CN111050316B - Card locking method and device, computer readable storage medium and terminal equipment - Google Patents

Card locking method and device, computer readable storage medium and terminal equipment Download PDF

Info

Publication number
CN111050316B
CN111050316B CN201911228736.3A CN201911228736A CN111050316B CN 111050316 B CN111050316 B CN 111050316B CN 201911228736 A CN201911228736 A CN 201911228736A CN 111050316 B CN111050316 B CN 111050316B
Authority
CN
China
Prior art keywords
hash
information
data information
value
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911228736.3A
Other languages
Chinese (zh)
Other versions
CN111050316A (en
Inventor
谢瀚武
钟晓芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huizhou TCL Mobile Communication Co Ltd
Original Assignee
Huizhou TCL Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huizhou TCL Mobile Communication Co Ltd filed Critical Huizhou TCL Mobile Communication Co Ltd
Priority to CN201911228736.3A priority Critical patent/CN111050316B/en
Publication of CN111050316A publication Critical patent/CN111050316A/en
Application granted granted Critical
Publication of CN111050316B publication Critical patent/CN111050316B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a card locking method and device, a computer readable storage medium and terminal equipment. The invention improves the safety of the mobile terminal by an encryption/decryption/verification mode without storing the original password. Even if the mobile terminal is cracked by others, the hash value can be obtained instead of the original password, so that the cracking difficulty of the mobile terminal is increased.

Description

Card locking method and device, computer readable storage medium and terminal equipment
Technical Field
The invention belongs to the technical field of card locking, and particularly relates to a card locking method and device, a computer readable storage medium and terminal equipment.
Background
At present, some operators need to perform a restricted operation on certain SIM (Subscriber Identity Module) cards, and once these restricted SIM (Subscriber Identity Module) cards are detected by a terminal device such as a data card or a personal computer, it is a common practice to perform a card locking operation on the restricted SIM cards. The limitation is to prohibit the use of the SIM cards of other operators on the mobile terminals issued by the operators while protecting the interests of the operators, so as to achieve the purpose of limiting competitors.
According to different storage positions of a card locking verification algorithm, the current card locking method is divided into a software protection measure and a software and hardware cooperation protection measure. Most mobile terminals have their own encryption means for the SIM lock card, for example, encryption/decryption/authentication using a password. Most vendors store and match passwords by 1) encrypting the password and storing it directly in flash memory (e.g., NVRAM), 2) decrypting the encrypted password to obtain the original password and comparing it to the password entered by the user when needed.
However, the above method has the disadvantage that the decrypted original password may be cracked by others in some way during the operation of the mobile terminal, and the security coefficient is not high enough.
How to effectively prevent others from cracking and even not obtaining the original password under the cracking condition becomes a key research project of related researchers to improve the safety of the mobile terminal.
Disclosure of Invention
The invention aims to provide a card locking method and a card locking device, which improve the safety of a mobile terminal by an encryption/decryption/verification mode without storing an original password. Even if the mobile terminal is cracked by others, the hash value can be obtained instead of the original password, so that the cracking difficulty of the mobile terminal is increased.
According to a first aspect of the present invention, there is provided a card locking method, comprising: acquiring first password information input by a user; calling first encrypted data information stored in a memory; decrypting the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, wherein the decrypted data information comprises a random salt value, a first hash data value and first hash authentication data information; generating second Hash authentication data information according to the decrypted data information and through a Hash operation message authentication code algorithm; judging whether the first hash authentication data information is equal to the second hash authentication data information; and when the first hash authentication data information and the second hash authentication data information are judged to be unequal, displaying first prompt information.
On the basis of the technical scheme, the invention can be further improved as follows.
Further, after the step of determining whether the first hash authentication data information is equal to a predetermined hash authentication data information, the method further includes: when the first hash authentication data information and the second hash authentication data information are judged to be equal, generating a second hash data value through a PDKDF2 algorithm according to the first password information and the random salt value information; judging whether the first hash data value and the second hash data value are equal; and when the first hash data value and the second hash data value are judged to be equal, displaying second prompt information.
Further, before the step of obtaining the first password information input by the user, the method further comprises: generating second password information; generating random salt value information; generating a first hash data value through a PDKDF2 algorithm according to the second password information and the random salt value information; generating first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm; and encrypting the first hash authentication data information through a advanced encryption standard encryption algorithm according to the random salt value, the first hash data value and the first hash authentication data information to generate first encrypted data information.
Further, after the step of encrypting by the advanced encryption standard encryption algorithm, the method further comprises: and transmitting and storing the first encrypted data information in a memory.
According to a second aspect of the present invention, there is provided a card lock device, comprising: the first password information acquisition unit is used for acquiring first password information input by a user; the first encrypted data information calling unit is connected with the first password information acquisition unit and used for calling the first encrypted data information stored in a memory; a decrypted data information obtaining unit, connected to the first encrypted data information invoking unit, for decrypting the first encrypted data information by using a advanced encryption standard encryption algorithm to obtain decrypted data information, where the decrypted data information includes a random salt value, a first hash data value, and first hash authentication data information; the second Hash authentication data information acquisition unit is connected with the decrypted data information acquisition unit and used for generating second Hash authentication data information according to the decrypted data information and through a Hash operation message authentication code algorithm; a first judging unit, connected to the second hash authentication data information obtaining unit and the decrypted data information obtaining unit, respectively, for judging whether the first hash authentication data information is equal to the second hash authentication data information; and the first prompt information display unit is connected with the first judgment unit and used for displaying first prompt information when the first hash data value and the second hash data value are judged to be equal.
Further, the apparatus further comprises: the second hash data value generating unit is connected with the first judging unit and used for generating a second hash data value according to the first password information and the random salt value information and through a PDKDF2 algorithm when the first hash authentication data information and the second hash authentication data information are judged to be equal; a second judging unit, connected to the second hash data value generating unit and the decrypted data information obtaining unit, for judging whether the first hash data value is equal to the second hash data value; and the second prompt information display unit is connected with the second judgment unit and is used for displaying second prompt information when the first hash data value and the second hash data value are judged to be equal.
Further, the apparatus further comprises: a second password information acquisition unit for generating a second password information; a random salt value acquisition unit for generating a random salt value information; a first hash data value generating unit, connected to the second password information obtaining unit and the random salt value obtaining unit, respectively, and configured to generate a first hash data value according to the second password information and the random salt value information and through a PDKDF2 algorithm; the first hash authentication data information generating unit is respectively connected with the first hash data value generating unit and the random salt value acquiring unit and is used for generating first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm; and the first encrypted data information unit generation unit is respectively connected with the random salt value acquisition unit, the first hash data value generation unit and the first hash authentication data information generation unit and is used for encrypting through a step encryption standard encryption algorithm according to the random salt value, the first hash data value and the first hash authentication data information so as to generate first encrypted data information.
Further, the apparatus further comprises: and the first encrypted data information transmission unit is connected with the first encrypted data information unit generation unit and used for transmitting and storing the first encrypted data information in a memory.
According to a third aspect of the present invention, the present invention also provides a computer-readable storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform the card locking method as described above.
According to a fourth aspect of the present invention, the present invention further provides a terminal device, including a processor and a memory, where the processor is electrically connected to the memory, the memory is used for storing instructions and data, and the processor is used for executing the steps in the above card locking method.
The invention has the beneficial effects that the embodiment of the invention provides a card locking method and a card locking device, and the security of a mobile terminal is improved through an encryption/decryption/verification mode without storing an original password. Even if the mobile terminal is cracked by others, the hash value can be obtained instead of the original password, so that the cracking difficulty of the mobile terminal is increased.
Drawings
The technical solution and other advantages of the present application will become apparent from the detailed description of the embodiments of the present application with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart illustrating steps of a card locking method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a step preceding step S110 shown in fig. 1.
Fig. 3 is a block diagram of a card locking device according to an embodiment of the present invention.
Fig. 4 is another structural block diagram of the card locking device according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It should be apparent that the described embodiments are only some embodiments of the present invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The terms "first," "second," "third," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the objects so described are interchangeable under appropriate circumstances. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions.
In particular embodiments, the drawings discussed below and the embodiments used to describe the principles of the present disclosure are by way of illustration only and should not be construed to limit the scope of the present disclosure. Those skilled in the art will understand that the principles of the present invention may be implemented in any suitably arranged system. Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. Further, a terminal according to an exemplary embodiment will be described in detail with reference to the accompanying drawings. Like reference symbols in the various drawings indicate like elements.
The terminology used in the detailed description is for the purpose of describing particular embodiments only and is not intended to be limiting of the inventive concepts. Unless the context clearly dictates otherwise, expressions used in the singular number encompass expressions in the plural number. In this specification, it will be understood that terms such as "comprising," "having," and "containing" are intended to specify the presence of stated features, integers, steps, acts, or combinations thereof, as disclosed in the specification, and are not intended to preclude the presence or addition of one or more other features, integers, steps, acts, or combinations thereof. Like reference symbols in the various drawings indicate like elements.
As shown in fig. 1, the present invention provides a card locking method, which includes: step S110, acquiring first password information input by a user; step S120, calling first encrypted data information stored in a memory; step S130, decrypting the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, wherein the decrypted data information comprises a random salt value, a first hash data value and first hash authentication data information; step S140, generating second hash authentication data information according to the decrypted data information and through a hash operation message authentication code algorithm; step S150, judging whether the first hash authentication data information is equal to the second hash authentication data information; step S160, when the first hash authentication data information and the second hash authentication data information are judged to be unequal, displaying a first prompt message.
Specifically, step S110: first password information input by a user is acquired.
In this step, the user may be prompted to enter a password CK' through an interface display on a mobile terminal. The mobile terminal is a mobile phone, a tablet computer, a wearable device (such as a smart band and a smart watch) and the like, and the mobile terminal can perform wireless communication and is provided with a touch screen.
Further, the password CK' is transmitted to a Modem system (Modem) of the mobile terminal. The Modem obtains the secret CK' input by the user. The software operating system belonging to the top layer of the mobile terminal receives the code CK 'and then transmits the code CK' to the hardware operating system belonging to the bottom layer of the mobile terminal, namely, the modulation and demodulation system. The modulation and demodulation system is mainly used for interaction between chips in the mobile terminal, interaction with external equipment through an antenna and the like.
Step S120, the first encrypted data information stored in a memory is called.
In this step, the Modem calls to read the SIM LOCK data stored in the memory NVRAM, where the SIM LOCK data is the first encrypted data information. A Non-Volatile Random Access Memory (NVRAM), a type of semiconductor Memory in which data can be retained after power is turned off.
Step S130, decrypting the first encrypted data information by using a advanced encryption standard encryption algorithm to obtain decrypted data information, where the decrypted data information includes a random salt value, a first hash data value, and first hash authentication data information.
In this step, the first encrypted data message is decrypted by the advanced encryption standard encryption algorithm to obtain a decrypted data message. The advanced encryption standard encryption algorithm is also called Rijndael encryption method in cryptography, and is a block encryption standard adopted by the U.S. Federal government. The decrypted data information comprises a random salt value salt, a first hash data value HCK and first hash authentication data information Hmac.
Step S140, generating second hash authentication data information according to the decrypted data information and by a hash operation message authentication code algorithm.
In this step, a hash operation message authentication code algorithm HMAC algorithm is used. HMAC is an abbreviation of key-dependent Hash-based Message Authentication Code (Hash-based Message Authentication Code), which is a method for performing Message Authentication based on a Hash function and a key. HMAC operations use a hash algorithm with a message M and a key K as inputs to generate a fixed-length message digest as an output. The security of HMAC is: (1) The keys used are agreed upon by both parties in advance and cannot be known by a third party. As a third party illegally intercepting information, the information that can be obtained is only the random number as a "challenge" and the HMAC result as a "response", and a key cannot be deduced from the two data. Since the key is not known, a consistent response cannot be imitated. (2) HMAC is significantly different from general encryption in that it is "transient", i.e. the authentication is only valid at that time.
Step S150, determining whether the first hash authentication data information is equal to the second hash authentication data information.
In this step, it is determined whether the first hash authentication data information and the second hash authentication data information are equal to each other, so as to perform different steps, which is described in detail below.
Step S160, when it is determined that the first hash authentication data information is not equal to the second hash authentication data information, displaying a first prompt message.
In this step, when it is determined that the first hash authentication data information and the second hash authentication data information are not equal to each other, a first prompt message, for example, a prompt that the user password is tampered, is displayed.
After step S160, the method further comprises the following steps:
in step S160, after determining whether the first hash authentication data information is equal to a predetermined hash authentication data information, the method further includes:
step S170: and when the first hash authentication data information and the second hash authentication data information are judged to be equal, generating a second hash data value through a PDKDF2 algorithm according to the first password information and the random salt value information.
In this step, the PDKDF2 algorithm is employed to generate the second hash data value. PBKDF2 (Password-Based Key Derivation Function) is a Function used to derive keys, which are commonly used to generate encrypted passwords.
Step S180: and judging whether the first hash data value is equal to the second hash data value.
Step S190: and when the first hash data value and the second hash data value are judged to be equal, displaying second prompt information.
The second prompt message is used for prompting the user that the password is correct.
In some other embodiments, when it is determined that the first hash value and the second hash value are equal, a third prompt message is displayed, for example, to prompt the user that the password is wrong.
The steps S110 to S190 are all performed during the mobile terminal booting stage. The security of the mobile terminal is improved through an encryption/decryption/verification mode without storing an original password. Even if the mobile terminal is cracked by others, the hash value can be obtained instead of the original password, so that the cracking difficulty of the mobile terminal is increased.
Referring to fig. 2, optionally, in this embodiment, before step S110 is implemented, the following steps may be included:
step S101: generating a second password message.
The second password is a random 20-bit SIM LOCK password generated by a tool, which may be abbreviated as CK.
Step S102: generating a random salt value information.
Salt (Salt), in cryptography, refers to inserting an arbitrarily fixed location of the hash content (e.g., the password) into a particular string prior to hashing. This way of adding strings to the hash is called "salting". The effect is to make the salted hash result different from the unsalted one, which adds extra security in different application scenarios. In most cases, salt is not required to be kept secret. The salt may be a randomly generated string, and the location of its insertion may or may not be arbitrary. The salt is usually implemented by adding a specific character to a specific position of a field to be hashed, and scrambling the original character string to generate a hash result, so as to enhance security. Herein, salt is denoted as "random salt value information". In this embodiment, random 16-bit random salt information is generated by a tool.
Step S103: and generating a first hash data value by a PDKDF2 algorithm according to the second password information and the random salt value information.
Using CK and salt as inputs, a PDKDF2 algorithm is used to generate a first hash value, HCK for short.
Step S104: and generating first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm.
In this step, salt and HCK are taken as inputs, and an HMAC algorithm is used to generate the Hmac value.
Step S105: and encrypting the random salt value, the first hash data value and the first hash authentication data information by an advanced encryption standard encryption algorithm to generate first encrypted data information.
Salt, HCK and Hmac are used as inputs and an encryption operation is performed using the AES algorithm to produce first encrypted data information.
Optionally, in step S106, the first encrypted data information is transmitted and stored in a memory.
In this step, the generated first encrypted data message is transmitted to and stored in a memory (e.g., NVRAM as described above).
In the execution process of the steps, namely in the operation process of the whole mobile terminal, the hash values of the Hmac and the HCK are always used for comparison, and the original password is not included.
Referring to fig. 3, the present invention provides a card locking device, which includes: a first password information obtaining unit 110, a first encrypted data information calling unit 120, a decrypted data information obtaining unit 130, a second hash authentication data information obtaining unit 140, a first judging unit 150, a first prompt information display unit 160, a second hash data value generating unit 170, a second judging unit 180, and a second prompt information display unit 190.
Specifically, the first password information obtaining unit 110 is configured to obtain first password information input by a user.
The first encrypted data information invoking unit 120 is connected to the first cryptographic information obtaining unit 110, and is configured to invoke the first encrypted data information stored in a memory.
The decrypted data information obtaining unit 130 is connected to the first encrypted data information invoking unit 120, and is configured to decrypt the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, where the decrypted data information includes a random salt value, a first hash data value, and first hash authentication data information. Advanced encryption standard encryption algorithm, also known as Rijndael encryption method in cryptography, is a block encryption standard adopted by the federal government in the united states.
The second hash authentication data information obtaining unit 140 is connected to the decrypted data information obtaining unit 130, and is configured to generate second hash authentication data information according to the decrypted data information and through a hash operation message authentication code algorithm. The Hash operation Message Authentication Code algorithm (HMAC) is an abbreviation of a Hash-based Message Authentication Code (Hash-based Message Authentication Code) related to a key, and is a method for performing Message Authentication based on a Hash function and a key. The HMAC operation uses a hash algorithm to take a message M and a key K as inputs and generate a fixed-length message digest as an output. The security of HMAC is: (1) The keys used are agreed upon by both parties in advance and cannot be known by a third party. As a third party illegally intercepting information, the information that can be obtained only has a random number as a "challenge" and an HMAC result as a "response", and a key cannot be deduced from the two data. Since the key is not known, a consistent response cannot be imitated. (2) HMAC is significantly different from general encryption in that it is "transient", i.e. the authentication is only valid at that time.
The first determining unit 150 is respectively connected to the second hash authentication data information obtaining unit 140 and the decrypted data information obtaining unit 130, and is configured to determine whether the first hash authentication data information is equal to the second hash authentication data information.
A first prompt information display unit 160, connected to the first determining unit 150, configured to display a first prompt information when the first hash data value is determined to be equal to the second hash data value.
And a second hash data value generating unit 170, connected to the first determining unit 150, configured to generate a second hash data value according to the first password information and the random salt value information and through a PDKDF2 algorithm when it is determined that the first hash authentication data information is equal to the second hash authentication data information. PBKDF2 (Password-Based Key Derivation Function) is a Function used to derive keys, which are commonly used to generate ciphers.
A second determining unit 180, connected to the second hash value generating unit 170 and the decrypted data information obtaining unit 130, configured to determine whether the first hash value is equal to the second hash value.
And a second prompt information display unit 190, connected to the second determining unit 180, configured to display a second prompt information when the first hash data value and the second hash data value are determined to be equal to each other.
In other embodiments, as shown in fig. 4, the apparatus further includes: a second password information acquisition unit 101, a random salt value acquisition unit 102, a first hash data value generation unit 103, a first hash authentication data information generation unit 104, a first encrypted data information unit generation unit 105, and a first encrypted data information transmission unit 106.
The second password information obtaining unit 101 is configured to generate second password information;
the random salt value obtaining unit 102 is configured to generate a random salt value information.
The first hash data value generating unit 103 is connected to the second password information obtaining unit 101 and the random salt value obtaining unit 102, and configured to generate a first hash data value according to the second password information and the random salt value information and through a PDKDF2 algorithm.
The first hash authentication data information generating unit 104 is connected to the first hash data value generating unit 103 and the random salt value obtaining unit 102, and configured to generate first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm.
The first encrypted data information unit generating unit 105 is respectively connected to the random salt value obtaining unit 102, the first hash data value generating unit 103, and the first hash authentication data information generating unit 104, and is configured to encrypt the first hash authentication data information according to the random salt value, the first hash data value, and the first hash authentication data information and by using a advanced encryption standard encryption algorithm, so as to generate first encrypted data information.
Optionally, the first encrypted data information transmitting unit 106 is connected to the first encrypted data information unit generating unit 105, and is configured to transmit and store the first encrypted data information in a memory.
Referring to fig. 5, an embodiment of the present invention further provides a terminal device 200, where the terminal device 200 may be a mobile phone, a tablet, a computer, or other devices. As shown in fig. 5, the terminal device 200 includes a processor 201 and a memory 202. The processor 201 is electrically connected to the memory 202.
The processor 201 is a control center of the terminal device 200, connects various parts of the entire terminal device using various interfaces and lines, and performs various functions of the terminal device and processes data by running or loading an application program stored in the memory 202 and calling data stored in the memory 202, thereby integrally monitoring the terminal device.
In this embodiment, the terminal device 200 is provided with a plurality of memory partitions, the plurality of memory partitions includes a system partition and a target partition, the processor 201 in the terminal device 200 loads instructions corresponding to processes of one or more applications into the memory 202 according to the following steps, and the processor 201 runs the applications stored in the memory 202, thereby implementing various functions:
acquiring first password information input by a user; calling first encrypted data information stored in a memory; decrypting the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, wherein the decrypted data information comprises a random salt value, a first hash data value and first hash authentication data information; generating second Hash authentication data information according to the decrypted data information and through a Hash operation message authentication code algorithm; judging whether the first hash authentication data information is equal to the second hash authentication data information; and when the first hash authentication data information and the second hash authentication data information are judged to be unequal, displaying first prompt information.
Fig. 6 shows a specific structural block diagram of the terminal device 300 according to an embodiment of the present invention, where the terminal device 300 may be used to implement the multi-screen display method provided in the foregoing embodiment. The terminal device 300 may be a mobile phone or a tablet.
The RF circuit 310 is used for receiving and transmitting electromagnetic waves, and performing interconversion between the electromagnetic waves and electrical signals, thereby communicating with a communication network or other devices. RF circuit 310 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. RF circuit 310 may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices over a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The Wireless network may use various Communication standards, protocols and technologies, including but not limited to Global System for Mobile Communication (GSM), enhanced Data GSM Environment (EDGE), wideband Code Division Multiple Access (WCDMA), code Division Multiple Access (CDMA), time Division Multiple Access (TDMA), wireless Fidelity (Wi-Fi) (such as IEEE802.11a, IEEE802.11 b, IEEE802.11g and/or IEEE802.11 n), internet telephony (VoIP), world Interoperability for Microwave, and other suitable protocols for instant messaging, including any other protocols not currently developed.
The memory 320 may be used to store software programs and modules, such as program instructions/modules corresponding to the card locking method in the foregoing embodiment, and the processor 380 executes various functional applications and data processing by running the software programs and modules stored in the memory 320, so as to implement the card locking function. The memory 320 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 320 may further include memory located remotely from processor 380, which may be connected to terminal device 300 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input unit 330 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, the input unit 330 may include a touch-sensitive surface 331 as well as other input devices 332. Touch-sensitive surface 331, also referred to as a touch screen or touch pad, may collect touch operations by a user on or near the touch-sensitive surface 331 (e.g., operations by a user on or near the touch-sensitive surface 331 using a finger, stylus, or any other suitable object or attachment), and actuate the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface 331 may include both touch sensing devices and touch controllers. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 380, and can receive and execute commands sent by the processor 380. Additionally, the touch sensitive surface 331 may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. The input unit 330 may include other input devices 332 in addition to the touch-sensitive surface 331. In particular, other input devices 332 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 340 may be used to display information input by or provided to the user and various graphic user interfaces of the terminal apparatus 300, which may be configured of graphics, text, icons, video, and any combination thereof. The Display unit 340 may include a Display panel 341, and optionally, the Display panel 341 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, touch-sensitive surface 331 may overlay display panel 341, and when touch-sensitive surface 331 detects a touch event thereon or thereabout, it may be passed to processor 380 for determining the type of touch event, and processor 380 may then provide a corresponding visual output on display panel 341 in accordance with the type of touch event. Although in fig. 6 touch-sensitive surface 331 and display panel 341 are implemented as two separate components for input and output functions, in some embodiments touch-sensitive surface 331 and display panel 341 may be integrated for input and output functions.
The terminal device 300 may also include at least one sensor 350, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 341 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 341 and/or the backlight when the terminal device 300 is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the mobile phone is stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which may be further configured in the terminal device 300, further description is omitted here.
Audio circuitry 360, speaker 361, microphone 362 may provide an audio interface between a user and terminal device 300. The audio circuit 360 may transmit the electrical signal converted from the received audio data to the speaker 361, and the audio signal is converted by the speaker 361 and output; on the other hand, the microphone 362 converts the collected sound signal into an electrical signal, which is received by the audio circuit 360 and converted into audio data, which is then processed by the audio data output processor 380 and then transmitted to, for example, another terminal via the RF circuit 310, or the audio data is output to the memory 320 for further processing. The audio circuit 360 may also include an earbud jack to provide communication of peripheral headphones with the terminal device 300.
The terminal device 300 may assist the user in e-mail, web browsing, streaming media access, etc. through the transmission module 370 (e.g., a Wi-Fi module), which provides the user with wireless broadband internet access. Although fig. 6 shows the transmission module 370, it is understood that it does not belong to the essential constitution of the terminal device 300, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 380 is a control center of the terminal device 300, connects various parts of the entire mobile phone using various interfaces and lines, and performs various functions of the terminal device 300 and processes data by running or executing software programs and/or modules stored in the memory 320 and calling data stored in the memory 320, thereby performing overall monitoring of the mobile phone. Optionally, processor 380 may include one or more processing cores; in some embodiments, processor 380 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 380.
Terminal device 300 also includes a power supply 390 (e.g., a battery) for powering the various components, which may be logically coupled to processor 380 via a power management system in some embodiments to manage charging, discharging, and power consumption management functions via the power management system. The power supply 390 may also include any component including one or more of a dc or ac power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
Although not shown, the terminal device 300 may further include a camera (e.g., a front camera, a rear camera), a bluetooth module, and the like, which are not described in detail herein. Specifically, in this embodiment, the display unit of the terminal device is a touch screen display, the terminal device further includes a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the one or more processors, where the one or more programs include instructions for:
acquiring first password information input by a user; calling first encrypted data information stored in a memory; decrypting the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, wherein the decrypted data information comprises a random salt value, a first hash data value and first hash authentication data information; generating second Hash authentication data information according to the decrypted data information and through a Hash operation message authentication code algorithm; judging whether the first hash authentication data information is equal to the second hash authentication data information; and when the first hash authentication data information and the second hash authentication data information are judged to be unequal, displaying first prompt information.
In specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily, and implemented as the same or several entities, and specific implementations of the above modules may refer to the foregoing method embodiment, which is not described herein again.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor. To this end, the present invention provides a storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps in any one of the card locking methods provided by the embodiments of the present invention.
Wherein the storage medium may include: read Only Memory (ROM), random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium may execute the steps in any card locking method provided in the embodiments of the present invention, beneficial effects that can be achieved by any card locking method provided in the embodiments of the present invention can be achieved, which are detailed in the foregoing embodiments and will not be described herein again. The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
The embodiment of the invention provides a card locking method and a card locking device, which improve the safety of a mobile terminal by an encryption/decryption/verification mode without storing an original password. Even if the mobile terminal is cracked by others, the hash value can be obtained instead of the original password, so that the cracking difficulty of the mobile terminal is increased.
The card locking method and apparatus, the computer readable storage medium, and the terminal device provided in the embodiments of the present invention are described in detail above, and specific embodiments are applied in this document to explain the principle and the implementation manner of the present invention, and the description of the embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (9)

1. A card locking method is characterized by comprising the following steps:
acquiring first password information input by a user;
calling first encrypted data information stored in a memory;
decrypting the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, wherein the decrypted data information comprises a random salt value, a first hash data value and first hash authentication data information;
generating second Hash authentication data information according to the decrypted data information and through a Hash operation message authentication code algorithm;
judging whether the first hash authentication data information is equal to the second hash authentication data information; and
when the first hash authentication data information and the second hash authentication data information are judged to be unequal, displaying first prompt information to prompt a user that a password is tampered, wherein before the step of acquiring the first password information input by the user, the method comprises the following steps:
generating second password information;
generating random salt value information;
generating a first hash data value through a PDKDF2 algorithm according to the second password information and the random salt value information;
generating first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm; and
and encrypting the first hash authentication data information through a advanced encryption standard encryption algorithm according to the random salt value, the first hash data value and the first hash authentication data information to generate first encrypted data information.
2. The card locking method according to claim 1, further comprising, after the step of determining whether the first hash authentication data information is equal to a predetermined hash authentication data information:
when the first hash authentication data information and the second hash authentication data information are judged to be equal, generating a second hash data value through a PDKDF2 algorithm according to the first password information and the random salt value information;
judging whether the first hash data value is equal to the second hash data value; and
and when the first hash data value and the second hash data value are judged to be equal, displaying second prompt information to prompt a user that the password is correct.
3. The card locking method of claim 1, further comprising, after the step of encrypting by the advanced encryption standard encryption algorithm:
and transmitting and storing the first encrypted data information in a memory.
4. A card locking device is characterized by comprising:
the first password information acquisition unit is used for acquiring first password information input by a user;
the first encrypted data information calling unit is connected with the first password information acquisition unit and used for calling the first encrypted data information stored in a memory;
a decrypted data information obtaining unit, connected to the first encrypted data information invoking unit, and configured to decrypt the first encrypted data information through a advanced encryption standard encryption algorithm to obtain decrypted data information, where the decrypted data information includes a random salt value, a first hash data value, and first hash authentication data information;
the second Hash authentication data information acquisition unit is connected with the decrypted data information acquisition unit and used for generating second Hash authentication data information according to the decrypted data information and through a Hash operation message authentication code algorithm;
a first judging unit, connected to the second hash authentication data information obtaining unit and the decrypted data information obtaining unit, respectively, for judging whether the first hash authentication data information is equal to the second hash authentication data information; and
the first prompt information display unit is connected with the first judgment unit and used for displaying first prompt information to prompt a user that the password is tampered when the first hash data value and the second hash data value are judged to be equal;
the device further comprises:
a second password information acquisition unit for generating a second password information;
a random salt value acquisition unit for generating a random salt value information;
the first hash data value generating unit is respectively connected with the second password information acquiring unit and the random salt value acquiring unit and is used for generating a first hash data value according to the second password information and the random salt value information and through a PDKDF2 algorithm;
the first hash authentication data information generating unit is respectively connected with the first hash data value generating unit and the random salt value acquiring unit and is used for generating first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm; and
and the first encrypted data information unit generation unit is respectively connected with the random salt value acquisition unit, the first hash data value generation unit and the first hash authentication data information generation unit and is used for encrypting according to the random salt value, the first hash data value and the first hash authentication data information by a step encryption standard encryption algorithm so as to generate first encrypted data information.
5. The card-locking device of claim 4, further comprising:
the second hash data value generating unit is connected with the first judging unit and used for generating a second hash data value according to the first password information and the random salt value information and through a PDKDF2 algorithm when the first hash authentication data information and the second hash authentication data information are judged to be equal;
a second judging unit, connected to the second hash data value generating unit and the decrypted data information obtaining unit, for judging whether the first hash data value is equal to the second hash data value; and
and the second prompt information display unit is connected with the second judgment unit and used for displaying second prompt information to prompt a user that the password is correct when the first hash data value and the second hash data value are judged to be equal.
6. The card-locking device of claim 4, further comprising:
a second password information acquisition unit for generating a second password information;
a random salt value acquisition unit for generating a random salt value information;
the first hash data value generating unit is respectively connected with the second password information acquiring unit and the random salt value acquiring unit and is used for generating a first hash data value according to the second password information and the random salt value information and through a PDKDF2 algorithm;
the first hash authentication data information generating unit is respectively connected with the first hash data value generating unit and the random salt value acquiring unit and is used for generating first hash authentication data information according to the random salt value and the first hash data value and through a hash operation message authentication code algorithm; and
and the first encrypted data information unit generation unit is respectively connected with the random salt value acquisition unit, the first hash data value generation unit and the first hash authentication data information generation unit and is used for encrypting according to the random salt value, the first hash data value and the first hash authentication data information by a step encryption standard encryption algorithm so as to generate first encrypted data information.
7. The card-locking device of claim 6, further comprising:
and the first encrypted data information transmission unit is connected with the first encrypted data information unit generation unit and used for transmitting and storing the first encrypted data information in a memory.
8. A computer-readable storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform the card locking method of any one of claims 1 to 3.
9. A terminal device, comprising a processor and a memory, wherein the processor is electrically connected to the memory, the memory is used for storing instructions and data, and the processor is used for executing the steps in the card locking method according to any one of claims 1 to 3.
CN201911228736.3A 2019-12-04 2019-12-04 Card locking method and device, computer readable storage medium and terminal equipment Active CN111050316B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911228736.3A CN111050316B (en) 2019-12-04 2019-12-04 Card locking method and device, computer readable storage medium and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911228736.3A CN111050316B (en) 2019-12-04 2019-12-04 Card locking method and device, computer readable storage medium and terminal equipment

Publications (2)

Publication Number Publication Date
CN111050316A CN111050316A (en) 2020-04-21
CN111050316B true CN111050316B (en) 2023-01-20

Family

ID=70234560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911228736.3A Active CN111050316B (en) 2019-12-04 2019-12-04 Card locking method and device, computer readable storage medium and terminal equipment

Country Status (1)

Country Link
CN (1) CN111050316B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112101935A (en) * 2020-09-11 2020-12-18 上海阿吉必信息技术有限公司 Processing method and device for block chain rechargeable card

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616512A (en) * 2018-04-04 2018-10-02 广州慧睿思通信息科技有限公司 A kind of improved PPT2003 files deciphering method and device
US10129499B1 (en) * 2015-12-07 2018-11-13 Gopro, Inc. Securing wireless network credentials without a user login

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10129499B1 (en) * 2015-12-07 2018-11-13 Gopro, Inc. Securing wireless network credentials without a user login
CN108616512A (en) * 2018-04-04 2018-10-02 广州慧睿思通信息科技有限公司 A kind of improved PPT2003 files deciphering method and device

Also Published As

Publication number Publication date
CN111050316A (en) 2020-04-21

Similar Documents

Publication Publication Date Title
CN107145795B (en) Screenshot method and device and computer equipment
EP3605989B1 (en) Information sending method, information receiving method, apparatus, and system
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
WO2018133686A1 (en) Method and device for password protection, and storage medium
CN110417543B (en) Data encryption method, device and storage medium
CN108616652B (en) Data protection method and device, terminal and computer readable storage medium
CN108769027B (en) Secure communication method, device, mobile terminal and storage medium
KR102224553B1 (en) Key storage method, key management method and device
CN108011879B (en) File encryption and decryption method, device, equipment and storage medium
CN108510022B (en) Two-dimensional code generation and verification method and server
WO2017084288A1 (en) Method and device for verifying identity
CN108809906B (en) Data processing method, system and device
CN106845177A (en) Cipher management method and system
US20120303964A1 (en) Portable terminal, and method for securing data transmitted between hardware modules
US10454905B2 (en) Method and apparatus for encrypting and decrypting picture, and device
CN110188524B (en) Information encryption method, information decryption method and terminal
CN104270353B (en) information security transmission method and system, receiving terminal and sending terminal
CN110035183B (en) Information sharing method and terminal
CN115630389A (en) Data processing method, device, equipment and storage medium
WO2022143358A1 (en) Key management method, and corresponding apparatus and system
CN109145644B (en) Private key confusion and digital signature generation method and device and intelligent device
CN109446794B (en) Password input method and mobile terminal thereof
CN110826097A (en) Data processing method and electronic equipment
TW201826158A (en) Method, Device and Terminal for Displaying Data
CN111050316B (en) Card locking method and device, computer readable storage medium and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant