CN107358114A - A kind of method and terminal for preventing user data loss - Google Patents

A kind of method and terminal for preventing user data loss Download PDF

Info

Publication number
CN107358114A
CN107358114A CN201710446938.XA CN201710446938A CN107358114A CN 107358114 A CN107358114 A CN 107358114A CN 201710446938 A CN201710446938 A CN 201710446938A CN 107358114 A CN107358114 A CN 107358114A
Authority
CN
China
Prior art keywords
user data
storage section
secure storage
system application
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710446938.XA
Other languages
Chinese (zh)
Inventor
曹海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jinli Communication Equipment Co Ltd
Original Assignee
Shenzhen Jinli Communication Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jinli Communication Equipment Co Ltd filed Critical Shenzhen Jinli Communication Equipment Co Ltd
Priority to CN201710446938.XA priority Critical patent/CN107358114A/en
Publication of CN107358114A publication Critical patent/CN107358114A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiments of the invention provide a kind of method and terminal for preventing user data loss, wherein method includes:User data is stored in default secure storage section;If receiving the access of system application transmission or the request of the operation user data, trigger the system and carry out two-way authentication using with the secure storage section;If two-way authentication is by allowing the system application to access or operate the user data of the secure storage section memory storage;If two-way authentication is not by forbidding the system application to access or operate the user data of the secure storage section memory storage.The embodiment of the present invention can avoid user, and when carrying out brush machine to smart mobile phone, formatting the operation such as upgrading or factory reset, user data is removed by system application, is prevented user data loss, is ensured the safety of user data.

Description

A kind of method and terminal for preventing user data loss
Technical field
The present invention relates to electronic technology field, more particularly to a kind of method and terminal for preventing user data loss.
Background technology
With the continuous improvement of people's living standards, smart mobile phone has been increasingly becoming indispensable one in people's life Part.At present, smart phone user is generally by user data, such as:Video data, personal information data and the office number of download According to etc. be stored directly in the internal memory of smart mobile phone, such user smart mobile phone is being carried out brush machine, format upgrading or it is extensive During the operations such as multiple Default Value, smart mobile phone can remove the user data stored in internal memory, cause user data loss.
The content of the invention
The embodiment of the present invention provides a kind of method and terminal for preventing user data loss, can prevent user data from losing Lose, ensure the safety of user data.
In a first aspect, the embodiments of the invention provide a kind of method for preventing user data loss, this method includes:
User data is stored in default secure storage section;
If receiving the access of system application transmission or the request of the operation user data, the system application is triggered Two-way authentication is carried out with the secure storage section;
If two-way authentication is by allowing the system application to access or operate the use of the secure storage section memory storage User data;
If two-way authentication is not by forbidding the system application to access or operate the secure storage section memory storage User data.
Second aspect, the embodiments of the invention provide a kind of terminal, the terminal includes:
Data storage cell, for user data to be stored in into default secure storage section;
Two-way authentication unit, if for receiving the access of system application transmission or the request of the operation user data, The system is then triggered to apply and secure storage section progress two-way authentication;
Execution unit, if for two-way authentication by allowing the system application to access or operate the safety storage The user data of region memory storage;If two-way authentication is not by forbidding the system application to access or operate the safety and depositing The user data of storage area domain memory storage.
The third aspect, the embodiments of the invention provide another terminal, including processor, input equipment, output equipment and Memory, the processor, input equipment, output equipment and memory are connected with each other, wherein, the memory is used to store branch The computer program that terminal performs the above method is held, the computer program includes programmed instruction, and the processor is configured to use In calling described program instruction, the method for performing above-mentioned first aspect.
Fourth aspect, the embodiments of the invention provide a kind of computer-readable recording medium, the computer-readable storage medium Computer program is stored with, the computer program includes programmed instruction, and described program instruction makes institute when being executed by a processor The method for stating the above-mentioned first aspect of computing device.
The embodiment of the present invention by user data by being stored in default secure storage section;If receive system application hair The access or the request of the operation user data sent, then it is two-way using being carried out with the secure storage section to trigger the system Certification;If two-way authentication is by allowing the system application to access or operate the user of the secure storage section memory storage Data;If two-way authentication is not by forbidding the system application to access or operate the use of the secure storage section memory storage User data, user can be avoided to be used when carrying out brush machine to smart mobile phone, formatting the operation such as upgrading or factory reset User data is removed by system application, can be prevented user data loss, be ensured the safety of user data..
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, it is required in being described below to embodiment to use Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, general for this area For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic flow diagram for method for preventing user data loss that the embodiment of the present invention one provides;
Fig. 2 is a kind of schematic flow diagram for method for preventing user data loss that the embodiment of the present invention two provides;
Fig. 3 is a kind of schematic block diagram for terminal that the embodiment of the present invention three provides;
Fig. 4 is a kind of schematic block diagram for terminal that the embodiment of the present invention four provides;
Fig. 5 is a kind of schematic block diagram for terminal that the embodiment of the present invention five provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, rather than whole embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
It should be appreciated that ought be in this specification and in the appended claims in use, term " comprising " and "comprising" instruction Described feature, entirety, step, operation, the presence of element and/or component, but it is not precluded from one or more of the other feature, whole Body, step, operation, element, component and/or its presence or addition for gathering.
It is also understood that the term used in this description of the invention is merely for the sake of the mesh for describing specific embodiment And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on Other situations are hereafter clearly indicated, otherwise " one " of singulative, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in description of the invention and appended claims is Refer to any combinations of one or more of the associated item listed and be possible to combine, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt Be construed to " when ... " or " once " or " in response to determining " or " in response to detecting ".Similarly, phrase " if it is determined that " or " if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In the specific implementation, the terminal described in the embodiment of the present invention is including but not limited to such as with touch sensitive surface The mobile phone, laptop computer or tablet PC of (for example, touch-screen display and/or touch pad) etc it is other just Portable device.It is to be further understood that in certain embodiments, the equipment is not portable communication device, but with tactile Touch the desktop computer of sensing surface (for example, touch-screen display and/or touch pad).
In discussion below, the terminal including display and touch sensitive surface is described.It is, however, to be understood that It is that terminal can include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Terminal supports various application programs, such as one or more of following:Drawing application program, demonstration application journey Sequence, word-processing application, website create application program, disk imprinting application program, spreadsheet applications, game application Program, telephony application, videoconference application, email application, instant messaging applications, exercise Support application program, photo management application program, digital camera application program, digital camera application program, web-browsing application Program, digital music player application and/or video frequency player application program.
The various application programs that can be performed in terminal can use at least one public of such as touch sensitive surface Physical user-interface device.It can adjust and/or change among applications and/or in corresponding application programs and touch sensitive table The corresponding information shown in the one or more functions and terminal in face.So, the public physical structure of terminal is (for example, touch Sensing surface) the various application programs with user interface directly perceived and transparent for a user can be supported.
It is that the embodiment of the present invention one provides a kind of schematic flow diagram for the method for preventing user data loss referring to Fig. 1.Such as Shown in Fig. 1, a kind of method for preventing user data loss that the present embodiment provides may include:
Step S101, user data is stored in default secure storage section.
Preferably, in the present embodiment, the user data includes but is not limited to individual subscriber data, office document, regards The data such as frequency file and picture file.
Preferably, in the present embodiment, the terminal built-in has EMMC memories and safety chip, the default safety The RPMB storage regions that storage region includes but is not limited in safety chip storage region and the EMMC memories.Wherein, RPMB storage regions are the hardware store regions of controlled authority in EMMC memories, it is necessary to by can just be accessed under TEE environment; Safety chip is a kind of single hardware carrier, and object level of security is high, can be cracked to prevent channel attack, anti-violence.
Preferably, in the present embodiment, the user data is stored in described default by the terminal by TEE instructions Secure storage section.
Step S102, if receiving the access of system application transmission or the request of the operation user data, trigger institute System is stated to apply and secure storage section progress two-way authentication.
Preferably, in the present embodiment, when user carries out brush machine, formatting upgrading to the terminal or recovers to dispatch from the factory to set When the operation such as putting, the system that can trigger applies the request for being sent to the secure storage section and accessing or operate the user data, When secure storage section receives the request, authentication can be carried out to the application of shown system, judge the system application Whether there is access or operating right, and system application can also carry out authentication to the secure storage section simultaneously, sentence Whether the secure storage section of breaking is safety, believable storage region, just allows to continue executing with visit after both sides are verified Ask or operation requests.
Preferably, in the present embodiment, step S102 is specifically included:
If receiving the access of system application transmission or the request of the operation user data, the safety storage is controlled Region obtains the first digital certificate of the system application, and carries out body to system application according to first digital certificate Part checking;Meanwhile
The system application is controlled to obtain the second digital certificate of the secure storage section, and according to the described second numeral Certificate carries out authentication to the secure storage section;
If the authentication of system application by and the secure storage section authentication pass through it is two-way to recognize Card passes through;Conversely, then two-way authentication fails.
Preferably, in the present embodiment, the secure storage section internal memory contains with access or operates the safety The signing messages of the system application of the user data of storage region memory storage, when the secure storage section gets the system Application the first digital certificate after, by judge the signing messages in first digital certificate whether with the secure storage areas What is prestored in domain has the signature of the system application for the user data for accessing or operating the secure storage section memory storage Information is consistent, come determine the authentication of system application whether by, if unanimously, the authentication of the system application Pass through;If conversely, inconsistent, in the authentication failure of system application.
Preferably, in the present embodiment, safety, the signature of believable storage region are previously stored with the system application Information, after the system application gets the second digital certificate of the secure storage section, by judging second number On word certificate signature whether safe, the believable storage region with prestoring signing messages it is consistent, to determine that the safety is deposited Whether the authentication in storage area domain is by if unanimously, the authentication of the secure storage section passes through;If conversely, differ Cause, then the authentication failure of the secure storage section.
Step S103, if two-way authentication is by allowing the system application to access or operate the secure storage section The user data of memory storage.
Preferably, in the present embodiment, if two-way authentication is by illustrating that the system is applied with access or operation institute The authority of the user data of secure storage section memory storage is stated, now, it is allowed to which the system application accesses or operated the peace The user data of full storage region memory storage, wherein described operate includes but is not limited to the behaviour such as duplication, stickup, shearing and deletion Make.
Step S104, if two-way authentication is not by forbidding the system application to access or operate the secure storage areas The user data of domain memory storage.
Preferably, in the present embodiment, if two-way authentication not by, illustrate the system apply without access or The authority of the secure storage section is operated, now forbids the system application to access or operate in the secure storage section User data, avoid the secure storage section memory storage user data loss or by illegally application steal.
Above as can be seen that a kind of method for preventing user data loss for providing of the present embodiment is due to by by number of users According to being stored in default secure storage section;If receive the access of system application transmission or asking for the operation user data Ask, then trigger the system and apply and secure storage section progress two-way authentication;If two-way authentication is by described in permission System application accesses or operated the user data of the secure storage section memory storage;If two-way authentication is not by forbidding institute The user data that system application accessed or operated the secure storage section memory storage is stated, user can be avoided to smart mobile phone When carrying out brush machine, formatting the operation such as upgrading or factory reset, user data is removed by system application, can prevent from using User data is lost, and ensures the safety of user data.
Fig. 2 is a kind of schematic flow diagram for method for preventing user data loss that the embodiment of the present invention two provides.Referring to Shown in Fig. 2, a kind of method for preventing user data loss of the present embodiment offer, including:
Step S201, user data is stored in default secure storage section.
Preferably, in the present embodiment, the user data includes but is not limited to individual subscriber data, office document, regards The data such as frequency file and picture file.
Preferably, in the present embodiment, step S201 is specifically included:
According to the significance level, data type and size of data of user data, the corresponding storage of the user data is determined Secure storage section, the secure storage section include common EMMC storage regions, RPMB storage regions and safety chip storage Region;
The user data is stored to secure storage section corresponding with the user data.
Wherein, the terminal built-in has EMMC memories and safety chip, and the RPMB storage regions are EMMC memories In controlled authority hardware store region, it is necessary to by can just be accessed under TEE environment;Common EMMC storage regions are described Region in EMMC memories in addition to RPMB storage regions;The safety chip is a kind of single hardware carrier, and object is pacified Full rank is high, can be cracked to prevent channel attack, anti-violence.
Wherein, the level of security corresponding to three kinds of different secure storage sections is different, according to level of security from high to low Arrangement, the order of three kinds of different secure storage sections is followed successively by:Safety chip storage region>RPMB storage regions>Commonly EMMC storage regions.
Preferably, in the present embodiment, the significance level, data type and size of data according to user data, really The secure storage section of the fixed corresponding storage of the user data includes:
Severity level is relatively low, and the multimedia file such as the larger video of space-consuming, picture is stored to common EMMC and deposited Storage area domain;
Severity level is medium, and the office document such as larger document of space-consuming is stored to the RPMB storage regions;
Severity level is higher, and data storage to the safety chip such as less individual subscriber data of space-consuming is deposited Storage area domain.
Preferably, in the present embodiment, the terminal is instructed by TEE the user data being stored in corresponding safety Storage region.
Relative to a upper embodiment, in the present embodiment, due to the important level according to user data, type and size of data The secure storage section of the corresponding storage of user data is determined, the file that severity level is told somebody what one's real intentions are and space-consuming is larger can be avoided The memory space of the higher secure storage section of safe class is taken, causes the higher user of the important levels such as individual subscriber data The problem of data can not be preserved to safe class higher secure storage section, it is further ensured that the security of user data.
Step S202, the user data is encrypted using default secure cryptographic algorithm, the default safety AES includes AES encryption algorithm or SMS4 AESs.
It should be noted that the AES encryption algorithm and SMS4 AESs of above-mentioned use be only the present invention enumerate it is preferable Implementation example, it is not intended to limit the invention, in other implementation examples, other AESs can also be used to the use User data is encrypted.
It is also further to use due to user data is being stored to corresponding secure storage section in the present embodiment User data is encrypted AES, even if can so cause user data to be stolen by other illegal applications, also not It can be decrypted, the user data after being decrypted, so as to further lift the security of user data.
Step S203, if receiving the access of system application transmission or the request of the operation user data, trigger institute System is stated to apply and secure storage section progress two-way authentication.
Step 204, if two-way authentication is by allowing the system application to access or operate in the secure storage section The user data of storage.
Step S205, if two-way authentication is not by forbidding the system application to access or operate the secure storage areas The user data of domain memory storage.
It should be noted that in the present embodiment, step S203~step S205 implementation due to a upper embodiment Middle step S102~step S104 implementation is identical, therefore will not be repeated here.
Above as can be seen that a kind of method for preventing user data loss that the present embodiment provides can equally avoid user When carrying out brush machine to smart mobile phone, formatting the operation such as upgrading or factory reset, user data is clear by system application Remove, user data loss can be prevented, ensure the safety of user data;In addition, relative to a upper embodiment, in the present embodiment by In the secure storage section that the corresponding storage of user data is determined by the severity level according to user data, type and size, And the user data being stored in secure storage section is encrypted using default AES, so as to further carry The security of user data is risen, ensures the safety of the higher user data of important level.
Fig. 3 is a kind of schematic block diagram for terminal that the embodiment of the present invention three provides, and the terminal is used to run embodiment one The method of offer.For convenience of description, it illustrate only part related to the present embodiment.
A kind of terminal 100 shown in Figure 3, that the present embodiment provides, including:
Data storage cell 11, for user data to be stored in into default secure storage section;
Two-way authentication unit 12, if for receiving the access of system application transmission or asking for the operation user data Ask, then trigger the system and apply and secure storage section progress two-way authentication;
Execution unit 13, if for two-way authentication by allowing the system application to access or operate the safety and depositing The user data of storage area domain memory storage;If two-way authentication is not by forbidding the system application to access or operate the safety The user data of storage region memory storage.
Optionally, the two-way authentication unit 12 is specifically used for:
If receiving the access of system application transmission or the request of the operation user data, the safety storage is controlled Region obtains the first digital certificate of the system application, and carries out body to system application according to first digital certificate Part checking;Meanwhile
The system application is controlled to obtain the second digital certificate of the secure storage section, and according to the described second numeral Certificate carries out authentication to the secure storage section;
If the authentication of system application by and the secure storage section authentication pass through it is two-way to recognize Card passes through;Conversely, then two-way authentication fails.
Optionally, shown in Figure 4, in example IV, the data storage cell 11 includes:
Secure storage section acquiring unit 111 is big for the significance level according to user data, data type and data It is small, the secure storage section of the corresponding storage of the user data is determined, the secure storage section includes common EMMC memory blocks Domain, RPMB storage regions and safety chip storage region;
Secure user data memory cell 112, for the user data to be stored to corresponding with the user data Secure storage section.
Optionally, shown in Figure 4, in example IV, the terminal 100 also includes:
Ciphering user data unit 14, for the user data to be encrypted using default secure cryptographic algorithm, The default secure cryptographic algorithm includes AES encryption algorithm or SMS4 AESs.
It should be noted that the unit in above-mentioned terminal provided in an embodiment of the present invention, due to the inventive method Embodiment is based on same design, and its technique effect brought is identical with the inventive method embodiment, and particular content can be found in this hair Narration in bright embodiment of the method, here is omitted.
Thus, it will be seen that terminal provided in an embodiment of the present invention equally can avoid user from being carried out to smart mobile phone During the operations such as brush machine, formatting upgrading or factory reset, user data is removed by system application, can prevent number of users According to loss, ensure the safety of user data.
It is a kind of terminal schematic block diagram that the embodiment of the present invention five provides referring to Fig. 5.In the present embodiment as depicted Terminal 100 can include:One or more processors 501;One or more input equipments 502, one or more output equipments 503 and memory 504.Above-mentioned processor 501, input equipment 502, output equipment 503 and memory 504 are connected by bus 505 Connect.Memory 502 is used for store instruction, and processor 501 is used for the instruction for performing the storage of memory 502.Wherein, the processor 501 are used for:
User data is stored in default secure storage section;
If receiving the access of system application transmission or the request of the operation user data, the system application is triggered Two-way authentication is carried out with the secure storage section;
If two-way authentication is by allowing the system application to access or operate the use of the secure storage section memory storage User data;
If two-way authentication is not by forbidding the system application to access or operate the secure storage section memory storage User data.
Optionally, the processor 501 is additionally operable to:
According to the significance level, data type and size of data of user data, the corresponding storage of the user data is determined Secure storage section, the secure storage section include common EMMC storage regions, RPMB storage regions and safety chip storage Region;
The user data is stored to secure storage section corresponding with the user data.
Optionally, the processor 501 is additionally operable to:
The user data is encrypted using default secure cryptographic algorithm, the default secure cryptographic algorithm bag Include AES encryption algorithm or SMS4 AESs.
Optionally, the processor 501 is additionally operable to:
If receiving the access of system application transmission or the request of the operation user data, the safety storage is controlled Region obtains the first digital certificate of the system application, and carries out body to system application according to first digital certificate Part checking;Meanwhile
The system application is controlled to obtain the second digital certificate of the secure storage section, and according to the described second numeral Certificate carries out authentication to the secure storage section;
If the authentication of system application by and the secure storage section authentication pass through it is two-way to recognize Card passes through;Conversely, then two-way authentication fails.
It should be appreciated that in embodiments of the present invention, alleged processor 501 can be CPU (Central Processing Unit, CPU), the processor can also be other general processors, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other FPGAs Device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor or this at It can also be any conventional processor etc. to manage device.
Input equipment 502 can include Trackpad, fingerprint adopt sensor (finger print information that is used to gathering user and fingerprint Directional information), microphone etc., output equipment 503 can include display (LCD etc.), loudspeaker etc..
The memory 504 can include read-only storage and random access memory, and to processor 501 provide instruction and Data.The a part of of memory 504 can also include nonvolatile RAM.For example, memory 504 can also be deposited Store up the information of device type.
In the specific implementation, processor 501, input equipment 502, the output equipment 503 described in the embodiment of the present invention can The implementation described in the first embodiment and second embodiment of method provided in an embodiment of the present invention is performed, can also be held The implementation of terminal described by the row embodiment of the present invention, will not be repeated here.
A kind of computer-readable recording medium, the computer-readable storage medium are provided in another embodiment of the invention Matter is stored with computer program, and the computer program is realized when being executed by processor:
User data is stored in default secure storage section;
If receiving the access of system application transmission or the request of the operation user data, the system application is triggered Two-way authentication is carried out with the secure storage section;
If two-way authentication is by allowing the system application to access or operate the use of the secure storage section memory storage User data;
If two-way authentication is not by forbidding the system application to access or operate the secure storage section memory storage User data.
Optionally, realized when the computer program is executed by processor:
According to the significance level, data type and size of data of user data, the corresponding storage of the user data is determined Secure storage section, the secure storage section include common EMMC storage regions, RPMB storage regions and safety chip storage Region;
The user data is stored to secure storage section corresponding with the user data.
Optionally, realized when the computer program is executed by processor:
The user data is encrypted using default secure cryptographic algorithm, the default secure cryptographic algorithm bag Include AES encryption algorithm or SMS4 AESs.
Optionally, realized when the computer program is executed by processor:
If receiving the access of system application transmission or the request of the operation user data, the safety storage is controlled Region obtains the first digital certificate of the system application, and carries out body to system application according to first digital certificate Part checking;Meanwhile
The system application is controlled to obtain the second digital certificate of the secure storage section, and according to the described second numeral Certificate carries out authentication to the secure storage section;
If the authentication of system application by and the secure storage section authentication pass through it is two-way to recognize Card passes through;Conversely, then two-way authentication fails.
The computer-readable recording medium can be the internal storage unit of the terminal described in foregoing any embodiment, example Such as the hard disk or internal memory of terminal.The computer-readable recording medium can also be the External memory equipment of the terminal, such as The plug-in type hard disk being equipped with the terminal, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the computer-readable recording medium can also be wrapped both Including the internal storage unit of the terminal also includes External memory equipment.The computer-readable recording medium is described for storing Other programs and data needed for computer program and the terminal.The computer-readable recording medium can be also used for temporarily When store the data that has exported or will export.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, it can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware With the interchangeability of software, the composition and step of each example are generally described according to function in the above description.This A little functions are performed with hardware or software mode actually, application-specific and design constraint depending on technical scheme.Specially Industry technical staff can realize described function using distinct methods to each specific application, but this realization is not It is considered as beyond the scope of this invention.
It is apparent to those skilled in the art that for convenience of description and succinctly, the end of foregoing description End and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed terminal and method, it can be passed through Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only Only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can be tied Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.In addition, shown or discussed phase Coupling or direct-coupling or communication connection between mutually can be INDIRECT COUPLING or the communication by some interfaces, device or unit Connection or electricity, the connection of mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize scheme of the embodiment of the present invention according to the actual needs Purpose.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also It is that unit is individually physically present or two or more units are integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part to be contributed in other words to prior art, or all or part of the technical scheme can be in the form of software product Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the present invention Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right It is required that protection domain be defined.

Claims (10)

  1. A kind of 1. method for preventing user data loss, it is characterised in that including:
    User data is stored in default secure storage section;
    If receiving the access of system application transmission or the request of the operation user data, the system application and institute are triggered State secure storage section and carry out two-way authentication;
    If two-way authentication is by allowing the system application to access or operate the number of users of the secure storage section memory storage According to;
    If two-way authentication is not by forbidding the system application to access or operate the user of the secure storage section memory storage Data.
  2. 2. the method as claimed in claim 1 for preventing user data loss, it is characterised in that described to be stored in user data Default secure storage section includes:
    According to the significance level, data type and size of data of user data, the corresponding safety stored of the user data is determined Storage region, the secure storage section include common EMMC storage regions, RPMB storage regions and safety chip storage region;
    The user data is stored to secure storage section corresponding with the user data.
  3. 3. the method as claimed in claim 1 for preventing user data loss, it is characterised in that described to be stored in user data Also include after default secure storage section:
    The user data is encrypted using default secure cryptographic algorithm, the default secure cryptographic algorithm includes AES encryption algorithm or SMS4 AESs.
  4. 4. the method as claimed in claim 1 for preventing user data loss, it is characterised in that if described receive system application The access of transmission or the request of the operation user data, then trigger the system and apply and secure storage section progress pair Include to certification:
    If receiving the access of system application transmission or the request of the operation user data, the secure storage section is controlled The first digital certificate of the system application is obtained, and identity is carried out to system application according to first digital certificate and tested Card;Meanwhile
    The system application is controlled to obtain the second digital certificate of the secure storage section, and according to second digital certificate Authentication is carried out to the secure storage section;
    If the authentication of system application by and the secure storage section authentication by the way that two-way authentication is led to Cross;Conversely, then two-way authentication fails.
  5. A kind of 5. terminal, it is characterised in that including:
    Data storage cell, for user data to be stored in into default secure storage section;
    Two-way authentication unit, if for receiving the access of system application transmission or the request of the operation user data, touch Send out system described and apply and the secure storage section carries out two-way authentication;
    Execution unit, if for two-way authentication by allowing the system application to access or operate the secure storage section The user data of memory storage;If two-way authentication is not by forbidding the system application to access or operate the secure storage areas The user data of domain memory storage.
  6. 6. terminal as claimed in claim 5, it is characterised in that the data storage cell includes:
    Secure storage section acquiring unit, for the significance level according to user data, data type and size of data, determine institute The secure storage section of the corresponding storage of user data is stated, the secure storage section includes common EMMC storage regions, RPMB is deposited Storage area domain and safety chip storage region;
    Secure user data memory cell, stored safely for the user data to be stored to corresponding with the user data Region.
  7. 7. terminal as claimed in claim 5, it is characterised in that also include:
    Ciphering user data unit, it is described pre- for the user data to be encrypted using default secure cryptographic algorithm If secure cryptographic algorithm include AES encryption algorithm or SMS4 AESs.
  8. 8. terminal as claimed in claim 5, it is characterised in that the two-way authentication unit is specifically used for:
    If receiving the access of system application transmission or the request of the operation user data, the secure storage section is controlled The first digital certificate of the system application is obtained, and identity is carried out to system application according to first digital certificate and tested Card;Meanwhile
    The system application is controlled to obtain the second digital certificate of the secure storage section, and according to second digital certificate Authentication is carried out to the secure storage section;
    If the authentication of system application by and the secure storage section authentication by the way that two-way authentication is led to Cross;Conversely, then two-way authentication fails.
  9. 9. a kind of terminal, it is characterised in that the processor, defeated including processor, input equipment, output equipment and memory Enter equipment, output equipment and memory to be connected with each other, wherein, the memory is used to store computer program, the computer Program includes programmed instruction, and the processor is arranged to call described program instruction, performed such as any one of claim 1-4 Described method.
  10. A kind of 10. computer-readable recording medium, it is characterised in that the computer-readable storage medium is stored with computer program, The computer program includes programmed instruction, and described program instruction makes the computing device such as right when being executed by a processor It is required that the method described in any one of 1-4.
CN201710446938.XA 2017-06-12 2017-06-12 A kind of method and terminal for preventing user data loss Withdrawn CN107358114A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710446938.XA CN107358114A (en) 2017-06-12 2017-06-12 A kind of method and terminal for preventing user data loss

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710446938.XA CN107358114A (en) 2017-06-12 2017-06-12 A kind of method and terminal for preventing user data loss

Publications (1)

Publication Number Publication Date
CN107358114A true CN107358114A (en) 2017-11-17

Family

ID=60273890

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710446938.XA Withdrawn CN107358114A (en) 2017-06-12 2017-06-12 A kind of method and terminal for preventing user data loss

Country Status (1)

Country Link
CN (1) CN107358114A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235101A (en) * 2017-12-28 2018-06-29 深圳Tcl数字技术有限公司 Smart television initial method, smart television and computer readable storage medium
CN110083573A (en) * 2019-04-30 2019-08-02 维沃移动通信有限公司 A kind of file management method and mobile terminal
CN110309004A (en) * 2019-06-25 2019-10-08 维沃移动通信有限公司 The processing method and terminal of data
CN111222119A (en) * 2019-12-27 2020-06-02 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Dump analysis terminal and safe dump analysis method for locomotive operation data
CN115544586A (en) * 2022-11-29 2022-12-30 荣耀终端有限公司 Secure storage method of user data, electronic equipment and storage medium
WO2023061172A1 (en) * 2021-10-14 2023-04-20 华为技术有限公司 Application upgrading method and apparatus, and computing device and chip system
EP4005149A4 (en) * 2019-07-25 2023-08-09 Infineon Technologies LLC Nonvolatile memory device with regions having separately programmable secure access features and related methods and systems
CN117077178A (en) * 2023-10-09 2023-11-17 深圳市威科伟业电子科技有限公司 Solid state disk data encryption method and solid state disk

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150397A (en) * 2007-10-25 2008-03-26 宇龙计算机通信科技(深圳)有限公司 Method and mobile terminal for secure communication between mobile terminal and computer
CN102760084A (en) * 2012-06-15 2012-10-31 杭州格畅科技有限公司 Management method of application data, method for partitioning application storage space, on-line application platform and application
CN105282117A (en) * 2014-07-21 2016-01-27 中兴通讯股份有限公司 Access control method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150397A (en) * 2007-10-25 2008-03-26 宇龙计算机通信科技(深圳)有限公司 Method and mobile terminal for secure communication between mobile terminal and computer
CN102760084A (en) * 2012-06-15 2012-10-31 杭州格畅科技有限公司 Management method of application data, method for partitioning application storage space, on-line application platform and application
CN105282117A (en) * 2014-07-21 2016-01-27 中兴通讯股份有限公司 Access control method and device

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235101A (en) * 2017-12-28 2018-06-29 深圳Tcl数字技术有限公司 Smart television initial method, smart television and computer readable storage medium
CN108235101B (en) * 2017-12-28 2021-04-16 深圳Tcl数字技术有限公司 Smart television initialization method, smart television and computer readable storage medium
CN110083573A (en) * 2019-04-30 2019-08-02 维沃移动通信有限公司 A kind of file management method and mobile terminal
CN110309004A (en) * 2019-06-25 2019-10-08 维沃移动通信有限公司 The processing method and terminal of data
EP4005149A4 (en) * 2019-07-25 2023-08-09 Infineon Technologies LLC Nonvolatile memory device with regions having separately programmable secure access features and related methods and systems
CN111222119A (en) * 2019-12-27 2020-06-02 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Dump analysis terminal and safe dump analysis method for locomotive operation data
WO2023061172A1 (en) * 2021-10-14 2023-04-20 华为技术有限公司 Application upgrading method and apparatus, and computing device and chip system
CN115544586A (en) * 2022-11-29 2022-12-30 荣耀终端有限公司 Secure storage method of user data, electronic equipment and storage medium
CN117077178A (en) * 2023-10-09 2023-11-17 深圳市威科伟业电子科技有限公司 Solid state disk data encryption method and solid state disk
CN117077178B (en) * 2023-10-09 2024-01-30 深圳市威科伟业电子科技有限公司 Solid state disk data encryption method and solid state disk

Similar Documents

Publication Publication Date Title
CN107358114A (en) A kind of method and terminal for preventing user data loss
CN107786328A (en) A kind of method, service node device and computer-readable medium for generating key
CN107038369A (en) The method and terminal of a kind of resources accessing control
CN102473220B (en) Information processing device, information processing method, and program distribution system
CN103353931B (en) Security-enhanced computer system and method
CN107704765A (en) A kind of interface access method, server and computer-readable recording medium
JP6122555B2 (en) System and method for identifying compromised private keys
AU2012337403B2 (en) Cryptographic system and methodology for securing software cryptography
AU2012212549B2 (en) Resumable private browsing session
CN107480519A (en) A kind of method and server for identifying risk application
CN106778337B (en) Document protection method, device and terminal
CN107169343A (en) A kind of method and terminal of control application program
AU2012212549A1 (en) Resumable private browsing session
CN107592636A (en) A kind of method of processing information, terminal and server
CN107466031A (en) A kind of method and terminal for protecting data
CN107491732A (en) A kind of identity authentication method and terminal
Mohsen et al. Android keylogging threat
CN107612901A (en) One kind applies encryption method and terminal
CN105809000A (en) Information processing method and electronic device
CN103971034A (en) Method and device for protecting Java software
CN107368735A (en) One kind applies installation method, mobile terminal and computer-readable recording medium
CN103617127A (en) Memory device with subareas and memorizer area dividing method
CN108229210A (en) A kind of method, terminal and computer readable storage medium for protecting data
CN107609412A (en) A kind of method for realizing that mobile terminal safety stores under mobile Internet based on TrustZone technologies
CN111245620B (en) Mobile security application architecture in terminal and construction method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20171117

WW01 Invention patent application withdrawn after publication