CN109960536B - Electronic equipment safety starting method and device and electronic equipment - Google Patents

Electronic equipment safety starting method and device and electronic equipment Download PDF

Info

Publication number
CN109960536B
CN109960536B CN201910242186.4A CN201910242186A CN109960536B CN 109960536 B CN109960536 B CN 109960536B CN 201910242186 A CN201910242186 A CN 201910242186A CN 109960536 B CN109960536 B CN 109960536B
Authority
CN
China
Prior art keywords
electronic equipment
electronic device
user
distance
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910242186.4A
Other languages
Chinese (zh)
Other versions
CN109960536A (en
Inventor
融志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201910242186.4A priority Critical patent/CN109960536B/en
Publication of CN109960536A publication Critical patent/CN109960536A/en
Application granted granted Critical
Publication of CN109960536B publication Critical patent/CN109960536B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Abstract

The present disclosure provides a method for safely starting an electronic device, which is applied to a first electronic device, and includes: responding to a starting triggering event, and acquiring first information, wherein the first information is used for representing the distance between the first electronic equipment and second electronic equipment bound with the first electronic equipment; if the distance is smaller than the preset distance, starting the first electronic equipment; and if the distance is not less than the preset distance, sending a reminding message to the second electronic equipment. The disclosure also provides an electronic equipment safety starting device and electronic equipment.

Description

Electronic equipment safety starting method and device and electronic equipment
Technical Field
The disclosure relates to an electronic equipment safety starting method and device and electronic equipment.
Background
With the continuous development of computer technology and internet technology, various electronic devices are different, and basically, each user has two or more electronic devices, such as a personal computer, a tablet computer, a smart phone, a smart watch, a game console, and the like. In some cases, the electronic devices owned by the user are not located at the user's side, and these electronic devices are outside the physical range directly manageable by the user, and may be subject to unauthorized use by other users.
In the prior art, unauthorized use of other users is generally prevented by setting a password for an electronic device, but after the password is set, inconvenience is caused to the use of the user with the use authority.
Disclosure of Invention
One aspect of the present disclosure provides an electronic device secure booting method, applied to a first electronic device, including: and responding to a starting triggering event, and acquiring first information, wherein the first information is used for representing the distance between the first electronic equipment and second electronic equipment bound with the first electronic equipment. And if the distance is less than the preset distance, starting the first electronic equipment. And if the distance is not less than the preset distance, sending a reminding message to the second electronic equipment.
Optionally, the acquiring the first information includes: calculating relative position information of the first electronic equipment and one or more base stations based on signal strength of a mobile communication network, and determining the first position information based on the relative position information. Receiving the second position information sent by the second electronic device, wherein the second position information is determined based on the relative position information of the second electronic device and the one or more base stations. And determining the first information based on the first location information and the second location information.
Optionally, if the distance represented by the first information is not less than the predetermined distance, the method further includes: and verifying based on the identity authentication information input by the user, and starting the first electronic equipment when the verification is passed.
Optionally, before responding to the boot trigger event, the method further includes: the method comprises the steps of responding to a binding trigger event about the second electronic equipment in a started state of the first electronic equipment, binding with the second electronic equipment, and storing credible identity authentication information corresponding to the second electronic equipment when the binding with the second electronic equipment is successful. On this basis, the verifying based on the identity authentication information input by the user includes: and receiving identity authentication information input by a user, matching the identity authentication information with the credible identity authentication information, and passing verification when the matching is successful.
Optionally, the binding with the second electronic device includes: and sending first dynamic verification information to the second electronic equipment based on a base station transfer mode or an equipment direct connection mode of a mobile communication network. And if the first dynamic verification information input by the user is received within a first preset time limit, determining that the binding with the second electronic equipment is successful, and if the first dynamic verification information input by the user is not received within the first preset time limit, determining that the binding with the second electronic equipment is failed.
Optionally, if the distance represented by the first information is not less than the predetermined distance, the method further includes: and sending second dynamic verification information to the second electronic equipment. The verifying based on the identity authentication information input by the user comprises: and receiving identity authentication information input by a user within a second preset time limit, matching the identity authentication information with the second dynamic verification information, and passing the verification when the matching is successful.
Optionally, the sending the reminding message to the second electronic device includes: sending a reminding message to the second electronic equipment before the authentication information input by the user is verified. Or after the identity authentication information input by the user is verified, sending a reminding message to the second electronic equipment when the verification fails.
Optionally, after the sending of the reminding message to the second electronic device, the method further includes: and starting the first electronic equipment if the trust representation message returned by the second electronic equipment is received.
Another aspect of the present disclosure provides an electronic device security starting apparatus, which is applied to a first electronic device and includes an obtaining module, a first starting module, and a reminding module. The obtaining module is used for responding to a starting triggering event and obtaining first information, wherein the first information is used for representing the distance between the first electronic equipment and second electronic equipment bound with the first electronic equipment. The first starting module is used for starting the first electronic equipment when the distance is smaller than the preset distance. And the reminding module is used for sending a reminding message to the second electronic equipment when the distance is not less than the preset distance.
Optionally, the obtaining module includes a calculating sub-module, a first determining sub-module, a position information receiving sub-module, and a second determining sub-module. The calculation submodule is used for calculating the relative position information of the first electronic equipment and one or more base stations based on the signal strength of the mobile communication network. The first determining submodule is used for determining the first position information based on the relative position information. The position information receiving submodule is used for receiving the second position information sent by the second electronic equipment, wherein the second position information is determined based on the relative position information of the second electronic equipment and the one or more base stations. And a second determination submodule for determining the first information based on the first location information and the second location information.
Optionally, the apparatus further includes a verification module and a second starting module. The verification module is used for verifying based on identity authentication information input by a user when the distance is not less than the preset distance. And the second starting module is used for starting the first electronic equipment when the verification is passed.
Optionally, the apparatus further includes a binding module and a storage module. The binding module is used for responding to a binding trigger event related to the second electronic equipment and binding with the second electronic equipment in a started state of the first electronic equipment before the acquisition module responds to the starting trigger event. And the storage module is used for storing the credible identity authentication information corresponding to the second electronic equipment when the binding with the second electronic equipment is successful. On the basis, the verification module comprises a first authentication information receiving sub-module and a first matching sub-module. The first authentication information receiving submodule is used for receiving identity authentication information input by a user. And the first matching sub-module is used for matching the identity authentication information with the credible identity authentication information, and the verification is passed when the matching is successful.
Optionally, the binding module includes a sending sub-module and a verification information receiving sub-module. The sending submodule is used for sending first dynamic verification information to the second electronic equipment based on a base station transfer mode or an equipment direct connection mode of a mobile communication network. The verification information receiving submodule is used for determining that the first dynamic verification information input by a user is successfully bound with the second electronic equipment when the first dynamic verification information input by the user is received within a first preset time limit, and determining that the first dynamic verification information input by the user is not received within the first preset time limit, and the second dynamic verification information is unsuccessfully bound with the second electronic equipment.
Optionally, the apparatus further includes a sending module, configured to send second dynamic verification information to the second electronic device when the distance represented by the first information is not less than the predetermined distance. On the basis, the verification module comprises a second authentication information receiving sub-module and a second matching sub-module. The second authentication information receiving submodule is used for receiving the identity authentication information input by the user within a second preset time limit. And the second matching sub-module is used for matching the identity authentication information with the second dynamic verification information, and the verification is passed when the matching is successful.
Optionally, the prompting module is configured to send a prompting message to the second electronic device before the verification module performs verification based on the identity authentication information input by the user, or send a prompting message to the second electronic device when the verification fails after the verification module performs verification based on the identity authentication information input by the user.
Optionally, the apparatus further includes a third starting module, configured to start the first electronic device if a trust indication message returned by the second electronic device is received after the reminding module sends the reminding message to the second electronic device.
Another aspect of the present disclosure provides an electronic device including: memory, processor and computer program stored on the memory and executable on the processor for implementing the method as described above when the processor executes the program.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1A to 1B schematically illustrate an application scenario of an electronic device and a method and apparatus for safely starting the electronic device according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a method for secure booting of an electronic device according to an embodiment of the present disclosure;
FIG. 3 schematically shows a schematic diagram of obtaining first information according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow chart of a method for secure booting of an electronic device according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of an electronic device secure boot apparatus according to an embodiment of the present disclosure;
FIG. 6 schematically illustrates a block diagram of an electronic device secure boot apparatus according to another embodiment of the present disclosure; and
fig. 7 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system.
The embodiment of the disclosure provides a method and a device for safely starting electronic equipment and the electronic equipment capable of applying the method. The method is applied to first electronic equipment and comprises a first information acquisition stage, a safety judgment stage, a starting stage and a reminding stage. In a first information acquisition phase, in response to a power-on trigger event for a first electronic device, first information representing a distance between the first electronic device and a second electronic device bound with the first electronic device is acquired. And then entering a safety judgment stage to judge whether the distance between the first electronic equipment and the second electronic equipment is smaller than a preset distance. And if the current value is not less than the preset value, entering a starting stage, starting the first electronic equipment, and if the current value is not less than the preset value, entering a reminding stage, and sending a reminding message to the second electronic equipment to inform that the second electronic equipment currently tries to start the first electronic equipment.
Fig. 1A to 1B schematically illustrate an electronic device secure boot method, apparatus, and application scenario of an electronic device according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1A, a scenario in which the same user has administrative rights to multiple electronic devices is shown. The application scenario may include a user 100 and electronic devices 101, 102, 103, the user 100 having administrative rights to the electronic devices 101, 102, 103.
The electronic devices 101, 102, 103 may be a variety of electronic devices having the same or different functionality, including but not limited to smartphones, smartwatches, smart glasses, game consoles, tablet computers, laptop portable computers, desktop computers, and the like. The user 100 can use the electronic devices 101, 102, 103 to perform various operations, such as browsing web pages, social networking, information processing, entertainment, etc., to meet various needs in work and life.
The electronic devices 101, 102, and 103 may communicate with each other in a direct or relay manner, for example, any two of the electronic devices 101, 102, and 103 may communicate with each other through various wired or wireless Communication links, such as D2D (Device to Device), Bluetooth (Bluetooth), RFID (Radio Frequency Identification), Cellular Mobile Communication (Cellular Mobile Communication), and fiber optic cable.
As shown in FIG. 1B, another user 100 ' does not have administrative rights to the electronic devices 101, 102, 103, and the user 100 ' is now unauthorized to use the electronic device 101 without the user's 100 permission. As mentioned above, the electronic devices 101, 102, 103 may communicate with each other in a direct or relay manner, and the information related to the event that the user 100' uses the electronic device 101 may be transmitted from the electronic device 101 to the other electronic devices 102 and 103 of the user 100.
It should be noted that the electronic device secure boot method provided by the embodiment of the present disclosure may be generally executed by any electronic device of the electronic devices 101, 102, and 103. Accordingly, the electronic device security starting apparatus provided by the embodiment of the present disclosure may be generally disposed in any electronic device of the electronic devices 101, 102, and 103.
It should be understood that the number of electronic devices, the variety of electronic devices in fig. 1 are merely illustrative. Any number and variety of electronic devices may be present, as desired for implementation.
Fig. 2 schematically shows a flowchart of an electronic device secure boot method according to an embodiment of the present disclosure, which is applied to a first electronic device.
As shown in fig. 2, the method includes operations S201 to S203.
In operation S201, in response to a power-on trigger event, first information is acquired.
The acquired first information is used for representing the distance between the first electronic device and the second electronic device bound with the first electronic device.
In operation S202, if the distance between the first electronic device and the second electronic device, which is characterized by the first information, is less than the predetermined distance, the first electronic device is started.
In operation S203, if the distance between the first electronic device and the second electronic device, which is characterized by the first information, is not less than the predetermined distance, a reminder message is sent to the second electronic device.
It can be seen that according to the method shown in fig. 2, when the first electronic device is triggered to be powered on, first information representing a distance between the first electronic device and the second electronic device bound to the first electronic device is obtained. When the distance between the first electronic device and the second electronic device is smaller than the predetermined distance, it indicates that the first electronic device is currently located near the second electronic device belonging to the same user, i.e. within a physical range directly manageable by the user having the administrative authority. The power-on triggering event of the first electronic device is considered to be safe at this time, and may be performed by the user with the administrative authority or other users closely authorized by the user with the administrative authority, for example, so that the first electronic device can be directly started. And when the distance between the first electronic device and the second electronic device is not less than the predetermined distance, it indicates that the first electronic device is currently far away from the second electronic device belonging to the same user, that is, the first electronic device may not be within a physical range directly manageable by the user having the administrative authority. At this time, the power-on trigger event of the first electronic device is considered to be possibly unsafe, so that a reminding message is sent to the second electronic device to inform a user with management authority of the power-on trigger event. According to the safe starting method of the electronic equipment, safety and convenience can be both considered, and the use habits and requirements of users are met.
For example, the first electronic device is a personal computer, the second electronic device is a smartphone bound to the first electronic device, and both the first electronic device and the second electronic device belong to the user a. When the first electronic device is triggered to be started, the first electronic device first acquires first information representing the distance between the first electronic device and the second electronic device, namely, acquires the distance information between the personal computer of the user A and the smart phone. When the distance between the personal computer of the user A and the smart phone is smaller than the preset distance, the fact that the personal computer of the user A is currently located near the smart phone of the user A is indicated. The power-on triggering event of the first electronic device is considered to be safe at this time, and may be performed by the user a himself or by another user B closely authorized by the user a, so that the first electronic device can be directly started. When the distance between the personal computer of the user A and the smart phone is not less than the preset distance, the fact that the personal computer of the user A is far away from the smart phone of the user A currently means that the personal computer of the user A is not close to the user A currently because the user A can carry the smart phone with the user A under normal conditions. At this point, it is considered that the power-on trigger event of the first electronic device may not be safe, and therefore, a reminder message is sent to the second electronic device to inform the user a that someone is trying to start the first electronic device.
In one embodiment of the present disclosure, first information characterizing a distance between a first electronic device and a second electronic device is obtained based on location information of the first electronic device and location information of the second electronic device. The location information of the first electronic device and the second electronic device may be obtained by a base station location technique. For example, the acquiring of the first information in operation S201 may include: calculating relative position information of the first electronic equipment and one or more base stations based on signal strength of a mobile communication network, and determining the first position information based on the relative position information. Receiving the second position information sent by the second electronic device, wherein the second position information is determined based on the relative position information of the second electronic device and the one or more base stations. And determining the first information based on the first location information and the second location information.
Fig. 3 schematically shows a schematic diagram of acquiring first information according to an embodiment of the present disclosure.
As shown in fig. 3, the first electronic device is a computer 301, the second electronic device is a smartphone 302, and both the first electronic device and the second electronic device have a mobile communication module. A base station 1, a base station 2, a base station 3, a base station 4 and a base station 5 are arranged in a mobile communication environment of a first electronic device and a second electronic device, and the positions of the base station 1, the base station 2, the base station 3, the base station 4 and the base station 5 are different from each other and position information is known. For the first electronic device, based on the principle that the signal strength is related to the communication distance, the first location information of the first electronic device can be calculated according to the mobile communication signal strength between the first electronic device and each base station and the location information of each base station. Similarly, for the second electronic device, second location information of the second electronic device can be calculated according to the mobile communication signal strength between the second electronic device and each base station and the location information of each base station. The first electronic device can acquire second position information sent by the second electronic device through various wired, wireless, direct or transit communication modes, and determine first information according to the first position information and the second position information, wherein the first information represents a distance D between the first electronic device and the second electronic device.
In other embodiments of the present disclosure, the location information of the first electronic device and the second electronic device may also be obtained by a wireless Positioning technology such as a GPS (Global Positioning System) Positioning technology, a Wi-Fi Positioning technology, and the like. The manner in which the first electronic device obtains the location information and the manner in which the second electronic device obtains the location information may be the same or different, and need not be limited herein, depending on the specific functions of the first electronic device and the second electronic device.
Fig. 4 schematically shows a flowchart of an electronic device secure booting method according to another embodiment of the present disclosure, which is applied to a first electronic device.
As shown in fig. 4, the method includes operations S401 to S407.
In operation S401, in a state in which a first electronic device has been started, a binding is performed with a second electronic device in response to a binding trigger event with respect to the second electronic device.
In operation S402, in a state where the first electronic device is not started, in response to a power-on trigger event, first information representing a distance between the first electronic device and the second electronic device is acquired.
In operation S403, it is determined whether the distance between the first electronic device and the second electronic device is less than a predetermined distance, and if so, operation S404 is performed, and if not, operation S405 is performed.
In operation S404, the first electronic device is started.
In operation S405, authentication information input by a user is received.
In operation S406, it is determined whether the identity authentication information passes the verification, and if so, operation S404 is performed, and if not, operation S407 is performed.
In operation S407, a reminder message is transmitted to the second electronic device.
In an embodiment of the present disclosure, the binding, in operation S401, the first electronic device, in response to a binding trigger event of the second electronic device, with the second electronic device may include: and sending first dynamic verification information to the second electronic equipment based on a base station transfer mode or an equipment direct connection mode of a mobile communication network, wherein the first dynamic verification information is valid within a first preset time limit. And if the first dynamic verification information input by the user is received within a first preset time limit, determining that the binding with the second electronic equipment is successful, and if the first dynamic verification information input by the user is not received within the first preset time limit, determining that the binding with the second electronic equipment is failed.
Further, when the first electronic device and the second electronic device are successfully bound, the first electronic device stores the trusted identity authentication information corresponding to the second electronic device. On this basis, as an alternative embodiment, the process of determining whether the identity authentication information input by the user is verified in operation S406 may be: and matching the identity authentication information input by the user with the credible identity authentication information stored when the binding is successful, determining that the verification is passed when the matching is successful, and determining that the verification is not passed when the matching is failed.
In another embodiment of the present disclosure, when it is determined that the distance between the first electronic device and the second electronic device is not less than the predetermined distance, before the receiving of the identity authentication information input by the user in operation S405, the method for securely booting the electronic device according to an embodiment of the present disclosure may further include: and the first electronic equipment sends second dynamic verification information to the second electronic equipment, wherein the second dynamic verification information is valid within a second preset time.
After sending the second dynamic verification information to the second electronic device, as an optional embodiment, the operation of receiving the identity authentication information input by the user may be: the process of receiving the authentication information input by the user within the second predetermined time period, and then determining whether the authentication information input by the user passes the verification in operation S406 may be: and matching the identity authentication information with the second dynamic verification information, determining that the verification is passed when the matching is successful, and determining that the verification is not passed when the matching is failed.
The above description is made on an example in which the first electronic device is a personal computer X, the second electronic device is a smartphone Y, and both the first electronic device and the second electronic device belong to a user a. When the smart phone Y used by the user A needs to be associated with the personal computer X, the user A sends a binding request to the personal computer X by using the smart phone Y, and the personal computer X responds to the binding request, sends first dynamic verification information with the validity period being a first preset time period to the smart phone Y in a short message mode or a D2D communication mode, and displays a verification information input interface. If the personal computer X receives the first dynamic verification information input by the user within the first preset time, the current user of the smart phone Y is consistent with the user of the personal computer X, and the binding success state is determined. On the contrary, if the personal computer X does not receive the first dynamic verification information input by the user within the first predetermined time or the received verification information is not matched with the first dynamic verification information, which indicates that the user of the smart phone Y is not consistent with the user of the personal computer X, the binding failure state is determined. After the binding is successful, the personal computer X stores the trusted identity authentication information corresponding to the smart phone Y.
The above description describes the binding process of two electronic devices, and similarly, when a user wishes to associate a plurality of electronic devices used by the user, all electronic devices can be bound by the binding, and a plurality of electronic devices can be bound with the same device or can be bound between two electronic devices. After the binding process, any two electronic devices in the plurality of electronic devices may be in a direct binding state or an indirect binding state. And after binding is successful, one or more pieces of trusted identity authentication information can be stored, and can be set according to needs.
After the personal computer X of the user A is bound with other electronic equipment of the user A, the operation can be carried out with safety and convenience taken into account. When the personal computer X is not started, a BIOS (Basic Input/Output System) of the personal computer X calls a mobile communication module to acquire first location information of the personal computer X through a base station positioning technology in response to a power-on trigger event, acquires second location information of the smart phone Y through a short message mode or a D2D communication mode or other various wired/wireless communication modes, and determines a distance between the personal computer X and the smart phone Y according to the first location information and the second location information. The mobile communication module in the personal computer X may be a 5G (5th generation wireless systems, fifth generation mobile communication technology) mobile communication module, or may be another type of mobile communication module, and may be set according to specific situations.
If the distance between the current personal computer X and the smart phone Y is smaller than the preset distance, the fact that the personal computer X and the smart phone Y are close to each other is indicated, and the operator of the personal computer X is the user A or the user B authorized by the user A in a close range, the BIOS system directly starts the operating system of the personal computer X to enable the operating system to work normally, identity authentication information does not need to be input, and the method is quite convenient and fast.
If the distance between the personal computer X and the smart phone Y is not smaller than the preset distance, the personal computer X and the smart phone Y are far away from each other. In order to avoid unauthorized use of the personal computer X by other users, as an alternative embodiment, the BIOS system of the personal computer X displays an authentication information input interface, receives authentication information input by a user, matches the input authentication information with pre-stored trusted authentication information, and starts the operating system of the personal computer X only when the matching is successful. The above process can be applied to the following three cases: (1) user a uses personal computer X at a first location, but user a's smartphone Y is dropped at a second location; (2) user A is not in the vicinity of personal computer X, and user B uses personal computer X via the authorization of user A; and (3) user A is not in the vicinity of personal computer X, and user B uses personal computer X without authorization from user A. In the first two cases, the personal computer X can be normally used by inputting correct authentication information (the user a directly inputs or the user a informs the user B of the input), while in the third case, the personal computer X is used in an unauthorized manner, and the security is ensured by the matching process of the authentication information.
According to the embodiment, for (2) the user a is not near the personal computer X, and the user B uses the personal computer X via the authorization of the user a, the user a needs to inform the user B of the trusted authentication information. Therefore, as a more preferred embodiment, after determining that the distance between the current personal computer X and the smartphone Y is not less than the predetermined distance, in order to avoid unauthorized use of the personal computer X by other users, the BIOS system of the personal computer X sends second dynamic verification information having a validity period of a second predetermined time period to the smartphone Y in a short message manner, a D2D communication manner, or other various wired/wireless communication manners, and displays an authentication information input interface, receives authentication information input by a user within the second predetermined time period, matches the input authentication information with the second dynamic verification information, and starts the operating system of the personal computer X when matching is successful. Therefore, when the user A allows the user B to use the personal computer X temporarily, the user A can inform the user B of the second dynamic verification information which is valid in the current short time, and after the use is finished, the user B can not start the operating system of the personal computer X by using the second dynamic verification information.
According to the method for safely starting the electronic device of the embodiment of the disclosure, the operation of sending the reminding message to the second electronic device by the first electronic device may be performed before receiving the identity authentication information input by the user and performing verification based on the identity authentication information input by the user, or may be performed when the verification fails after performing verification based on the identity authentication information input by the user, so as to remind the user with the management authority that the first electronic device is currently attempted to be used.
Further, in an embodiment of the present disclosure, after the first electronic device sends the reminder message to the second electronic device, the method for securely starting an electronic device according to the embodiment of the present disclosure may further include: and starting the first electronic equipment if the trust representation message returned by the second electronic equipment is received.
For example, for the case where the user a is not near the personal computer X and the user a authorizes the user B to use the personal computer X, the personal computer X sends a reminder message to the smartphone Y when determining that the smartphone Y is not near, and the user a sends an information presentation message to the personal computer X through the smartphone Y after receiving the reminder message, which indicates that the operation of the user B is an operation with a high security level, and may directly start the operating system of the personal computer X.
It should be noted that, the implementation process of the secure boot method of the electronic device according to the embodiment of the present disclosure is described above by taking the personal computer X and the smartphone Y as examples, in other embodiments, the first electronic device and the second electronic device may be various types of electronic devices, and the number of the second electronic devices may be one or more, which does not affect the implementation of the present solution.
Fig. 5 schematically shows a block diagram of an electronic device security activation apparatus 500 according to an embodiment of the present disclosure, which is applied to a first electronic device.
As shown in fig. 5, the electronic device security activation apparatus 500 includes: an acquisition module 510, a first initiation module 520, and a reminder module 530.
The obtaining module 510 is configured to obtain first information in response to a power-on trigger event, where the first information is used to represent a distance between the first electronic device and a second electronic device bound to the first electronic device.
The first starting module 520 is used for starting the first electronic device when the distance is smaller than a predetermined distance.
The reminding module 530 is configured to send a reminding message to the second electronic device when the distance is not less than the predetermined distance.
Fig. 6 schematically shows a block diagram of an electronic device security activation apparatus according to another embodiment of the present disclosure, where the electronic device security activation apparatus 600 is applied to a first electronic device.
As shown in fig. 6, the electronic device security activation apparatus 600 includes: an acquisition module 610, a first start module 620 and a reminder module 630. The obtaining module 610, the first starting module 620 and the reminding module 630 respectively have functions corresponding to the obtaining module 510, the first starting module 520 and the reminding module 530, and repeated parts are not described herein again.
In one embodiment of the present disclosure, the obtaining module 610 includes a calculating sub-module 611, a first determining sub-module 612, a location information receiving sub-module 613, and a second determining sub-module 614.
The calculation sub-module 611 is configured to calculate relative location information of the first electronic device and one or more base stations based on the signal strength of the mobile communication network. The first determining submodule 612 is configured to determine the first position information based on the relative position information. The location information receiving submodule 613 is configured to receive the second location information sent by the second electronic device, where the second location information is determined based on the relative location information of the second electronic device and the one or more base stations. And a second determining submodule 614 for determining the first information based on the first location information and the second location information.
In one embodiment of the present disclosure, the electronic device security activation apparatus 600 further includes an authentication module 640 and a second activation module 650.
The verification module 640 is configured to perform verification based on the identity authentication information input by the user when the distance is not less than the predetermined distance. And a second enabling module 650 for enabling the first electronic device when the authentication is passed.
In one embodiment of the present disclosure, the electronic device security boot apparatus 600 further includes a binding module 660 and a storage module 670.
The binding module 660 is configured to, before the obtaining module responds to the power-on trigger event, respond to a binding trigger event related to the second electronic device in a state where the first electronic device is started, and bind with the second electronic device. And the storage module 670 is configured to store the trusted identity authentication information corresponding to the second electronic device when the binding with the second electronic device is successful.
On this basis, the verification module 640 includes a first authentication information receiving sub-module 641 and a first matching sub-module 642. The first authentication information receiving sub-module 641 is configured to receive identity authentication information input by a user. And the first matching sub-module 642 is configured to match the identity authentication information with the trusted identity authentication information, and when the matching is successful, the verification is passed.
In one embodiment of the present disclosure, the binding module 660 includes a transmitting sub-module 661 and a verification information receiving sub-module 662.
The sending submodule 661 is configured to send the first dynamic verification information to the second electronic device based on a base station relay mode or an equipment direct mode of a mobile communication network. The verification information receiving submodule 662 is used for determining that the binding with the second electronic device is successful when the first dynamic verification information input by the user is received within a first preset time limit; and determining that the binding with the second electronic device fails when the first dynamic verification information input by the user is not received within a first preset time limit.
In an embodiment of the present disclosure, the electronic device security activation apparatus 600 further includes a sending module 680, configured to send second dynamic verification information to the second electronic device when the distance represented by the first information is not less than the predetermined distance.
On this basis, the verification module 640 includes a second authentication information receiving sub-module 643 and a second matching sub-module 644.
The second authentication information receiving sub-module 643 is configured to receive the identity authentication information input by the user within a second predetermined time period. And a second matching sub-module 644 is configured to match the identity authentication information with the second dynamic verification information, and when the matching is successful, the verification is passed.
As an alternative embodiment, the reminding module 630 is configured to send a reminding message to the second electronic device before the verification module 640 performs verification based on the identity authentication information input by the user, or send a reminding message to the second electronic device when the verification fails after the verification module 640 performs verification based on the identity authentication information input by the user.
In an embodiment of the present disclosure, the electronic device security activation apparatus 600 further includes a third activation module 690, configured to activate the first electronic device if a trust indication message returned by the second electronic device is received after the reminder module sends a reminder message to the second electronic device.
It should be noted that the implementation, solved technical problems, implemented functions, and achieved technical effects of each module/unit/subunit and the like in the apparatus part embodiment are respectively the same as or similar to the implementation, solved technical problems, implemented functions, and achieved technical effects of each corresponding step in the method part embodiment, and are not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any number of the obtaining module 610, the first starting module 620 and the reminding module 630, the verifying module 640 and the second starting module 650, the binding module 660, the storing module 670, the sending module 680, and the third starting module 690 may be combined into one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 610, the first starting module 620 and the reminding module 630, the verifying module 640 and the second starting module 650, the binding module 660, the storing module 670, the sending module 680, and the third starting module 690 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the obtaining module 610, the first initiating module 620 and the alerting module 630, the verifying module 640 and the second initiating module 650, the binding module 660, the storing module 670, the sending module 680, and the third initiating module 690 may be at least partially implemented as a computer program module which, when executed, may perform a corresponding function.
Fig. 7 schematically shows a block diagram of an electronic device adapted to implement the above described method according to an embodiment of the present disclosure. The intelligent conversation system shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 includes a processor 710 and a computer-readable storage medium 720. The electronic device 700 may perform a method according to an embodiment of the present disclosure.
In particular, processor 710 may comprise, for example, a general purpose microprocessor, an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 710 may also include on-board memory for caching purposes. Processor 710 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
Computer-readable storage medium 720, for example, may be a non-volatile computer-readable storage medium, specific examples including, but not limited to: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and so on.
The computer-readable storage medium 720 may include a computer program 721, which computer program 721 may include code/computer-executable instructions that, when executed by the processor 710, cause the processor 710 to perform a method according to an embodiment of the disclosure, or any variation thereof.
The computer program 721 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 721 may include one or more program modules, including 721A, modules 721B, … …, for example. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 710 may execute the method according to the embodiment of the present disclosure or any variation thereof when the program modules are executed by the processor 710.
According to an embodiment of the present invention, at least one of the obtaining module 610, the first starting module 620 and the reminding module 630, the verifying module 640 and the second starting module 650, the binding module 660, the storing module 670, the sending module 680, and the third starting module 690 may be implemented as a computer program module as described with reference to fig. 7, which when executed by the processor 710, may implement the above-described knowledge-base-based answer generating method.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.

Claims (10)

1. A safe starting method of electronic equipment is applied to first electronic equipment and comprises the following steps:
responding to a starting triggering event, and acquiring first information, wherein the first information is used for representing the distance between the first electronic equipment and second electronic equipment bound with the first electronic equipment;
if the distance is smaller than the preset distance, starting the first electronic equipment; and
and if the distance is not less than the preset distance, verifying based on identity authentication information input by the user through the first electronic equipment, and sending a reminding message to the second electronic equipment when the verification fails.
2. The method of claim 1, wherein the obtaining first information comprises:
calculating relative position information of the first electronic equipment and one or more base stations based on the signal strength of a mobile communication network;
determining first location information based on the relative location information;
receiving second position information sent by the second electronic device, wherein the second position information is determined based on relative position information of the second electronic device and the one or more base stations; and
determining the first information based on the first location information and the second location information.
3. The method of claim 1, wherein if the distance is not less than the predetermined distance, the method further comprises: and starting the first electronic equipment when the verification is passed.
4. The method of claim 3, wherein:
before responding to the power-on trigger event, the method further comprises:
in a state that the first electronic device is started, responding to a binding trigger event about the second electronic device, and binding with the second electronic device; and
when the binding with the second electronic equipment is successful, storing credible identity authentication information corresponding to the second electronic equipment;
the verification based on the identity authentication information input by the user through the first electronic device comprises:
receiving identity authentication information input by a user; and
and matching the identity authentication information with the credible identity authentication information, and when the matching is successful, passing the verification.
5. The method of claim 4, wherein the binding with the second electronic device comprises:
sending first dynamic verification information to the second electronic equipment based on a base station transfer mode or an equipment direct connection mode of a mobile communication network;
if the first dynamic verification information input by a user is received within a first preset time limit, determining that the binding with the second electronic equipment is successful; and
and if the first dynamic verification information input by the user is not received within a first preset time limit, determining that the binding with the second electronic equipment fails.
6. The method of claim 3, wherein:
if the distance is not less than the predetermined distance, the method further comprises: sending second dynamic verification information to the second electronic device;
the verification based on the identity authentication information input by the user through the first electronic device comprises:
receiving identity authentication information input by a user within a second preset time limit; and
and matching the identity authentication information with the second dynamic verification information, and passing the verification when the matching is successful.
7. The method of claim 3, further comprising:
and sending a reminding message to the second electronic equipment before verification is carried out based on the identity authentication information input by the user through the first electronic equipment.
8. The method of claim 1, wherein after the sending of the alert message to the second electronic device, the method further comprises:
and starting the first electronic equipment if the trust representation message returned by the second electronic equipment is received.
9. A kind of electronic device safe starting device, apply to the first electronic device, including:
the obtaining module is used for responding to a starting triggering event and obtaining first information, wherein the first information is used for representing the distance between the first electronic equipment and second electronic equipment bound with the first electronic equipment;
the starting module is used for starting the first electronic equipment when the distance is smaller than a preset distance; and
and the reminding module is used for verifying based on the identity authentication information input by the user through the first electronic equipment when the distance is not less than the preset distance, and sending a reminding message to the second electronic equipment when the verification fails.
10. An electronic device, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executing the program for implementing:
responding to a starting triggering event, and acquiring first information, wherein the first information is used for representing the distance between the electronic equipment and another electronic equipment bound with the electronic equipment;
if the distance is smaller than the preset distance, starting the electronic equipment; and
and if the distance is not less than the preset distance, verifying based on the identity authentication information input by the user through the first electronic equipment, and sending a reminding message to the other electronic equipment when the verification fails.
CN201910242186.4A 2019-03-27 2019-03-27 Electronic equipment safety starting method and device and electronic equipment Active CN109960536B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910242186.4A CN109960536B (en) 2019-03-27 2019-03-27 Electronic equipment safety starting method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910242186.4A CN109960536B (en) 2019-03-27 2019-03-27 Electronic equipment safety starting method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN109960536A CN109960536A (en) 2019-07-02
CN109960536B true CN109960536B (en) 2021-09-14

Family

ID=67025066

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910242186.4A Active CN109960536B (en) 2019-03-27 2019-03-27 Electronic equipment safety starting method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN109960536B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111259372B (en) * 2020-02-06 2023-06-23 联想(北京)有限公司 Security verification method and electronic device
CN114980093A (en) * 2021-02-18 2022-08-30 Oppo广东移动通信有限公司 Equipment verification method and device, computer equipment and storage medium

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8539382B2 (en) * 2009-04-03 2013-09-17 Palm, Inc. Preventing unintentional activation and/or input in an electronic device
CN102790674B (en) * 2011-05-20 2016-03-16 阿里巴巴集团控股有限公司 Auth method, equipment and system
CN105528538B (en) * 2014-09-28 2019-06-11 酷派软件技术(深圳)有限公司 The starting method and starter of terminal system
CN105991600B (en) * 2015-02-25 2019-06-21 阿里巴巴集团控股有限公司 Identity identifying method, device, server and terminal
WO2016177666A1 (en) * 2015-05-01 2016-11-10 Assa Abloy Ab Using multiple mobile devices to determine position, location, or inside/outside door
CN104933351B (en) * 2015-05-26 2018-10-26 小米科技有限责任公司 The treating method and apparatus of information security
CN106127482A (en) * 2016-06-30 2016-11-16 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN106326709B (en) * 2016-08-26 2019-04-09 黄永洪 A kind of intelligent terminal security processing and device
CN115988133A (en) * 2017-06-02 2023-04-18 华为技术有限公司 Unlocking method and device
CN107197075B (en) * 2017-07-03 2019-11-05 深圳市海邻科信息技术有限公司 Clean boot means of defence, device and computer readable storage medium
CN108076213A (en) * 2017-10-30 2018-05-25 努比亚技术有限公司 A kind of terminal based reminding method, terminal and computer readable storage medium
CN108171045A (en) * 2018-01-15 2018-06-15 联想(北京)有限公司 Electronic equipment and its control method
CN108958812A (en) * 2018-06-06 2018-12-07 联想(北京)有限公司 A kind of starting method and electronic equipment
CN108959868B (en) * 2018-06-28 2022-05-10 南昌华勤电子科技有限公司 Computer starting method and device and computer

Also Published As

Publication number Publication date
CN109960536A (en) 2019-07-02

Similar Documents

Publication Publication Date Title
US11669338B2 (en) Device locator disable authentication
CN112771826B (en) Application program login method, application program login device and mobile terminal
RU2672712C2 (en) Mobile communication device and method for operation thereof
CN105493044B (en) Mobile communications device and its operating method
CN105306204B (en) Security verification method, device and system
KR102341247B1 (en) Express credential transaction system
CN111066284B (en) Service certificate management method, terminal and server
KR20180060300A (en) Method for Managing Program and Electronic Device supporting the same
US10318722B2 (en) Power charger authorization for a user equipment via a cryptographic handshake
CN107451813B (en) Payment method, payment device and payment server
KR101654778B1 (en) Hardware-enforced access protection
TW201905688A (en) A device that authorizes operations to be performed on a target computing device
EP2974123B1 (en) Systems and methods for account recovery using a platform attestation credential
US20150242602A1 (en) Network authentication method for secure user identity verification using user positioning information
US20200007334A1 (en) User authentication using a companion device
CN111800273B (en) Information processing method, electronic device, and storage medium
CN110795737A (en) Method and terminal equipment for upgrading service application range of electronic identity card
CN109960536B (en) Electronic equipment safety starting method and device and electronic equipment
KR20230110613A (en) Virtual key sharing system and method
US20220014353A1 (en) Method by which device shares digital key
US10169619B2 (en) Physical token based secured charge management of a user equipment
WO2016209370A1 (en) Handling risk events for a mobile device
US10819711B2 (en) Data access method, user equipment and server
CN111125705B (en) Capability opening method and device
US10127407B2 (en) Location defined power charger management authorization for a user equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant