CN110895612A - Unlocking method and device and terminal equipment - Google Patents

Unlocking method and device and terminal equipment Download PDF

Info

Publication number
CN110895612A
CN110895612A CN201811067794.8A CN201811067794A CN110895612A CN 110895612 A CN110895612 A CN 110895612A CN 201811067794 A CN201811067794 A CN 201811067794A CN 110895612 A CN110895612 A CN 110895612A
Authority
CN
China
Prior art keywords
operating system
data
decryption
data corresponding
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811067794.8A
Other languages
Chinese (zh)
Other versions
CN110895612B (en
Inventor
魏明业
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201811067794.8A priority Critical patent/CN110895612B/en
Priority to PCT/CN2019/105293 priority patent/WO2020052579A1/en
Publication of CN110895612A publication Critical patent/CN110895612A/en
Application granted granted Critical
Publication of CN110895612B publication Critical patent/CN110895612B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Abstract

The application discloses an unlocking method, an unlocking device and terminal equipment, wherein the method comprises the following steps: acquiring first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked; checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result; and unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly.

Description

Unlocking method and device and terminal equipment
Technical Field
The present application relates to an unlocking technology, and in particular, to an unlocking method and apparatus for an operating system, and a terminal device.
Background
As terminal devices are continuously developed, the forms presented by the terminal devices are more and more abundant. From the perspective of the operating system and the display screen, the terminal device has the form of a single-screen dual-operating system or the form of a dual-screen single-operating system. The single-screen dual-operating system means that the terminal device has one display screen and two operating systems, however, the display screen can only load the interface of one operating system, and cannot load the interfaces of two operating systems at the same time, and when the user unlocks the terminal device of the single-screen dual-operating system, the user only inputs the password of one operating system, for example: if the password of the first operating system is input, unlocking the first operating system; if the password of the second operating system is input, unlocking of the second operating system is achieved, and the security verification parts between the two operating systems are independent. The double-screen single-operation system means that the terminal equipment is provided with two display screens and an operation system, the two display screens can load different interfaces of the operation system, such as interfaces of different Applications (APP), and when a user unlocks the terminal equipment of the double-screen single-operation system, only the password of the single operation system needs to be input. The unlocking mode of the terminal device is only for one operating system, the safety is very low, and once the safety information of the operating system is leaked, the operating system is easy to be invaded by illegal personnel.
Disclosure of Invention
The embodiment of the application provides an unlocking method and device and terminal equipment.
The unlocking method provided by the embodiment of the application comprises the following steps:
acquiring first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked;
checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result;
and unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly.
The unlocking device provided by the embodiment of the application comprises:
the device comprises a collecting unit (1001) and a control unit, wherein the collecting unit is used for collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, and the first operating system is an operating system to be unlocked;
a checking unit (1002) for checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result;
and the unlocking unit (1003) is used for unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly.
The terminal device provided by the embodiment of the application comprises: the processor is used for calling and running the computer program stored in the memory, and the unlocking method is executed.
The chip provided by the embodiment of the application comprises: and the processor is used for calling and running the computer program from the memory so that the equipment provided with the chip executes the unlocking method.
The computer-readable storage medium provided in the embodiments of the present application is used for storing a computer program, and the computer program enables a computer to execute the unlocking method.
The computer program product provided by the embodiment of the present application includes computer program instructions, and the computer program instructions enable a computer to execute the unlocking method.
According to the computer program provided by the embodiment of the application, the computer program enables a computer to execute the unlocking method.
In the technical scheme of the embodiment of the application, the terminal device has a double-display-area double-operating-system form, two display areas of the terminal device can simultaneously load interfaces of two operating systems, the two operating systems are respectively a first operating system and a second operating system, and when a user needs to unlock the first operating system, first decryption data corresponding to the first operating system and second decryption data corresponding to the second operating system are collected; checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result; and unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly. By adopting the technical scheme of the embodiment of the application, when any one of the dual operating systems is unlocked, both decryption data of the dual operating systems need to be verified, that is, the two operating systems need to cooperate to complete the final unlocking operation, so that the safety of the terminal equipment is improved.
Drawings
The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed herein.
Fig. 1 is a first schematic flowchart of an unlocking method according to an embodiment of the present application;
fig. 2 is a first structural block diagram of a dual operating system according to an embodiment of the present disclosure;
fig. 3 is a structural block diagram ii of a dual operating system according to an embodiment of the present application;
fig. 4 is a schematic flowchart of acquiring encrypted data according to an embodiment of the present application;
fig. 5 is a second flowchart illustrating an unlocking method according to an embodiment of the present application;
FIG. 6 is a first schematic view of an unlocking interface provided in the embodiments of the present application;
FIG. 7 is a second schematic view of an unlocking interface provided in the embodiments of the present application;
FIG. 8 is a third schematic view of an unlocking interface provided in the embodiments of the present application;
FIG. 9 is a fourth schematic view of an unlocking interface provided in the embodiments of the present application;
fig. 10 is a schematic structural component view of an unlocking device provided in an embodiment of the present application
Fig. 11 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a chip according to an embodiment of the present application.
Detailed Description
The technical scheme of the embodiment of the application is suitable for the terminal equipment with double display areas and double operating systems, and the terminal equipment can be mobile phones, tablet computers, palm computers, game machines and other equipment. The terminal equipment with the double display areas and the double operating systems loads the two operating systems on the two display areas respectively, the two operating systems are independent from each other, and a user can operate the two operating systems at the same time, so that the user experience is facilitated. The dual display area may be implemented by two independent physical screens, or one screen having two independent display areas, for example, a screen with a larger size or a flexible screen, which may implement two independent display areas.
Technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a first schematic flowchart of an unlocking method provided in an embodiment of the present application, and as shown in fig. 1, the unlocking method includes the following steps:
step 101: the method comprises the steps of collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked.
In the embodiment of the application, the terminal device has two operating systems, namely a first operating system and a second operating system. The first operating system and the second operating system may be the same type of operating system or different types of operating systems, for example: the first operating system and the second operating system are both android operating systems, or the first operating system and the second operating system are both iOS operating systems, or the first operating system is an android operating system and the second operating system is an iOS operating system, or the first operating system is an iOS operating system and the second operating system is an android operating system. Further, if the first operating system and the second operating system are the same type of operating system, the system versions of the first operating system and the second operating system may be the same or different.
Referring to fig. 2, fig. 2 is a structural block diagram of a dual operating system, where an operating system 1 and an operating system 2 are isolated from each other, and there is no master-slave component, and no snooping and interaction can be performed directly between the operating system 1 and the operating system 2. The operating system 1, the operating system 2, and the User Manager are located in a Rich Execution Environment (REE), and the trusted application is located in a Trusted Execution Environment (TEE).
In the embodiment of the application, before first decrypted data corresponding to a first operating system and second decrypted data corresponding to a second operating system are acquired, a first screen locking interface is displayed on a first display area, and the first screen locking interface is used for acquiring the first decrypted data corresponding to the first operating system; displaying a second screen locking interface or a standby interface on a second display area, wherein the second screen locking interface or the standby interface is used for acquiring first decryption data corresponding to the first operating system, the second screen locking interface is displayed on the second display area when the second operating system is in a locked state, and the standby interface is displayed on the second display area when the second operating system is in an unlocked state.
In the embodiment of the present application, how to determine whether the currently unlocked operating system is the first operating system or the second operating system may be implemented in the following manner:
the first method is as follows: after the first decryption data and the second decryption data are collected, the first operating system is determined to be an operating system to be unlocked based on the first decryption data and the second decryption data.
Specifically, first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data are determined; and under the condition that the first timestamp information is earlier than the second timestamp information, the first operating system is an operating system to be unlocked.
For example, when the terminal device acquires the first decrypted data, it records the corresponding first timestamp information as T1, and when the terminal device acquires the second decrypted data, it records the corresponding second timestamp information as T2, and if T1 is earlier than T2 (i.e., T1 is less than T2), it is determined that the currently unlocked operating system is the first operating system.
The second method comprises the following steps: and determining that the first operating system is an operating system to be unlocked based on a first setting operation corresponding to the first operating system.
For example, the user may double-click on the first display area to trigger the first operating system to be the operating system to be unlocked. Or, the user may adjust the terminal device to a certain posture, so that after the gravity sensor or the gyroscope detects that the pose parameter of the terminal device meets the preset condition, the first operating system is triggered to be the operating system to be unlocked.
In the embodiment of the present application, the acquiring of the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system may be implemented in the following manner:
the first method is as follows: acquiring first decryption data corresponding to the first operating system on a first display area, wherein the first operating system sends the first decryption data to a security chip; and acquiring second decryption data corresponding to the second operating system on a second display area, wherein the second operating system sends the second decryption data to the security chip.
For example: the method comprises the steps that a first display area and a second display area of the terminal device are both touch display screens, the first display area is used for displaying an interface of a first operating system, the second display area is used for displaying an interface of a second operating system, a user inputs first decryption data on the first display area in a touch mode, the first display area collects the first decryption data, correspondingly, the first operating system obtains the first decryption data, and the first operating system sends the first decryption data to a security chip for verification; similarly, the user inputs second decrypted data in a touch mode on the second display area, the second display area acquires the second decrypted data, correspondingly, the second operating system acquires the second decrypted data, and the second operating system sends the second decrypted data to the security chip for verification.
In one embodiment, a sliding operation is obtained, wherein the starting position of the sliding operation is located in the first display area, and the ending position of the sliding operation is located in the second display area; acquiring initial position information of the sliding operation on the first display area, determining first decryption data corresponding to the first operating system based on the initial position information, and sending the first decryption data to a security chip by the first operating system; acquiring end position information of the sliding operation on the second display area, determining second decryption data corresponding to the second operating system based on the end position information, and sending the second decryption data to the security chip by the second operating system. Further, the start position information of the sliding operation corresponds to first digital information, the end position information of the sliding operation corresponds to second digital information, the first digital information is used as the first decryption data, and the second digital information is used as the second decryption data; or the start position information of the sliding operation corresponds to first letter information, the end position information of the sliding operation corresponds to second letter information, the first letter information is used as the first decryption data, and the second letter information is used as the second decryption data. Here, the first digital information and the second digital information may be the same digital information or different digital information. Similarly, the first letter information and the second letter information may be the same letter information or different letter information.
In a specific application process, a user slides from a first position on a first display area to a second position on a second display area, position information of the first position corresponds to first decryption data (namely first digital information or first letter information), and position information of the second position corresponds to second decryption data (namely second digital information or second letter information). Or, the user touches a first position on the first display area first and then touches a second position on the second display area, where the position information of the first position corresponds to the first decrypted data (i.e., the first digital information or the first letter information), and the position information of the second position corresponds to the second decrypted data (i.e., the second digital information or the second letter information).
In another embodiment, a sliding operation is obtained, wherein the starting position of the sliding operation is located in the first display area, and the ending position of the sliding operation is located in the second display area; collecting first fingerprint information of the sliding operation on the first display area to serve as first decryption data corresponding to the first operating system, wherein the first operating system sends the first decryption data to a security chip; and acquiring second fingerprint information of the sliding operation on the second display area as second decryption data corresponding to the second operating system, and sending the second decryption data to the security chip by the second operating system.
Here, the first display area and the second display area of the terminal device are both provided with a fingerprint acquisition device, the first display area is used for displaying an interface of a first operating system, the second display area is used for displaying an interface of a second operating system, a user presses the fingerprint acquisition area on the first display area, so that first decryption data is acquired, correspondingly, the first operating system acquires the first decryption data, and the first operating system sends the first decryption data to the security chip for verification; in a similar way, the user presses the fingerprint acquisition area on the second display area, so that second decryption data is acquired, correspondingly, the second operating system acquires the second decryption data, and the second operating system sends the second decryption data to the security chip for verification.
In a specific application process, a user slides from a fingerprint acquisition area on a first display area to a fingerprint acquisition area on a second display area, fingerprint information acquired on the first display area corresponds to first decryption data, and fingerprint information acquired on the second display area corresponds to second decryption data. Or, the user can press the fingerprint collection area on the first display area first, and then press the fingerprint collection area on the second display area, the fingerprint information collected on the first display area corresponds to the first decryption data, and the fingerprint information collected on the second display area corresponds to the second decryption data. It should be noted that the fingerprint information collected on the two display areas may be the same or different.
The second method comprises the following steps: acquiring first decryption data corresponding to the first operating system by using an image acquisition device, wherein the first operating system sends the first decryption data to a security chip; and acquiring second decryption data corresponding to the second operating system by using the image acquisition device, and sending the second decryption data to the security chip by using the second operating system.
In one embodiment, an image acquisition device is used for acquiring a first image, the first image is analyzed to obtain first decryption data corresponding to a first operating system, and the first operating system sends the first decryption data to a security chip; and acquiring a second image by using the image acquisition device, analyzing the second image to obtain second decryption data corresponding to the second operating system, and sending the second decryption data to a security chip by using the second operating system. Further, the first image is a first face image, and the second image is a second face image; or, the first image is a first iris image, and the second image is a second iris image. Here, the first face image and the second face image may be the same face image or different face images. Likewise, the first iris image and the second iris image may be the same iris image or different iris images.
For example: the terminal equipment is provided with an image acquisition device, such as a two-dimensional camera and a three-dimensional camera, a first display area is used for displaying an interface of a first operating system, a second display area is used for displaying an interface of a second operating system, the first operating system can call the image acquisition device to acquire face image information, correspondingly, the first operating system acquires first decryption data, and the first operating system sends the first decryption data to the security chip for verification; similarly, the second operating system may also call the image acquisition device to acquire the face image information, and accordingly, the second operating system acquires the second decrypted data, and sends the second decrypted data to the security chip for verification. It should be noted that the face image information acquired by the first operating system and the face image information acquired by the second operating system may be the same or different.
The above example is an example in which the image acquisition device acquires a face image, and the embodiment of the present application is not limited to this example, and the image acquisition device may also acquire other information, such as iris information, gesture information, and the like, as decryption data.
The third method comprises the following steps: acquiring first decryption data corresponding to the first operating system by using a sound acquisition device, wherein the first operating system sends the first decryption data to a security chip; and acquiring second decryption data corresponding to the second operating system by using the sound acquisition device, and sending the second decryption data to the security chip by using the second operating system.
For example: the terminal equipment is provided with a sound acquisition device, a first display area is used for displaying an interface of a first operating system, a second display area is used for displaying an interface of a second operating system, the first operating system can call the sound acquisition device to acquire semantic information and/or voiceprint information, correspondingly, the first operating system acquires first decryption data, and the first operating system sends the first decryption data to the security chip for verification; similarly, the second operating system may also call the sound collection device to collect semantic information and/or voiceprint information, and accordingly, the second operating system obtains the second decrypted data, and the second operating system sends the second decrypted data to the security chip for verification. It should be noted that the semantic information and/or the voiceprint information acquired by the first operating system may be the same as or different from the semantic information and/or the voiceprint information acquired by the second operating system.
Step 102: and checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result.
In the embodiment of the application, a security chip verifies whether the first decrypted data and the second decrypted data are correct to obtain a verification result, and the verification result is sent to the first operating system; and when the verification result shows that the first decrypted data and the second decrypted data are verified correctly, the first operating system performs unlocking operation.
In this embodiment of the application, if the operating system to be unlocked is determined based on the first setting operation, before the security chip verifies the first decrypted data and the second decrypted data, it may be further determined whether the first timestamp information corresponding to the first decrypted data and the second timestamp information corresponding to the second decrypted data are correct, and if the first timestamp information is earlier than the second timestamp information, it is verified whether the first decrypted data and the second decrypted data are correct, so as to obtain a verification result. And if the first timestamp information is later than the second timestamp information, the unlocking fails.
In the embodiment of the application, considering that the total time for completing one unlocking operation is limited, the time interval between the first timestamp information and the second timestamp information needs to be limited within a time length, for this reason, a time threshold value is set in the security chip, and if the time interval between the first timestamp information and the second timestamp information is less than or equal to the time threshold value, the security chip is triggered to verify whether the first decrypted data and the second decrypted data are correct, so as to obtain a verification result. In this way, terminal power consumption can be saved.
In the embodiment of the application, a security chip stores first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system in advance, the acquisition of the first encrypted data and the second encrypted data is the same as the acquisition of the first decrypted data and the second decrypted data, and a terminal device acquires the first encrypted data corresponding to the first operating system and the second encrypted data corresponding to the second operating system and stores the first encrypted data and the second encrypted data. The method can be specifically realized by the following steps:
the first method is as follows: acquiring first encrypted data corresponding to the first operating system on a first display area, wherein the first operating system sends the first encrypted data to a security chip; acquiring second encrypted data corresponding to the second operating system on a second display area, wherein the second operating system sends the second encrypted data to the security chip; the security chip stores the first encrypted data and the second encrypted data.
The second method comprises the following steps: acquiring first encrypted data corresponding to the first operating system by using an image acquisition device, and sending the first encrypted data to a security chip by using the first operating system; acquiring second encrypted data corresponding to the second operating system by using the image acquisition device, and sending the second encrypted data to the security chip by using the second operating system; the security chip stores the first encrypted data and the second encrypted data.
The third method comprises the following steps: acquiring first encrypted data corresponding to the first operating system by using a sound acquisition device, and sending the first encrypted data to a security chip by using the first operating system; acquiring second encrypted data corresponding to the second operating system by using the sound acquisition device, wherein the second operating system sends the second encrypted data to the security chip; the security chip stores the first encrypted data and the second encrypted data.
In this embodiment of the application, the content stored in the secure chip includes first encrypted data and second encrypted data, and further, the secure chip further stores a relationship (early-late relationship) between timestamp information corresponding to the first encrypted data and timestamp information corresponding to the second encrypted data. In addition, the aforementioned time threshold value may be set by the security chip, or may be determined based on the time stamp information of the two encrypted data.
After the security chip acquires first encrypted data and second encrypted data, comparing the first decrypted data with the first encrypted data, and if the first decrypted data is consistent with the first encrypted data, successfully verifying the first decrypted data; and comparing the second decrypted data with the second encrypted data, and if the second decrypted data is consistent with the second encrypted data, the second decrypted data is verified successfully.
Step 103: and unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly.
In the embodiment of the application, after the first operating system is unlocked, the first operating system enters a main interface, or a desktop, or an operating interface of the last time before the unlocking.
The above technical solution of the embodiment of the present application takes unlocking the first operating system as an example, and the manner of unlocking the second operating system is the same as that of the first operating system. The embodiment of the application has the advantages that the operating systems are conveniently and easily operated in a double-operating-system interaction mode, the sensory property of a user is strong, and the safety is higher when the information of the two operating systems is interacted for unlocking.
In the foregoing solution of the embodiment of the application, before unlocking the first operating system, the first operating system is in a locked state (or referred to as an unlocked state) by default, and the second operating system may be in an unlocked state or a locked state.
For the UI, 1) if the two operating systems are both in the locked state, and after the unlocked state is triggered (the unlocked state may be triggered by a touch screen or by a specific key), the first display area displays the unlocking manner (e.g., numbers, characters, fingerprints, voiceprints, face recognition, etc.) of the first operating system, and the second display area displays the unlocking manner (e.g., numbers, characters, fingerprints, voiceprints, face recognition, etc.) of the second operating system, and if the operating system to be unlocked is the first operating system, the unlocking manner of the second operating system may also be virtual characters (e.g., a virtual frame), the user drags the unlocking manner on the first display area to the unlocking manner on the second display area, and it is considered that the first operating system is successfully unlocked; similarly, the user drags the unlocking mode on the second display area to the unlocking mode on the first display area, and the unlocking of the second operating system is considered to be successful. And (4) judging that the unlocking of the dual operating systems is successful when the two-way dragging unlocking modes of the user are successful. 2) If one operating system of the two operating systems is in a locked state (such as a first operating system) and the other operating system is in an unlocked state (such as a second operating system), after the unlocked state is triggered (the unlocked state can be triggered by touching a screen or the unlocked state can be triggered by a specific key), the first display area normally displays the unlocking mode of the first operating system, and the second display area displays the virtual unlocking mode of the second operating system, wherein the virtual unlocking mode is different from the unlocking mode of a policy, the difference is that the second operating system is in the unlocked state, and a user can operate the second operating system, and the same point is that the unlocking mode can be provided to assist in unlocking the first operating system, and in specific implementation, the virtual unlocking mode and the normal unlocking mode can be displayed through different UIs, and the user can obviously distinguish whether the corresponding operating system is in the unlocked state or the locked state, for example: the interface of the virtual unlocking mode is semitransparent, the interface of the normal unlocking mode is opaque, and for example, the following steps are performed: the interface of the virtual unlocking mode is displayed through a first theme color, and the interface of the normal unlocking mode is displayed through a second theme color.
For verification of decrypted data, after a user triggers corresponding unlocking operations on two display areas, the user monitors touch actions on the two display areas to judge which screen is the screen needing unlocking. And when the decrypted data from the two display areas monitored by the main screen and the auxiliary screen are both correct, unlocking the main screen.
The following describes a technical solution of the embodiment of the present application with reference to a dual operating system structure shown in fig. 2 and fig. 3, with reference to fig. 2, operations of an operating system 1 and an operating system 2 are respectively monitored through User Manager (User Manager), the operating system 1 and the operating system 2 respectively transmit obtained first unlocking data and second unlocking data to a TEE, that is, a security chip, the two unlocking data of the two operating systems are verified through the security chip, the operating system 1 is unlocked after the verification is successful, and the operating system 2 does not receive a verification result. Referring to fig. 3, in fig. 3, an android operating system is taken as an example, for a safer unlocking scheme, unlocking information can be acquired, and isolated operation of the two operating systems is not interfered, a Namespace (Namespace) can be adopted in the android operating system to monitor actions on the two android operating systems, the android operating system 1 and the android operating system 2 respectively transmit acquired first unlocking data and second unlocking data to a TEE, that is, a security chip, the two unlocking data of the two operating systems are verified through the security chip, the android operating system 1 (capable of receiving a verification result) is unlocked after verification is successful, and the android operating system 2 does not receive the verification result. The safety verification unlocking is ensured, and the independent operation of the two operating systems is also ensured.
Fig. 4 is a schematic view of a process of acquiring encrypted data according to an embodiment of the present application, where in this embodiment, as shown in fig. 4, the process of acquiring encrypted data includes the following steps:
step 401: and selecting the main screen and the auxiliary screen.
Here, a main screen of encrypted data to be acquired is selected, the other screen is an auxiliary screen of the encrypted data to be acquired, a system corresponding to the main screen is an encrypted main system, a system corresponding to the auxiliary screen is an encrypted auxiliary verification system, and if the encrypted main system is a system 1, the encrypted auxiliary verification system is a system 2.
Here, the home screen may be determined by a user setting operation. For example: the action of the user of firstly long pressing and then dragging is automatically recorded as a main screen, and the system where the main screen is located is a system 1; the action record of dragging first and then pressing for a long time is the auxiliary screen, and the system where the auxiliary screen is located is the system 2. The system where the main screen is located has the right to obtain the verification result from the TEE (also called a security chip), while the system where the auxiliary screen is located has the right to decrypt data transmission only and does not have the right to obtain the verification result from the TEE. Once the main screen is set, the main screen can not be changed for the second time unless a legal user releases the screen lock or replaces the user lock.
Step 402: first encrypted data is acquired from the system 1 in which the home screen is located.
Here, the first encrypted data may be at least one of: number, character, fingerprint, voiceprint, face recognition. Taking a digital unlocking mode as an example, if the first encrypted data is an information character 8 on the main screen, the first system stores the encrypted information corresponding to the first encrypted data 8 or 8; taking a fingerprint unlocking mode as an example, if the first encrypted data is fingerprint information 1 on the main screen, the first system stores the first encrypted data as the fingerprint information 1 or encrypted information corresponding to the fingerprint information 1.
Step 403: and acquiring second encrypted data from the system 2 where the auxiliary screen is located.
Here, the second encrypted data may be at least one of: number, character, fingerprint, voiceprint, face recognition. Taking a digital unlocking mode as an example, if the second encrypted data is an information character 4 on the main screen, the second system stores the encrypted information corresponding to the second encrypted data 4 or 4; taking a fingerprint unlocking mode as an example, if the first encrypted data is fingerprint information 2 on the main screen, the second system stores the second encrypted data as the fingerprint information 2 or encrypted information corresponding to the fingerprint information 2.
Step 404: the first encrypted data corresponding to the home screen is stored in the TEE as verification data of the first decrypted data (obtained by the system 1) used to unlock the home screen (system 1).
Step 405: the second encrypted data corresponding to the secondary screen is stored in the TEE as verification data for the second decrypted data (obtained by system 2) used to unlock the primary screen (system 1).
It is noted that the decryption data for unlocking the home screen (system 1) needs to be implemented by cooperation of the first decryption data obtained by the system 1 and the second decryption data obtained by the system 2.
Further, time stamp information that requires the acquisition time 1 of the first decrypted data (obtained by the system 1) for unlocking the main screen (system 1) to be earlier than the acquisition time 2 of the second decrypted data (obtained by the system 2) for unlocking the main screen (system 1) may be acquired based on the acquisition time of the first encrypted data and the acquisition time of the second encrypted data, and the acquisition time 1 and the acquisition time 2 need to be within a certain time length range.
In addition, in the above scheme, both the system 1 and the system 2 where the main screen and the auxiliary screen are located have a receiving identification bit, and the receiving identification bit is used for identifying whether the system can receive the checking result fed back by the TEE. Further, in the process of acquiring the encrypted data, the receiving identification bits of the system 1 and the system 2 are both set to be incapable of receiving the check result fed back by the TEE, until the unlocking process is started and the main system needing unlocking is confirmed, the receiving identification bit of the main system is set to be capable of receiving the check result fed back by the TEE, and the receiving identification bit of the auxiliary system is still set to be incapable of receiving the check result fed back by the TEE.
The scheme completes the acquisition of the encrypted data of one system, and the acquisition mode of the encrypted data of the other system is the same as the process.
Fig. 5 is a second flowchart of an unlocking method provided in the embodiment of the present application, and as shown in fig. 5, the unlocking method includes the following steps:
step 501: the unlocked state of the screen 1 is triggered.
Here, the manner of triggering the unlocked state of the screen 1 includes, but is not limited to, the following manners:
lightening the screen 1, touching a specific area of the screen 1, and continuously clicking the screen 1.
Step 502: and judging whether the screen 1 is in the unlocked state, and directly jumping to the step 504 if the screen 1 is not in the unlocked state.
Step 503: the screen 1 displays a virtual unlocking manner.
Since the screen 1 is in the unlocked state, the displayed unlocking manner is different from the unlocking manner in the locked state, and the unlocking manner in the unlocked state is referred to as a virtual unlocking manner.
Step 504: and monitoring the screen state.
Step 505: and judging whether the screen 1 is a main screen or an auxiliary screen.
Here, the primary screen is a screen that needs to be unlocked, the primary screen is capable of receiving the verification result fed back by the TEE, and the secondary screen is incapable of receiving the verification result fed back by the TEE.
In one example, the method for determining whether the screen 1 is the main screen or the auxiliary screen may be implemented as follows: if the actions of firstly long pressing and then dragging are collected on the screen 1, the screen 1 is automatically recorded as a main screen; and if the action of firstly dragging and then long pressing is collected on the screen 1, recording the screen 1 as an auxiliary screen.
Step 506: the system where the main screen is located monitors unlocking information, monitors timestamp information and transmits the timestamp information to the TEE, and sets a receiving identification bit to be 1.
Here, the reception identification bit of the system is 1, which represents that the check result from the TEE feedback is allowed (can) be received.
Here, the unlocking information is also decryption data, and includes unlocking characters, unlocking pattern information, unlocking fingerprint information, and the like.
Step 507: the system where the auxiliary screen is located monitors unlocking information, monitors timestamp information and transmits the timestamp information to the TEE, and sets a receiving identification bit to be 0.
Here, the reception identification bit of the system is 0, which represents that the check result from the TEE feedback is not allowed (cannot be) received.
Here, the unlocking information is also decryption data, and includes unlocking characters, unlocking pattern information, unlocking fingerprint information, and the like.
Step 508: and judging the timestamp information.
Here, the timestamp information may be set or derived from the collection of encrypted data or from the positive and negative difference of the collected unlock velocity samples.
The time stamp information of the characters monitored by the main screen indicates the time of the main screen action, and the time stamp information of the characters monitored by the auxiliary screen indicates the time of the auxiliary screen action.
Step 509: and if the time of the main screen action is later than that of the auxiliary screen action, the unlocking is failed, and the information of the main system unlocking failure is returned.
Step 510: and if the screen action time is earlier than the auxiliary screen action time, judging the time interval of the unlocking actions of the two systems. If the value is larger than the threshold value, the step 509 is skipped to, the unlocking is failed, and the information of the unlocking failure of the main system is returned.
Step 511: and if the time interval of the unlocking actions of the two systems is smaller than the threshold value, the TEE verifies the unlocking information of the main screen.
Step 512: and judging whether the unlocking information of the main screen is correct or not.
If the unlocking information of the main screen is incorrect, the step 509 is skipped to, and the verification result is fed back to the system where the main screen is located. And after the system where the main screen is located reads the receiving identification position, a verification result is obtained, and unlocking fails.
Step 513: and if the unlocking information of the main screen is correct, the TEE verifies the unlocking information of the auxiliary screen.
Step 514: and judging whether the auxiliary screen unlocking information is correct or not.
If the unlocking information of the auxiliary screen is incorrect, the step 509 is skipped to, and the verification result is fed back to the system where the main screen is located. And after the system where the main screen is located reads the acquired identification bit, acquiring a verification result, and failing to unlock.
Step 515: and if the auxiliary screen unlocking information is correct, feeding back the verification result to the system where the main screen is located. And after the system where the main screen is located reads the receiving identification position, a verification result is obtained, and unlocking is successful.
The technical solution of the embodiment of the present application is described below with reference to a User Interface (UI).
Although the two systems are unlocked, the method has smooth operation from the perspective of user experience, and interactive unlocking of the two systems is more like completing interaction of one double screen for a user when the unlocking operation is performed. Simple operation and clear sense.
Application example 1
The user selects a system to be unlocked, referring to fig. 6, the screen corresponding to the system to be unlocked is the main screen, and the other screen is automatically the auxiliary screen. In this example, the main screen displays the unlocking number, the auxiliary screen displays the virtual frame, and the user can drag the unlocking number to the designated position of the auxiliary screen on the main screen to complete the unlocking of the main screen. For example: and setting the unlocking number to be 8, and setting the unlocking position to be the position corresponding to the virtual frame in the second row and the first column (namely the position corresponding to the number 4), so that the user drags the position of the virtual frame in the second row and the first column on the main screen (namely the position corresponding to the number 4) to finish unlocking the main screen. And the unlocking of the auxiliary screen is the same.
The above is only one interface display example, and in the actual setting, single-character multi-position unlocking may be set, or multi-character unit unlocking may be set, or multi-character multi-position unlocking may be set.
Alternatively, the virtual frame of the secondary screen may be a hidden misplaced number, such as 1, at the center of the screen.
Application example two
The user selects a system to be unlocked, referring to fig. 7, the screen corresponding to the system to be unlocked is the main screen, and the other screen is automatically the auxiliary screen. In this example, the main screen displays the unlocking character, the auxiliary screen displays the virtual frame, and the user can drag the unlocking character to the designated position of the auxiliary screen on the main screen to complete the unlocking of the main screen. For example: and setting the unlocking character as F and the unlocking position as the virtual frame corresponding to the N position, and dragging the F on the main screen to the position of the virtual frame corresponding to the N position on the auxiliary screen by the user to unlock the main screen. And the unlocking of the auxiliary screen is the same.
Application example three
The user selects a system to be unlocked, referring to fig. 8, the screen corresponding to the system to be unlocked is the main screen, and the other screen is automatically the auxiliary screen. In this example, the system where the main screen is located collects the fingerprint 1, the system where the auxiliary screen is located collects the fingerprint 2, the time for collecting the fingerprint 1 is earlier than the time for collecting the fingerprint 2, and after the TEE verifies that the fingerprint 1 and the fingerprint 2 are both successful, the main screen is unlocked. And the unlocking of the auxiliary screen is the same.
Application example four
The user selects a system to be unlocked, referring to fig. 9, the screen corresponding to the system to be unlocked is the main screen, and the other screen is automatically the auxiliary screen. In this example, the system where the main screen is located acquires face information 1 or iris information 1, the system where the auxiliary screen is located acquires face information 2 or iris information 2, the time for acquiring the face information 1 or the iris information 1 is earlier than the time for acquiring the face information 2 or the iris information 2, and the main screen is unlocked after the TEE verifies that both the face information 1 and the face information 2 are successful or both the iris information 1 and the iris information 2 are successful. And the unlocking of the auxiliary screen is the same.
According to the technical scheme of the embodiment of the application, the double-screen double-system can realize that two operating systems are loaded on one terminal (such as a mobile phone), the two operating systems are used simultaneously, the mutual calling of the authentication information of the other operating system can be realized to unlock the current system through the double-screen interactive unlocking, and the system authentication is safer. In addition, the double-screen interactive unlocking is more convenient for a user in sense, and the user operation is less. Further, misjudgment results are reduced through the timestamp information.
Fig. 10 is a schematic structural component view of an unlocking device provided in an embodiment of the present application, and as shown in fig. 10, the unlocking device includes:
the device comprises an acquisition unit 1001, a decryption unit and a decryption unit, wherein the acquisition unit is used for acquiring first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, and the first operating system is an operating system to be unlocked;
a checking unit 1002, configured to check whether the first decrypted data and the second decrypted data are correct, so as to obtain a checking result;
an unlocking unit 1003, configured to unlock the first operating system when the verification result indicates that the first decrypted data and the second decrypted data are verified correctly.
In one embodiment, the acquisition unit 1001 includes:
the first acquisition subunit is used for acquiring first decryption data corresponding to the first operating system on a first display area and sending the first decryption data to a security chip through the first operating system;
and the second acquisition subunit is used for acquiring second decryption data corresponding to the second operating system on a second display area, and sending the second decryption data to the security chip through the second operating system.
In an embodiment, the acquiring unit 1001 is configured to obtain a sliding operation, where a starting position of the sliding operation is located in the first display area, and an ending position of the sliding operation is located in the second display area;
the first acquisition subunit is configured to acquire start position information of the sliding operation on the first display area, determine first decryption data corresponding to the first operating system based on the start position information, and send the first decryption data to a security chip by the first operating system;
the second acquisition subunit is configured to acquire end position information of the sliding operation on the second display area, determine second decryption data corresponding to the second operating system based on the end position information, and send the second decryption data to the security chip by the second operating system.
The starting position information of the sliding operation corresponds to first digital information, the ending position information of the sliding operation corresponds to second digital information, the first digital information is used as the first decryption data, and the second digital information is used as the second decryption data; alternatively, the first and second electrodes may be,
the start position information of the sliding operation corresponds to first letter information, the end position information of the sliding operation corresponds to second letter information, the first letter information is used as the first decryption data, and the second letter information is used as the second decryption data.
In an embodiment, the acquiring unit 1001 is configured to obtain a sliding operation, where a starting position of the sliding operation is located in the first display area, and an ending position of the sliding operation is located in the second display area;
the first acquisition subunit is configured to acquire, on the first display area, first fingerprint information of the sliding operation, as first decryption data corresponding to the first operating system, where the first operating system sends the first decryption data to a security chip;
the second acquisition subunit is configured to acquire, on the second display area, second fingerprint information of the sliding operation as second decryption data corresponding to the second operating system, where the second operating system sends the second decryption data to the security chip.
In one embodiment, the acquisition unit 1001 includes:
the third acquisition subunit is used for acquiring first decryption data corresponding to the first operating system by using an image acquisition device and sending the first decryption data to the security chip through the first operating system;
and the fourth acquisition subunit is used for acquiring second decryption data corresponding to the second operating system by using the image acquisition device and sending the second decryption data to the security chip through the second operating system.
In an embodiment, the third acquiring subunit is configured to acquire a first image by using an image acquiring device, analyze the first image to obtain first decryption data corresponding to the first operating system, and send the first decryption data to a security chip by the first operating system;
the fourth acquisition subunit is configured to acquire a second image by using the image acquisition device, analyze the second image to obtain second decryption data corresponding to the second operating system, and send the second decryption data to the security chip by the second operating system.
The first image is a first face image, and the second image is a second face image; or, the first image is a first iris image, and the second image is a second iris image.
In an embodiment, the verifying unit 1002 is configured to verify whether the first decrypted data and the second decrypted data are correct through the security chip, obtain a verification result, and send the verification result to the first operating system;
the unlocking unit 1003 is configured to, when the verification result indicates that the first decrypted data and the second decrypted data are verified correctly, perform an unlocking operation by the first operating system.
In one embodiment, the apparatus further comprises:
a first determining unit 1004, configured to determine that the first operating system is an operating system to be unlocked based on the first decrypted data and the second decrypted data.
In an embodiment, the first determining unit 1004 is configured to determine first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data; and under the condition that the first timestamp information is earlier than the second timestamp information, the first operating system is an operating system to be unlocked.
In one embodiment, the apparatus further comprises:
a second determining unit 1005, configured to determine, based on the first setting operation corresponding to the first operating system, that the first operating system is an operating system to be unlocked.
In an embodiment, the second determining unit 1005 is further configured to determine first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data;
the checking unit 1002 is configured to check whether the first decrypted data and the second decrypted data are correct or not to obtain a check result when the first timestamp information is earlier than the second timestamp information.
In an embodiment, the checking unit 1002 is configured to, when the first timestamp information is earlier than the second timestamp information, check whether the first decrypted data and the second decrypted data are correct if a time interval between the first timestamp information and the second timestamp information is less than or equal to a time threshold value, so as to obtain a check result.
In an embodiment, the verifying unit 1002 is configured to compare the first decrypted data with first encrypted data, and if the first decrypted data is identical to the first encrypted data, the first decrypted data is verified successfully; and comparing the second decrypted data with the second encrypted data, and if the second decrypted data is consistent with the second encrypted data, the second decrypted data is verified successfully.
In an embodiment, the acquiring unit 1001 is further configured to acquire first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system;
the device further comprises: a storage unit 1006, configured to store the first encrypted data and the second encrypted data.
In an embodiment, the acquiring unit 1001 includes:
the first acquisition subunit is used for acquiring first encrypted data corresponding to the first operating system on a first display area and sending the first encrypted data to a security chip through the first operating system;
the second acquisition subunit is used for acquiring second encrypted data corresponding to the second operating system on a second display area and sending the second encrypted data to the security chip through the second operating system;
the storage unit is used for storing the first encrypted data and the second encrypted data through the security chip.
In an embodiment, the acquiring unit 1001 includes:
the third acquisition subunit is used for acquiring first encrypted data corresponding to the first operating system by using an image acquisition device and sending the first encrypted data to the security chip through the first operating system;
the fourth acquisition subunit is configured to acquire, by using the image acquisition device, second encrypted data corresponding to the second operating system, and send the second encrypted data to the security chip through the second operating system;
the storage unit is used for storing the first encrypted data and the second encrypted data through the security chip.
In one embodiment, the apparatus further comprises:
a display unit 1007, configured to display a first screen locking interface on a first display area, where the first screen locking interface is used to collect first decryption data corresponding to the first operating system; displaying a second screen locking interface or a standby interface on a second display area, wherein the second screen locking interface or the standby interface is used for acquiring first decryption data corresponding to the first operating system, the second screen locking interface is displayed on the second display area when the second operating system is in a locked state, and the standby interface is displayed on the second display area when the second operating system is in an unlocked state.
Those skilled in the art will appreciate that the functions implemented by the units in the unlocking device shown in fig. 10 can be understood by referring to the related description of the unlocking method. The functions of the units in the unlocking device shown in fig. 10 may be implemented by a program running on a processor, or may be implemented by specific logic circuits.
Fig. 11 is a schematic structural diagram of a terminal device 600 according to an embodiment of the present application, where the terminal device 600 shown in fig. 11 includes a processor 610, and the processor 610 may call and execute a computer program from a memory to implement the method according to the embodiment of the present application.
Optionally, as shown in fig. 11, the terminal device 600 may further include a memory 620. From the memory 620, the processor 610 may call and run a computer program to implement the method in the embodiment of the present application.
The memory 620 may be a separate device from the processor 610, or may be integrated into the processor 610.
Optionally, as shown in fig. 11, the terminal device 600 may further include a transceiver 630, and the processor 610 may control the transceiver 630 to communicate with other devices, and specifically, may transmit information or data to the other devices or receive information or data transmitted by the other devices.
The transceiver 630 may include a transmitter and a receiver, among others. The transceiver 630 may further include one or more antennas.
Fig. 12 is a schematic structural diagram of a chip of an embodiment of the present application. The chip 700 shown in fig. 12 includes a processor 710, and the processor 710 can call and run a computer program from a memory to implement the method in the embodiment of the present application.
Optionally, as shown in fig. 12, the chip 700 may further include a memory 720. From the memory 720, the processor 710 can call and run a computer program to implement the method in the embodiment of the present application.
The memory 720 may be a separate device from the processor 710, or may be integrated into the processor 710.
Optionally, the chip 700 may further include an input interface 730. The processor 710 may control the input interface 730 to communicate with other devices or chips, and in particular, may obtain information or data transmitted by other devices or chips.
Optionally, the chip 700 may further include an output interface 740. The processor 710 may control the output interface 740 to communicate with other devices or chips, and in particular, may output information or data to the other devices or chips.
Optionally, the chip may be applied to the network device in the embodiment of the present application, and the chip may implement the corresponding process implemented by the network device in each method in the embodiment of the present application, and for brevity, details are not described here again.
Optionally, the chip may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the chip may implement the corresponding process implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, and for brevity, no further description is given here.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as a system-on-chip, a system-on-chip or a system-on-chip, etc.
It should be understood that the processor of the embodiments of the present application may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of example, but not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data rate Synchronous Dynamic random access memory (DDR SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
It should be understood that the above memories are exemplary but not limiting illustrations, for example, the memories in the embodiments of the present application may also be Static Random Access Memory (SRAM), dynamic random access memory (dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (enhanced SDRAM, ESDRAM), Synchronous Link DRAM (SLDRAM), Direct Rambus RAM (DR RAM), and the like. That is, the memory in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The embodiment of the application also provides a computer readable storage medium for storing the computer program.
Optionally, the computer-readable storage medium may be applied to the network device in the embodiment of the present application, and the computer program enables the computer to execute the corresponding process implemented by the network device in each method in the embodiment of the present application, which is not described herein again for brevity.
Optionally, the computer-readable storage medium may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the computer program enables the computer to execute the corresponding process implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, which is not described herein again for brevity.
Embodiments of the present application also provide a computer program product comprising computer program instructions.
Optionally, the computer program product may be applied to the network device in the embodiment of the present application, and the computer program instructions enable the computer to execute corresponding processes implemented by the network device in the methods in the embodiment of the present application, which are not described herein again for brevity.
Optionally, the computer program product may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the computer program instructions enable the computer to execute the corresponding processes implemented by the mobile terminal/terminal device in the methods in the embodiment of the present application, which are not described herein again for brevity.
The embodiment of the application also provides a computer program.
Optionally, the computer program may be applied to the network device in the embodiment of the present application, and when the computer program runs on a computer, the computer is enabled to execute the corresponding process implemented by the network device in each method in the embodiment of the present application, and for brevity, details are not described here again.
Optionally, the computer program may be applied to the mobile terminal/terminal device in the embodiment of the present application, and when the computer program runs on a computer, the computer is enabled to execute the corresponding process implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, which is not described herein again for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (25)

1. An unlocking method, characterized in that the method comprises:
acquiring first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked;
checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result;
and unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly.
2. The method of claim 1, wherein the collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system comprises:
acquiring first decryption data corresponding to the first operating system on a first display area, wherein the first operating system sends the first decryption data to a security chip;
and acquiring second decryption data corresponding to the second operating system on a second display area, wherein the second operating system sends the second decryption data to the security chip.
3. The method according to claim 2, wherein first decryption data corresponding to the first operating system is collected on the first display area, and the first operating system sends the first decryption data to a security chip; acquiring second decryption data corresponding to the second operating system on a second display area, wherein the second operating system sends the second decryption data to the security chip, and the method comprises the following steps:
obtaining a sliding operation, wherein the starting position of the sliding operation is located in the first display area, and the ending position of the sliding operation is located in the second display area;
acquiring initial position information of the sliding operation on the first display area, determining first decryption data corresponding to the first operating system based on the initial position information, and sending the first decryption data to a security chip by the first operating system;
acquiring end position information of the sliding operation on the second display area, determining second decryption data corresponding to the second operating system based on the end position information, and sending the second decryption data to the security chip by the second operating system.
4. The method of claim 3,
the start position information of the sliding operation corresponds to first digital information, the end position information of the sliding operation corresponds to second digital information, the first digital information is used as the first decryption data, and the second digital information is used as the second decryption data; alternatively, the first and second electrodes may be,
the start position information of the sliding operation corresponds to first letter information, the end position information of the sliding operation corresponds to second letter information, the first letter information is used as the first decryption data, and the second letter information is used as the second decryption data.
5. The method according to claim 2, wherein first decryption data corresponding to the first operating system is collected on the first display area, and the first operating system sends the first decryption data to a security chip; acquiring second decryption data corresponding to the second operating system on a second display area, wherein the second operating system sends the second decryption data to the security chip, and the method comprises the following steps:
obtaining a sliding operation, wherein the starting position of the sliding operation is located in the first display area, and the ending position of the sliding operation is located in the second display area;
collecting first fingerprint information of the sliding operation on the first display area to serve as first decryption data corresponding to the first operating system, wherein the first operating system sends the first decryption data to a security chip;
and acquiring second fingerprint information of the sliding operation on the second display area as second decryption data corresponding to the second operating system, and sending the second decryption data to the security chip by the second operating system.
6. The method of claim 1, wherein the collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system comprises:
acquiring first decryption data corresponding to the first operating system by using an image acquisition device, wherein the first operating system sends the first decryption data to a security chip;
and acquiring second decryption data corresponding to the second operating system by using the image acquisition device, and sending the second decryption data to the security chip by using the second operating system.
7. The method according to claim 6, wherein the image acquisition device is used for acquiring first decryption data corresponding to the first operating system, and the first operating system sends the first decryption data to a security chip; acquiring second decryption data corresponding to the second operating system by using the image acquisition device, wherein the second operating system sends the second decryption data to the security chip, and the method comprises the following steps:
acquiring a first image by using an image acquisition device, analyzing the first image to obtain first decryption data corresponding to the first operating system, and sending the first decryption data to a security chip by the first operating system;
and acquiring a second image by using the image acquisition device, analyzing the second image to obtain second decryption data corresponding to the second operating system, and sending the second decryption data to a security chip by using the second operating system.
8. The method of claim 6,
the first image is a first face image, and the second image is a second face image; alternatively, the first and second electrodes may be,
the first image is a first iris image, and the second image is a second iris image.
9. The method according to any one of claims 2 to 8, wherein the verifying whether the first decrypted data and the second decrypted data are correct results in a verification result; when the verification result shows that the first decrypted data and the second decrypted data are verified correctly, unlocking the first operating system, including:
the security chip verifies whether the first decrypted data and the second decrypted data are correct or not to obtain a verification result, and sends the verification result to the first operating system;
and when the verification result shows that the first decrypted data and the second decrypted data are verified correctly, the first operating system performs unlocking operation.
10. The method of claim 1, further comprising:
and determining that the first operating system is an operating system to be unlocked based on the first decrypted data and the second decrypted data.
11. The method of claim 10, wherein determining that the first operating system is the operating system to be unlocked based on the first decrypted data and the second decrypted data comprises:
determining first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data;
and under the condition that the first timestamp information is earlier than the second timestamp information, the first operating system is an operating system to be unlocked.
12. The method of claim 1, further comprising:
and determining that the first operating system is an operating system to be unlocked based on a first setting operation corresponding to the first operating system.
13. The method according to claim 12, wherein said verifying whether said first decrypted data and said second decrypted data are correct, resulting in a verification result, comprises:
determining first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data;
and under the condition that the first timestamp information is earlier than the second timestamp information, checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result.
14. The method according to claim 11 or 13, wherein said verifying whether said first decrypted data and said second decrypted data are correct, resulting in a verification result, comprises:
and under the condition that the first timestamp information is earlier than the second timestamp information, if the time interval between the first timestamp information and the second timestamp information is less than or equal to a time threshold value, checking whether the first decrypted data and the second decrypted data are correct or not, and obtaining a checking result.
15. The method according to claim 14, wherein said verifying whether said first decrypted data and said second decrypted data are correct, resulting in a verification result, comprises:
comparing the first decrypted data with first encrypted data, and if the first decrypted data is consistent with the first encrypted data, the first decrypted data is verified successfully;
and comparing the second decrypted data with the second encrypted data, and if the second decrypted data is consistent with the second encrypted data, the second decrypted data is verified successfully.
16. The method of claim 15, further comprising:
the method comprises the steps of collecting first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system, and storing the first encrypted data and the second encrypted data.
17. The method of claim 16, wherein the collecting and storing first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system comprises:
acquiring first encrypted data corresponding to the first operating system on a first display area, wherein the first operating system sends the first encrypted data to a security chip;
acquiring second encrypted data corresponding to the second operating system on a second display area, wherein the second operating system sends the second encrypted data to the security chip;
the security chip stores the first encrypted data and the second encrypted data.
18. The method of claim 16, wherein the collecting and storing first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system comprises:
acquiring first encrypted data corresponding to the first operating system by using an image acquisition device, and sending the first encrypted data to a security chip by using the first operating system;
acquiring second encrypted data corresponding to the second operating system by using the image acquisition device, and sending the second encrypted data to the security chip by using the second operating system;
the security chip stores the first encrypted data and the second encrypted data.
19. The method of claim 1, wherein before collecting the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system, the method further comprises:
displaying a first screen locking interface on a first display area, wherein the first screen locking interface is used for acquiring first decryption data corresponding to the first operating system;
displaying a second screen locking interface or a standby interface on a second display area, wherein the second screen locking interface or the standby interface is used for acquiring first decryption data corresponding to the first operating system, the second screen locking interface is displayed on the second display area when the second operating system is in a locked state, and the standby interface is displayed on the second display area when the second operating system is in an unlocked state.
20. An unlocking device, characterized in that the device comprises:
the device comprises a collecting unit (1001) and a control unit, wherein the collecting unit is used for collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, and the first operating system is an operating system to be unlocked;
a checking unit (1002) for checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result;
and the unlocking unit (1003) is used for unlocking the first operating system when the verification result shows that the first decrypted data and the second decrypted data are verified correctly.
21. A terminal device, comprising: a processor and a memory for storing a computer program, the processor being configured to invoke and execute the computer program stored in the memory to perform the method of any of claims 1 to 19.
22. A chip, comprising: a processor for calling and running a computer program from a memory so that a device on which the chip is installed performs the method of any one of claims 1 to 19.
23. A computer-readable storage medium storing a computer program for causing a computer to perform the method of any one of claims 1 to 19.
24. A computer program product comprising computer program instructions to cause a computer to perform the method of any one of claims 1 to 19.
25. A computer program for causing a computer to perform the method of any one of claims 1 to 19.
CN201811067794.8A 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment Active CN110895612B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811067794.8A CN110895612B (en) 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment
PCT/CN2019/105293 WO2020052579A1 (en) 2018-09-13 2019-09-11 Unlocking method and device and terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811067794.8A CN110895612B (en) 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment

Publications (2)

Publication Number Publication Date
CN110895612A true CN110895612A (en) 2020-03-20
CN110895612B CN110895612B (en) 2023-08-11

Family

ID=69777409

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811067794.8A Active CN110895612B (en) 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment

Country Status (2)

Country Link
CN (1) CN110895612B (en)
WO (1) WO2020052579A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103339607A (en) * 2011-01-25 2013-10-02 摩托罗拉移动有限责任公司 Method and apparatus for locking and unlocking multiple operating system environments with a single gesture input
CN104536836A (en) * 2015-01-16 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Synchronous unlocking method and system based on double systems
CN104537291A (en) * 2015-01-09 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Screen interface unlocking method and screen interface unlocking device
CN105630277A (en) * 2015-06-02 2016-06-01 南京酷派软件技术有限公司 Screen unlocking method and unlocking device for terminal
CN106020838A (en) * 2016-05-27 2016-10-12 广东欧珀移动通信有限公司 Unlocking control method and mobile terminal
CN106250734A (en) * 2016-07-29 2016-12-21 努比亚技术有限公司 Double screen terminal and unlocking screen verification method
CN106991005A (en) * 2017-03-21 2017-07-28 北京小米移动软件有限公司 The switching method and device of operating system
CN108108600A (en) * 2017-12-28 2018-06-01 努比亚技术有限公司 Double screen safe verification method, mobile terminal and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156555B (en) * 2015-03-26 2019-04-02 西安酷派软件科技有限公司 Method and device for intersystem switching under multi-system terminal and multi-system terminal
CN105930701A (en) * 2016-05-16 2016-09-07 北京珠穆朗玛移动通信有限公司 System switching method, system switching apparatus and terminal
CN107480501A (en) * 2017-08-21 2017-12-15 北京珠穆朗玛移动通信有限公司 Unlocking method, mobile terminal and storage medium based on dual system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103339607A (en) * 2011-01-25 2013-10-02 摩托罗拉移动有限责任公司 Method and apparatus for locking and unlocking multiple operating system environments with a single gesture input
CN104537291A (en) * 2015-01-09 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Screen interface unlocking method and screen interface unlocking device
CN104536836A (en) * 2015-01-16 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Synchronous unlocking method and system based on double systems
CN105630277A (en) * 2015-06-02 2016-06-01 南京酷派软件技术有限公司 Screen unlocking method and unlocking device for terminal
CN106020838A (en) * 2016-05-27 2016-10-12 广东欧珀移动通信有限公司 Unlocking control method and mobile terminal
CN106250734A (en) * 2016-07-29 2016-12-21 努比亚技术有限公司 Double screen terminal and unlocking screen verification method
CN106991005A (en) * 2017-03-21 2017-07-28 北京小米移动软件有限公司 The switching method and device of operating system
CN108108600A (en) * 2017-12-28 2018-06-01 努比亚技术有限公司 Double screen safe verification method, mobile terminal and computer readable storage medium

Also Published As

Publication number Publication date
CN110895612B (en) 2023-08-11
WO2020052579A1 (en) 2020-03-19

Similar Documents

Publication Publication Date Title
US8752146B1 (en) Providing authentication codes which include token codes and biometric factors
US9626815B2 (en) Method for unlocking electronic device, and apparatus therefor
US9953183B2 (en) User verification using touch and eye tracking
US9384369B2 (en) Information processing method and electronic device
CN103927466A (en) Method and device for controlling mobile terminal
CN107480502A (en) Fingerprint identification method, device, mobile terminal and storage medium
CN101529366A (en) Identification and visualization of trusted user interface objects
CN106228054A (en) Auth method and device
CN109117616B (en) Verification method and device, electronic equipment and computer readable storage medium
CN105354455B (en) State switching method and electronic equipment
US20180114007A1 (en) Secure element (se), a method of operating the se, and an electronic device including the se
CN105184135A (en) Fingerprint recognition method and fingerprint recognition system
CN107862194A (en) A kind of method, device and mobile terminal of safety verification
CN111414605B (en) Unlocking method and device of embedded security unit, electronic equipment and storage medium
US11381561B2 (en) Operation authentication relay apparatus, method, and program
US20160188857A1 (en) Apparatus, login processing method, and medium
CN110099167A (en) Unlocking method and device
CN110502890B (en) Verification code processing method and device, electronic equipment and storage medium
CN110222492B (en) System switching method and device, computer equipment and computer readable storage medium
CN109829279B (en) Unlocking event processing method and related equipment
CN110895612B (en) Unlocking method and device and terminal equipment
US20140181958A1 (en) Secure and convenient authentication
CN109033848B (en) Method and system for safely operating stored data
US20150020165A1 (en) System of executing application and method thereof
US9992193B2 (en) High-safety user multi-authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant