CN106971122A - Method of controlling security and terminal - Google Patents
Method of controlling security and terminal Download PDFInfo
- Publication number
- CN106971122A CN106971122A CN201710065591.4A CN201710065591A CN106971122A CN 106971122 A CN106971122 A CN 106971122A CN 201710065591 A CN201710065591 A CN 201710065591A CN 106971122 A CN106971122 A CN 106971122A
- Authority
- CN
- China
- Prior art keywords
- mentioned
- terminal
- lock cipher
- pluggable
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The embodiment of the invention discloses a kind of method of controlling security and terminal, this method is applied to the terminal for including credible performing environment TEE, including:The TEE of the terminal is determined to need in the case of pluggable memory is encrypted, and obtains the identification information of the terminal, and lock cipher is generated according to the identification information;The pluggable memory is encrypted using the lock cipher.TEE in the embodiment of the present invention can generate lock cipher using the identification information of terminal, and individually the pluggable memory in the terminal is encrypted and decrypted using the lock cipher, and implementation is simple, safe.Furthermore it is possible to the pluggable memory be encrypted and decrypted automatically, the operation without user.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of method of controlling security and terminal.
Background technology
In order to expand internal storage space such as digital camera, smart mobile phone to terminal, pluggable storage card is as pacified
Full digital code card, flash disk etc. become common solution.Pluggable memory is that a kind of big data of volume low capacity are deposited
Carrier is stored up, with hot plug to terminal rather than terminal can be embedded into, so it can both solve to deposit inside termination extension well
The demand in space is stored up, can also be used as a flash disk between different terminals.
However, due to the pluggable characteristic of pluggable memory, after terminal is stolen or is lost, pluggable storage
There is the risk being read out by equipment such as the card reader outside the terminal in the data in device, cause the leakage of information.Therefore,
The problem of needing to solve the data safety in pluggable memory.
At present, a kind of technical scheme used for the data safety in the pluggable memory of protection is exactly to be added using overall
A part for pluggable memory as DISK to Image is uniformly encrypted secret skill art, so, even if user will be pluggable
Memory extract after, the data in pluggable memory be also encryption, it is therefore prevented that pluggable memory is pulled out
The problem of originally causing information-leakage after terminal, but this full disk encryption mode realize it is more complicated, cause terminal capabilities
Significantly decline.
The content of the invention
The embodiments of the invention provide a kind of method of controlling security and terminal, individually pluggable memory can be entered
Row encryption and decryption, protect the data safety in pluggable memory, simple to operate.
On the one hand the embodiments of the invention provide a kind of method of controlling security, applied to including credible performing environment TEE's
Terminal, methods described includes:
The TEE of the terminal determines to need in the case of pluggable memory is encrypted, and obtains the terminal
Identification information, lock cipher is generated according to the identification information;
The pluggable memory is encrypted using the lock cipher.
The embodiments of the invention provide a kind of terminal in terms of two, including:
Application control unit, for the situation for determining to need that pluggable memory is encrypted, obtains the mark of terminal
Information is known, for generating lock cipher according to the identification information;
Ciphering unit, for the pluggable memory to be encrypted using the lock cipher.
By implementing the embodiment of the present invention, the TEE of terminal determines the situation for needing that pluggable memory is encrypted
Under, the identification information of the terminal is obtained, lock cipher is generated according to the identification information;Using the lock cipher to the pluggable storage
Device is encrypted.TEE in the embodiment of the present invention can generate the lock cipher using the identification information of the terminal, and utilize the lock
Individually the pluggable memory is encrypted and decrypted for password, and implementation is simple, safe.
Brief description of the drawings
Fig. 1 is method of controlling security schematic flow sheet of the embodiment of the present invention;
Fig. 2 is another method of controlling security schematic flow sheet of the embodiment of the present invention;
Fig. 3 is terminal structure schematic diagram of the embodiment of the present invention;
Fig. 4 is terminal structure schematic diagram of the embodiment of the present invention;
Fig. 5 is another method of controlling security schematic flow sheet of the embodiment of the present invention;
Fig. 6 is terminal structure schematic diagram of the embodiment of the present invention;
Fig. 7 is terminal structure schematic diagram of the embodiment of the present invention;
Fig. 8 is terminal structure schematic diagram of the embodiment of the present invention;
Fig. 9 is terminal structure schematic diagram of the embodiment of the present invention.
Embodiment
Credible performing environment (TEE, Trusted Execution Environment) be terminal device such as smart mobile phone,
A safety zone on the primary processors such as tablet personal computer, set top box, intelligent television, it can ensure to be loaded into the environmental interior
Code and data security, confidentiality and integrality.TEE provide one isolation performing environment there is provided Special safety
Levy and include:Isolated execution, the integrality of trusted application, the confidentiality of trust data, safety storage etc..On the whole, TEE is provided
Perform the security that space provides higher level than common operating system (such as Android system).
On the one hand the embodiments of the invention provide a kind of method of controlling security, applied to the terminal comprising TEE, such as Fig. 1 institutes
Show, including:
101st, the TEE of above-mentioned terminal determines to need in the case of pluggable memory is encrypted, and obtains above-mentioned end
The identification information at end, lock cipher is generated according to above-mentioned identification information;
Above-mentioned terminal can be mobile phone, tablet personal computer, desktop computer, personal digital assistant etc..Above-mentioned pluggable storage
Device can be flash disk, safe digital (SD, Secure Digital) card, microSD cards, subscriber identification card (SIM,
Subscriber Identification Module) etc..The identification information of above-mentioned terminal can be the center processing of the terminal
The identification information of device, the TEE of terminal identification information etc..It can also be multiple that above-mentioned identification information, which can be one,.
In a kind of optional implementation, the safety chip of above-mentioned terminal can replace above-mentioned TEE, realize above-mentioned TEE
The all operationss of execution.
It is that the TEE of above-mentioned terminal determines to need pluggable memory is encrypted it may is that above-mentioned terminal
TEE determines that the encryption function of above-mentioned terminal is in opening and determines that above-mentioned terminal has the heat of above-mentioned pluggable memory slotting
Pull out operation;Can also be that the TEE of above-mentioned terminal determines that the above-mentioned encryption function of above-mentioned terminal is in and opening and detected
State the power-on operation of terminal;Can also be the TEE of above-mentioned terminal receive above-mentioned pluggable memory is encrypted plus
Close instruction.The TEE of above-mentioned terminal determines to need to be not limited to the situation that pluggable memory is encrypted above-mentioned three kinds, may be used also
With including other situations for needing that above-mentioned pluggable memory is encrypted.
For example, terminal encryption function be in opening in the case of, above-mentioned terminal upon actuation or on
State terminal to insert after above-mentioned pluggable memory, the identification information of above-mentioned terminal is obtained by above-mentioned TEE, generate above-mentioned lock close
Code.Again for example, in the case where the encryption function of terminal is closed, the encryption function of the terminal is opened in user
Afterwards, the identification information of above-mentioned terminal is obtained by above-mentioned TEE, above-mentioned lock cipher is generated.Specifically, can be by above-mentioned TEE
Trusted application, above-mentioned lock cipher is generated to above-mentioned pluggable memory, and above-mentioned by driving escape way to be transferred to
The driver of pluggable memory.
In the embodiment of the present invention, the situation for needing that pluggable memory is encrypted is determined by the TEE of above-mentioned terminal
Afterwards, obtain the identification information of above-mentioned terminal, lock cipher generated according to above-mentioned identification information, and using above-mentioned lock cipher to it is above-mentioned can
The memory of plug is encrypted.By above-mentioned TEE it is determined that need pair can the memory of above-mentioned plug be encrypted when from
It is dynamic that above-mentioned pluggable memory is encrypted, safe ready, the operation without user.
Above-mentioned identification information is combined, obtained in the case where obtaining multiple identification informations of above-mentioned terminal by above-mentioned TEE
Identification information after to combination, then according to the identification information generation lock cipher after combinations thereof.Above-mentioned TEE is obtaining above-mentioned terminal
An identification information in the case of, according to above-mentioned acquisition identification information generate lock cipher.Above-mentioned TEE generates the tool of lock cipher
Body method can be as password factor, using preset using the identification information after combinations thereof or the identification information of above-mentioned acquisition
Lock cipher generating algorithm, generate above-mentioned lock cipher according to above-mentioned password factor.
102nd, above-mentioned pluggable memory is encrypted using above-mentioned lock cipher.
The specific method that above-mentioned pluggable memory is encrypted using above-mentioned lock cipher can be as follows:Above-mentioned terminal
TEE above-mentioned lock cipher and encrypted instruction are sent to above-mentioned pluggable memory, above-mentioned encrypted instruction indicates above-mentioned inserts
The memory pulled out using the above-mentioned lock cipher received as above-mentioned pluggable memory lock cipher.Use above-mentioned lock cipher pair
The specific method that above-mentioned pluggable memory is encrypted can also be as follows:The TEE of above-mentioned terminal only sends out above-mentioned lock cipher
Above-mentioned pluggable memory is given, sending above-mentioned encryption to above-mentioned pluggable memory from the other parts of above-mentioned terminal refers to
Order.
By taking above-mentioned SD card as an example, the mode that above-mentioned SD card is encrypted can specifically be advised by the correlation in SD card agreement
It is fixed, above-mentioned lock cipher generation password is set and instructed.Specifically, (Bit0 in CMD42 orders can specially be set into password position
" SetPwd " value is that " 1 " represents that lock cipher need to be set) position is entered as " 1 " to represent setting lock cipher, by the number of CMD42 orders
The lock cipher specifically set is placed according to position (Pwd Data), thus, generation password sets instruction.Above-mentioned terminal is by after assignment
CMD42 sets instruction to be sent to above-mentioned SD card as password, just can be according in order so after above-mentioned SD card receives CMD42
Bit0 and Pwd Data value preserve set lock cipher, complete ciphering process.Above-mentioned pluggable memory after encryption exists
Before successful decryption operation can not be all written and read in any terminal.
In the embodiment of the present invention, the TEE of terminal determines to need in the case of pluggable memory is encrypted, and obtains
The identification information of the terminal, lock cipher is generated according to the identification information;The pluggable memory is carried out using the lock cipher
Encryption.TEE in the embodiment of the present invention can generate the lock cipher using the identification information of the terminal, and utilize the lock cipher list
Solely the pluggable memory is encrypted and decrypted, implementation is simple, safe.In addition, automatically right by the terminal
The pluggable memory is encrypted and decrypted, the operation without user.
In an optional implementation, the embodiment of the present invention proposes a kind of generating algorithm of lock cipher, specifically such as
Under:It is above-mentioned to include according to above-mentioned identification information generation lock cipher:
Above-mentioned identification information as password factor, is carried out Hash operation to above-mentioned password factor and obtained by the TEE of above-mentioned terminal
To cryptographic Hash, above-mentioned cryptographic Hash is carried out obscuring processing or computing is negated, above-mentioned lock cipher is obtained.
Hash (Hash) algorithm, i.e. hash function.It is a kind of one-way cipher system, i.e., it is one from plaintext to ciphertext
Irreversible mapping, only ciphering process, without decrypting process.Meanwhile, hash function can pass through the input of random length
Cross the output that change is fixed length later.A unique Kazakhstan can be generated according to above-mentioned password factor using hash algorithm
Uncommon value, and there is no decrypting process by the cryptographic Hash that Hash operation is obtained, it can be very good to ensure the security of cryptographic Hash.It is above-mentioned
It is all above-mentioned cryptographic Hash to be further encrypted to obtain above-mentioned lock cipher to obscure processing and negate computing, is further carried
The security of high lock cipher.
In the embodiment of the present invention, the TEE of above-mentioned terminal is obtained after cryptographic Hash using hash algorithm according to above-mentioned identification information,
Again above-mentioned cryptographic Hash is carried out obscuring processing or negate computing, obtained lock cipher, on the one hand can ensure that above-mentioned lock cipher is
Uniquely, on the other hand ensure that above-mentioned lock cipher is difficult to decrypt.
In an optional implementation, the TEE of above-mentioned terminal can be by different methods to above-mentioned pluggable
Memory is encrypted, as follows the embodiments of the invention provide a kind of concrete example that pluggable memory is encrypted:
It is above-mentioned using above-mentioned lock cipher above-mentioned pluggable memory is encrypted including:
The TEE selections of above-mentioned terminal meet the passage of the security transmissions demand of above-mentioned lock cipher as destination channel, lead to
Cross above-mentioned destination channel and above-mentioned lock cipher and encrypted instruction are sent to above-mentioned pluggable memory, above-mentioned encrypted instruction is indicated
Above-mentioned pluggable memory using the above-mentioned lock cipher received as above-mentioned pluggable memory lock cipher.
Above-mentioned lock cipher and encrypted instruction can be sent to above-mentioned pluggable by the TEE of above-mentioned terminal by multiple passages
Memory.The security transmitted in view of above-mentioned lock cipher, prevents above-mentioned lock cipher to be cracked in transmitting procedure, above-mentioned terminal
TEE selections meet above-mentioned lock cipher security transmissions demand passage as destination channel, passing through above-mentioned destination channel will
Above-mentioned lock cipher and encrypted instruction are sent to above-mentioned pluggable memory.Above-mentioned destination channel be by above-mentioned TEE determine can
With the passage of the above-mentioned lock cipher of safe transmission, such as destination channel can be the escape way for being specifically used to transmit lock cipher.On
Stating encrypted instruction can be by above-mentioned target by being transmitted, can also be by other passages from TEE or above-mentioned terminal
Other parts are transferred to above-mentioned pluggable memory.
In the embodiment of the present invention, the TEE selections of above-mentioned terminal meet the passage of the security transmissions demand of above-mentioned lock cipher
As destination channel, above-mentioned lock cipher and encrypted instruction are sent to by above-mentioned pluggable memory by above-mentioned destination channel,
Safety of the above-mentioned lock cipher in transmitting procedure can be ensured.
In an optional implementation, the TEE of terminal determines that the above-mentioned encryption function of above-mentioned terminal is in and closes shape
After state, the lock cipher of pluggable memory storage in above-mentioned terminal can be removed, specific method can be as follows:Used above-mentioned
After above-mentioned pluggable memory is encrypted above-mentioned lock cipher, the above method also includes:
In the case that the TEE of above-mentioned terminal determines that the above-mentioned encryption function of above-mentioned terminal is closed, obtain described
The identification information of terminal, above-mentioned lock cipher is generated according to the identification information, and the above-mentioned lock cipher generation password according to generation is clear
Except instruction, the instruction of above-mentioned clearing password is sent to above-mentioned pluggable memory, above-mentioned clearing password instruction instruction is above-mentioned can
The above-mentioned lock cipher of the above-mentioned pluggable memory storage of core dump memory clear of plug.
For example, after user closes the closing of above-mentioned terminal, the TEE of above-mentioned terminal generates above-mentioned lock cipher, foundation
The above-mentioned lock cipher generation clearing password instruction obtained, above-mentioned pluggable memory is sent to by the instruction of above-mentioned clearing password.
The above-mentioned lock cipher of the above-mentioned above-mentioned pluggable memory storage of pluggable core dump memory clear, above-mentioned pluggable memory can be with
Insert above-mentioned terminal and other-end is read and other operations.
By taking above-mentioned SD card as an example, the mode for removing the lock cipher in above-mentioned SD card specifically can be by the correlation in SD card agreement
Regulation, is instructed using above-mentioned lock cipher generation clearing password.Such as, can be by the CMD42 orders in the order Class7 of SD card
To generate clearing password instruction.Specifically, can by the Bit3 in CMD42 orders (remove indicating bit " Erase Card ", when
" Erase Card " values are that " 1 " represents to be purged the lock cipher of SD card) position is entered as " 1 " to represent removing lock cipher,
The data bit (PwdData) of CMD42 orders is placed to the lock cipher that need to specifically remove, generation clearing password instruction.Above-mentioned terminal
Above-mentioned SD card is sent to using the CMD42 after assignment as clearing password instruction, just can basis so after SD card receives CMD42
The value of Bit3 and Pwd Data in order removes the lock cipher preserved.After so operating, above-mentioned SD card, which is restored to, not to be added
Close state, also can just play the mobility of above-mentioned SD card, be at will put into other terminals and use.
In the embodiment of the present invention, after the encryption function of terminal is closed, above-mentioned terminal generates above-mentioned lock cipher, according to acquisition
Above-mentioned lock cipher generation clearing password instruction, and by above-mentioned clearing password instruction be sent to above-mentioned pluggable memory, can
Conveniently and efficiently to remove the lock cipher that above-mentioned pluggable memory is stored.
In an optional implementation, the TEE of above-mentioned terminal determines to need to carry out above-mentioned pluggable memory
After decryption, above-mentioned pluggable memory can be decrypted, it is specific as follows:It is above-mentioned using above-mentioned lock cipher to it is above-mentioned can
After the memory of plug is encrypted, the above method also includes:
The TEE of above-mentioned terminal determines to need in the case of above-mentioned pluggable memory is decrypted, and generates above-mentioned lock
Password, above-mentioned pluggable memory is decrypted using above-mentioned lock cipher, and above-mentioned pluggable memory is in successful decryption
After can be written and read operation.
The specific method that above-mentioned pluggable memory is decrypted using above-mentioned lock cipher can be as follows:Above-mentioned terminal
Generation obtain above-mentioned lock cipher, according to the above-mentioned lock cipher generation decryption instructions of generation, above-mentioned decryption instructions are sent to
State pluggable memory.
By taking above-mentioned SD card as an example, the mode that above-mentioned SD card is decrypted can specifically be advised by the correlation in SD card agreement
It is fixed, above-mentioned lock cipher is generated into decryption instructions.Specifically, the positions of the Bit2 in CMD42 orders can be entered as " 0 " to represent solution
It is close, the data bit (Pwd Data) of CMD42 orders is placed to the lock cipher specifically set, thus, decryption instructions are generated.Above-mentioned end
The CMD42 after assignment is sent to above-mentioned SD card by end, just can so enter after above-mentioned SD card receives CMD42
Row decryption oprerations.
The TEE of above-mentioned terminal determine to need above-mentioned pluggable memory is decrypted it may is that terminal needs
Operation is written and read to above-mentioned pluggable memory;Can also be that above-mentioned terminal closes above-mentioned encryption function;It can also be
Stating the above-mentioned pluggable memory of terminal-pair and performing needs the operation of specified permission;Can also be needs pluggable to deposit to above-mentioned
Reservoir is formatted processing.
In the embodiment of the present invention, the TEE of terminal is after it is determined that need that above-mentioned pluggable memory is decrypted, to upper
Pluggable memory is stated to be decrypted, it is automatic when can needing that above-mentioned pluggable memory is decrypted in user
Decryption oprerations are completed, facilitate user.
The embodiment of the present invention proposes another method of controlling security, applied to the terminal comprising TEE, as shown in Fig. 2 bag
Include:
201st, the TEE of above-mentioned terminal determines to need in the case of pluggable memory is encrypted, and obtains above-mentioned end
The identification information at end;
202nd, the TEE of above-mentioned terminal generates lock cipher according to above-mentioned identification information;
203rd, the passage for the security transmissions demand that the TEE selections of above-mentioned terminal meet above-mentioned lock cipher is logical as target
Road;
204th, above-mentioned lock cipher and encrypted instruction are sent to by above-mentioned pluggable memory by above-mentioned destination channel;
Above-mentioned encrypted instruction indicates above-mentioned pluggable memory using the above-mentioned lock cipher received as above-mentioned pluggable
Memory lock cipher.
In a kind of optional mode, above-mentioned encrypted instruction may not necessarily be by above-mentioned destination channel to above-mentioned pluggable
Memory is transmitted, and above-mentioned target is by can only transmit above-mentioned lock cipher.
205th, above-mentioned pluggable memory is encrypted using above-mentioned lock cipher for above-mentioned terminal;
206th, the TEE of above-mentioned terminal determines to need in the case of above-mentioned pluggable memory is decrypted, in generation
State lock cipher;
207th, above-mentioned pluggable memory is decrypted using above-mentioned lock cipher for above-mentioned terminal;
Above-mentioned pluggable memory above-mentioned terminal after successful decryption can be written and read operation, but this pluggable is deposited
Reservoir is that other terminals such as cannot be written and read at the operation still in lock-out state.
208th, above-mentioned terminal is received after removing cipher instruction, and above-mentioned lock cipher is generated by above-mentioned TEE;
209th, above-mentioned terminal is instructed using above-mentioned lock cipher generation clearing password, removes above-mentioned pluggable memory storage
Lock cipher.
After the lock cipher of above-mentioned pluggable core dump memory clear storage, it can be written and read to wait in other terminals and operate.
TEE in the embodiment of the present invention can generate the lock cipher using the identification information of the terminal, and close using the lock
Individually the pluggable memory is encrypted and decrypted for code, and implementation is simple, safe.In addition, by the terminal certainly
It is dynamic that the pluggable memory is encrypted and decrypted, the operation without user.
A kind of optional application scenarios of the embodiment of the present invention are specific as follows:The card protection function that user closes a terminal adds
Close function, the TEE of terminal obtains the identification information of the terminal, lock cipher is generated according to the identification information, according to above-mentioned lock cipher
Clearing password instruction is generated, the lock cipher of above-mentioned pluggable memory storage is removed, above-mentioned pluggable memory is inserted
To other terminals, above-mentioned pluggable memory can be normally carried out read operation and other operations in other terminals.
The embodiment of the present invention additionally provides a kind of terminal, as shown in figure 3, including:Common performing environment, credible execution ring
The driver in border, pluggable memory and the pluggable memory;
Common performing environment refers to that those have an environment of abundant function, such as Android, Windows systems, these systems by
In widely using, function is continuously increased, and structure is all the more complicated, causes security universal not high.Credible performing environment (TEE,
Trusted Execution Environment) it is the terminal such as main place such as smart mobile phone, tablet personal computer, set top box, intelligent television
Manage a safety zone on device, the securities of its code that can ensure to be loaded into the environmental interior and data, confidentiality with
And integrality.TEE provide one isolation performing environment there is provided security feature include:Isolated execution, trusted application it is complete
Property, the confidentiality of trust data, safety storage etc..On the whole, the execution space that TEE is provided is than common operating system (such as
Android system etc.) provide higher level security.
Common performing environment includes card protection/solution protection interface 300, framework interface 301, backstage management procedure 302.Card is protected
Shield/solution protection interface 300 be used for receive user transmission encrypted instruction or decryption instructions, and by command adapted thereto be sent to it is above-mentioned can
Believe the trusted application under performing environment.Framework interface 301 and the management program that backstage management procedure 302 is pluggable memory,
The work that they are mainly realized includes the data in the above-mentioned pluggable memory of carry, the above-mentioned pluggable memory of read-write,
Operational orders such as encryption/decryption etc. are sent to above-mentioned driver.
Credible performing environment includes trusted application 310, and the function of the trusted application is realized by above-mentioned TEE, above-mentioned TEE
Corresponding hardware includes acquiring unit 311, generation unit 312, transmitting element 313.Above-mentioned acquiring unit 311, can be obtained
State the identification information of terminal;Above-mentioned generation unit 312 can generate lock cipher according to above-mentioned identification information;Above-mentioned transmitting element can
So that above-mentioned lock cipher to be sent to the driver of above-mentioned pluggable memory.
The driver of above-mentioned pluggable memory, after the lock cipher that above-mentioned transmitting element 313 is sent is received,
With reference to 301,302 issue encryption, decryption instructions, for example generate corresponding password using CMD42 orders as introduced above and set
Instruction, and the setting instruction of above-mentioned password is sent to above-mentioned pluggable memory to realize corresponding function action.According to existing
Some program architectures, TEE and common performing environment can send message instruction to above-mentioned driver, that is to say, that above-mentioned drive
Dynamic program can receive the instruction from common performing environment and TEE, and simply realization mechanism is different.The embodiment of the present invention
For safety guarantee, the above-mentioned lock cipher of generation is transmitted directly to above-mentioned driver, rather than acquiescently return to above-mentioned
Common performing environment removes the above-mentioned pluggable memory of control operation by above-mentioned common performing environment again, and (acquiescence is also such operation
).
The embodiment of the present invention additionally provides another method of controlling security, as shown in figure 4, including:
401st, starting up of terminal or the hot plug operations of pluggable memory are detected;
402nd, above-mentioned terminal determines that the card protection function of above-mentioned terminal is in opening;
403rd, CIPHERING REQUEST is sent to the TEE of above-mentioned terminal, sends and add to the driver of above-mentioned pluggable memory
Close/decryption instructions;
In a kind of optional mode, CIPHERING REQUEST and encryption/decryption instructions are sent to the TEE of above-mentioned terminal.More than
Three steps are carried out all under common performing environment.
404th, the TEE of above-mentioned terminal receives above-mentioned CIPHERING REQUEST;
In a kind of optional mode, above-mentioned TEE receives above-mentioned CIPHERING REQUEST and above-mentioned encryption/decryption instructions.
405th, above-mentioned TEE obtains the identification information of above-mentioned terminal;
406th, above-mentioned TEE generates lock cipher according to above-mentioned identification information;
407th, above-mentioned lock cipher is sent to the driver of above-mentioned pluggable memory by above-mentioned TEE;
In a kind of optional mode, above-mentioned lock cipher and decryption/encryption instruction are sent to above-mentioned insert by above-mentioned TEE
The driver of the memory pulled out.
408th, above-mentioned driver receives above-mentioned lock cipher and decryption/encryption instruction, and to above-mentioned pluggable storage
Device is encrypted or decrypted.
TEE in the embodiment of the present invention can generate the lock cipher using the identification information of the terminal, and close using the lock
Individually the pluggable memory is encrypted and decrypted for code, and implementation is simple, safe.In addition, by the terminal certainly
It is dynamic that the pluggable memory is encrypted and decrypted, the operation without user.The embodiments of the invention provide another end
End, including:
Application control unit 501, for the situation for determining to need that pluggable memory is encrypted, obtains terminal
Identification information, for generating lock cipher according to above-mentioned identification information;
Ciphering unit 502, for above-mentioned pluggable memory to be encrypted using above-mentioned lock cipher.
Terminal in the embodiment of the present invention can be realized in the security control to pluggable memory, specific method and Fig. 1
Method it is identical, be not described herein in detail.
In a kind of optional mode, above-mentioned application control unit 501, the encryption function specifically for determining above-mentioned terminal
The situation for having the hot plug operations of above-mentioned pluggable memory in opening and above-mentioned terminal is to need to insert to above-mentioned
The situation that the memory pulled out is encrypted;
Or, specifically for determining the above-mentioned encryption function of above-mentioned terminal in opening and detecting above-mentioned terminal
The situation of power-on operation is the situation for needing that above-mentioned pluggable memory is encrypted;
Or, it is specifically for the situation for determining to receive the encrypted instruction that above-mentioned pluggable memory is encrypted
Need the situation that above-mentioned pluggable memory is encrypted.
In the embodiment of the present invention, terminal it is determined that need pair can the memory of above-mentioned plug be encrypted when it is automatically right
Above-mentioned pluggable memory is encrypted, safe ready, the operation without user.
In an optional implementation, the embodiment of the present invention proposes a kind of generating algorithm of lock cipher, specifically such as
Under:Above-mentioned application control unit 501, specifically for above-mentioned identification information, as password factor, is carried out to above-mentioned password factor
Hash operation obtains cryptographic Hash, and above-mentioned cryptographic Hash is carried out obscuring processing or computing is negated, above-mentioned lock cipher is obtained.
In the embodiment of the present invention, the TEE of above-mentioned terminal is obtained after cryptographic Hash using hash algorithm according to above-mentioned identification information,
Again above-mentioned cryptographic Hash is carried out obscuring processing or negate computing, obtained lock cipher, on the one hand can ensure that above-mentioned lock cipher is
Uniquely, on the other hand ensure that above-mentioned lock cipher is difficult to decrypt.
In an optional implementation, the TEE of above-mentioned terminal can be by different methods to above-mentioned pluggable
Memory is encrypted, as follows the embodiments of the invention provide a kind of concrete example that pluggable memory is encrypted:
Above-mentioned application control unit 501, the passage of security transmissions demand of above-mentioned lock cipher is met specifically for selection as target
Passage, above-mentioned pluggable memory, above-mentioned encryption are sent to by above-mentioned destination channel by above-mentioned lock cipher and encrypted instruction
Instruction indicate above-mentioned pluggable memory using the above-mentioned lock cipher received as above-mentioned pluggable memory lock cipher.
In the embodiment of the present invention, the TEE selections of above-mentioned terminal meet the passage of the security transmissions demand of above-mentioned lock cipher
As destination channel, above-mentioned lock cipher and encrypted instruction are sent to by above-mentioned pluggable memory by above-mentioned destination channel,
Safety of the above-mentioned lock cipher in transmitting procedure can be ensured.
In an optional implementation, the TEE of terminal determines that the above-mentioned encryption function of above-mentioned terminal is in and closes shape
After state, the lock cipher of pluggable memory storage in above-mentioned terminal can be removed, specific method can be as follows:Above-mentioned application control
Unit 501 processed, is additionally operable to determine the situation that the above-mentioned encryption function of above-mentioned terminal is closed, obtains the mark of the terminal
Know information, the lock cipher is generated according to the identification information;As shown in fig. 6, above-mentioned terminal also includes:
Generation unit 601, for the above-mentioned lock cipher generation clearing password instruction according to generation;
Transmitting element 602, for the instruction of above-mentioned clearing password to be sent into above-mentioned pluggable memory, above-mentioned password is clear
Except instruction indicates the above-mentioned lock cipher of the above-mentioned pluggable above-mentioned pluggable memory storage of core dump memory clear.
In the embodiment of the present invention, after the encryption function of terminal is closed, above-mentioned terminal obtains above-mentioned lock cipher, according to acquisition
Above-mentioned lock cipher generation clearing password instruction, and by above-mentioned clearing password instruction be sent to above-mentioned pluggable memory, can
Conveniently and efficiently to remove the lock cipher that above-mentioned pluggable memory is stored.
In an optional implementation, the TEE of above-mentioned terminal determines to need to carry out above-mentioned pluggable memory
After decryption, above-mentioned pluggable memory can be decrypted, it is specific as follows:Above-mentioned application control unit 501, is additionally operable to really
Surely the situation that above-mentioned pluggable memory is decrypted is needed, above-mentioned lock cipher is generated;As shown in fig. 7, above-mentioned terminal is also
Including:
Decryption unit 701, it is above-mentioned pluggable for above-mentioned pluggable memory to be decrypted using above-mentioned lock cipher
Memory operation can be written and read after successful decryption.
In the embodiment of the present invention, the TEE of terminal is after it is determined that need that above-mentioned pluggable memory is decrypted, to upper
Pluggable memory is stated to be decrypted, it is automatic when can needing that above-mentioned pluggable memory is decrypted in user
Decryption oprerations are completed, facilitate user.
The embodiment of the present invention additionally provides a kind of terminal, as shown in figure 8, including:Processor 801 and memory 802;Its
The caching that middle memory 802 can be used for required for the execution data processing of processor 801, can be also used for providing processor 801
Data and the memory space of the result data of acquisition that execution data processing is called;
Wherein, above-mentioned processor 801, for determining to need in the case of pluggable memory is encrypted, is obtained
The identification information of above-mentioned terminal, lock cipher is generated according to above-mentioned identification information;Pluggable deposited to above-mentioned using above-mentioned lock cipher
Reservoir is encrypted.
Concrete implementation method is identical with the method in Fig. 1, is not described herein in detail.
In an optional implementation, the embodiment of the present invention proposes a kind of generating algorithm of lock cipher, specifically such as
Under:Above-mentioned processor 801, for as password factor, carrying out Hash operation to above-mentioned password factor and obtaining above-mentioned identification information
To cryptographic Hash, above-mentioned cryptographic Hash is carried out obscuring processing or computing is negated, above-mentioned lock cipher is obtained.
In the embodiment of the present invention, the TEE of above-mentioned terminal is obtained after cryptographic Hash using hash algorithm according to above-mentioned identification information,
Again above-mentioned cryptographic Hash is carried out obscuring processing or negate computing, obtained lock cipher, on the one hand can ensure that above-mentioned lock cipher is
Uniquely, on the other hand ensure that above-mentioned lock cipher is difficult to decrypt.
In an optional implementation, the TEE of above-mentioned terminal can be by different methods to above-mentioned pluggable
Memory is encrypted, as follows the embodiments of the invention provide a kind of concrete example that pluggable memory is encrypted:
Above-mentioned processor 801, the passage of security transmissions demand of above-mentioned lock cipher is met specifically for selection as destination channel, is led to
Cross above-mentioned destination channel and above-mentioned lock cipher and encrypted instruction are sent to above-mentioned pluggable memory, above-mentioned encrypted instruction is indicated
Above-mentioned pluggable memory using the above-mentioned lock cipher received as above-mentioned pluggable memory lock cipher.
In the embodiment of the present invention, the TEE selections of above-mentioned terminal meet the passage of the security transmissions demand of above-mentioned lock cipher
As destination channel, above-mentioned lock cipher and encrypted instruction are sent to by above-mentioned pluggable memory by above-mentioned destination channel,
Safety of the above-mentioned lock cipher in transmitting procedure can be ensured.
In an optional implementation, the TEE of terminal determines that the above-mentioned encryption function of above-mentioned terminal is in and closes shape
After state, the lock cipher of pluggable memory storage in above-mentioned terminal can be removed, specific method can be as follows:Above-mentioned processor
801, after above-mentioned pluggable memory is encrypted in the above-mentioned lock cipher of above-mentioned use, it is additionally operable to determine above-mentioned terminal
In the case that above-mentioned encryption function is closed, the identification information of the terminal is obtained, according to identification information generation
Above-mentioned lock cipher, according to the above-mentioned lock cipher generation clearing password instruction of generation, the instruction of above-mentioned clearing password is sent to above-mentioned
Pluggable memory, above-mentioned clearing password instruction indicates that the above-mentioned pluggable above-mentioned pluggable memory of core dump memory clear is deposited
The above-mentioned lock cipher of storage.
In the embodiment of the present invention, after the encryption function of terminal is closed, above-mentioned terminal generates above-mentioned lock cipher, according to generation
Above-mentioned lock cipher generation clearing password instruction, and by above-mentioned clearing password instruction be sent to above-mentioned pluggable memory, can
Conveniently and efficiently to remove the lock cipher that above-mentioned pluggable memory is stored.
In an optional implementation, the TEE of above-mentioned terminal determines to need to carry out above-mentioned pluggable memory
After decryption, above-mentioned pluggable memory can be decrypted, it is specific as follows:Above-mentioned processor 801, above-mentioned using above-mentioned
After above-mentioned pluggable memory is encrypted lock cipher, being additionally operable to determination needs to carry out above-mentioned pluggable memory
In the case of decryption, generate above-mentioned lock cipher, above-mentioned pluggable memory be decrypted using above-mentioned lock cipher, it is above-mentioned can
The memory of plug can be written and read operation after successful decryption.
In the embodiment of the present invention, the TEE of terminal is after it is determined that need that above-mentioned pluggable memory is decrypted, to upper
Pluggable memory is stated to be decrypted, it is automatic when can needing that above-mentioned pluggable memory is decrypted in user
Decryption oprerations are completed, facilitate user.
Fig. 9 is illustrated that the block diagram of the part-structure of the mobile phone related to terminal provided in an embodiment of the present invention.With reference to figure
9, mobile phone includes:Radio frequency (Radio Frequency, RF) circuit 910, memory 920, input block 930, display unit 940,
Sensor 950, voicefrequency circuit 960, Wireless Fidelity (wireless fidelity, WiFi) module 970, processor 980 and
The grade part of power supply 990.It will be understood by those skilled in the art that the handset structure shown in Fig. 9 does not constitute the restriction to mobile phone,
It can include than illustrating more or less parts, either combine some parts or different parts arrangement.
Each component parts of mobile phone is specifically introduced with reference to Fig. 9:
RF circuits 910 can be used for receive and send messages or communication process in, the reception and transmission of signal, especially, by base station
After downlink information is received, handled to processor 980;In addition, being sent to base station by up data are designed.Generally, RF circuits 910
Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier (Low Noise
Amplifier, LNA), duplexer etc..In addition, RF circuits 910 can also be communicated by radio communication with network and other equipment.
Above-mentioned radio communication can use any communication standard or agreement, including but not limited to global system for mobile communications (Global
System of Mobile communication, GSM), general packet radio service (General Packet Radio
Service, GPRS), CDMA (Code Division Multiple Access, CDMA), WCDMA
(Wideband Code Division Multiple Access, WCDMA), Long Term Evolution (Long Term Evolution,
LTE), Email, Short Message Service (Short Messaging Service, SMS) etc..
Memory 920 can be used for storage software program and module, and processor 980 is stored in memory 920 by operation
Software program and module, so as to perform various function application and the data processing of mobile phone.Memory 920 can mainly include
Storing program area and storage data field, wherein, the application journey that storing program area can be needed for storage program area, at least one function
Sequence (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored uses what is created according to mobile phone
Data (such as voice data, phone directory etc.) etc..In addition, memory 920 can include high-speed random access memory, can be with
Including nonvolatile memory, for example, at least one disk memory, flush memory device or other volatile solid-states
Part.
Input block 930 can be used for the numeral or character information for receiving input, and produce with the user of mobile phone set with
And the relevant key signals input of function control.Specifically, input block 930 may include that contact panel 931 and other inputs are set
Standby 932.Contact panel 931, also referred to as touch-screen, collecting touch operation of the user on or near it, (such as user uses
The operation of any suitable object such as finger, stylus or annex on contact panel 931 or near contact panel 931), and root
Corresponding attachment means are driven according to formula set in advance.Optionally, contact panel 931 may include touch detecting apparatus and touch
Two parts of controller.Wherein, touch detecting apparatus detects the touch orientation of user, and detects the signal that touch operation is brought,
Transmit a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into touching
Point coordinates, then give processor 980, and the order sent of reception processing device 980 and can be performed.Furthermore, it is possible to using electricity
The polytypes such as resistive, condenser type, infrared ray and surface acoustic wave realize contact panel 931.Except contact panel 931, input
Unit 930 can also include other input equipments 932.Specifically, other input equipments 932 can include but is not limited to secondary or physical bond
One or more in disk, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc..
Display unit 940 can be used for the various of the information that is inputted by user of display or the information for being supplied to user and mobile phone
Menu.Display unit 940 may include display panel 941, optionally, can use liquid crystal display (Liquid Crystal
Display, LCD), the form such as Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) it is aobvious to configure
Show panel 941.Further, contact panel 931 can cover display panel 941, when contact panel 931 is detected thereon or attached
After near touch operation, processor 980 is sent to determine the type of touch event, with preprocessor 980 according to touch event
Type corresponding visual output is provided on display panel 941.Although in fig .9, contact panel 931 and display panel 941
It is input and the input function that mobile phone is realized as two independent parts, but in some embodiments it is possible to by touch-control
Panel 931 and the input that is integrated and realizing mobile phone of display panel 941 and output function.
Mobile phone may also include at least one sensor 950, such as optical sensor, motion sensor and other sensors.
Specifically, optical sensor may include ambient light sensor and proximity transducer, wherein, ambient light sensor can be according to ambient light
Light and shade adjust the brightness of display panel 941, proximity transducer can close display panel 941 when mobile phone is moved in one's ear
And/or backlight.As one kind of motion sensor, accelerometer sensor can detect in all directions (generally three axles) acceleration
Size, size and the direction of gravity are can detect that when static, available for identification mobile phone posture application (such as horizontal/vertical screen is cut
Change, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;May be used also as mobile phone
The other sensors such as gyroscope, barometer, hygrometer, thermometer, the infrared ray sensor of configuration, will not be repeated here.
Voicefrequency circuit 960, loudspeaker 961, microphone 962 can provide the COBBAIF between user and mobile phone.Audio-frequency electric
Electric signal after the voice data received conversion can be transferred to loudspeaker 961, sound is converted to by loudspeaker 961 by road 960
Signal output;On the other hand, the voice signal of collection is converted to electric signal by microphone 962, by voicefrequency circuit 960 receive after turn
It is changed to voice data, then after voice data output processor 980 is handled, through RF circuits 910 to be sent to such as another mobile phone,
Or export voice data to memory 920 so as to further processing.
WiFi belongs to short range wireless transmission technology, and mobile phone can help user's transceiver electronicses postal by WiFi module 970
Part, browse webpage and access streaming video etc., it has provided the user wireless broadband internet and accessed.Although Fig. 9 is shown
WiFi module 970, but it is understood that, it is simultaneously not belonging to must be configured into for mobile phone, can not change as needed completely
Become in the essential scope of invention and omit.
Processor 980 is the control centre of mobile phone, using various interfaces and the various pieces of connection whole mobile phone, is led to
Cross operation or perform and be stored in software program and/or module in memory 920, and call and be stored in memory 920
Data, perform the various functions and processing data of mobile phone, so as to carry out integral monitoring to mobile phone.Optionally, processor 980 can be wrapped
Include one or more processing units;It is preferred that, processor 980 can integrated application processor and modem processor, wherein, should
Operating system, user interface and application program etc. are mainly handled with processor, modem processor mainly handles radio communication.
It is understood that above-mentioned modem processor can not also be integrated into processor 980.
Mobile phone also includes the power supply 990 (such as battery) powered to all parts, it is preferred that power supply can pass through power supply pipe
Reason system and processor 980 are logically contiguous, so as to realize management charging, electric discharge and power managed by power-supply management system
Etc. function.
Although not shown, mobile phone can also include camera, bluetooth module etc., will not be repeated here.
In addition, one of ordinary skill in the art will appreciate that realizing all or part of step in above-mentioned each method embodiment
It can be by program to instruct the hardware of correlation to complete, corresponding program can be stored in a kind of computer-readable recording medium
In, storage medium mentioned above can be read-only storage, disk or CD etc..
Step in present invention method can be sequentially adjusted, merged and deleted according to actual needs.
Unit in terminal of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
The present invention preferably embodiment is these are only, but protection scope of the present invention is not limited thereto, it is any
Those familiar with the art the change that can readily occur in or replaces in the technical scope that the embodiment of the present invention is disclosed
Change, should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claim
Enclose and be defined.
Claims (12)
1. a kind of method of controlling security, it is characterised in that applied to the terminal for including credible performing environment TEE, methods described bag
Include:
The TEE of the terminal determines to need in the case of pluggable memory is encrypted, and obtains the mark of the terminal
Information, lock cipher is generated according to the identification information;
The pluggable memory is encrypted using the lock cipher.
2. method according to claim 1, it is characterised in that the TEE of the terminal determines to need to pluggable memory
Situation about being encrypted includes:
The TEE of the terminal determines that the encryption function of the terminal is in opening and determines that the terminal has described pluggable
Memory hot plug operations;
Or, the TEE of the terminal determines that the encryption function of the terminal is in opening and detects the terminal
Power-on operation;
Or, the TEE of the terminal receives the encrypted instruction that the pluggable memory is encrypted.
3. method according to claim 1 or claim 2, it is characterised in that described to include according to identification information generation lock cipher:
The identification information as password factor, is carried out Hash operation to the password factor and breathed out by the TEE of the terminal
Uncommon value, carries out obscuring processing or negates computing, obtain the lock cipher to the cryptographic Hash.
4. method according to claim 1 or claim 2, it is characterised in that described pluggable to be deposited to described using the lock cipher
Reservoir be encrypted including:
The TEE selections of the terminal meet the passage of the security transmissions demand of the lock cipher as destination channel, pass through institute
State destination channel and the lock cipher and encrypted instruction are sent to the pluggable memory, the encrypted instruction indicates described
Pluggable memory using the lock cipher received as the pluggable memory lock cipher.
5. method according to claim 1 or claim 2, it is characterised in that use the lock cipher to described pluggable described
After memory is encrypted, methods described also includes:
In the case that the TEE of the terminal determines that the encryption function of the terminal is closed, the terminal is obtained
Identification information, generate the lock cipher according to the identification information, the lock cipher generation clearing password according to generation refers to
Order, the pluggable memory is sent to by clearing password instruction, and the clearing password instruction indicates described pluggable
Core dump memory clear described in pluggable memory storage the lock cipher.
6. method according to claim 1 or claim 2, it is characterised in that use the lock cipher to described pluggable described
After memory is encrypted, methods described also includes:
The TEE of the terminal is determined in the case of needing that the pluggable memory is decrypted, and generates the lock cipher,
The pluggable memory is decrypted using the lock cipher, the pluggable memory can be with after successful decryption
It is written and read operation.
7. a kind of terminal, it is characterised in that including:
Application control unit, for the situation for determining to need that pluggable memory is encrypted, obtains the mark letter of terminal
Breath, for generating lock cipher according to the identification information;
Ciphering unit, for the pluggable memory to be encrypted using the lock cipher.
8. terminal according to claim 7, it is characterised in that
The application control unit, specifically for determine the encryption function of the terminal be in opening and the terminal
State the situation that the pluggable memory is encrypted for needs for the situation of the hot plug operations of pluggable memory;
Or, the encryption function specifically for the determination terminal is in opening and detects the start of the terminal
The situation that the pluggable memory is encrypted for needs for the situation of operation;
Or, specifically for determining that the situation for receiving the encrypted instruction that the pluggable memory is encrypted is needs
The situation that the pluggable memory is encrypted.
9. the terminal according to claim 7 or 8, it is characterised in that
The application control unit, specifically for the identification information, as password factor, is breathed out to the password factor
Uncommon computing obtains cryptographic Hash, and the cryptographic Hash is carried out obscuring processing or computing is negated, the lock cipher is obtained.
10. the terminal according to claim 7 or 8, it is characterised in that
The application control unit, the passage of security transmissions demand of the lock cipher is met specifically for selection as target
Passage, the pluggable memory, the encryption are sent to by the destination channel by the lock cipher and encrypted instruction
Instruction indicate the pluggable memory using the lock cipher received as the pluggable memory lock cipher.
11. the terminal according to claim 7 or 8, it is characterised in that
The application control unit, is additionally operable to determine the situation that the encryption function of the terminal is closed, and obtains
The identification information of the terminal, the lock cipher is generated according to the identification information;The terminal also includes:
Generation unit, for the lock cipher generation clearing password instruction according to generation;
Transmitting element, for clearing password instruction to be sent into the pluggable memory, the clearing password instruction
Indicate the lock cipher of pluggable memory storage described in the pluggable core dump memory clear.
12. the terminal according to claim 7 or 8, it is characterised in that
The application control unit, is additionally operable to the situation for determining to need that the pluggable memory is decrypted, generates institute
State lock cipher;The terminal also includes:
Decryption unit, for the pluggable memory to be decrypted using the lock cipher, the pluggable storage
Device can be written and read operation after successful decryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710065591.4A CN106971122A (en) | 2017-02-06 | 2017-02-06 | Method of controlling security and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710065591.4A CN106971122A (en) | 2017-02-06 | 2017-02-06 | Method of controlling security and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106971122A true CN106971122A (en) | 2017-07-21 |
Family
ID=59334862
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710065591.4A Withdrawn CN106971122A (en) | 2017-02-06 | 2017-02-06 | Method of controlling security and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106971122A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170564A (en) * | 2017-12-13 | 2018-06-15 | 浙江大华技术股份有限公司 | A kind of method and device for monitoring mobile hard disk hot plug situation |
CN110457919A (en) * | 2019-07-26 | 2019-11-15 | 深圳市德名利电子有限公司 | A kind of noninductive control method and system and equipment based on removable Storage |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103310169A (en) * | 2013-04-28 | 2013-09-18 | 东莞宇龙通信科技有限公司 | SD (Secure Digital) card data protection method and protection system thereof |
CN105530641A (en) * | 2014-09-30 | 2016-04-27 | 中兴通讯股份有限公司 | Method and apparatus for realizing SD card security management in mobile terminal |
-
2017
- 2017-02-06 CN CN201710065591.4A patent/CN106971122A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103310169A (en) * | 2013-04-28 | 2013-09-18 | 东莞宇龙通信科技有限公司 | SD (Secure Digital) card data protection method and protection system thereof |
CN105530641A (en) * | 2014-09-30 | 2016-04-27 | 中兴通讯股份有限公司 | Method and apparatus for realizing SD card security management in mobile terminal |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108170564A (en) * | 2017-12-13 | 2018-06-15 | 浙江大华技术股份有限公司 | A kind of method and device for monitoring mobile hard disk hot plug situation |
CN110457919A (en) * | 2019-07-26 | 2019-11-15 | 深圳市德名利电子有限公司 | A kind of noninductive control method and system and equipment based on removable Storage |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104125216B (en) | A kind of method, system and terminal for lifting credible performing environment security | |
CN103616981B (en) | application processing method, device and mobile terminal | |
CN103488924B (en) | A kind of unlocking processing method of terminal, device and equipment | |
CN103473494B (en) | A kind of run the method for application, device and terminal unit | |
KR102224553B1 (en) | Key storage method, key management method and device | |
CN105678553A (en) | Method, device and system for processing order information | |
CN106709347B (en) | Using the method and device of operation | |
WO2018201991A1 (en) | Data processing method, system, apparatus, storage medium, and device | |
CN106778175A (en) | A kind of interface locking means, device and terminal device | |
CN106598584A (en) | Resource file processing method, apparatus and system | |
CN107133498A (en) | A kind of privacy application management method and device and mobile terminal | |
CN107240157B (en) | Near field communication security control method, mobile terminal and computer readable storage medium | |
CN108352989A (en) | Electronic equipment and method for its identification information of certification | |
CN107154935A (en) | service request method and device | |
CN110941821A (en) | Data processing method, device and storage medium | |
CN108011879A (en) | File encryption, method, apparatus, equipment and the storage medium of decryption | |
CN106550361A (en) | A kind of data transmission method and equipment | |
CN109743696A (en) | Identifying code encryption method, system and readable storage medium storing program for executing | |
CN106599698A (en) | Method and device for picture encryption, and method and device for picture decryption | |
CN106709282A (en) | Resource file decryption method and device | |
CN106506828A (en) | Limit the way of recording, device and portable mobile termianl | |
CN107592409A (en) | Application control method and device | |
CN106971122A (en) | Method of controlling security and terminal | |
CN110557747A (en) | network registration method, terminal and readable storage medium | |
CN104899488A (en) | Numerical value transferring method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170721 |