CN107480542B - Application data protection method and device - Google Patents
Application data protection method and device Download PDFInfo
- Publication number
- CN107480542B CN107480542B CN201710647578.XA CN201710647578A CN107480542B CN 107480542 B CN107480542 B CN 107480542B CN 201710647578 A CN201710647578 A CN 201710647578A CN 107480542 B CN107480542 B CN 107480542B
- Authority
- CN
- China
- Prior art keywords
- application
- target application
- target
- terminal equipment
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004891 communication Methods 0.000 claims description 6
- 230000000737 periodic effect Effects 0.000 claims description 4
- 230000000694 effects Effects 0.000 claims 2
- 238000010586 diagram Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72448—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
- H04M1/72463—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
Abstract
The embodiment of the invention provides a method and a device for protecting application data, wherein the method comprises the following steps: acquiring application information in terminal equipment; judging whether the terminal equipment comprises a target application or not based on the application information; if the terminal equipment comprises a target application, configuring a protection parameter for the target application, wherein the protection parameter is used for indicating the terminal equipment to protect data of the target application; and sending the protection parameters of the target application to the terminal equipment so that the terminal equipment can protect the data of the target application based on the protection parameters. The method and the device provided by the embodiment of the invention can improve the safety of the application data in the terminal equipment.
Description
Technical Field
The embodiment of the invention relates to the technical field of data security, in particular to a method and a device for protecting application data.
Background
With the development of intelligent terminals and mobile internet, more and more applications can be borne on terminal equipment. In particular, applications such as banking, payment, etc. that involve high security business requirements are also increasingly moving towards terminal devices. However, it follows that the problem of application data security on the terminal device is also increasingly prominent. Therefore, how to improve the security of the application data on the terminal device is a problem which needs to be solved urgently at present.
Disclosure of Invention
The embodiment of the invention provides a method and a device for protecting application data, which are used for improving the safety of the application data on terminal equipment.
A first aspect of an embodiment of the present invention provides a method for protecting application data, where the method includes:
acquiring application information in terminal equipment;
judging whether the terminal equipment comprises a target application or not based on the application information;
if the terminal equipment comprises a target application, configuring a protection parameter for the target application, wherein the protection parameter is used for indicating the terminal equipment to protect data of the target application;
and sending the protection parameters of the target application to the terminal equipment so that the terminal equipment can protect the data of the target application based on the protection parameters.
A second aspect of the embodiments of the present invention provides an apparatus for protecting application data, where the apparatus includes:
the acquisition module is used for acquiring application information in the terminal equipment;
the judging module is used for judging whether the terminal equipment comprises the target application or not based on the application information;
a configuration module, configured to configure a protection parameter for a target application when the terminal device includes the target application, where the protection parameter is used to instruct the terminal device to protect data of the target application;
and the sending module is used for sending the protection parameters of the target application to the terminal equipment so that the terminal equipment can protect the data of the target application based on the protection parameters.
According to the embodiment of the invention, whether the target application exists in the terminal equipment is judged according to the application information in the terminal equipment by acquiring the application information in the terminal equipment, and when the target application exists in the terminal equipment, the protection parameter is configured for the target application in the terminal equipment, and the configured protection parameter is sent to the terminal equipment, so that the terminal equipment can protect the data in the target application according to the received protection parameter, thereby improving the safety of the application data in the terminal equipment, especially the data safety of the application with higher requirement on the safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for protecting application data according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for protecting application data according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of an application data protection apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an application data protection apparatus according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention, are intended to cover non-exclusive inclusions, e.g., a process or an apparatus that comprises a list of steps is not necessarily limited to those structures or steps expressly listed but may include other steps or structures not expressly listed or inherent to such process or apparatus.
An embodiment of the present invention provides a method for protecting application data, where the method may be executed by a protection device for application data (hereinafter referred to as a protection device), and the protection device may be a hardware entity independent from a terminal device, or may be a program or a hardware entity disposed in the terminal device. Referring to fig. 1, fig. 1 is a flowchart of a method for protecting application data according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
The application referred to in this embodiment refers to an application program that is installed on a terminal device and supports a specific service function, such as a payer, a WeChat, an email, and the like. Different applications relate to different application domains, and the same data may exist between different applications, for example, when payment is made through a payment bank, the same payment data may exist between the payment bank and a shopping website.
Optionally, the application information related in this embodiment includes, but is not limited to, type information of the application. The types of applications include, but are not limited to, payment types (e.g., payroll, cell phone bank, etc.), shopping types (e.g., various shopping applications, etc.), social types, and communication types (e.g., WeChat, email, etc.).
And 102, judging whether the terminal equipment comprises the target application or not based on the application information, and executing the step 103 when the terminal equipment comprises the target application.
Optionally, the target application in this embodiment includes at least one of the following applications: payment type applications, shopping type applications, social type applications, and communication type applications. After the protection device obtains the application information of the terminal equipment, whether the terminal equipment comprises the application of the target type (payment type, shopping type, social type and communication type) is judged according to the type of each application in the terminal equipment. When the terminal device includes an application of the target type described above, step 103 is executed.
In a possible implementation manner, the protection parameters configured by the protection device for the target application include a trigger manner and an execution manner, and the trigger manner is used for indicating how to start or when to start to protect data of the target application. The execution mode is used to indicate how to protect data, and the execution mode in this embodiment may include any one of the following modes: erasing, disabling, suspending use. The erasing refers to deleting data from the target application, the disabling refers to prohibiting using the data in the target application, and the suspending refers to prohibiting using the data in the target application within a preset time period. In this embodiment, the triggering manner includes any one of the following manners: periodic triggers, manual triggers, and triggers when the target application is invoked.
Optionally, on the basis of the foregoing implementation, in another possible implementation, the protection parameters configured by the protection device for the target application may further include: and when the terminal equipment comprises a plurality of target applications, preferentially protecting the data of the target application with high priority according to the protection priority of the target application.
Optionally, the embodiment may also set a highest or emergency priority to deal with data protection in an emergency. For example, when the terminal device is lost, the user can remotely control the terminal device through the protection device to start a data protection task for the target application, and erase the cached sensitive data, thereby preventing risk and loss caused by data leakage and the like.
And step 104, sending the protection parameter of the target application to the terminal device, so that the terminal device protects the data of the target application based on the protection parameter.
For example, assuming that the protection parameter of the target application is periodically triggered and the execution mode is erasing, the terminal device erases the data in the target application at a preset interval after receiving the protection parameter of the target application. It is understood that this is by way of illustration and not by way of limitation.
In this embodiment, by acquiring application information in the terminal device, whether a target application exists in the terminal device is determined according to the application information in the terminal device, and when the target application exists in the terminal device, a protection parameter is configured for the target application in the terminal device, and the configured protection parameter is sent to the terminal device, so that the terminal device protects data in the target application according to the received protection parameter, thereby improving the security of application data in the terminal device, and in particular, improving the data security of applications with higher security requirements.
Fig. 2 is a flowchart of a method for protecting application data according to another embodiment of the present invention, as shown in fig. 2, based on the embodiment of fig. 1, the method includes:
The target data in this embodiment refers to sensitive data with relatively high security requirements. For example, the target data may be a login account, a login password, a payment account, an authentication code, etc. used by the user on the target application. It is understood that this is by way of illustration and not by way of limitation.
In general, the target data may be data cached after being called by the target application or data retained by default, for example, after the payment operation of the dynamic payment verification code on a certain shopping website is completed, the verification code is cached by the default background of the shopping website before being invalid; or manually set in the target application by the user, and after the enabling is effective, the data is associated/bound to the shared use data in other applications, such as a pay account is simultaneously stored in the retention data of a plurality of applications and applied to the payment behaviors of the plurality of applications. Such applications having the same target data are referred to as associated applications.
In this embodiment, by acquiring application information in the terminal device, whether a target application exists in the terminal device is determined according to the application information in the terminal device, and when the target application exists in the terminal device, a protection parameter is configured for the target application in the terminal device, and the configured protection parameter is sent to the terminal device, so that the terminal device protects data in the target application according to the received protection parameter, thereby improving the security of application data in the terminal device, and in particular, improving the data security of applications with higher security requirements.
Fig. 3 is a schematic structural diagram of an application data protection apparatus according to an embodiment of the present invention, as shown in fig. 3, the apparatus includes:
an obtaining module 11, configured to obtain application information in a terminal device;
a judging module 12, configured to judge whether the terminal device includes a target application based on the application information;
a configuration module 13, configured to configure a protection parameter for a target application when the terminal device includes the target application, where the protection parameter is used to instruct the terminal device to protect data of the target application;
a sending module 14, configured to send the protection parameter of the target application to the terminal device, so that the terminal device protects the data of the target application based on the protection parameter.
Optionally, the application information includes a type of the application;
the determining module 12 is specifically configured to: judging whether the terminal equipment comprises target type application or not based on the type of the application in the terminal equipment, wherein the target type application comprises at least one of the following types of applications: payment type applications, shopping type applications, social type applications, communication type applications.
Optionally, the configuration module 13 includes:
a first configuration submodule, configured to configure a trigger mode and an execution mode of protection for the target application, where the trigger mode includes any one of the following modes: the method comprises the following steps of periodic triggering, manual triggering and triggering when a target application is called, wherein the execution mode of the protection comprises any one of the following modes: erasing, disabling, suspending use.
Optionally, the configuration module 13 further includes:
and the second configuration submodule is used for configuring the protected priority information for the target application.
The apparatus provided in this embodiment can be used to execute the method shown in fig. 1, and the execution manner and the beneficial effects are similar, which are not described herein again.
Fig. 4 is a schematic structural diagram of an application data protection apparatus according to another embodiment of the present invention, as shown in fig. 4, based on the embodiment of fig. 3, the apparatus further includes:
a determining module 15, configured to determine, when a target application is included in the terminal device, whether an associated application having the same target data as the target application exists in the terminal device;
an establishing module 16, configured to establish an association relationship between the target application and the associated application when the associated application exists in the terminal device, and configure protection parameters for the associated application;
the sending module 14 is further configured to send the association relationship between the target application and the associated application and the protection parameter of the associated application to the terminal device, so that the terminal device protects the target application and the target data in the associated application.
The apparatus provided in this embodiment can be used to execute the method shown in fig. 2, and the execution manner and the beneficial effects are similar, which are not described herein again.
Finally, it should be noted that, as one of ordinary skill in the art will appreciate, all or part of the processes of the methods of the embodiments described above may be implemented by hardware related to instructions of a computer program, where the computer program may be stored in a computer-readable storage medium, and when executed, the computer program may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
Each functional unit in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer readable storage medium. The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
The above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. A method for protecting application data, comprising:
acquiring application information in terminal equipment;
judging whether the terminal equipment comprises a target application or not based on the application information; the application information comprises the type of the application; the determining whether the terminal device includes the target application based on the application information includes: judging whether the terminal equipment comprises target type application or not based on the type of the application in the terminal equipment, wherein the target type application comprises at least one of the following types of applications: payment type applications, shopping type applications, social type applications, communication type applications;
if the terminal equipment comprises a target application, configuring a protection parameter for the target application, wherein the protection parameter is used for indicating the terminal equipment to protect data of the target application;
sending the protection parameters of the target application to the terminal equipment so that the terminal equipment can protect the data of the target application based on the protection parameters;
the method further comprises the following steps:
if the terminal equipment comprises the target application, determining whether the terminal equipment has associated application with the same target data as the target application; the target data is cached or default reserved data after being called by the target application, or is manually set in the target application by a user and is associated/bound to data shared and used in other applications after being enabled in effect;
if so, establishing an association relationship between the target application and the associated application, and configuring protection parameters for the associated application;
and sending the association relation between the target application and the associated application and the protection parameters of the associated application to the terminal equipment so that the terminal equipment can protect the target application and the target data in the associated application.
2. The method of claim 1, wherein configuring protection parameters for the target application comprises:
configuring a triggering mode and an execution mode for protection for the target application, wherein the triggering mode includes any one of the following modes: the method comprises the following steps of periodic triggering, manual triggering and triggering when a target application is called, wherein the execution mode of the protection comprises any one of the following modes: erasing, disabling, suspending use.
3. The method of claim 2, wherein configuring protection parameters for the target application further comprises:
configuring protected priority information for the target application.
4. An apparatus for protecting application data, comprising:
the acquisition module is used for acquiring application information in the terminal equipment;
the judging module is used for judging whether the terminal equipment comprises the target application or not based on the application information; the application information comprises the type of the application; the judgment module is specifically configured to: judging whether the terminal equipment comprises target type application or not based on the type of the application in the terminal equipment, wherein the target type application comprises at least one of the following types of applications: payment type applications, shopping type applications, social type applications, communication type applications;
a configuration module, configured to configure a protection parameter for a target application when the terminal device includes the target application, where the protection parameter is used to instruct the terminal device to protect data of the target application;
a sending module, configured to send the protection parameter of the target application to the terminal device, so that the terminal device protects the data of the target application based on the protection parameter;
the device further comprises:
the terminal equipment comprises a determining module, a determining module and a judging module, wherein the determining module is used for determining whether associated application with the same target data as the target application exists in the terminal equipment or not when the target application is included in the terminal equipment; the target data is cached or default reserved data after being called by the target application, or is manually set in the target application by a user and is associated/bound to data shared and used in other applications after being enabled in effect;
the establishing module is used for establishing an association relation between the target application and the associated application when the associated application exists in the terminal equipment, and configuring protection parameters for the associated application;
the sending module is further configured to send the association relationship between the target application and the associated application and the protection parameter of the associated application to the terminal device, so that the terminal device protects the target application and the target data in the associated application.
5. The apparatus of claim 4, wherein the configuration module comprises:
a first configuration submodule, configured to configure a trigger mode and an execution mode of protection for the target application, where the trigger mode includes any one of the following modes: the method comprises the following steps of periodic triggering, manual triggering and triggering when a target application is called, wherein the execution mode of the protection comprises any one of the following modes: erasing, disabling, suspending use.
6. The apparatus of claim 5, wherein the configuration module further comprises:
and the second configuration submodule is used for configuring the protected priority information for the target application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710647578.XA CN107480542B (en) | 2017-08-01 | 2017-08-01 | Application data protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710647578.XA CN107480542B (en) | 2017-08-01 | 2017-08-01 | Application data protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107480542A CN107480542A (en) | 2017-12-15 |
| CN107480542B true CN107480542B (en) | 2020-06-02 |
Family
ID=60598440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710647578.XA Active CN107480542B (en) | 2017-08-01 | 2017-08-01 | Application data protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107480542B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902288A (en) * | 2014-03-18 | 2014-07-02 | 华为技术有限公司 | Application program control method and device |
| CN104268469A (en) * | 2014-09-26 | 2015-01-07 | 深圳北控信息发展有限公司 | Mobile terminal and information security protection method and device thereof |
| CN105430639A (en) * | 2015-11-02 | 2016-03-23 | 小米科技有限责任公司 | Information processing method and device |
| CN105550610A (en) * | 2016-01-20 | 2016-05-04 | 中南大学 | Transparent computing based user privacy protection method for intelligent mobile terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9392092B2 (en) * | 2011-07-14 | 2016-07-12 | Qualcomm Incorporated | Method and apparatus for detecting and dealing with a lost electronics device |
-
2017
- 2017-08-01 CN CN201710647578.XA patent/CN107480542B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902288A (en) * | 2014-03-18 | 2014-07-02 | 华为技术有限公司 | Application program control method and device |
| CN104268469A (en) * | 2014-09-26 | 2015-01-07 | 深圳北控信息发展有限公司 | Mobile terminal and information security protection method and device thereof |
| CN105430639A (en) * | 2015-11-02 | 2016-03-23 | 小米科技有限责任公司 | Information processing method and device |
| CN105550610A (en) * | 2016-01-20 | 2016-05-04 | 中南大学 | Transparent computing based user privacy protection method for intelligent mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107480542A (en) | 2017-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10136324B2 (en) | Method and apparatus for reading verification information | |
| EP2562673B1 (en) | Apparatus and method for securing mobile terminal | |
| US20140013429A1 (en) | Method for processing an operating application program and device for the same | |
| CN103744686B (en) | Control method and the system of installation is applied in intelligent terminal | |
| EP3089068A1 (en) | Application program management method, device, terminal, and computer storage medium | |
| KR20140074252A (en) | Secure execution of unsecured apps on a device | |
| US9817972B2 (en) | Electronic assembly comprising a disabling module | |
| CN103403669A (en) | Securing and managing APPs on a device | |
| EP3401823B1 (en) | Security verification method and device for smart card application | |
| CN110738473B (en) | Wind control method, system, device and equipment | |
| CN107122655B (en) | Trust management based mobile application security setting recommendation system | |
| US20160055344A1 (en) | Data loss prevention during app execution using e-mail enforcement on a mobile device | |
| CN104363589A (en) | Identity authentication method, device and terminal | |
| CN103218552A (en) | Safety management method and device based on user behavior | |
| WO2016202108A1 (en) | Nfc payment method, nfc payment system and mobile terminal | |
| JP5296627B2 (en) | Terminal protection system and terminal protection method | |
| US20150106871A1 (en) | System and method for controlling access to security engine of mobile terminal | |
| CN106919812B (en) | Application process authority management method and device | |
| CN106293962B (en) | Method and device for calling system command | |
| WO2018166142A1 (en) | Authentication processing method and apparatus | |
| CN107766094B (en) | Method, device and equipment for controlling mutual starting of application programs | |
| CN107480542B (en) | Application data protection method and device | |
| CN105577621B (en) | Business operation verification method, device and system | |
| CN107392010B (en) | Root operation execution method and device, terminal equipment and storage medium | |
| CN107368738B (en) | Root prevention method and Root prevention device for intelligent equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |