有限公司 | Access authentication method and related device of remote control terminal service and communication system |
| CN103309834A (en) * | 2012-03-15 | 2013-09-18 | 中兴通讯股份有限公司 | Control method, control device and electronic device |
| CN104767882A (en) * | 2015-03-19 | 2015-07-08 | 深圳市金立通信设备有限公司 | Terminal |
| CN106203035A (en) * | 2016-06-28 | 2016-12-07 | 广东欧珀移动通信有限公司 | A kind of data access control method and mobile terminal |
| CN106230828A (en) * | 2016-08-02 | 2016-12-14 | 四川秘无痕信息安全技术有限责任公司 | A kind of data transmission method based on WIFI connected mode |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106657158A (en) | 2017-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10073958B2 (en) | Security system for verification of user credentials | |
| US8087060B2 (en) | Chaining information card selectors | |
| CN1838594B (en) | Systems and methods for adaptive authentication | |
| KR100858144B1 (en) | User authentication method in internet site using mobile and device thereof | |
| CN110060111A (en) | Based on the invoice access method and device of block chain, electronic equipment | |
| CN103310169B (en) | A kind of method protecting SD card data and protection system | |
| US10891599B2 (en) | Use of state objects in near field communication (NFC) transactions | |
| CN105991287A (en) | Signature data generation and fingerprint authentication request method and device | |
| CN102222368A (en) | Electronic ticket authentication system applying short-distance communication technology and detection method | |
| CN105868970A (en) | Authentication method and electronic device | |
| US11282071B2 (en) | Digital identity management device | |
| CN104468552B (en) | A kind of connection control method and device | |
| CN104753675B (en) | Information Authentication method, electric paying method, terminal, server and system | |
| CN109063450B (en) | Control method of safe storage medium, safe storage medium and system | |
| CN108734471A (en) | Identity identifying method, device, system and storage medium in mobile-payment system | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| US20140195426A1 (en) | Method of utilizing a successful log-in to create or verify a user account on a different system | |
| CN108764919A (en) | E-payment confirmation method, device, system and storage medium | |
| CN108966230A (en) | Share the method and apparatus of wireless access point | |
| CN109428725A (en) | Information processing equipment, control method and storage medium | |
| US9560045B1 (en) | Securing content using a wireless authentication factor | |
| CN114365134A (en) | Secure identity card using unclonable functions | |
| CN114844629A (en) | Verification method and device of block chain account, computer equipment and storage medium | |
| Mantoro et al. | Smart card authentication for Internet applications using NFC enabled phone | |
| CN116547959A (en) | Electronic device for sharing data by using blockchain network and operation method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170810 Address after: 100102, 18 floor, building 2, Wangjing street, Beijing, Chaoyang District, 1801 Applicant after: BEIJING ANYUNSHIJI TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240220 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Country or region after: China Address before: 100102 1801, 18 / F, building 2, Wangjing street, Chaoyang District, Beijing Patentee before: BEIJING ANYUNSHIJI TECHNOLOGY Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |