CN110661797A - Data protection method, terminal and computer readable storage medium - Google Patents

Data protection method, terminal and computer readable storage medium Download PDF

Info

Publication number
CN110661797A
CN110661797A CN201910897743.6A CN201910897743A CN110661797A CN 110661797 A CN110661797 A CN 110661797A CN 201910897743 A CN201910897743 A CN 201910897743A CN 110661797 A CN110661797 A CN 110661797A
Authority
CN
China
Prior art keywords
code
terminal
digital signature
request
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910897743.6A
Other languages
Chinese (zh)
Other versions
CN110661797B (en
Inventor
雷五岳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Transsion Holdings Co Ltd
Original Assignee
Shenzhen Transsion Holdings Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Transsion Holdings Co Ltd filed Critical Shenzhen Transsion Holdings Co Ltd
Priority to CN201910897743.6A priority Critical patent/CN110661797B/en
Publication of CN110661797A publication Critical patent/CN110661797A/en
Application granted granted Critical
Publication of CN110661797B publication Critical patent/CN110661797B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a data protection method, a terminal and a computer readable storage medium, wherein the data protection method comprises the following steps: receiving a data acquisition request; verifying the digital signature certificate of the request end; and processing the acquisition request according to a verification result. The intelligent terminal verifies whether the digital signature certificate matched with the intelligent terminal is installed in the request terminal or not so as to verify the identity of the request terminal and the user, thereby improving the security of private information in the intelligent terminal and avoiding the leakage of the private information.

Description

Data protection method, terminal and computer readable storage medium
Technical Field
The present invention relates to the field of communication security, and in particular, to a data protection method, a terminal, and a computer-readable storage medium.
Background
At present, smart phones have penetrated into various aspects of people's lives, and particularly, a mobile phone with an Android system developed by google corporation has become the mainstream of a smart phone. Google provides a set of bottom layer interface ADB (Android Debug Bridge) for Android system, which is a tool in Android SDK (Software Development Kit), and the tool can directly operate and manage an Android simulator or real Android equipment through a Personal Computer (PC), and realizes arbitrary intercommunication of data between the PC and the Android equipment. The ADB function includes an ADB pull function, i.e., exporting a file stored in a mobile phone to a computer, which is the most commonly used function.
Once the mobile phone is not in the current control range of the user, or after the user connects the mobile phone with an unfamiliar PC, after a developer mode of the mobile phone is opened, important files in the mobile phone, such as user information under an Android system/data directory, installed software and the like, are all provided, with the popularization of smart phones and the appearance of various apps with various financial properties, sensitive information related to payment, finance and the like, stored under a data folder of the Android mobile phone by the user can be exported to a computer by an illegal user through an adpmull program, and serious loss can be caused to the user.
The existing mobile terminal has no good countermeasure for the above phenomenon. Therefore, an effective solution for preventing leakage of private information in a cellular phone is required.
Disclosure of Invention
The problem of data security caused by the fact that private data under a data folder in a mobile phone can be pulled to a computer by any illegal user adb in the prior art is solved.
According to a first aspect of the present invention, the present invention provides a data protection method applied to an intelligent terminal, including the steps of:
receiving a data acquisition request;
verifying the digital signature certificate of the request end;
and processing the acquisition request according to a verification result.
Further, the information of the digital signature certificate of the request end includes at least one of a preset password, a preset IMEI code, an MEID code, a preset account, and a preset request end identification code, where the preset request end identification code is at least one of an MAC address, a CPU serial number, a hard disk serial number, a motherboard ID, and a network card number of the request end.
Further, the step of verifying the digital signature certificate of the requesting end comprises the steps of:
starting a preset program of the intelligent terminal;
acquiring a user password;
verifying whether the user password is consistent with a preset password in the digital signature certificate, and/or,
and verifying whether the IMEI code of the intelligent terminal is consistent with the preset IMEI code in the digital signature certificate and/or verifying whether the MEID code of the intelligent terminal is consistent with the preset MEID code in the digital signature certificate.
Further, according to the verification result, the processing of the acquisition request includes the steps of:
when at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be consistent, the data acquisition request is allowed; and/or the presence of a gas in the gas,
and when at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be inconsistent, prompting error information at the intelligent terminal and/or the request terminal.
Further, the step of verifying the digital signature certificate of the requesting end comprises the steps of:
starting a preset program of the intelligent terminal;
acquiring the identification code of the request terminal and a user password;
and verifying whether the request terminal identification code, the user password, the IMEI code and/or the MEID code of the intelligent terminal are consistent with the preset request terminal identification code, the preset password, the preset IMEI code and/or the MEID code in the digital signature certificate respectively.
Further, according to the verification result, the processing of the acquisition request includes the steps of:
when the identification code of the request terminal, the user password, the IMEI code and/or the MEID code of the intelligent terminal are verified to be respectively consistent with the preset identification code of the request terminal, the preset password, the preset IMEI code and/or the MEID code in the digital signature certificate, an acquisition request for acquiring data from the intelligent terminal is allowed;
and when the identification code of the request terminal is verified to be inconsistent with the preset identification code of the request terminal in the digital signature certificate, and/or the user password is inconsistent with the preset password in the digital signature certificate, and/or the IMEI code and/or MEID code of the intelligent terminal is inconsistent with the preset IMEI code and/or MEID code in the digital signature certificate, prompting error information at the intelligent terminal and/or the request terminal.
Further, after at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be inconsistent, the method includes: networking is carried out, when the networking is successful, whether the user password and the account are consistent with the pre-stored password and the pre-stored account of the digital signature certificate providing terminal is verified, if so, the data acquisition request is allowed, and/or if not, the data acquisition request is rejected; and/or the presence of a gas in the gas,
and when the networking fails, rejecting the acquisition request.
Further, when it is verified that the request side identification code is inconsistent with a preset request side identification code in the digital signature certificate, and/or the user password is inconsistent with a preset password in the digital signature certificate, and/or the IMEI code and/or MEID code of the smart terminal is inconsistent with a preset IMEI code and/or MEID code in the digital signature certificate, the method then includes:
networking is carried out, when the networking is successful, whether the identification code of the request terminal, the user password, the account and the identification code of the preset request terminal, the pre-stored password and the pre-stored account of the digital signature certificate providing terminal are consistent or not is verified, if so, the data acquisition request is allowed, and/or if not, the data acquisition request is rejected; and/or the presence of a gas in the gas,
and when the networking fails, rejecting the acquisition request.
According to a second aspect of the present invention, there is provided a terminal comprising: a storage device for storing a program; and a processor; when the program is executed by the processor, the processor is enabled to implement the data protection method in any of the above embodiments.
According to a third aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the data protection method of any of the above embodiments.
Compared with the prior art, the invention has the advantages that:
when a request terminal applies for obtaining data to an intelligent terminal, the invention provides two ways of verifying the validity of the request terminal and the identity of a user by the intelligent terminal:
1. in a non-networking state, after the intelligent terminal is connected with the request terminal, if the request terminal needs to acquire data from the intelligent terminal, the intelligent terminal needs to verify the identity of the request terminal and the identity of a user, namely, a digital signature certificate matched with the intelligent terminal needs to be installed on the request terminal. For example, when the intelligent terminal is in the developer mode, the intelligent terminal needs to verify that the requesting terminal is provided with a digital signature certificate matched with the intelligent terminal to execute the verification. The method and the system not only avoid the situation that private data in the user intelligent terminal is randomly exported, but also can be verified in a non-networking state, and are convenient to verify and therefore are a priority verification mode.
2. When the digital signature certificate installed on the request terminal is inconsistent with the corresponding IMEI code and/or MEID code of the intelligent terminal, in other words, when the verification mode fails, the user needs to input a password and an account set when applying for the digital signature certificate in the networking state, and the request terminal can derive the private data from the intelligent terminal to the request terminal after the verification of the digital signature certificate providing terminal passes.
By the two data protection methods, the authority of an illegal user for acquiring the data of the intelligent terminal can be fundamentally limited, the data security of sensitive information in the intelligent terminal is obviously improved, the illegal user is prevented from being maliciously exported, and the data security is higher.
Drawings
Fig. 1 is a flowchart of a method for acquiring data by a requesting end according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method for installing a digitally signed certificate at a requesting end according to an embodiment of the present invention.
Fig. 3 is a flowchart of a data protection method of an intelligent terminal according to an embodiment of the present invention.
Fig. 4 is a flowchart of a data protection method of an intelligent terminal according to an embodiment of the present invention.
Detailed Description
The advantages of the invention are further illustrated in the following description of specific embodiments in conjunction with the accompanying drawings.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the description of the present invention, it is to be understood that the terms "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience of description and for simplicity of description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, are not to be construed as limiting the present invention.
In the description of the present invention, unless otherwise specified and limited, it is to be noted that the terms "mounted," "connected," and "connected" are to be interpreted broadly, and may be, for example, a mechanical connection or an electrical connection, a communication between two elements, a direct connection, or an indirect connection via an intermediate medium, and specific meanings of the terms may be understood by those skilled in the art according to specific situations.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
Referring to fig. 1-2, the present invention provides a method for acquiring data, which is applied to a request end and includes steps 100 to 400.
Step 100: installing a digital signature certificate;
according to the logical property in time, as a precondition for data protection of the intelligent terminal, a user needs to control a request terminal, apply for a digital signature certificate from a digital signature certificate providing terminal and install the digital signature certificate in the request terminal, and the request terminal installed with the digital signature certificate obtains a legal identity to obtain data from the intelligent terminal.
Installing a digitally signed certificate, comprising steps 110-150:
step 110: networking and entering a digital signature certificate providing end;
when a user needs to apply for a digital signature certificate, the user needs to control a computer and actively apply for a digital signature certificate providing terminal (i.e., a server terminal). And the digital signature certificate providing end generates a digital signature certificate. Preferably, the digital signature certificate provider is an official website of the intelligent terminal (such as a mobile phone) or a trusted third-party service terminal officially designated by the mobile phone provider. The user firstly needs to network the request terminal to enter the digital signature certificate providing terminal, and then submits the application for applying the digital signature certificate in the digital signature certificate providing terminal.
Step 120: submitting an application request of the digital signature certificate to a digital signature certificate providing terminal;
in the networking state, a user submits an application request of the digital signature certificate to a digital signature certificate providing terminal, such as a mobile phone official website, through a control computer. Generally speaking, the user in the invention is the owner of the mobile phone.
Step 130: submitting a pre-stored IMEI code and/or MEID code to a digital signature certificate provider;
for a specific mobile phone of a user, the user makes the digital signature certificate provider know which mobile phone applies for the digital signature certificate by submitting the IMEI code and/or MEID code of the mobile phone to the digital signature certificate provider (e.g., a mobile phone official website).
The IMEI code, which is an abbreviation of International Mobile Equipment Identity (International Mobile Equipment Identity), is commonly referred to as "Mobile phone serial number", and "Mobile phone serial number" and is used to identify each independent Mobile phone in the GSM Mobile network, and is equivalent to the identification number of the Mobile phone. Every GSM mobile phone sold through a regular channel in the world has a unique IMEI code. The IMEI code is planned by GSMA association in a unified way and is authorized to be distributed by various regional organizations, the telecommunication terminal testing Technology Association (TAF) of the department of industry and informatization is responsible for network access authentication of domestic mobile phones in China, and other distribution mechanisms comprise British BABT, American CTIA and the like. The MEID code, i.e., a Mobile Equipment Identifier (Mobile Equipment Identifier), is an identification code of the CDMA Mobile phone, and is also a unique identification code of each CDMA Mobile phone or communication tablet. The IMEI code is suitable for GSM and WCDMA mobile phones and Iridium satellite phones. Whereas CDMA handsets employ MEID codes.
Wherein, the step 120: and step 130 of submitting an application request of the digital signature certificate to the digital signature certificate providing terminal: submitting the pre-stored IMEI code and/or MEID code to the digital signature certificate provider can be performed sequentially or simultaneously. Illustratively, when the two steps are performed in sequence, a user firstly clicks a button of 'apply for digital signature certificate' in a website to submit an application request of the digital signature certificate, and then the website provides a dialog box for the user, wherein the dialog box requires the user to input an IMEI code and/or an MEID code of a corresponding intelligent terminal (such as an android phone), and the user fills the IMEI code and/or the MEID code of the phone in the dialog box. Illustratively, when the above two steps are performed simultaneously, the website provides a dialog box with blank boxes to the user to ask the user to input the IMEI code and/or MEID code of the mobile phone, and the user clicks the submit button after inputting the IMEI code and/or MEID code of the mobile phone, so as to complete the above two steps.
Step 140: submitting a pre-stored password and a pre-stored account to a digital signature certificate providing terminal;
after receiving a password setting request sent by a digital signature certificate providing terminal, a user submits a pre-stored password and a pre-stored account to the digital signature certificate providing terminal through a control request terminal, so that the digital signature certificate providing terminal knows which specific user applies for a digital signature certificate to the digital signature certificate providing terminal at the control request terminal.
So far, through steps 120-140, a specific binding relationship between the intelligent terminal (e.g., a mobile phone), the user and the request end (e.g., a computer) is realized.
Before the requesting end receives the password setting request sent by the digital signature certificate providing end, the digital signature certificate providing end further comprises the following steps: and verifying whether the IMEI code and/or the MEID code aiming at the intelligent terminal has applied for the digital signature certificate matched with the intelligent terminal from the digital signature certificate providing terminal.
When the digital signature certificate providing end verifies that a digital signature certificate matched with the IMEI code and/or the MEID code of the intelligent terminal has been applied by a user to the digital signature certificate providing end, the digital signature certificate providing end inquires whether the digital signature certificate needs to be reapplied or not from the user, and if the digital signature certificate does not need to be reapplied, the process of applying the digital signature certificate is finished; if the application needs to be reapplied, the digital signature certificate providing end provides a reset password dialog box for the user, the user needs to input the password set last time and the password set newly (the password set last time and the password set newly can be the same or different), and the situation is suitable for the situation that a plurality of requesting ends used by the same user trusted by the intelligent terminal apply a plurality of digital signature certificates matched with the intelligent terminal to the digital signature certificate providing end; in other words, the user who applies for the digital signature certificate at the digital signature certificate provider for the same smart terminal is specific. Typically only the owner of the handset. Exemplarily, if a user applies for a digital signature certificate for the first time at the digital signature certificate providing terminal for the mobile phone, the digital signature certificate providing terminal directly requires the user to set a password; if the digital signature certificate is applied to the digital signature certificate providing terminal before the mobile phone, even if repeated application is needed at present, only the user who applies the digital signature certificate once is qualified to apply the digital signature certificate again so as to install and apply different digital signature certificates to different computers. If the user who applies for the repeated application is not the user who applies for the digital signature certificate for the first time, in other words, the password of the digital signature certificate which is applied for the last time is not known, the repeated application cannot be carried out. If any user can apply the digital signature certificate at will, the protection effect of the digital signature certificate on the mobile phone data does not exist. In short, for a certain intelligent terminal, a certain user can install the same or different digital signature certificates matched with the intelligent terminal on a plurality of requesting terminals.
And when the digital signature certificate matched with the intelligent terminal is not applied to the digital signature certificate providing terminal, receiving a password setting request sent by the digital signature certificate providing terminal, and submitting a pre-stored password to the digital signature certificate providing terminal.
The digital signature certificate of the invention comprises information of two aspects, namely IMEI code and/or MEID code of the intelligent terminal; another aspect is a password set by the user. When a plurality of request terminals used by the same user apply for the digital signature certificate for the intelligent terminal, the plurality of digital signature certificates can be reapplied, and more specifically, because the IMEI code and/or the MEID code of the intelligent terminal are/is not changed, a new digital signature certificate can be obtained only by resetting the password, so as to verify the validity of the user identity of another request terminal. In other words, the IMEI code and/or MEID code between digitally signed certificates of different requesters of the same user are the same, differing only by the password. The password set when a user applies a digital signature certificate to a digital signature certificate providing terminal through a certain request terminal is the same as the password input when the digital signature certificate providing terminal verifies the identity of the user.
After setting the password, the user further sets an account. When setting up an account, the digital signature certificate includes three aspects of information: the IMEI code and/or MEID code of the intelligent terminal, the password and the account. Optionally, in some embodiments, the user does not set up an account.
Preferably, the IMEI code and/or MEID code of the intelligent terminal, the password, and the account in the digital signature certificate are respectively subjected to a certain encryption algorithm before generating the final digital signature certificate. Preferably, the format of the digital signature certificate adopts ITU-T X.509 international standard.
Step 150: and downloading and installing the digital signature certificate generated by the digital signature certificate providing terminal.
Through the information interaction among the user, the computer and the digital signature certificate provider in steps 120-140, the digital signature certificate provider generates a digital signature certificate containing a preset account, a preset password, a preset IMEI code and/or an MEID code. Optionally, the digital signature certificate further includes a preset requester identification code. Optionally, step 100 further comprises the steps of: and submitting a preset request end identification code to a digital signature certificate provider, wherein the preset request end identification code is at least one of an MAC address, a CPU serial number, a hard disk serial number, a mainboard ID and a network card number of the request end. Through the steps, the digital signature certificate providing end can know which specific computer applies the digital signature certificate to the digital signature certificate providing end. Optionally, the requesting end may also not actively submit the identifier of the requesting end to the digital signature certificate providing end, but when the requesting end is connected to the digital signature certificate providing end, the digital signature certificate providing end actively obtains the identifier of the requesting end. Correspondingly, a pre-stored account, a pre-stored password, a pre-stored IMEI code and a pre-stored MEID code which are respectively consistent with the pre-stored account, the pre-stored password, the pre-stored IMEI code and the pre-stored MEID code are stored in the digital signature certificate providing terminal. Optionally, the digital signature certificate provider further stores a pre-stored requester identification code. However, the preset account, the preset password, the preset IMEI code, the preset MEID code, and optionally the preset request terminal identification code in the digital signature book are not all information to be verified in each verification process, and only part of the information may be verified according to user selection and different networking conditions. For example, when the mobile phone is in the non-networking condition, the mobile phone can only verify whether the preset IMEI code and/or MEID code and the preset password in the digital signature certificate match with the mobile phone in the first verification manner, and optionally, the mobile phone further verifies whether the request end identification code of the request for sending the data acquisition request matches with the preset request end identification code in the digital signature certificate. When the mobile phone is in the networking state, the mobile phone can select a second verification mode besides the first verification mode, namely, whether the account and the password input by the user are matched with the pre-stored account and the pre-stored password in the digital signature certificate providing terminal through the networking verification of the digital signature certificate providing terminal. Optionally, the digital signature certificate provider further verifies whether the identifier of the requester is consistent with the identifier of the pre-stored requester. Optionally, the handset can simultaneously verify whether the account, the user password, the IMEI code and/or the MEID code, and the requesting party identification code match the handset. Through the two verification modes, the mobile phone can recognize the user identity and the computer identity, in other words, the binding of the specific relationship among the mobile phone, the user and the computer is realized.
Step 200: and starting a preset program of the request terminal.
After the digital signature certificate is installed in the computer, the legal identity of the specific mobile phone is obtained, and information interaction with the mobile phone can be realized by starting a preset program of the request terminal, such as an adb daemon program.
Step 300: sending a request for acquiring data to the intelligent terminal;
after the request terminal starts the preset program, a request for acquiring data can be sent to the intelligent terminal. Illustratively, the computer sends an adb pull command to the android phone to obtain private information in the android phone. Preferably, when the mobile phone is in the developer mode, the computer sends an adb pull command to the android mobile phone to acquire private information under a data partition in the android mobile phone.
Step 400: and after the intelligent terminal verifies that the digital signature certificate passes, receiving the data of the intelligent terminal.
After the intelligent terminal verifies the digital signature certificate of the request terminal through the two verification modes, once the user identity and the computer identity are identified to be legal, in other words, the intelligent terminal is matched with the request terminal, the intelligent terminal allows the request terminal to acquire the data of the request terminal. For example, the android mobile phone executes an adb pull command sent by a request end, and exports data in a data partition in the mobile phone to a computer, in other words, the computer receives data of the mobile phone.
The invention provides a data protection device, comprising:
the installation module is used for installing the digital signature certificate;
the starting module is used for starting a preset program of the request terminal;
the sending module is used for sending a request for acquiring data to the intelligent terminal;
and the receiving module is used for receiving the data of the intelligent terminal after the intelligent terminal verifies that the digital signature certificate passes. The present invention provides a terminal, including: a storage device for storing a program; and a processor; when executed by the processor, the program causes the processor to implement the method of acquiring data as described in the above embodiments. The processor may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs, and microprocessors, among others. The embodiments of the present application are not limited.
The present invention provides a computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of acquiring data as described in the above embodiments. The computer-readable storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, and other various media capable of storing program codes.
Referring to fig. 3 to 4, the present invention provides a data protection method applied to an intelligent terminal.
As shown in fig. 3, the method includes steps 500 through 700.
Step 500: receiving a data acquisition request;
in the current society, along with the popularization of various application programs of the intelligent terminal, various application programs including application programs related to sensitive matters such as finance and finance are installed on the intelligent terminal. The storage space of a smart terminal, such as an android phone, is divided into an internal storage space and an external storage space, wherein files and folders corresponding to applications are generally stored in the internal storage space (e.g., a data partition). The files and folders of the data partitions are controlled in an authorized mode, and other applications cannot read the data of the files and folders of the data partitions unless the applications agree with the files and folders of the data partitions. And files in the external storage space (such as an SD card) can be read only by having external space reading authority. Therefore, the internal storage space (data) typically stores private information, while the external storage space (SD card) typically stores public cache data. For general users, they set a login password for important applications to prevent important information from being illegally acquired by others. However, such an approach is not reliable enough, because some professionals familiar with software development may illegally obtain data from smart terminals through more specialized approaches. For example, they may open a developer mode for a smart android phone and then use the adb pull to export files under the data partition in the android phone to the computer. Of course, the legal user of the intelligent terminal may also need to use the adb pull command to export data to the computer under certain circumstances. Therefore, when the request terminal sends an acquisition request for acquiring data from the intelligent terminal to the intelligent terminal, the intelligent terminal needs to verify the identity of the request terminal.
Wherein, the intelligent terminal is a mobile phone, a wearable device, an intelligent bracelet and other terminals. Illustratively, the intelligent terminal of the invention is a mobile phone. Illustratively, the intelligent terminal of the invention is an android mobile phone in a common mode or a developer mode. In the developer mode, other terminals (e.g., computers) can read and manage the mobile phone data. In the prior art, when the mobile phone is in the developer mode, after the mobile phone is connected with the computer, a user can read and manage data in the mobile phone at the computer end, and export the data from the mobile phone to the computer. More specifically, in the prior art, when the mobile phone is in the developer mode, the computer generates an adb pull command, and sends the adb pull command to the mobile phone, and the mobile phone executes the adb pull command, so that the process of copying the file from the mobile phone to the computer can be realized. In other words, the developer mode is a hidden way for an illegal user to maliciously steal the mobile phone data, and has data security hidden danger. In order to solve the above problems in the prior art, the data protection method applied to the intelligent terminal provided by the invention is not only suitable for data protection of the intelligent terminal in a developer mode, but also suitable for data protection of the intelligent terminal in a common mode.
The "request end" is a terminal such as a tablet computer, a notebook computer, a palm computer, a desktop computer, etc.
The term "acquiring" refers to exporting data from the intelligent terminal to the requesting terminal. Illustratively, the mobile phone receives an adb pull command sent by the computer to request that data in the mobile phone be exported to the computer. And between the intelligent terminal receiving the acquisition request of the request terminal, data connection is required to be established between the intelligent terminal and the request terminal. Preferably, the connection is a wired connection or a wireless connection.
The data in the invention refers to data such as text files, video files, picture files, account numbers, passwords and the like stored in the intelligent terminal. Preferably, the "data" of the present invention refers to data such as text files, video files, picture files, account numbers, passwords, etc. stored in the data partition of the mobile phone.
Step 600: verifying the digital signature certificate of the request end;
step 600 is the most important step of the present invention and is the most important innovation point of the present invention.
In view of the potential safety hazard mentioned in step 500, the invention provides a data protection method, which adds a step of verifying the identity of the requesting terminal and the user before the requesting terminal acquires the intelligent terminal data, that is, the intelligent terminal verifies whether the requesting terminal is provided with a digital signature certificate matched with the intelligent terminal, and only under the condition of a legal user, the requesting terminal is allowed to acquire data from the intelligent terminal, so as to prevent the intelligent terminal data from being randomly read and exported to other terminals, so that a defense line is provided for the data of the intelligent terminal from the root, and the security of the intelligent terminal data is further improved. The intelligent terminal can verify whether the user of the request terminal is a legal user and whether the request terminal controlled by the user is a legal request terminal by detecting whether the request terminal is provided with the digital signature certificate matched with the intelligent terminal, so that the information in the intelligent terminal is prevented from being maliciously stolen to the illegal request terminal by the illegal user.
Figure 4 shows a flow diagram of one embodiment of verifying a digitally signed certificate of a requesting party for step 600. Exemplarily, the request terminal is a computer, and the intelligent terminal is an android mobile phone.
Step 600 includes steps 610-630:
step 610: starting a preset program of the intelligent terminal;
the preset program is, for example, an adb daemon program, and the adb daemon program is a background process running in an Android device (such as an Android mobile phone) and a computer. When each android device is connected to the PC end, the mobile phone end and the computer end both start an adb daemon program so as to realize data interaction between the mobile phone and the computer.
Step 620: acquiring a user password;
although the digital signature certificate installed in the computer includes the preset IMEI code and/or MEID code of the mobile phone and the preset password of the user, the user does not need to input the IMEI code and/or MEID code of the mobile phone and only needs to input the password when verifying the digital signature certificate every time.
Step 630: verifying whether a user password is consistent with a preset password in the digital signature certificate, and/or verifying whether an IMEI code of the intelligent terminal is consistent with a preset IMEI code in the digital signature certificate, and/or verifying whether an MEID code of the intelligent terminal is consistent with a preset MEID code in the digital signature certificate;
after the user inputs the password in the request terminal and sends the password to the intelligent terminal, the intelligent terminal verifies whether the user password is consistent with the preset password in the digital signature certificate or not through a preset program of the intelligent terminal, such as an adb daemon program, and/or verifies whether the IMEI code of the intelligent terminal is consistent with the preset IMEI code in the digital signature certificate or not, and/or verifies whether the MEID code of the intelligent terminal is consistent with the preset MEID code in the digital signature certificate or not. The verification process of the three information does not need networking, and the mobile phone and the computer are only in data connection.
As shown in fig. 4, step 700: and processing the acquisition request according to the verification result, wherein the processing comprises steps 710 to 750. When at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be consistent, executing step 710; and when at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be inconsistent, executing step 720.
Step 710: allowing the data acquisition request; illustratively, the intelligent terminal executes an adb pull command sent by a request end in a developer mode.
Step 720: the intelligent terminal and/or the request end prompt error information;
when the intelligent terminal and/or the request end prompts error information, the failure of the first verification mode is indicated. Then the intelligent terminal and/or the request terminal need to be networked to enter a second authentication mode.
Steps 610-720 are the first way for the intelligent terminal to verify the identity of the requesting party and the identity of the user. . In a first verification method, in a non-networking state, a main body is directly verified to be an intelligent terminal, the intelligent terminal directly verifies a request end provided with a digital signature certificate, and a participating main body comprises the intelligent terminal, the request end and a user, wherein a preset password, a preset IMEI code and/or a preset MEID code are preset in the digital signature certificate, when the user uses the request end to obtain data from the intelligent terminal, the user only needs to input a password (without inputting the IMEI code and/or the MEID code) at the request end, then the intelligent terminal obtains and verifies whether the password input by the user is consistent with the preset password in the digital signature certificate, and meanwhile, whether the IMEI code and/or the MEID code of the intelligent terminal is consistent with the IMEI code and/or the MEID code in the digital signature certificate is also needed to be verified. The verification mode is simple, convenient and quick, can be realized without networking, and is convenient to operate. When the network is in the non-networking state, the first authentication mode is preferentially adopted.
Optionally, the digital signature certificate in the two verification manners may further be preset with a preset request end identification code, and after the intelligent terminal is connected with the request end, the intelligent terminal directly obtains the identification code from the request end and verifies whether the identification code is consistent with the preset request end identification code in the digital signature certificate.
Optionally, the step of verifying the digitally signed certificate of the requesting end comprises:
starting a preset program of the intelligent terminal;
acquiring the identification code of the request terminal and a user password;
and verifying whether the request terminal identification code, the user password, the IMEI code and/or the MEID code of the intelligent terminal are consistent with the preset request terminal identification code, the preset password, the preset IMEI code and/or the MEID code in the digital signature certificate respectively.
Optionally, processing the obtaining request according to the verification result includes:
when the identification code of the request terminal, the user password, the IMEI code and/or the MEID code of the intelligent terminal are verified to be respectively consistent with the preset identification code of the request terminal, the preset password, the preset IMEI code and/or the MEID code in the digital signature certificate, an acquisition request for acquiring data from the intelligent terminal is allowed;
and when the identification code of the request terminal is verified to be inconsistent with the preset identification code of the request terminal in the digital signature certificate, and/or the user password is inconsistent with the preset password in the digital signature certificate, and/or the IMEI code and/or MEID code of the intelligent terminal is inconsistent with the preset IMEI code and/or MEID code in the digital signature certificate, prompting error information at the intelligent terminal and/or the request terminal.
The binding of the specific relationship between the intelligent terminal and the user-request terminal can be realized by verifying the user password and the IMEI code and/or the MEID code of the intelligent terminal, and the identity of the specific request terminal can be further strengthened to be verified whether to be legal or not by further verifying the identification code of the request terminal.
When at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be inconsistent, the intelligent terminal can adopt a second verification mode. The second way of authentication includes step 610, and steps 730-750. Step 730: networking is carried out;
and when the first verification mode fails, namely after the intelligent terminal and/or the request terminal prompt error information, the intelligent terminal and the request terminal perform manual or automatic networking setting. When the networking is successful, executing step 740; when networking fails, step 750 is performed. Specifically, the intelligent terminal rejects an acquisition request sent by a request end to acquire data from the intelligent terminal. Specifically, since step 720 occurs when the first authentication method is not available, when the detection result of step 720 is a networking failure, the intelligent terminal directly rejects the request for obtaining data.
Step 740: when the networking is successful, verifying whether the user password and the account are consistent with the pre-stored password and the pre-stored account of the digital signature certificate providing terminal; when the user password and the account are verified to be consistent with the pre-stored password and the pre-stored account of the digital signature certificate provider, executing step 710; when it is verified that the user password is not consistent with the pre-stored password of the digital signature certificate provider and/or the account is not consistent with the pre-stored account of the digital signature certificate provider, step 750 is executed.
In the second verification method, the intelligent terminal (e.g., a mobile phone) needs to verify whether the user identity and the requesting end identity are legal or not in a networking state by means of the digital signature certificate providing end, specifically, the intelligent terminal is not a direct verification subject, and the digital signature certificate providing end is used as a direct verification subject and feeds back the verification result to the intelligent terminal.
When the intelligent terminal receives feedback that the account and the password input by the verification user and the prestored account and the prestored password in the digital signature certificate providing terminal are consistent, which are sent by the digital signature certificate providing terminal, the intelligent terminal allows the requesting terminal to obtain the data obtaining request from the intelligent terminal. Notably, in the second authentication method, the smart terminal needs to authenticate the user password and the account at the same time. More specifically, when the account and the password input by the user are consistent with the pre-stored account and the pre-stored password in the digital signature certificate provider, the digital signature certificate provider feeds back the result of the consistency verification to the intelligent terminal, and illustratively, the intelligent terminal executes an adb pull command sent by the requester.
When the account input by the user is inconsistent with the pre-stored account in the digital signature certificate providing terminal and/or the password input by the user is inconsistent with the pre-stored password in the digital signature certificate providing terminal, the digital signature certificate providing terminal feeds back the result of the inconsistent verification to the intelligent terminal, and the intelligent terminal refuses the data acquisition request of the request terminal, for example, the intelligent terminal refuses to execute an adb pull command sent by the request terminal. Step 750: the acquisition request is denied.
Preferably, when it is verified that the request side identification code is inconsistent with the preset request side identification code in the digital signature certificate, and/or the user password is inconsistent with the preset password in the digital signature certificate, and/or the IMEI code and/or MEID code of the smart terminal is inconsistent with the preset IMEI code and/or MEID code in the digital signature certificate, the method then includes:
networking is carried out, when the networking is successful, whether the identification code of the request terminal, the user password, the account and the identification code of the preset request terminal, the pre-stored password and the pre-stored account of the digital signature certificate providing terminal are consistent or not is verified, if so, the data acquisition request is allowed, and/or if not, the data acquisition request is rejected; and/or, when networking fails, rejecting the acquisition request.
Specifically, after the intelligent terminal receives feedback that the identification code of the request terminal, the account and the password input by the user, which are sent by the digital signature certificate provider, are verified to be respectively consistent with the identification code of the pre-stored request terminal of the digital signature certificate provider, the pre-stored account and the pre-stored password in the digital signature certificate provider, the intelligent terminal allows the request terminal to obtain an acquisition request of data from the intelligent terminal;
specifically, after receiving feedback that the identification code of the request terminal and the identification code of the pre-stored request terminal of the digital signature certificate provider are verified and sent by the digital signature certificate provider, and/or a password input by a user and the pre-stored password of the digital signature certificate provider, and/or an account input by the user and the pre-stored account of the digital signature certificate provider are inconsistent, the intelligent terminal refuses an acquisition request that the request terminal acquires data from the intelligent terminal.
In other words, in the second authentication manner, when the networking is successful, the intelligent terminal can authenticate the user identity and the validity of the identity of the requesting terminal by authenticating the user password and the account, and can further authenticate whether the requesting terminal is a specific legal requesting terminal by authenticating the identity of the requesting terminal. Therefore, the specific binding relationship among the intelligent terminal, the user and the request terminal is realized.
Optionally, the preset request side identification code in the digital signature certificate may also be prestored in the intelligent terminal, and when the specific identity of the request side needs to be verified, the intelligent terminal may directly verify whether the identification code of the current request side is consistent with the identification code prestored in the intelligent terminal, or whether the identification code of the current request side is consistent with the preset request side identification code in the digital signature certificate.
Through the two verification modes (the first verification mode and the second verification mode), the intelligent terminal can verify the identity of the user and the identity of the request terminal at the same time, and binding of specific relations among the intelligent terminal, the request terminal and the user is achieved.
The invention provides a device for acquiring data, comprising:
the receiving module is used for receiving a data acquisition request;
the verification module is used for verifying the digital signature certificate of the request end;
and the processing module is used for processing the acquisition request according to the verification result.
The present invention provides a terminal, including: a storage device for storing a program; and a processor; when the program is executed by the processor, the processor is caused to implement the data protection method described in the above embodiment. The processor may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs, and microprocessors, among others. The embodiments of the present application are not limited.
The present invention provides a computer-readable storage medium having stored thereon a data protection program which, when executed by a processor, implements the steps of the data protection method described in the above embodiments.
In the various embodiments described above, the implementation may be wholly or partially implemented by software, hardware, firmware, or any other combination. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a Digital Video Disk (DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), among others.
Those of ordinary skill in the art will appreciate that the various illustrative functional modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed terminal, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the functional blocks may be divided into only one logical functional division, and other divisions may be realized in practice, for example, a plurality of functional blocks or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The functional modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical functional modules, may be located in one place, or may be distributed on a plurality of network functional modules. Some or all of the functional modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, each functional module in the embodiments of the present application may be integrated into one processing functional module, or each functional module may exist alone physically, or two or more functional modules are integrated into one functional module.
The functions, if implemented in the form of software elements and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A data protection method is applied to an intelligent terminal and is characterized by comprising the following steps:
receiving a data acquisition request;
verifying the digital signature certificate of the request end;
and processing the acquisition request according to a verification result.
2. The data protection method according to claim 1, wherein the information of the digitally signed certificate of the requesting end includes at least one of a preset password, a preset IMEI code, an MEID code, a preset account, and a preset requesting end identification code, wherein the preset requesting end identification code is at least one of a MAC address, a CPU serial number, a hard disk serial number, a motherboard ID, and a network card number of the requesting end.
3. The data protection method of claim 2,
the method for verifying the digital signature certificate of the request end comprises the following steps:
starting a preset program of the intelligent terminal;
acquiring a user password;
verifying whether the user password is consistent with a preset password in the digital signature certificate, and/or,
verifying whether the IMEI code of the intelligent terminal is consistent with the preset IMEI code in the digital signature certificate, and/or,
and verifying whether the MEID code of the intelligent terminal is consistent with the preset MEID code in the digital signature certificate.
4. The data protection method of claim 3,
according to the verification result, the step of processing the acquisition request comprises the following steps:
when at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be consistent, the data acquisition request is allowed; and/or the presence of a gas in the gas,
and when at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be inconsistent, prompting error information at the intelligent terminal and/or the request terminal.
5. The data protection method of claim 2,
the method for verifying the digital signature certificate of the request end comprises the following steps:
starting a preset program of the intelligent terminal;
acquiring the identification code of the request terminal and a user password;
and verifying whether the request terminal identification code, the user password, the IMEI code and/or the MEID code of the intelligent terminal are consistent with the preset request terminal identification code, the preset password, the preset IMEI code and/or the MEID code in the digital signature certificate respectively.
6. The data protection method of claim 5,
according to the verification result, the step of processing the acquisition request comprises the following steps:
when the identification code of the request terminal, the user password, the IMEI code and/or the MEID code of the intelligent terminal are verified to be respectively consistent with the preset identification code of the request terminal, the preset password, the preset IMEI code and/or the MEID code in the digital signature certificate, an acquisition request for acquiring data from the intelligent terminal is allowed;
and when the identification code of the request terminal is verified to be inconsistent with the preset identification code of the request terminal in the digital signature certificate, and/or the user password is inconsistent with the preset password in the digital signature certificate, and/or the IMEI code and/or MEID code of the intelligent terminal is inconsistent with the preset IMEI code and/or MEID code in the digital signature certificate, prompting error information at the intelligent terminal and/or the request terminal.
7. The data protection method according to claim 4, wherein the following when at least one of the user password, the IMEI code of the intelligent terminal and the MEID code of the intelligent terminal is verified to be inconsistent comprises: networking is carried out, when the networking is successful, whether the user password and the account are consistent with the pre-stored password and the pre-stored account of the digital signature certificate providing terminal is verified, if so, the data acquisition request is allowed, and/or if not, the data acquisition request is rejected; and/or the presence of a gas in the gas,
and when the networking fails, rejecting the acquisition request.
8. The data protection method according to claim 6, wherein when verifying that the requester identity code is not consistent with the preset requester identity code in the digital signature certificate, and/or that the user password is not consistent with the preset password in the digital signature certificate, and/or that the IMEI code and/or MEID code of the smart terminal is not consistent with the preset IMEI code and/or MEID code in the digital signature certificate, the method thereafter comprises:
networking is carried out, when the networking is successful, whether the identification code of the request terminal, the user password, the account and the identification code of the preset request terminal, the pre-stored password and the pre-stored account of the digital signature certificate providing terminal are consistent or not is verified, if so, the data acquisition request is allowed, and/or if not, the data acquisition request is rejected; and/or the presence of a gas in the gas,
and when the networking fails, rejecting the acquisition request.
9. A terminal, comprising: a storage device for storing a program; and a processor; when executed by the processor, cause the processor to implement the data protection method of any of claims 1-8.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the data protection method according to any one of claims 1-8.
CN201910897743.6A 2019-09-23 2019-09-23 Data protection method, terminal and computer readable storage medium Active CN110661797B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910897743.6A CN110661797B (en) 2019-09-23 2019-09-23 Data protection method, terminal and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910897743.6A CN110661797B (en) 2019-09-23 2019-09-23 Data protection method, terminal and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110661797A true CN110661797A (en) 2020-01-07
CN110661797B CN110661797B (en) 2024-05-03

Family

ID=69038344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910897743.6A Active CN110661797B (en) 2019-09-23 2019-09-23 Data protection method, terminal and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110661797B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114040401A (en) * 2021-11-08 2022-02-11 中国联合网络通信集团有限公司 Terminal authentication method and system
CN114257410A (en) * 2021-11-22 2022-03-29 广东电网有限责任公司 Identity authentication method and device based on digital certificate, and computer equipment
CN114584320A (en) * 2022-03-17 2022-06-03 深圳市乐凡信息科技有限公司 Encryption transmission method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198825A1 (en) * 2006-02-22 2007-08-23 Schwarz Henry S Internet secure terminal for personal computers
CN103324506A (en) * 2013-06-24 2013-09-25 上海天奕达电子科技有限公司 Method and mobile phone for controlling installation of Android applications
CN104506534A (en) * 2014-12-25 2015-04-08 青岛微智慧信息有限公司 Safety communication secret key negotiation interaction scheme
CN105144216A (en) * 2013-03-15 2015-12-09 维萨国际服务协会 Snap mobile security apparatuses, methods and systems
CN106612178A (en) * 2015-10-22 2017-05-03 哈尔滨安天科技股份有限公司 Method and device for protecting security of Android adb data transmission
CN107579831A (en) * 2017-09-06 2018-01-12 收付宝科技有限公司 It is a kind of that same digital certificate is multiplexed in the methods, devices and systems of multiple terminals
CN109067544A (en) * 2018-07-26 2018-12-21 海南新软软件有限公司 A kind of private key verification method, the apparatus and system of soft or hard combination

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198825A1 (en) * 2006-02-22 2007-08-23 Schwarz Henry S Internet secure terminal for personal computers
CN105144216A (en) * 2013-03-15 2015-12-09 维萨国际服务协会 Snap mobile security apparatuses, methods and systems
CN103324506A (en) * 2013-06-24 2013-09-25 上海天奕达电子科技有限公司 Method and mobile phone for controlling installation of Android applications
CN104506534A (en) * 2014-12-25 2015-04-08 青岛微智慧信息有限公司 Safety communication secret key negotiation interaction scheme
CN106612178A (en) * 2015-10-22 2017-05-03 哈尔滨安天科技股份有限公司 Method and device for protecting security of Android adb data transmission
CN107579831A (en) * 2017-09-06 2018-01-12 收付宝科技有限公司 It is a kind of that same digital certificate is multiplexed in the methods, devices and systems of multiple terminals
CN109067544A (en) * 2018-07-26 2018-12-21 海南新软软件有限公司 A kind of private key verification method, the apparatus and system of soft or hard combination

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114040401A (en) * 2021-11-08 2022-02-11 中国联合网络通信集团有限公司 Terminal authentication method and system
CN114040401B (en) * 2021-11-08 2024-04-12 中国联合网络通信集团有限公司 Terminal authentication method and system
CN114257410A (en) * 2021-11-22 2022-03-29 广东电网有限责任公司 Identity authentication method and device based on digital certificate, and computer equipment
CN114584320A (en) * 2022-03-17 2022-06-03 深圳市乐凡信息科技有限公司 Encryption transmission method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110661797B (en) 2024-05-03

Similar Documents

Publication Publication Date Title
KR102027630B1 (en) Two-Factor Authentication Systems and Methods
EP3582470B1 (en) Step-up authentication for single sign-on
US8387119B2 (en) Secure application network
CN109684801B (en) Method and device for generating, issuing and verifying electronic certificate
CN110661797B (en) Data protection method, terminal and computer readable storage medium
EP3685287A1 (en) Extensible framework for authentication
US20230106348A1 (en) Method and system for authenticating a secure credential transfer to a device
SG188688A1 (en) Method and system for remote access to data stored on a host system
WO2017076216A1 (en) Server, mobile terminal, and internet real name authentication system and method
WO2019134493A1 (en) Subscriber identity module data writing method, device, platform, and storage medium
CN113132404B (en) Identity authentication method, terminal and storage medium
CN110909340B (en) Login processing method, system, device, electronic equipment and storage medium
CN105721425A (en) Information processing method and electronic device
KR101879843B1 (en) Authentication mehtod and system using ip address and short message service
CN110516427B (en) Terminal user identity authentication method and device, storage medium and computer equipment
US8646099B2 (en) Midlet signing and revocation
CN109858235B (en) Portable equipment and password obtaining method and device thereof
CN115086090A (en) Network login authentication method and device based on UKey
CN111970117B (en) Certificate downloading method, device and equipment
CN112565209B (en) Network element equipment access control method and equipment
KR20050009945A (en) Method and system for managing virtual storage space using mobile storage
KR102332004B1 (en) Method, system and non-transitory computer-readable recording medium for managing an account on blockchain network
EP3757922A1 (en) Electronic payment system and method and program using biometric authentication
TW201931816A (en) A system and method for accessing and authenticating an electronic certificate
US20240154956A1 (en) Authentication System and Method for Windows Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant