CN109522709B - Security processing method and electronic device - Google Patents

Security processing method and electronic device Download PDF

Info

Publication number
CN109522709B
CN109522709B CN201811213385.4A CN201811213385A CN109522709B CN 109522709 B CN109522709 B CN 109522709B CN 201811213385 A CN201811213385 A CN 201811213385A CN 109522709 B CN109522709 B CN 109522709B
Authority
CN
China
Prior art keywords
application
stack
security
secure
application stack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811213385.4A
Other languages
Chinese (zh)
Other versions
CN109522709A (en
Inventor
黄世光
冯荣峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201811213385.4A priority Critical patent/CN109522709B/en
Publication of CN109522709A publication Critical patent/CN109522709A/en
Application granted granted Critical
Publication of CN109522709B publication Critical patent/CN109522709B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Abstract

The present disclosure provides a security processing method, including: obtaining a first trigger event, wherein the first trigger event is used for representing and displaying a first security application; the first secure application is located within a secure application stack in a locked state; if the secure application stack is in a locked state, the secure application in the secure application stack is in a protected state; obtaining user identity information based on the first trigger event; and if the user identity information passes the verification, unlocking the security application stack and switching the first security application into a common application stack when the security application stack is in an unlocked state, so that the first security application is displayed and can be used. The present disclosure also provides an electronic device.

Description

Security processing method and electronic device
Technical Field
The disclosure relates to a security processing method and an electronic device.
Background
In the prior art, when a user starts a protected application, a user authentication interface is popped up, and the protected application can be operated after the user authentication is passed, however, since the user authentication interface is started after the protected application is called up, the related content of the protected application can be seen before the user authentication interface is displayed, so that the information of the protected application is leaked, such as short messages, pictures, address lists and other contents. In addition, in the case that the protected application is started, the related content of the protected application can be seen in the process of switching the protected application with other applications, which also results in the information leakage of the protected application.
Disclosure of Invention
One aspect of the present disclosure provides a security processing method, including: obtaining a first trigger event, wherein the first trigger event is used for representing and displaying a first security application, and the first security application is located in a security application stack in a locked state, and if the security application stack is in the locked state, the security application in the security application stack is in a protected state; acquiring user identity information based on a first trigger event; and if the user identity information passes the verification, unlocking the security application stack and switching the first security application into the common application stack when the security application stack is in an unlocked state, so that the first security application is displayed and can be used.
Optionally, the normal application stack is isolated from the secure application stack.
Optionally, the method further includes: obtaining a second trigger event, wherein the second trigger event is used for representing that the first security application is switched to a background; switching the first secure application into a secure application stack in a locked state based on a second trigger event; setting a first level corresponding to a first security application in a common application stack, and setting the first level to be in an empty state, wherein the position of the first level in the common application stack is used for representing the position of the first security application in the common application stack; and establishing an index relationship between a first level in the common application stack and a first security application in the security application stack.
Optionally, when the first security application is located in the security application stack, the first layer is configured to store an identification interface of the first security application, so that the first security application is characterized by the identification interface in a process of responding to switching among the plurality of applications, and the identification interface does not include content of the first security application.
Optionally, the first triggering event is a start event. The obtaining the user identity based on the first trigger event includes: and judging whether the application to be started by the starting event has a safety mark or not, if the application to be started by the starting event has the safety mark, loading the application to be started into a safety application stack in a locked state, and calling an authentication interface to prompt a user to input user identity information through the authentication interface. Wherein the application is a first secure application.
Optionally, the obtaining the user identity based on the first trigger event further includes: when the application to be started is loaded into the safety application stack in the locking state, a first level corresponding to the application to be started is established in the common application stack, and the first level is set to be in an empty state. The calling authentication interface comprises: and creating a corresponding hierarchy of the authentication interface above the first hierarchy of the common application stack, wherein the corresponding hierarchy of the authentication interface is destroyed when the user identity information is verified.
Optionally, the method further includes: acquiring a preset trigger operation, responding to the preset trigger operation, and creating and initializing a secure application stack; or before the first secure application is loaded to the secure application stack, if the secure application stack does not exist, creating and initializing the secure application stack to load the first secure application.
Optionally, the method further includes: and if all the safety applications in the safety application stack exit, destroying the safety application stack.
Optionally, the secure application stack is in an unlocked state and automatically switches back to the locked state when a predetermined time is met; or, if the first secure application is switched into the common application stack when the secure application stack is in the unlocked state, the secure application stack is automatically switched back to the locked state.
Another aspect of the disclosure provides an electronic device including a first obtaining module, an authenticating module, and a first secure processing module. The first obtaining module is configured to obtain a first trigger event, where the first trigger event is used to characterize and display a first secure application, and the first secure application is located in a secure application stack in a locked state, and if the secure application stack is in the locked state, the secure application in the secure application stack is in a protected state. The authentication module is used for obtaining user identity information based on the first trigger event. The first security processing module is used for unlocking the security application stack and switching the first security application into a common application stack when the user identity information passes verification, so that the first security application can be displayed and used.
Optionally, the normal application stack is isolated from the secure application stack.
Optionally, the electronic device further includes a second obtaining module and a second security processing module. The second obtaining module is used for obtaining a second trigger event, and the second trigger event is used for representing that the first security application is switched to the background. The second security processing module is used for switching the first security application into a security application stack in a locked state based on a second trigger event; setting a first level corresponding to a first security application in a common application stack, and setting the first level to be in an empty state, wherein the position of the first level in the common application stack is used for representing the position of the first security application in the common application stack; and establishing an index relationship between a first level in the common application stack and a first security application in the security application stack.
Optionally, when the first security application is located in the security application stack, the first layer is configured to store an identification interface of the first security application, so that the first security application is characterized by the identification interface in a process of responding to switching among the plurality of applications, and the identification interface does not include content of the first security application.
Optionally, the first triggering event is a start event. The authentication module obtains the user identity based on the first trigger event, and comprises: the authentication module is used for judging whether the application to be started by the starting event has a safety mark or not, if the application to be started by the starting event has the safety mark, the application to be started is loaded into the safety application stack in the locking state, and meanwhile, the authentication interface is called so as to prompt a user to input user identity information through the authentication interface. Wherein the application is a first secure application.
Optionally, the obtaining, by the authentication module, the user identity based on the first trigger event further includes: the authentication module is further used for creating a first level corresponding to the application to be started in the common application stack and setting the first level to be in an empty state when the application to be started is loaded into the secure application stack in the locked state. The authentication module calls an authentication interface and comprises the following steps: the authentication module is used for creating a hierarchy corresponding to the authentication interface above a first hierarchy of the common application stack, wherein when the user identity information passes verification, the hierarchy corresponding to the authentication interface is destroyed.
Optionally, the electronic device further includes a creating module, configured to obtain a preset trigger operation, and create and initialize a secure application stack in response to the preset trigger operation; or before the first secure application is loaded to the secure application stack, if the secure application stack does not exist, creating and initializing the secure application stack to load the first secure application.
Optionally, the electronic device further includes a destruction module, configured to destroy the security application stack when all the security applications in the security application stack exit.
Optionally, the secure application stack is in an unlocked state and automatically switches back to the locked state when a predetermined time is met; or, if the first secure application is switched into the common application stack when the secure application stack is in the unlocked state, the secure application stack is automatically switched back to the locked state.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario of a security processing method and an electronic device according to an embodiment of the present disclosure;
FIG. 2 schematically shows a flow diagram of a security processing method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of a security processing method according to another embodiment of the present disclosure;
FIG. 4A schematically illustrates a flow diagram of a security processing method according to another embodiment of the present disclosure;
FIG. 4B schematically illustrates a diagram of a generic application stack and a secure application stack, in accordance with an embodiment of the present disclosure;
FIG. 4C schematically illustrates a diagram of a generic application stack and a secure application stack, according to another embodiment of the present disclosure;
FIG. 4D schematically illustrates a diagram of a generic application stack and a secure application stack, according to another embodiment of the present disclosure;
FIG. 5 schematically shows a block diagram of an electronic device according to an embodiment of the present disclosure;
FIG. 6 schematically shows a block diagram of an electronic device according to another embodiment of the present disclosure; and
fig. 7 schematically shows a block diagram of an electronic device according to another embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system.
The embodiment of the disclosure provides a security processing method and an electronic device capable of applying the method. The method comprises a triggering stage, an authentication stage and a display stage, wherein in the triggering stage, a first triggering event for representing and displaying the security application is obtained, the security application is stored in a locked security application stack in advance for protection, in the authentication stage, user identity information corresponding to the first triggering event is obtained and verified to determine whether the triggering is legal or not, if the triggering is passed, the display stage is started, the security application stack is unlocked, and the security application is transferred from the security application stack to a common application stack for display and allowed to be used.
Fig. 1 schematically illustrates an application scenario of a security processing method and an electronic device according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, an electronic device 100 applying a security processing method is shown, in this embodiment, the electronic device 100 is a smart phone, and in other embodiments, the electronic device 100 may be various types of electronic devices such as a tablet, a smart watch, a smart television, a personal computer, and the like, which is not limited herein.
Three application icons are placed on the desktop of the electronic device 100 and respectively correspond to an application a, an application B and an application C, wherein the application B has a higher security level and relates to payment, personal privacy and the like, the application B is set as a protected secure application, and the application a and the application C have a lower security level and can be unprotected non-secure applications.
When obtaining a trigger event for application B, it is necessary to ensure that the content of application B is not obtained by an untrusted user or by an untrusted application, for example, when application B is started, it is necessary to determine whether the initiator of the start event is trusted, when application B is switched to the background, it is ensured that the content of application B is not obtained by an unauthorized party, and when application B is switched to the foreground, it is ensured that the content of application B is not obtained by an unauthorized party.
Fig. 2 schematically shows a flow diagram of a security processing method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S203.
In operation S201, a first trigger event is obtained, where the first trigger event is used to represent and display a first secure application, and the first secure application is located in a secure application stack in a locked state.
The first security application is used for representing any security application, and the security application is an application which is higher in security level and needs to be protected. When the secure application stack is in a locked state, the content stored in the secure application stack cannot be accessed, that is, the secure application in the secure application stack in the locked state is in a protected state, and when the secure application stack is in an unlocked state, the content stored in the secure application stack can be accessed.
In operation S202, user identity information is obtained for verification based on a first trigger event.
The user identity information input by the user can be obtained through prompting, or the user identity information can be directly obtained without prompting, various prompting modes can be adopted during prompting, such as voice prompting, display prompting and the like, and the user identity information can comprise fingerprint information, image information, iris information, password information and the like, which are not limited herein.
In operation S203, when the user identity information is verified, the secure application stack is unlocked, and the first secure application is switched to the normal application stack when the secure application stack is in the unlocked state, so that the first secure application is displayed and can be used.
The applications located in the common application stack can be displayed and used, the applications located in the secure application stack cannot be displayed and used, and the applications located in the secure application stack need to be transferred to the common application stack after being verified and determined to be legal through user identity information when the applications need to be displayed and used.
As can be seen, for any security application, the method shown in fig. 2, on one hand, protects the security application by using the security of the security application stack, and places the security application in the locked security application stack when the security application is not displayed and used, so as to ensure the security of the security application at a stage that is not displayed, and on the other hand, when a first trigger event representing the displayed security application is obtained, it is verified whether the source of the first trigger event is legal, and after the first trigger event is determined to be legal, the security application stack is unlocked, so that the security application is switched from the security application stack to a common application stack for display and use, so as to ensure the security of the security application at a displayed and used stage.
In embodiments of the present disclosure, the normal application stack is isolated from the secure application stack. For the non-secure application, when any non-secure application is started, the corresponding hierarchy of the non-secure application is pushed into the normal application stack, when the corresponding hierarchy of the non-secure application is located at the top of the normal application stack, the non-secure application is displayed, a user can see the interface of the non-secure application, and when the non-secure application exits, the corresponding hierarchy of the non-secure application is destroyed and recycled from the normal application stack, that is, the non-secure application only uses the normal application stack, while as in the method shown in fig. 2 above, the secure application uses the normal application stack and the secure application stack. In the common application stack, not only the content at the top of the stack can be directly seen, but also the content in the common application stack can be completely acquired through some interfaces at the system level, for example, in the Android system, the content of the common application stack can be listed through a dumpsys command, and the secure application stack in the locked state cannot be acquired from the user level or the system level.
The system dynamically allocates the security application stack and manages the running state of the security application stack, and the state of the security application stack comprises creation, initialization, locking, unlocking and destruction. As an alternative embodiment, the method shown in fig. 2 further includes: and acquiring a preset trigger operation, responding to the preset trigger operation, and creating and initializing the secure application stack. For example, for a user, icons of the secure applications are all placed in a folder of a system desktop, when the folder is opened by the user, a preset trigger operation occurs, and a secure application stack is created and initialized in response to the preset trigger operation. Or, as another optional embodiment, before the first secure application is loaded to the secure application stack, it needs to be determined whether a secure application stack already exists in the system, and if the secure application stack does not exist, the secure application stack is created and initialized to load the first secure application.
According to an embodiment of the present disclosure, the method illustrated in fig. 2 further includes: and if all the safety applications in the safety application stack exit, destroying the safety application stack.
Fig. 3 schematically shows a flow diagram of a security processing method according to another embodiment of the present disclosure.
As shown in fig. 3, the method includes operations S201 to S207, where operations S201 to S203 are described above and are not repeated here.
In operation S204, a second trigger event is obtained, where the second trigger event is used to characterize switching the first secure application to the background.
The operation is executed after operation S203, and after the operation S203 switches the first secure application from the secure application stack to the normal application stack for display through user identity information verification, the operation obtains a second trigger event representing switching of the first secure application to the background.
In operation S205, the first secure application is switched into the secure application stack in the locked state based on the second trigger event.
In operation S206, a first level corresponding to the first secure application is set in the normal application stack, and the first level is set to be in an empty state, where a position of the first level in the normal application stack is used to represent a position of the first secure application in the normal application stack.
When the first secure application is removed from the ordinary application stack, the first level with the empty state is left at the original position of the first secure application in the ordinary application stack, for example, the first secure application is supposed to be at the 2 nd layer of the ordinary application stack, after the second secure application is removed, the empty first level is arranged at the 2 nd layer of the ordinary application stack, the position of the first level can be changed with the stacking and popping of the content in the ordinary application stack in the follow-up process, and the position of the first level represents the position where the first secure level is supposed to be if the first secure level is not switched to the secure application stack.
In operation S207, an index relationship between a first level in the normal application stack and a first secure application in the secure application stack is established.
The position of the first level corresponding to the first secure application in the ordinary application stack may be synchronously used as an index, operations S201 to S203 may be continuously performed after operation S207, and when the verification is passed, the first secure application in the secure application stack in the unlocked state is switched to the ordinary application stack, and the first secure application may be switched to the position of the first level in the current ordinary application stack according to the index relationship between the first secure application and the first level.
It can be seen that the method shown in fig. 3 includes not only the process of displaying the secure application in the method shown in fig. 2, but also the process of backing up the secure application to the background after the secure application is displayed. After the user identity information is verified, displaying the security application, switching the security application into a common application stack, when the security application needs to be switched to a background, reserving an empty level corresponding to the security application in the common application stack, switching the security application into the security application stack in a locked state for protection, and occupying the first security application with the empty level corresponding to the security application in the common application stack.
In one embodiment of the present disclosure, the first triggering event is a start event. In the above operation S202, obtaining the user identity based on the first trigger event includes: judging whether the application to be started by the starting event has a security mark or not, when the application to be started by the starting event has the security mark, indicating that the application to be started by the starting event is the security application to be protected, if the first security application is the first security application, loading the first security application into a security application stack in a locked state, and calling an authentication interface to prompt a user to input user identity information through the authentication interface. And then verifying the identity information of the user, if the user passes the verification, the authentication interface disappears, meanwhile, the security application stack is unlocked, the first security application is transferred to the stack top of the common application stack from the security application stack in the unlocked state, and the user can see the interface of the first security application and use the interface. When the application to be started by the starting event does not have the security mark, the application to be started by the starting event is indicated to be the non-secure application, the non-secure application is directly loaded to the top of the common application stack, and a user can see the non-secure application and use the non-secure application.
In another embodiment of the present disclosure, the first trigger event is a switching event for switching an application from a background to a foreground, and whether an application to be switched to the foreground by the switching event has a security label is determined, and when the application to be switched to the foreground by the switching event has the security label, it indicates that the application to be switched to the foreground by the switching event is a secure application to be protected, such as the first secure application, as can be seen from the method shown in fig. 3, when the first secure application is in the background, the first secure application is stored in a locked secure application stack, and at this time, an authentication interface is invoked, so as to prompt a user to input user identity information through the authentication interface. And then verifying the user identity information, if the user identity information passes the verification, the authentication interface disappears, meanwhile, the security application stack is unlocked, the first security application is transferred from the security application stack in the unlocked state to the stack top of the common application stack, namely, the first security application is switched to the foreground, and the user can see the interface of the first security application and use the first security application. When the application to be switched to the foreground by the switching event does not have the security mark, the application to be switched to the foreground by the switching event is indicated to be the non-secure application, and the non-secure application is located in the common application stack when the non-secure application is located in the background, the position of the non-secure application in the common application stack is adjusted to be the top of the common application stack, namely the non-secure application is switched to the foreground, and a user can see the non-secure application and use the non-secure application.
It should be noted that the secure application stack is usually in a locked state, the unlocked state of the secure application stack is temporary, and the secure application stack is automatically switched back to the locked state in response to some predetermined conditions after being unlocked, so as to protect the content in the secure application stack. For example, when the time that the secure application stack is in the unlocked state after the secure application stack is unlocked satisfies a predetermined time, the secure application stack automatically switches back to the locked state. Or, when the user identity information is verified and the first secure application needs to be switched from the secure application stack to the normal application stack, the event that the first secure application is switched from the secure application stack to the normal application stack may be monitored after the secure application stack is unlocked, and when the event is completed, the secure application stack is automatically switched back to the locked state.
The method shown in fig. 2-3 is further described with reference to fig. 4A-4D in conjunction with specific embodiments.
Fig. 4A schematically illustrates a flow diagram of a security processing method according to another embodiment of the present disclosure.
As shown in fig. 4A, the method includes operations S401 to S408.
In operation S401, a start event of the application B is obtained.
In operation S402, it is determined whether the application B to be started is a secure application, if so, operation S403 is performed, otherwise, operation S408 is performed.
In operation S403, the application B is loaded into the secure application stack in the locked state, a level B 'corresponding to the application B is created in the normal application stack, the level B' corresponding to the application B is set to be in an empty state, an index relationship between the position of the level B 'in the normal application stack and the application B is established, and a level B corresponding to the authentication interface is created above the level B'.
In operation S404, the user identity information is acquired for verification, when the verification passes, the hierarchy B corresponding to the authentication interface is destroyed, the secure application stack is unlocked, and the application B in the secure application stack in the unlocked state is switched to the position of the hierarchy B 'in the common application stack according to the index relationship between the position of the hierarchy B' in the common application stack and the application B.
The above operations S401 to S404 are exemplified:
in this example, the electronic device is a smart phone, an operating system of the electronic device is an Android system, in other examples, other electronic devices may be used, and other types of operating systems may be used, which is not limited herein. There are multiple application icons on the desktop of the electronic device, application a having been launched. At this point, the user clicks on the icon for application B to launch application B, the system launches the StartActivity component in response to the event, the StartActivity component passes a message to the management decision service (PMS service) that launches application B, the StartActivity component passes an Intent message to the PMS service, the Intent message contains related information such as a packet name of the application B, the PMS service is used for deciding whether the Intent message is valid and judging whether the application B is safe application, if yes, the PMS service returns a confirmation message to the StartActivity component, the StartActivity component loads the application B into a safe application stack in a locked state after knowing that the application B is safe application, pressing a hierarchy B' corresponding to the application B in the common application stack, sending an authorization message (Auth Intent) to an authentication interface, and pressing a hierarchy b corresponding to the authentication interface in the common application stack when the authentication interface is called.
Figure 4B schematically illustrates a diagram of a generic application stack and a secure application stack, according to an embodiment of the disclosure.
As shown in fig. 4B, the desktop and the application a are originally in the normal application stack, the desktop is located at the 0 th layer of the normal application stack, and the application a is located at the 1 st layer of the normal application stack. When an event for starting the application B is obtained and the application B is determined to be a safe application, a hierarchy B 'corresponding to the application B is pressed into the common application stack, the state of the hierarchy B' is null, the hierarchy B 'is located at the 2 nd layer of the common application stack at the moment, the application B is placed into the safe application stack in a locking state, the hierarchy B corresponding to the authentication interface is pressed into the common application stack, the hierarchy B is located at the 2.1 nd layer of the common application stack, the hierarchy B is adjacent to the hierarchy B' and is located above the hierarchy B ', and the position of the hierarchy B' is recorded as an index of the application B. At this time, the user can see the authentication interface on the screen of the electronic device, and since the next level of the level B corresponding to the authentication interface in the common application stack is an empty level B', the user cannot see the content of the application B even before the authentication interface is displayed.
After the authentication interface is called up, a user inputs user identity information according to the prompt of the authentication interface, the input user identity information is verified, specifically, the user identity information can be compared with prestored legal user identity information, after the verification is passed, the authentication interface returns an authorization message to the system, the system unlocks the secure application stack, the application B in the secure application stack is switched to a hierarchy B' in a common application stack according to the index of the application B, and meanwhile, a hierarchy B corresponding to the authentication interface is destroyed, at the moment, the position of the application B in the common application stack is a stack top, and the user can see that the content of the application B is smoothly displayed after the authentication interface on the screen of the electronic equipment disappears.
In operation S405, a first switching event for switching the application B to the background is obtained, the application B is switched from the common application stack to the secure application stack, and the level B' corresponding to the application B in the common application stack is reserved.
This operation also needs to determine whether the application B is a secure application, but this process defaults the application B to be a secure application according to the previous step, and is not described again.
Following the above example, after the application B is switched from the secure application stack to the level B 'of the normal application stack, the application B is located at the top of the normal application stack, and the interface of the application B is displayed on the screen of the electronic device, at this time, the application C is started again, the application C is a non-secure application, is directly pressed into the normal application stack, and is switched to the background, the application B is switched from the normal application stack to the secure application stack, the level B' corresponding to the application B in the normal application stack is reserved, the state of the level B 'is empty, and the application B always uses the position of the level B' in the normal application stack as an index.
Figure 4C schematically illustrates a diagram of a generic application stack and a secure application stack, according to another embodiment of the present disclosure.
As shown in fig. 4C, in the normal application stack, the application C is pushed into the normal application stack, the level of the application C is located at the top of the normal application stack, the desktop is located at the 0 th layer of the normal application stack, the application a is located at the 1 st layer of the normal application stack, the level B' corresponding to the application B is located at the 2 nd layer of the normal application stack, the application C is located at the 3 rd layer (top of the stack) of the normal application stack, and the application B is switched to the locked secure application stack. At this time, the user can see the content of the application C, and since the application B in the normal application stack is replaced with the empty level B', the content of the application B is not seen in the switching process.
In operation S406, a second switching event for switching the application B to the foreground is obtained, the level B 'corresponding to the application B in the normal application stack is moved to the top of the normal application stack, and a level B corresponding to the authentication interface is created above the level B'.
In operation S407, the user identity information is acquired for verification, when the verification passes, the tier B corresponding to the authentication interface is destroyed, the secure application stack is unlocked, and the application B in the secure application stack in the unlocked state is switched to the location of the tier B 'in the common application stack according to the index relationship between the location of the tier B' in the common application stack and the application B.
The above operations S406 to S407 are explained by the above example:
when the desktop is located at the 0 th layer of the common application stack, the application A is located at the 1 st layer of the common application stack, the level B' corresponding to the application B is located at the 2 nd layer of the common application stack, and the application C is located at the 3 rd layer (stack top) of the common application stack, a user wants to switch the application B back to the foreground, the system sends an authorization message to the authentication interface in response to the event to call the authentication interface, and the level B corresponding to the authentication interface is pressed into the common application stack when the authentication interface is called.
Figure 4D schematically illustrates a diagram of a generic application stack and a secure application stack, according to another embodiment of the present disclosure.
As shown in fig. 4D, the original desktop is located at the 0 th layer of the ordinary application stack, the application a is located at the 1 st layer of the ordinary application stack, the level B 'corresponding to the application B is located at the 2 nd layer of the ordinary application stack, the application C is located at the 3 rd layer (top of the stack) of the ordinary application stack, and the user wants to switch the application B to the foreground, at this time, because the application B in the ordinary application stack is replaced with the level B', the level B 'is switched to the foreground, the level B' is changed from the 2 nd layer to the 3 rd layer of the ordinary application stack, the index of the application B is changed from "2" to "3", and then the level B corresponding to the authentication interface is pushed into the ordinary application stack, the level B is located at the 3.1 th layer of the ordinary application stack, and the level B is adjacent to the level B. At this time, the user can see the authentication interface on the screen of the electronic device, and since the next level of the level B corresponding to the authentication interface in the common application stack is an empty level B', the user cannot see the content of the application B even before the authentication interface is displayed.
After the authentication interface is called up, a user inputs user identity information according to the prompt of the authentication interface, the input user identity information is verified, after the verification is passed, the authentication interface returns an authorization message to the system, the system unlocks the security application stack, the application B in the security application stack is switched to the level B ' in the common application stack according to the index ' 3 ' of the application B, the level B corresponding to the authentication interface is destroyed, at the same time, the position of the application B in the common application stack is the top of the stack, and the user can see that the content of the application B is smoothly displayed after the authentication interface on the screen of the electronic equipment disappears.
In operation S408, the application B is directly loaded in the normal application stack.
In the above example, when the application B is in the background, the application B is in the locked secure application stack, the level B 'corresponding to the application B occupies the place of the application B in the normal application stack, and when the application B is in the background, the level B' is located at a position other than the top of the normal application stack.
In the above example, the first trigger event and the second trigger event are both initiated by a user, in other embodiments, the first trigger event may be initiated by another application, and the second trigger event may also be initiated by another application, which is not limited herein.
It can be seen that, in the starting process of the security application, the content of the security application cannot be seen before the display of the authentication interface, the security application is stored in the locked security application stack and is also in a protection state, in the switching process of the security application, the authentication is carried out when the security application is switched to the foreground every time, the content of the security application cannot be seen before the display of the authentication interface, and the security application is stored in the locked security application stack and is in the protection state when the security application is in the background, and the content of the security application cannot be illegally obtained and leaked no matter the security application is started or switched, so that the security application safety is greatly guaranteed.
According to the embodiment of the disclosure, by introducing a management module of a security application stack, the security application stack is dynamically allocated and the running state of the security stack is managed, including states of creating, initializing, locking and unlocking, destroying and the like. The method comprises the steps that a security application stack is created and initialized before a protected security application is started, the stack state of the security application is stored, the security application stack is set to be in a locking state in the process that the security application is located in the security application stack, once the security application stack is in the locking state, the current security application stack cannot be accessed by other applications or system interfaces, the system layer common application stack and the security application stack are completely isolated, after a user completes identity authentication, a stack management module unlocks the current security application stack, the security application stack in the security application stack is switched to enable the security application stack to be normally displayed to the user, and the protected content cannot be displayed before the user identity information is verified to be failed.
Fig. 5 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
As shown in fig. 5, the electronic device 500 includes a first acquisition module 510, an authentication module 520, and a first security processing module 530. The electronic device 500 may perform the method described above with reference to fig. 2-4D to achieve effective protection of security applications in the system.
The first obtaining module 510 is configured to obtain a first trigger event, where the first trigger event is used to characterize and display a first secure application, and the first secure application is located in a secure application stack in a locked state, where if the secure application stack is in the locked state, the secure application in the secure application stack is in a protected state.
The authentication module 520 is configured to obtain user identity information for verification based on the first trigger event.
The first security processing module 530 is configured to, when the user identity information is verified, unlock the security application stack and switch the first security application into a common application stack when the security application stack is in an unlocked state, so that the first security application is displayed and can be used.
In embodiments of the present disclosure, the normal application stack is isolated from the secure application stack.
According to an embodiment of the present disclosure, the first triggering event is a start event. The authentication module 520, based on the first trigger event, obtaining the user identity includes: the authentication module 520 is configured to determine whether an application to be started by the start event has a security label, and if the application to be started by the start event has the security label, load the application to be started into the security application stack in the locked state, and call an authentication interface to prompt a user to input user identity information through the authentication interface. Wherein the application is a first secure application.
Specifically, as an optional embodiment, the obtaining, by the authentication module 520, the user identity based on the first trigger event further includes: the authentication module 520 is further configured to create a first level corresponding to the application to be started in the normal application stack and set the first level to an empty state when the application to be started is loaded into the secure application stack in the locked state. The authentication module 520 invoking the authentication interface includes: the authentication module 520 is configured to create a hierarchy corresponding to the authentication interface above a first hierarchy of the common application stack, where the hierarchy corresponding to the authentication interface is destroyed when the user identity information is verified.
Fig. 6 schematically shows a block diagram of an electronic device according to another embodiment of the present disclosure.
As shown in fig. 6, the electronic device 600 includes a first acquisition module 510, an authentication module 520, a first security processing module 530, a second acquisition module 540, a second security processing module 550, a creation module 560, and a destruction module 570.
The first obtaining module 510, the authenticating module 520, and the first security processing module 530 are described above, and repeated descriptions are omitted.
The second obtaining module 540 is configured to obtain a second trigger event, where the second trigger event is used to characterize switching the first secure application to the background.
The second security processing module 550 is configured to switch the first security application into the security application stack in the locked state based on a second trigger event; setting a first level corresponding to a first security application in a common application stack, and setting the first level to be in an empty state, wherein the position of the first level in the common application stack is used for representing the position of the first security application in the common application stack; and establishing an index relationship between a first level in the common application stack and a first security application in the security application stack.
In an embodiment of the present disclosure, the creating module 560 is configured to obtain a preset trigger operation, and create and initialize a secure application stack in response to the preset trigger operation; or before the first secure application is loaded to the secure application stack, if the secure application stack does not exist, creating and initializing the secure application stack to load the first secure application.
In one embodiment of the present disclosure, the destruction module 570 is configured to destroy the secure application stack when all the secure applications in the secure application stack exit.
As an optional embodiment, when the first security application is located in the security application stack, the first layer is configured to store an identification interface of the first security application, so that the first security application is characterized by the identification interface in a process of responding to switching among the plurality of applications, and the identification interface does not include content of the first security application.
As an optional embodiment, the secure application stack is in the unlocked state and automatically switches back to the locked state when a predetermined time is met; or, if the first secure application is switched into the common application stack when the secure application stack is in the unlocked state, the secure application stack is automatically switched back to the locked state.
It should be noted that the implementation, solved technical problems, implemented functions, and achieved technical effects of each module/unit/subunit and the like in the apparatus part embodiment are respectively the same as or similar to the implementation, solved technical problems, implemented functions, and achieved technical effects of each corresponding step in the method part embodiment, and are not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the first obtaining module 510, the authenticating module 520, the first security processing module 530, the second obtaining module 540, the second security processing module 550, the creating module 560 and the destroying module 570 may be combined into one module to be implemented, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to the embodiment of the present disclosure, at least one of the identification signal sending module 410, the identification signal receiving module 420, the identification module 430, and the information signal transceiving module 440 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementation manners of software, hardware, and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the first acquiring module 510, the authenticating module 520, the first security processing module 530, the second acquiring module 540, the second security processing module 550, the creating module 560 and the destroying module 570 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 7 schematically shows a block diagram of an electronic device adapted to implement the above described method according to another embodiment of the present disclosure. The electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 includes a processor 710 and a computer-readable storage medium 720. The electronic device 700 may perform a method according to an embodiment of the present disclosure.
In particular, processor 710 may comprise, for example, a general purpose microprocessor, an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 710 may also include on-board memory for caching purposes. Processor 710 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
Computer-readable storage medium 720, for example, may be a non-volatile computer-readable storage medium, specific examples including, but not limited to: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and so on.
The computer-readable storage medium 720 may include a computer program 721, which computer program 721 may include code/computer-executable instructions that, when executed by the processor 710, cause the processor 710 to perform a method according to an embodiment of the disclosure, or any variation thereof.
The computer program 721 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 721 may include one or more program modules, including 721A, modules 721B, … …, for example. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 710 may execute the method according to the embodiment of the present disclosure or any variation thereof when the program modules are executed by the processor 710.
According to an embodiment of the present invention, at least one of the first obtaining module 510, the authenticating module 520, the first security processing module 530, the second obtaining module 540, the second security processing module 550, the creating module 560 and the destroying module 570 may be implemented as a computer program module as described with reference to fig. 7, which, when executed by the processor 710, may implement the respective operations described above.
The above-described embodiments of the present invention manage protected applications through a secure application stack, i.e., a protected application program will be located in the secure application stack when it is located in the background, while only its corresponding empty tier is left in the normal application stack. Therefore, in the process of switching a plurality of applications in the common application stack, the protected applications do not display any content any more, only one icon for prompting is provided, and no content of the application program is displayed, so that the application stack is safer.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.

Claims (10)

1. A secure processing method, comprising:
obtaining a first trigger event, wherein the first trigger event is used for representing and displaying a first security application; the first secure application is located within a secure application stack in a locked state; if the secure application stack is in a locked state, the secure application in the secure application stack is in a protected state;
obtaining user identity information based on the first trigger event;
if the user identity information passes verification, unlocking the security application stack and switching the first security application into a common application stack when the security application stack is in an unlocked state, so that the first security application is displayed and can be used;
wherein the method further comprises:
and setting a first level corresponding to the first security application in the common application stack, and setting the first level to be in an empty state, wherein the position of the first level in the common application stack is used for representing the position of the first security application in the common application stack.
2. The method of claim 1, wherein the normal application stack is isolated from the secure application stack.
3. The method of claim 1, further comprising:
obtaining a second trigger event, wherein the second trigger event is used for representing that the first security application is switched to a background;
switching the first secure application into the secure application stack in a locked state based on the second triggering event;
establishing an index relationship between the first level in the normal application stack and the first secure application in the secure application stack.
4. The method of claim 3, wherein:
when the first security application is located in a security application stack, the first layer is used for storing an identification interface of the first security application, so that the first security application is characterized by the identification interface in the process of responding to switching of multiple applications, and the identification interface does not include the content of the first security application.
5. The method of claim 1, wherein:
the first trigger event is a starting event;
the obtaining a user identity based on the first trigger event comprises:
judging whether an application to be started by a starting event has a safety mark or not;
if the application to be started of the starting event has a security mark, loading the application into the security application stack in a locked state, and calling an authentication interface to prompt a user to input user identity information through the authentication interface;
wherein the application is a first secure application.
6. The method of claim 5, wherein:
the obtaining a user identity based on the first trigger event further comprises: when the application is loaded into the secure application stack in the locked state, a first level corresponding to the application is created in the common application stack, and the first level is set to be in an empty state;
the invoking authentication interface includes: and creating a hierarchy corresponding to the authentication interface above the first hierarchy of the common application stack, wherein the hierarchy corresponding to the authentication interface is destroyed when the user identity information is verified.
7. The method of claim 5, further comprising:
acquiring a preset trigger operation, responding to the preset trigger operation, and creating and initializing the secure application stack; or
Before a first secure application is loaded into the secure application stack, if the secure application stack does not exist, the secure application stack is created and initialized to load the first secure application.
8. The method of claim 1, further comprising:
and if all the safety applications in the safety application stack exit, destroying the safety application stack.
9. The method of claim 1, wherein:
the safety application stack is in an unlocking state and automatically switches back to the locking state when the preset time is met; or
And if the first secure application is switched into the common application stack under the condition that the secure application stack is in the unlocked state, the secure application stack is automatically switched back to the locked state.
10. An electronic device, comprising:
the system comprises a first acquisition module, a first display module and a second acquisition module, wherein the first acquisition module is used for acquiring a first trigger event which is used for representing and displaying a first security application; the first secure application is located within a secure application stack in a locked state; if the secure application stack is in a locked state, the secure application in the secure application stack is in a protected state;
the authentication module is used for acquiring user identity information based on the first trigger event;
the first security processing module is used for unlocking the security application stack and switching the first security application into a common application stack when the security application stack is in an unlocked state when the user identity information passes verification so as to enable the first security application to be displayed and used;
the authentication module is further configured to set a first hierarchy corresponding to the first secure application in the ordinary application stack, and set the first hierarchy to an empty state, where a position of the first hierarchy in the ordinary application stack is used to characterize a position of the first secure application in the ordinary application stack.
CN201811213385.4A 2018-10-17 2018-10-17 Security processing method and electronic device Active CN109522709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811213385.4A CN109522709B (en) 2018-10-17 2018-10-17 Security processing method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811213385.4A CN109522709B (en) 2018-10-17 2018-10-17 Security processing method and electronic device

Publications (2)

Publication Number Publication Date
CN109522709A CN109522709A (en) 2019-03-26
CN109522709B true CN109522709B (en) 2021-06-15

Family

ID=65772061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811213385.4A Active CN109522709B (en) 2018-10-17 2018-10-17 Security processing method and electronic device

Country Status (1)

Country Link
CN (1) CN109522709B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116028966A (en) * 2021-10-26 2023-04-28 华为终端有限公司 Application display method, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014025458A1 (en) * 2012-08-09 2014-02-13 Cisco Technology, Inc. Secure mobile client with assertions for access to service provider applications
CN103593619A (en) * 2013-11-13 2014-02-19 宇龙计算机通信科技(深圳)有限公司 Method and system applied to data protection
CN105472147A (en) * 2015-11-23 2016-04-06 努比亚技术有限公司 Application lock processing method based on eye print identification and apparatus thereof
CN105933327A (en) * 2016-06-08 2016-09-07 北京奇虎科技有限公司 Application unlocking method, device and facility
CN106716432A (en) * 2014-09-22 2017-05-24 迈克菲股份有限公司 Pre-launch process vulnerability assessment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014025458A1 (en) * 2012-08-09 2014-02-13 Cisco Technology, Inc. Secure mobile client with assertions for access to service provider applications
CN103593619A (en) * 2013-11-13 2014-02-19 宇龙计算机通信科技(深圳)有限公司 Method and system applied to data protection
CN106716432A (en) * 2014-09-22 2017-05-24 迈克菲股份有限公司 Pre-launch process vulnerability assessment
CN105472147A (en) * 2015-11-23 2016-04-06 努比亚技术有限公司 Application lock processing method based on eye print identification and apparatus thereof
CN105933327A (en) * 2016-06-08 2016-09-07 北京奇虎科技有限公司 Application unlocking method, device and facility

Also Published As

Publication number Publication date
CN109522709A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
US9021244B2 (en) Secure boot administration in a Unified Extensible Firmware Interface (UEFI)-compliant computing device
US8335931B2 (en) Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
CN106462708B (en) Authenticate the management method and device of variable
US8806481B2 (en) Providing temporary exclusive hardware access to virtual machine while performing user authentication
EP2583410B1 (en) Single-use authentication methods for accessing encrypted data
US10788984B2 (en) Method, device, and system for displaying user interface
CN105447406A (en) Method and apparatus for accessing storage space
US9424425B2 (en) Protecting anti-malware processes
US10333925B2 (en) Seamless provision of authentication credential data to cloud-based assets on demand
EP3651428A1 (en) Authentication protection system and method based on trusted environment, and storage medium
CN107077565A (en) The collocation method and equipment of a kind of safe configured information
CN109446822B (en) Authority management method and system
CN103765429A (en) Digital signing authority dependent platform secret
EP3336734B1 (en) Fingerprint information secure call method, apparatus, and mobile terminal
US20230229760A1 (en) Mobile device with secure private memory
CN110096881A (en) Malice calls means of defence, device, equipment and computer-readable medium
CN109522709B (en) Security processing method and electronic device
CN109977039A (en) HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing
US10719456B2 (en) Method and apparatus for accessing private data in physical memory of electronic device
CN108241798B (en) Method, device and system for preventing machine refreshing
EP3440586B1 (en) Method for write-protecting boot code if boot sequence integrity check fails
US20230041769A1 (en) Management system for disk encryption
CN104112098A (en) Loading control method for kernel module in operating system
WO2020207292A1 (en) Data security processing system and method, storage medium, processor, and hardware security card
WO2009088362A1 (en) Limiting access to file and folder on a storage device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant