CN107466031A - A kind of method and terminal for protecting data - Google Patents
A kind of method and terminal for protecting data Download PDFInfo
- Publication number
- CN107466031A CN107466031A CN201710673814.5A CN201710673814A CN107466031A CN 107466031 A CN107466031 A CN 107466031A CN 201710673814 A CN201710673814 A CN 201710673814A CN 107466031 A CN107466031 A CN 107466031A
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication information
- target device
- identity
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/66—Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
- H04M1/667—Preventing unauthorised calls from a telephone set
- H04M1/67—Preventing unauthorised calls from a telephone set by electronic means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72448—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
- H04M1/72463—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
- H04W8/245—Transfer of terminal data from a network towards a terminal
Abstract
The embodiment of the invention discloses a kind of method and terminal for protecting data, wherein method includes:If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction is that the identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, the identity is stored in the trusted storage region of local terminal, and the identity determines lost terminal for the target device;Obtain the authentication information of user's input;The authentication information to be prestored according to the trusted storage region verifies the authentication information;If the authentication information verification failure, deletes local target data to be protected.The embodiment of the present invention ensures that target device can send lock instruction to lost terminal, so as to ensure the data safety in lost terminal, ensures that the data in lost terminal are not compromised by the way that the identity of terminal is stored in into trusted storage region.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of method and terminal for protecting data.
Background technology
With the development and popularization of mobile terminal, user can produce or store a large amount of during mobile terminal is used
Personal data.When user loses mobile terminal accidentally, its internal personal information and data will be compromised, so as to user with
To perplex, personal property safety is such as endangered.
Prior art provides a kind of data guard method, mobile terminal loss after, user by other-end to this
The mobile terminal of loss, which is sent, to be instructed, the data inside mobile terminal that is hiding or deleting the loss.
However, when the mobile terminal of the loss is removed by brush machine or Mobile phone card, this data guard method, other ends
End can not be communicated with the mobile terminal of the loss, can not manipulate the mobile terminal of the loss, cause its internal data quilt
Leakage.
The content of the invention
The embodiment of the present invention provides a kind of method and terminal for protecting data, can ensure data in lost terminal not by
Leakage.
In a first aspect, the embodiments of the invention provide a kind of method for protecting data, this method includes:
If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction is described
The identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, the identity storage
In the trusted storage region of local terminal, the identity determines lost terminal for the target device;
Obtain the authentication information of user's input;
The authentication information to be prestored according to the trusted storage region verifies the authentication information;
If the authentication information verification failure, deletes local target data to be protected.
On the other hand, the embodiments of the invention provide a kind of terminal, the terminal to include:
Lock cell, if the lock instruction sent for detecting target device, into locking mode;Wherein, it is described
Lock instruction is that the identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, institute
The trusted storage region that identity is stored in local terminal is stated, the identity determines lost terminal for the target device;
Acquiring unit, for obtaining the authentication information of user's input;
Verification unit, the authentication information for being prestored according to the trusted storage region verify the authentication letter
Breath;
Unit is deleted, fails if being verified for the authentication information, deletes local target data to be protected.
The third aspect, the embodiments of the invention provide another terminal, including processor, input equipment, output equipment and
Memory, the processor, input equipment, output equipment and memory are connected with each other, wherein, the memory is used to store branch
The computer program that terminal performs the above method is held, the computer program includes programmed instruction, and the processor is configured to use
In calling described program instruction, the method for performing above-mentioned first aspect.
Fourth aspect, the embodiments of the invention provide a kind of computer-readable recording medium, the computer-readable storage medium
Computer program is stored with, the computer program includes programmed instruction, and described program instruction makes institute when being executed by a processor
The method for stating the above-mentioned first aspect of computing device.
If the lock instruction that the embodiment of the present invention is sent by detecting target device, into locking mode;Wherein, institute
It is that identity of the target device according to entrained by the loss notice that user triggers is sent to state lock instruction, the identity mark
Know the trusted storage region for being stored in local terminal;Obtain the authentication information of user's input;It is pre- according to the trusted storage region
The authentication information deposited verifies the authentication information;If the authentication information verification failure, deletes local
Target data to be protected.Because the identity of lost terminal is stored in trusted storage region, trusted storage region memory storage
Data will not be deleted when by brush machine or Default Value will not be restored to, ensure target device can enter with lost terminal
Row communication, and lock instruction is sent to lost terminal in time, control lost terminal enters locking mode, and lost terminal is confirming body
Part checking information verification failure, then delete local target data, so as to ensure the data safety in lost terminal, ensures to lose
Data in terminal are not compromised.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, it is required in being described below to embodiment to use
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, general for this area
For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic flow diagram of the method for protection data provided in an embodiment of the present invention;
A kind of schematic flow diagram of the method for protection data that Fig. 2 another embodiment of the present invention provides;
Fig. 3 is a kind of schematic block diagram of terminal provided in an embodiment of the present invention;
Fig. 4 is a kind of terminal schematic block diagram that another embodiment of the present invention provides;
Fig. 5 is a kind of terminal schematic block diagram that yet another embodiment of the invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, rather than whole embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
It should be appreciated that ought be in this specification and in the appended claims in use, term " comprising " and "comprising" instruction
Described feature, entirety, step, operation, the presence of element and/or component, but it is not precluded from one or more of the other feature, whole
Body, step, operation, element, component and/or its presence or addition for gathering.
It is also understood that the term used in this description of the invention is merely for the sake of the mesh for describing specific embodiment
And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singulative, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in description of the invention and appended claims is
Refer to any combinations of one or more of the associated item listed and be possible to combine, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt
Be construed to " when ... " or " once " or " in response to determining " or " in response to detecting ".Similarly, phrase " if it is determined that " or
" if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true
It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In the specific implementation, the terminal described in the embodiment of the present invention is including but not limited to such as with touch sensitive surface
The mobile phone, laptop computer or tablet PC of (for example, touch-screen display and/or touch pad) etc it is other just
Portable device.It is to be further understood that in certain embodiments, the equipment is not portable communication device, but with tactile
Touch the desktop computer of sensing surface (for example, touch-screen display and/or touch pad).
In discussion below, the terminal including display and touch sensitive surface is described.It is, however, to be understood that
It is that terminal can include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Terminal supports various application programs, such as one or more of following:Drawing application program, demonstration application journey
Sequence, word-processing application, website create application program, disk imprinting application program, spreadsheet applications, game application
Program, telephony application, videoconference application, email application, instant messaging applications, exercise
Support application program, photo management application program, digital camera application program, digital camera application program, web-browsing application
Program, digital music player application and/or video frequency player application program.
The various application programs that can be performed in terminal can use at least one public of such as touch sensitive surface
Physical user-interface device.It can adjust and/or change among applications and/or in corresponding application programs and touch sensitive table
The corresponding information shown in the one or more functions and terminal in face.So, the public physical structure of terminal is (for example, touch
Sensing surface) the various application programs with user interface directly perceived and transparent for a user can be supported.
Fig. 1 is referred to, Fig. 1 is a kind of schematic flow diagram of the method for protection data provided in an embodiment of the present invention.This reality
The executive agent for applying the method that data are protected in example is terminal, and terminal includes but is not limited to smart mobile phone, tablet personal computer, PAD etc.
Mobile terminal.Terminal built-in has safety chip, and safety chip can provide credible performing environment (The Trusted Execution
Environment, TEE), TEE is an independent operating environment parallel with rich operating system (Rich OS), is carried for rich system
For safeguard protection.The method of protection data as shown in Figure 1 may include following steps:
S101:If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction
It is that the loss that the target device triggers according to user notifies the identity of entrained lost terminal to send, the identity mark
Know the trusted storage region for being stored in local terminal, the identity determines lost terminal for the target device.
When user has found that first terminal is lost, it the identity information of second terminal input user can be used to log in target and set
It is standby, and sent to target device for representing that the loss that first terminal has been lost notifies, the loss notifies to set for triggering target
It is standby to send lock instruction to first terminal.The trusted storage region of first terminal has prestored the unique mark of first terminal.
The unique mark of first terminal can be International Mobile Equipment Identity code (the International Mobile of first terminal
Equipment Identity, IMEI) or terminal built-in safety chip unique mark (for example, safety chip
Sequence number).The data of the trusted storage region memory storage of first terminal will not be deleted when first terminal is by brush machine or will not
It is restored to Default Value.First terminal to user carry out proof of identity by when, can allow for accessing or change credible deposit
The data of storage area domain memory storage.
Target device can be the server for protecting the data safety of lost terminal, such as cloud server;Also may be used
To be the terminal for protecting data safety, it is not limited herein.The identity information for the user that user is inputted by second terminal
Login account and modification logging including but not limited to corresponding to the user.Login account corresponding to user and modification logging are used for pair
User carries out proof of identity.The login account and login password of multiple users, and multiple use have been prestored in target device
The unique mark of each self-corresponding terminal for needing to protect of login account at family.Login account, login password and login account
The corresponding unique identity for needing terminal to be protected associates preservation.Terminal to be protected is needed to refer to this corresponding to login account
The terminal that user corresponding to login account uses or possessed, need the number of terminal to be protected can corresponding to same login account
Think one, or at least two, it is not limited herein.
In the present embodiment, the login account of the user has been prestored in target device and has been associated with the login account
First terminal unique mark.When the identity of first terminal is the remarks title of first terminal, in target device also
The remarks title of first terminal and the unique mark of first terminal are preserved in association.
Lose the identity that notice carries first terminal, the identity of first terminal can be the remarks of first terminal
The unique mark of title or first terminal.The account of user and the remarks title of first terminal are used for target device
Obtain the unique mark of first terminal.
Target device is when detecting for representing that the loss that first terminal has been lost notifies, according to the identity information of user
And lose the unique mark of the identity lookup first terminal for the first terminal that notice carries, and according to first terminal only
One identifies the lock instruction sent to first terminal.Target device (can lose first terminal when receiving loss notice
Terminal) it is arranged to lost state.
It is understood that when the terminal corresponding with the identity information of user stored in target device only has one, mesh
Marking device directly can search the unique mark of lost terminal by the identity information of user, and according to the unique mark of lost terminal
Lock instruction is sent to the lost terminal.
First terminal is when detecting the lock instruction that target device is sent, into locking mode.Locking mode is used to protect
The data safety protected in terminal.When first terminal enters locking mode, user needs to input authentication information progress identity school
Test, first terminal is when confirming that proof of identity passes through, it is allowed to which user manipulates first terminal, the control instruction of response user's input.
Alternatively, when first terminal detects the lock instruction that target device is sent, first terminal connection core is also triggered
Net, to keep the communication connection with target device, so that first terminal can be controlled by target device by obtaining user.
S102:Obtain the authentication information of user's input.
First terminal obtains the authentication information that user inputs in interactive interface corresponding to locking mode;Can also obtain
Take the authentication information that family inputs in locking screen interface.When first terminal is not provided with screen-lock password, first terminal, which obtains, to be used
The authentication information that family inputs in interactive interface corresponding to locking mode.Screen-lock password is used for removing screen locking.
S103:The authentication information to be prestored according to the trusted storage region verifies the authentication information.
The authentication information to prestore can be logged on the login account and modification logging of target device;Can also be user
The finger print information of input, it can also be the password for being used to represent user identity of user's input.
First terminal is compared the authentication information that the authentication information got prestores with trusted storage region
Compared with, with verify authentication information that the authentication information that gets and trusted storage region prestore it is whether identical or
Match somebody with somebody.
Alternatively, the authentication information that first terminal can prestore in credible performing environment according to trusted storage region
Verify the authentication information got.Trusted storage region belongs to credible performing environment.
When the authentication information got is identical with the authentication information that trusted storage region prestores or matches,
Authentication information verifies successfully;When the authentication information that the authentication information that gets prestores with trusted storage region not
During same or mismatch, authentication information verification failure.
When authentication information is login account and modification logging, or authentication information is for representing user identity
Password when, if the authentication information got is identical with the authentication information that trusted storage region prestores, then body
Part checking information verifies successfully;If the authentication information that the authentication information got prestores with trusted storage region is not
Together, then authentication information verification failure.
When authentication information is finger print information, if the finger that the finger print information got prestores with trusted storage region
Matching degree between line information is more than or equal to default matching degree threshold value, then the authentication information got is deposited with credible
The authentication information matching that storage area domain prestores, authentication information verify successfully;If the finger print information got with it is credible
Matching degree between the finger print information that storage region prestores is less than default matching degree threshold value, then the authentication letter got
Breath mismatches with the authentication information that trusted storage region prestores, authentication information verification failure.
S104:If the authentication information verification failure, deletes local target data to be protected.
When first terminal verifies failure to the authentication information got, deletion first terminal memory storage needs to protect
Target data.Target data can be the personal information or significant data of user.
Alternatively, when first terminal verifies failure to the authentication information got, target data can be synchronized to
Target device, delete the target data in first terminal.
Target data can be stored in the trusted storage region in credible performing environment;Credible execution ring can also be stored in
Storage region outside border, is not limited herein.
Such scheme, if terminal detects the lock instruction that target device is sent, into locking mode;Wherein, it is described
Lock instruction is that identity of the target device according to entrained by the loss notice that user triggers is sent, the identity
It is stored in the trusted storage region of local terminal;Obtain the authentication information of user's input;Prestored according to the trusted storage region
Authentication information verify the authentication information;If the authentication information verification failure, deletes local treat
The target data of protection.Because the identity of lost terminal is stored in trusted storage region, trusted storage region memory storage
Data will not be deleted when by brush machine or will not be restored to Default Value, ensure that target device can be carried out with lost terminal
Communication, and lock instruction is sent to lost terminal in time, control lost terminal enters locking mode, and lost terminal is confirming identity
Checking information verification failure, then delete local target data, so as to ensure the data safety in lost terminal, ensures to lose eventually
Data in end are not compromised.
Fig. 2 is referred to, Fig. 2 is a kind of schematic flow diagram of the method for protection data that another embodiment of the present invention provides.
The executive agent that the method for data is protected in the present embodiment is terminal, terminal include but is not limited to smart mobile phone, tablet personal computer,
The mobile terminals such as PAD.Terminal built-in has safety chip, and safety chip can provide credible performing environment (The Trusted
Execution Environment, TEE), TEE is an independent operating environment parallel with rich operating system (Rich OS),
Safeguard protection is provided for rich system.The method of protection data as shown in Figure 2 may include following steps:
S201:If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction
It is that the loss that the target device triggers according to user notifies the identity of entrained lost terminal to send, the identity mark
Know the trusted storage region for being stored in local terminal, the identity determines lost terminal for the target device.
S201 is identical with the S101 in a upper embodiment in the present embodiment, referring specifically to upper embodiment S101 correlation
Description, is not repeated herein.
S202:Detect current network state.
Whether first terminal detection is current by wireless network or using data traffic core network access, whole with detection first
End is presently at suspension state or networking state.Wherein, network state includes suspension state or networking state.
Wherein, when first terminal is detected currently by wireless network or using data traffic core network access, first terminal
Current network state is networking state;First terminal detection is currently without access wireless network and is not turned on data traffic
When, first terminal confirms that current network state is suspension state;Or first terminal detection is when SIM card is removed and is not connect
When entering wireless network, first terminal confirms that current network state is suspension state.
First terminal performs S203 when confirming to be currently at suspension state;Alternatively, first terminal is confirming current place
When networking state, S204 is performed.S203 and S204 is step arranged side by side, and selects an execution.
S203:If being currently at suspension state, the authentication information of user's input is obtained.
First terminal obtains user and tested in the identity that interactive interface corresponding to locking mode inputs when in suspension state
Demonstrate,prove information.
Alternatively, when first terminal is provided with screen-lock password, S203 can be specially:If being currently at suspension state,
And when detecting that the screen-lock password that user inputs is correct, obtain the authentication information of user's input.
For example, screen-lock password is used for removing screen locking.First terminal obtains user and tested in the identity that locking screen interface inputs
Information is demonstrate,proved, when the authentication information to locking screen interface is verified, obtains user in interactive interface corresponding to locking mode
The authentication information of input.Now, first terminal be provided with dual identity checking, first again authentication be used for removing screen
Locking, second again authentication be used for control first terminal to exit lock-out state.Wherein, when first gravidity part is proved to be successful,
First terminal is not responding to the instruction of user's operation control terminal;When first gravidity part is proved to be successful, and second gravidity part is proved to be successful,
First terminal can be controlled to exit locking mode.
First terminal performs S205 after S203 is performed.
Alternatively, S204 can also be included by protecting the method for data:If being currently at networking state, by the number of targets
According to backing up to the target device.
First terminal backs up to target device when in networking state, by the target data to be protected of local.At it
In his embodiment, the target data to be protected of local can also be backed up to default terminal by first terminal.
Alternatively, first terminal after target data is backed up into target device, can also be deleted in networking state
Local target data.
S205:The authentication information to be prestored according to the trusted storage region verifies the authentication information.
The authentication information to prestore can be logged on the login account and modification logging of target device;Can also be user
The finger print information of input, it can also be the password for being used to represent user identity of user's input.
First terminal is compared the authentication information that the authentication information got prestores with trusted storage region
Compared with, with verify authentication information that the authentication information that gets and trusted storage region prestore it is whether identical or
Match somebody with somebody.
Alternatively, the authentication information that first terminal can prestore in credible performing environment according to trusted storage region
Verify the authentication information got.Trusted storage region belongs to credible performing environment.
When the authentication information got is identical with the authentication information that trusted storage region prestores or matches,
Authentication information verifies successfully;When the authentication information that the authentication information that gets prestores with trusted storage region not
During same or mismatch, authentication information verification failure.
When authentication information is login account and modification logging, or authentication information is for representing user identity
Password when, if the authentication information got is identical with the authentication information that trusted storage region prestores, then body
Part checking information verifies successfully;If the authentication information that the authentication information got prestores with trusted storage region is not
Together, then authentication information verification failure.
When authentication information is finger print information, if the finger that the finger print information got prestores with trusted storage region
Matching degree between line information is more than or equal to default matching degree threshold value, then the authentication information got is deposited with credible
The authentication information matching that storage area domain prestores, authentication information verify successfully;If the finger print information got with it is credible
Matching degree between the finger print information that storage region prestores is less than default matching degree threshold value, then the authentication letter got
Breath mismatches with the authentication information that trusted storage region prestores, authentication information verification failure.
If authentication information verification failure, performs S206;If authentication information verifies successfully, S207 is performed.
S206:If the authentication information verification failure, deletes local target data to be protected.
During the authentication information verification failure that first terminal is got, the need for deleting first terminal memory storage are to be protected
Target data.The authentication information is the authentication information that user inputs in interactive interface corresponding to locking mode.Target
Data can be the personal information or all data of significant data or first terminal memory storage of user.
Alternatively, when first terminal verifies failure to the authentication information got, target data can be synchronized to
Target device, delete the target data in first terminal.
Target data can be stored in the trusted storage region in credible performing environment;Credible execution ring can also be stored in
Storage region outside border, is not limited herein.
Further, S206 can be specially:If the authentication information verification failure, and the number for verifying failure is big
In or equal to preset times threshold value, then the target data is deleted.
When first terminal verifies failure to the authentication information got, count to authentication information verification failure
Number.When the number of verification failure is more than or equal to preset times threshold value, the need mesh to be protected of deletion first terminal memory storage
Mark data.Preset times threshold value can be 3 times, but be not limited to this, can be specifically configured according to actual conditions, do not done herein
Limitation.
Alternatively, S207 can also be included by protecting the method for data:If the authentication information verifies successfully, exit
The locking mode, and the notification message to unlock is sent to the target device;Wherein, the notice to unlock disappears
Cease for notifying the target device that the state of the local terminal is arranged into normal condition from lost state.
When confirming that authentication information verifies successfully, mark current operator possesses first terminal for first terminal
Person, first terminal have been given for change, and first terminal exits locking mode, are switched to normal mode, and sent to target device and release lock
Fixed notification message, to notify target device that the state of first terminal is arranged into normal condition from lost state.The identity is tested
Card information is the authentication information that user inputs in interactive interface corresponding to locking mode.
Alternatively, in the present embodiment, lost terminal can also receive the control of target device transmission in networking state
Instruction, and respond the control instruction received.Control instruction can be that user logs in target device by other-end, control mesh
Marking device is sent to loss device.Control instruction can delete instruction, backup instruction etc..Delete instruction and be used to control loss eventually
Delete local target data to be protected in end;Backup instruction is used to control lost terminal to back up local target data to be protected
To target device or other default alternate devices.
Such scheme, if terminal detects the lock instruction that target device is sent, into locking mode;Wherein, it is described
Lock instruction is that the identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, institute
The trusted storage region that identity is stored in local terminal is stated, the identity determines lost terminal for the target device;
Obtain the authentication information of user's input;The authentication information to be prestored according to the trusted storage region verifies the identity
Checking information;If the authentication information verification failure, deletes local target data.Due to the identity mark of lost terminal
Knowledge is stored in trusted storage region, and the data of trusted storage region memory storage will not be deleted or will not be resumed when by brush machine
To Default Value, ensure that target device can be communicated with lost terminal, and send lock instruction, control to lost terminal in time
Lost terminal processed enters locking mode, and lost terminal is confirming authentication information verification failure, then deleting local number of targets
According to so as to ensure the data safety in lost terminal, ensureing that the data in lost terminal are not compromised.
Terminal is when the number for confirming authentication information verification failure is more than or equal to preset times threshold value, delete target
Data, to prevent maloperation delete target data.
Terminal exits locking mode, and send what is unlocked to target device when authentication information verifies successfully
Notification message, to prevent user from stilling need frequently to carry out authentication when using the terminal for giving loss for change, brought not to user
Just.
Referring to Fig. 3, Fig. 3 is a kind of schematic block diagram of terminal provided in an embodiment of the present invention.The terminal 3 of the present embodiment is wrapped
The each unit included is used to perform each step in embodiment corresponding to Fig. 1, referring specifically to embodiment corresponding to Fig. 1 and Fig. 1
In associated description, do not repeat herein.The terminal of the present embodiment includes:Lock cell 310, acquiring unit 320, verification unit
330 and delete unit 340.
If lock cell 310 is used for the lock instruction for detecting that target device is sent, into locking mode;Wherein, institute
The identity that lock instruction is lost terminal of the target device according to entrained by the loss notice that user triggers is stated to send,
The identity is stored in the trusted storage region of local terminal, and the identity is used for the target device and determines to lose eventually
End.
Acquiring unit 320 is used for the authentication information for obtaining user's input.
The authentication information that verification unit 330 is used to be prestored according to the trusted storage region verifies the authentication
Information.
If deleting unit 340 is used for authentication information verification failure, local number of targets to be protected is deleted
According to.
Such scheme, if terminal detects the lock instruction that target device is sent, into locking mode;Wherein, it is described
Lock instruction is that the identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, institute
The trusted storage region that identity is stored in local terminal is stated, the identity determines lost terminal for the target device;
Obtain the authentication information of user's input;The authentication information to be prestored according to the trusted storage region verifies the identity
Checking information;If the authentication information verification failure, deletes local target data.Due to the identity mark of lost terminal
Knowledge is stored in trusted storage region, and the data of trusted storage region memory storage will not be deleted or will not be resumed when by brush machine
To Default Value, ensure that target device can be communicated with lost terminal, and send lock instruction, control to lost terminal in time
Lost terminal processed enters locking mode, and lost terminal is confirming authentication information verification failure, then deleting local number of targets
According to so as to ensure the data safety in lost terminal, ensureing that the data in lost terminal are not compromised.
Referring to Fig. 4, Fig. 4 is a kind of schematic block diagram for terminal that another embodiment of the present invention provides.The end of the present embodiment
The each unit that end 4 includes is used to perform each step in embodiment corresponding to Fig. 2, referring specifically to real corresponding to Fig. 2 and Fig. 2
The associated description in example is applied, is not repeated herein.The terminal of the present embodiment includes:Lock cell 410, detection unit 420, obtain list
Member 430, verification unit 440 and deletion unit 450.Terminal can also include backup units 460, unlock unit 470.
If lock cell 410 is used for the lock instruction for detecting that target device is sent, into locking mode;Wherein, institute
The identity that lock instruction is lost terminal of the target device according to entrained by the loss notice that user triggers is stated to send,
The identity is stored in the trusted storage region of local terminal, and the identity is used for the target device and determines to lose eventually
End.
Detection unit 420 is used to detect current network state.
If acquiring unit 430 detects the suspension state that is currently at for detection unit 420, the body of user's input is obtained
Part checking information.
Alternatively, if backup units 460 are used to be currently at networking state, the target data is backed up into the mesh
Marking device.
The authentication information that verification unit 440 is used to be prestored according to the trusted storage region verifies the authentication
Information.
If deleting unit 450 is used for authentication information verification failure, local number of targets to be protected is deleted
According to.
Further, if deleting unit 450 is specifically used for authentication information verification failure, and time of failure is verified
Number is more than or equal to preset times threshold value, then deletes the target data.
Alternatively, if the unit 470 that unlocks verifies successfully for the authentication information, the locking mould is exited
Formula, and the notification message to unlock is sent to the target device;Wherein, the notification message to unlock is used to notify
The state of the local terminal is arranged to normal condition by the target device from lost state.
Such scheme, if terminal detects the lock instruction that target device is sent, into locking mode;Wherein, it is described
Lock instruction is that the identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, institute
The trusted storage region that identity is stored in local terminal is stated, the identity determines lost terminal for the target device;
Obtain the authentication information of user's input;The authentication information to be prestored according to the trusted storage region verifies the identity
Checking information;If the authentication information verification failure, deletes local target data.Due to the identity mark of lost terminal
Knowledge is stored in trusted storage region, and the data of trusted storage region memory storage will not be deleted or will not be resumed when by brush machine
To Default Value, ensure that target device can be communicated with lost terminal, and send lock instruction, control to lost terminal in time
Lost terminal processed enters locking mode, and lost terminal is confirming authentication information verification failure, then deleting local number of targets
According to so as to ensure the data safety in lost terminal, ensureing that the data in lost terminal are not compromised.
Terminal is when the number for confirming authentication information verification failure is more than or equal to preset times threshold value, delete target
Data, to prevent maloperation delete target data.
Terminal exits locking mode, and send what is unlocked to target device when authentication information verifies successfully
Notification message, to prevent user from stilling need frequently to carry out authentication when using the terminal for giving loss for change, brought not to user
Just.
Referring to Fig. 5, Fig. 5 is a kind of terminal schematic block diagram that yet another embodiment of the invention provides.This implementation as depicted
Terminal 5 in example can include:One or more processors 501;One or more input equipments 502, one or more output
Equipment 503 and memory 504.Above-mentioned processor 501, input equipment 502, output equipment 503 and memory 504 pass through bus
505 connections.Memory 502 is used to store computer program, and the computer program includes programmed instruction, and processor 501 is used for
Perform the programmed instruction that memory 502 stores.Wherein, processor 501 is arranged to call described program instruction to perform:
If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction is described
The identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, the identity storage
In the trusted storage region of local terminal, the identity determines lost terminal for the target device;
Obtain the authentication information of user's input;
The authentication information to be prestored according to the trusted storage region verifies the authentication information;
If the authentication information verification failure, deletes local target data to be protected.
Alternatively, processor 501 is additionally configured to call described program instruction to perform:Detect current network state;
If being currently at suspension state, the authentication information of the acquisition user input is performed.
Alternatively, processor 501 is additionally configured to call described program instruction to perform:If being currently at networking state,
The target data is then backed up into the target device.
Alternatively, processor 501 is additionally configured to call described program instruction to perform:If the authentication information school
Success is tested, then exits the locking mode, and the notification message to unlock is sent to the target device;Wherein, the solution
Except the notification message of locking is used to notify the target device that the state of the local terminal is arranged into normal condition from lost state.
Alternatively, processor 501 is specific is arranged to call described program instruction to perform:If the authentication information
Verification failure, and the number for verifying failure is more than or equal to preset times threshold value, then deletes the target data.
It should be appreciated that in embodiments of the present invention, alleged processor 501 can be CPU (Central
Processing Unit, CPU), the processor can also be other general processors, digital signal processor (Digital
Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit,
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other FPGAs
Device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor or this at
It can also be any conventional processor etc. to manage device.
Input equipment 502 can include Trackpad, fingerprint adopt sensor (finger print information that is used to gathering user and fingerprint
Directional information), microphone etc., output equipment 503 can include display (LCD etc.), loudspeaker etc..
The memory 504 can include read-only storage and random access memory, and to processor 501 provide instruction and
Data.The a part of of memory 504 can also include nonvolatile RAM.For example, memory 504 can also be deposited
Store up the information of device type.
In the specific implementation, processor 501, input equipment 502, the output equipment 503 described in the embodiment of the present invention can
Perform the realization side described in the first embodiment and second embodiment of the method for protection data provided in an embodiment of the present invention
Formula, the implementation of the terminal described by the embodiment of the present invention is also can perform, will not be repeated here.
Further, a kind of computer-readable recording medium, the computer are provided in another embodiment of the invention
Readable storage medium storing program for executing is stored with computer program, and the computer program includes programmed instruction, and described program is instructed by processor
Realized during execution:
If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction is described
The identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, the identity storage
In the trusted storage region of local terminal, the identity determines lost terminal for the target device;
Obtain the authentication information of user's input;
The authentication information to be prestored according to the trusted storage region verifies the authentication information;
If the authentication information verification failure, deletes local target data to be protected.
Alternatively, can also be realized when the computer program is executed by processor:Detect current network state;If work as
It is preceding to be in suspension state, then perform the authentication information of the acquisition user input.
Alternatively, can also be realized when the computer program is executed by processor:, will if being currently at networking state
The target data backs up to the target device.
Alternatively, can also be realized when the computer program is executed by processor:If the authentication information verification
Success, then the locking mode is exited, and the notification message to unlock is sent to the target device;Wherein, the releasing
The notification message of locking is used to notify the target device that the state of the local terminal is arranged into normal condition from lost state.
Alternatively, can specifically be realized when the computer program is executed by processor:If the authentication information school
Failure is tested, and the number for verifying failure is more than or equal to preset times threshold value, then deletes the target data.
The computer-readable recording medium can be the internal storage unit of the terminal 5 described in foregoing any embodiment,
Such as the hard disk or internal memory of terminal 5.The computer-readable recording medium can also be the External memory equipment of the terminal, example
Such as the plug-in type hard disk being equipped with the terminal, intelligent memory card (Smart Media Card, SMC), secure digital (Secure
Digital, SD) card, flash card (Flash Card) etc..Further, the computer-readable recording medium can also be wrapped both
Including the internal storage unit of the terminal also includes External memory equipment.The computer-readable recording medium is described for storing
Other programs and data needed for computer program and the terminal.The computer-readable recording medium can be also used for temporarily
When store the data that has exported or will export.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Member and algorithm steps, it can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware
With the interchangeability of software, the composition and step of each example are generally described according to function in the above description.This
A little functions are performed with hardware or software mode actually, application-specific and design constraint depending on technical scheme.Specially
Industry technical staff can realize described function using distinct methods to each specific application, but this realization should not
Think beyond the scope of this invention.
It is apparent to those skilled in the art that for convenience of description and succinctly, the end of foregoing description
End and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed terminal and method, it can be passed through
Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only
Only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can be tied
Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.In addition, shown or discussed phase
Coupling or direct-coupling or communication connection between mutually can be INDIRECT COUPLING or the communication by some interfaces, device or unit
Connection or electricity, the connection of mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize scheme of the embodiment of the present invention according to the actual needs
Purpose.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
It is that unit is individually physically present or two or more units are integrated in a unit.It is above-mentioned integrated
Unit can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to be contributed in other words to prior art, or all or part of the technical scheme can be in the form of software product
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the present invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced
Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right
It is required that protection domain be defined.
Claims (10)
- A kind of 1. method for protecting data, it is characterised in that including:If the lock instruction that target device is sent is detected, into locking mode;Wherein, the lock instruction is the target The identity of lost terminal of the equipment according to entrained by the loss notice that user triggers is sent, and the identity is stored in this The trusted storage region at end, the identity determine lost terminal for the target device;Obtain the authentication information of user's input;The authentication information to be prestored according to the trusted storage region verifies the authentication information;If the authentication information verification failure, deletes local target data to be protected.
- 2. according to the method for claim 1, it is characterised in that methods described also includes:Detect current network state;If being currently at suspension state, the authentication information of the acquisition user input is performed.
- 3. according to the method for claim 2, it is characterised in that methods described also includes:If being currently at networking state, the target data is backed up into the target device.
- 4. according to the method described in any one of claims 1 to 3, it is characterised in that methods described also includes:If the authentication information verifies successfully, the locking mode is exited, and sent to the target device and release lock Fixed notification message;Wherein, the notification message to unlock is used to notify the target device by the state of the local terminal Normal condition is arranged to from lost state.
- 5. according to the method for claim 1, it is characterised in that if authentication information verification failure, is deleted Except the target data to be protected of local, including:If the authentication information verification failure, and the number for verifying failure is more than or equal to preset times threshold value, then deletes The target data.
- A kind of 6. terminal, it is characterised in that including:Lock cell, if the lock instruction sent for detecting target device, into locking mode;Wherein, the locking Instruction is that the identity of lost terminal of the target device according to entrained by the loss notice that user triggers is sent, the body Part mark is stored in the trusted storage region of local terminal, and the identity determines lost terminal for the target device;Acquiring unit, for obtaining the authentication information of user's input;Verification unit, the authentication information for being prestored according to the trusted storage region verify the authentication information;Unit is deleted, fails if being verified for the authentication information, deletes local target data to be protected.
- 7. terminal according to claim 6, it is characterised in that the terminal also includes:Detection unit, for detecting current network state;If the acquiring unit detects the suspension state that is currently at specifically for the detection unit, user's input is obtained Authentication information.
- 8. the terminal according to claim 6 or 7, it is characterised in that the terminal also includes:Backup units, if for being currently at networking state, the target data is backed up into the target device;Unlock unit, if being verified successfully for the authentication information, exits the locking mode, and to the mesh Marking device sends the notification message to unlock;Wherein, the notification message to unlock is used to notify the target device The state of the local terminal is arranged to normal condition from lost state.
- 9. a kind of terminal, it is characterised in that the processor, defeated including processor, input equipment, output equipment and memory Enter equipment, output equipment and memory to be connected with each other, wherein, the memory is used to store computer program, the computer Program includes programmed instruction, and the processor is arranged to call described program instruction, performed such as any one of claim 1-5 Methods described.
- A kind of 10. computer-readable recording medium, it is characterised in that the computer-readable storage medium is stored with computer program, The computer program includes programmed instruction, and described program instruction makes the computing device such as right when being executed by a processor It is required that any one of 1-5 methods described.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710673814.5A CN107466031A (en) | 2017-08-08 | 2017-08-08 | A kind of method and terminal for protecting data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710673814.5A CN107466031A (en) | 2017-08-08 | 2017-08-08 | A kind of method and terminal for protecting data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107466031A true CN107466031A (en) | 2017-12-12 |
Family
ID=60548645
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710673814.5A Withdrawn CN107466031A (en) | 2017-08-08 | 2017-08-08 | A kind of method and terminal for protecting data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107466031A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019170111A1 (en) * | 2018-03-07 | 2019-09-12 | 华为技术有限公司 | Management method for offline management instruction and terminal |
CN110515762A (en) * | 2019-07-17 | 2019-11-29 | 湖南新云网科技有限公司 | Data reconstruction method, device, terminal device and storage medium |
CN110659138A (en) * | 2019-08-26 | 2020-01-07 | 平安科技(深圳)有限公司 | Data synchronization method, device, terminal and storage medium based on timing task |
CN111542047A (en) * | 2020-03-30 | 2020-08-14 | 宇龙计算机通信科技(深圳)有限公司 | Data uploading method and device, storage medium and related equipment |
CN113163392A (en) * | 2021-03-17 | 2021-07-23 | 维沃移动通信有限公司 | Method and device for deleting user identity data file |
CN114722363A (en) * | 2022-04-25 | 2022-07-08 | 深圳创维-Rgb电子有限公司 | Remote locking method, system, device, equipment and computer readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103237064A (en) * | 2013-04-11 | 2013-08-07 | 百度在线网络技术(北京)有限公司 | Terminals, and method, system and cloud server for remote locking of terminals |
CN106790264A (en) * | 2017-02-07 | 2017-05-31 | 努比亚技术有限公司 | Authentication system and method, the server for authentication and checking equipment |
CN106803031A (en) * | 2017-01-25 | 2017-06-06 | 维沃移动通信有限公司 | A kind of information protecting method and mobile terminal |
CN106921799A (en) * | 2017-02-24 | 2017-07-04 | 深圳市金立通信设备有限公司 | A kind of mobile terminal safety means of defence and mobile terminal |
-
2017
- 2017-08-08 CN CN201710673814.5A patent/CN107466031A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103237064A (en) * | 2013-04-11 | 2013-08-07 | 百度在线网络技术(北京)有限公司 | Terminals, and method, system and cloud server for remote locking of terminals |
CN106803031A (en) * | 2017-01-25 | 2017-06-06 | 维沃移动通信有限公司 | A kind of information protecting method and mobile terminal |
CN106790264A (en) * | 2017-02-07 | 2017-05-31 | 努比亚技术有限公司 | Authentication system and method, the server for authentication and checking equipment |
CN106921799A (en) * | 2017-02-24 | 2017-07-04 | 深圳市金立通信设备有限公司 | A kind of mobile terminal safety means of defence and mobile terminal |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019170111A1 (en) * | 2018-03-07 | 2019-09-12 | 华为技术有限公司 | Management method for offline management instruction and terminal |
CN110247877A (en) * | 2018-03-07 | 2019-09-17 | 华为技术有限公司 | A kind of management method and terminal of outline management instruction |
CN110247877B (en) * | 2018-03-07 | 2020-10-09 | 华为技术有限公司 | Management method and terminal for offline management instruction |
CN110515762A (en) * | 2019-07-17 | 2019-11-29 | 湖南新云网科技有限公司 | Data reconstruction method, device, terminal device and storage medium |
CN110659138A (en) * | 2019-08-26 | 2020-01-07 | 平安科技(深圳)有限公司 | Data synchronization method, device, terminal and storage medium based on timing task |
CN110659138B (en) * | 2019-08-26 | 2024-03-15 | 平安科技(深圳)有限公司 | Data synchronization method, device, terminal and storage medium based on timing task |
CN111542047A (en) * | 2020-03-30 | 2020-08-14 | 宇龙计算机通信科技(深圳)有限公司 | Data uploading method and device, storage medium and related equipment |
CN113163392A (en) * | 2021-03-17 | 2021-07-23 | 维沃移动通信有限公司 | Method and device for deleting user identity data file |
CN114722363A (en) * | 2022-04-25 | 2022-07-08 | 深圳创维-Rgb电子有限公司 | Remote locking method, system, device, equipment and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107466031A (en) | A kind of method and terminal for protecting data | |
CN107704765A (en) | A kind of interface access method, server and computer-readable recording medium | |
CN103891242B (en) | System and method for profile based filtering of outgoing information in a mobile environment | |
CN107734176A (en) | Loss guard method, terminal and the computer-readable recording medium of mobile terminal | |
CN106921799A (en) | A kind of mobile terminal safety means of defence and mobile terminal | |
CN107038369A (en) | The method and terminal of a kind of resources accessing control | |
CN107609508A (en) | A kind of face identification method, terminal and computer-readable recording medium | |
CN107358114A (en) | A kind of method and terminal for preventing user data loss | |
CN107491732A (en) | A kind of identity authentication method and terminal | |
CN106357672A (en) | Login method and terminal | |
CN107612901A (en) | One kind applies encryption method and terminal | |
CN106778337B (en) | Document protection method, device and terminal | |
CN107169343A (en) | A kind of method and terminal of control application program | |
KR101250661B1 (en) | Security apparatus and method for mobile platform | |
CN106096418B (en) | SELinux-based startup security level selection method and device and terminal equipment | |
CN107483704A (en) | A kind of private space method to set up and terminal device | |
CN106022077A (en) | Screen unlocking method and terminal | |
CN106254626A (en) | A kind of incoming display method and terminal | |
CN107370872A (en) | Method, terminal and the control device of a kind of terminal lock machine and control terminal lock machine | |
CN106021027B (en) | Terminal data processing method and system | |
CN104853030B (en) | The method and mobile terminal of a kind of information processing | |
CN106851613A (en) | Service request method, the verification method of business handling number and its terminal | |
CN105868625B (en) | Method and device for intercepting restart deletion of file | |
CN106685945A (en) | Service request processing method, verifying method of service handling number, and terminal thereof | |
CN108520186A (en) | Record screen method, mobile terminal and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20171212 |
|
WW01 | Invention patent application withdrawn after publication |