CN111125772A - Method and device for dynamically setting security policy and mobile device - Google Patents

Method and device for dynamically setting security policy and mobile device Download PDF

Info

Publication number
CN111125772A
CN111125772A CN201911419556.3A CN201911419556A CN111125772A CN 111125772 A CN111125772 A CN 111125772A CN 201911419556 A CN201911419556 A CN 201911419556A CN 111125772 A CN111125772 A CN 111125772A
Authority
CN
China
Prior art keywords
user
surrounding environment
mobile terminal
display interface
visual focus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911419556.3A
Other languages
Chinese (zh)
Other versions
CN111125772B (en
Inventor
李�昊
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN201911419556.3A priority Critical patent/CN111125772B/en
Publication of CN111125772A publication Critical patent/CN111125772A/en
Application granted granted Critical
Publication of CN111125772B publication Critical patent/CN111125772B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/011Arrangements for interaction with the human body, e.g. for user immersion in virtual reality
    • G06F3/013Eye tracking input arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3221Access to banking information through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks

Abstract

The invention provides a method and a device for dynamically setting a security policy and mobile equipment, wherein the method comprises the following steps: identifying the ambient environment information of the mobile terminal in the using process of the bank application; judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of the user identity is located on a display interface of the mobile terminal or not; if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on a display interface of the mobile terminal, the lowest display level suitable for the current service is dynamically set, and the service page of the current service is processed based on the lowest display level so as to hide privacy information in the service page; and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service. The invention can protect the personal privacy information of the user and reduce the possibility of the privacy information leakage as much as possible.

Description

Method and device for dynamically setting security policy and mobile device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for dynamically setting a security policy, and a mobile device.
Background
Currently, in order to facilitate user operation, many bank systems are provided with bank applications installed in mobile terminals. The banking application greatly facilitates the user to handle banking business.
At present, banks in the mobile terminal are applied in the using process, and the surrounding environment of the mobile terminal is not considered. That is, the banking application presents the service page in the normal mode regardless of the surrounding environment of the mobile terminal. This leads to the risk of revealing private information of the user himself.
For example, when the surrounding environment of the mobile terminal is a non-user, the non-user in the surrounding environment may view the service page through the display interface of the mobile terminal, thereby causing leakage of privacy information such as the account of the opposite party, the transfer amount, or the transfer password in the service page.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for dynamically setting a security policy, and a mobile device, which can protect the private information of a user himself and reduce the possibility of disclosure of the private information as much as possible.
In order to achieve the above object, the present invention provides the following technical features:
a method for dynamically setting a security policy, comprising:
identifying the ambient environment information of the mobile terminal in the using process of the bank application;
judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of a non-user identity is positioned on a display interface of the mobile terminal or not;
if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on a display interface of the mobile terminal, the lowest display grade suitable for the current service is dynamically set, and a service page of the current service is processed based on the lowest display grade so as to hide privacy information in the service page;
and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service.
Optionally, the method further includes:
if the surrounding environment has the user and does not have the visual focus of the non-user, the visual focus is located on a display interface of the mobile terminal, and a service page of the current service is displayed normally;
and if the surrounding environment does not have the user and does not have the visual focus of the non-user, the black screen operation of the mobile terminal is dynamically set.
Optionally, the dynamically setting the hiding operation of the current service includes:
dynamically setting the black screen operation of the mobile terminal;
dynamically setting the exit operation of the current service; or the like, or, alternatively,
and dynamically setting the exit operation of the bank application.
Optionally, the mobile terminal is provided with an eyeball tracking sensor and an identification module, and identifying the ambient environment information of the mobile terminal in the using process of the bank application includes:
identifying and obtaining a user feature set through the identification module, and acquiring eyeball focuses in the surrounding environment through the eyeball tracking sensor;
the determining whether the surrounding environment has the user himself based on the determined surrounding environment information, and determining whether a visual focus that is not the user himself is located on a display interface of the mobile terminal includes:
judging whether the user characteristic set has user characteristics which accord with preset user characteristics;
if yes, determining that the surrounding environment has the user, otherwise, determining that the surrounding environment does not have the user;
converting eyeball focuses in the surrounding environment into visual focuses of a plane where a display interface is located and determining the number of the visual focuses in the display interface;
under the condition that the surrounding environment is determined to have the user, if the number of the visual focuses located in the display interface is larger than 1, the visual focuses with the non-user are determined to be located in the display interface of the mobile terminal;
under the condition that the surrounding environment is determined not to have the user, if the number of the visual focuses located in the display interface is larger than 0, the visual focuses with the non-user are determined to be located in the display interface of the mobile terminal.
Optionally, the identification module includes:
an iris recognition module, an image recognition module or a face recognition module.
Optionally, after dynamically setting the lowest display level suitable for the current service, the method further includes:
determining a fund risk level corresponding to the current business;
determining a security authentication mode corresponding to the fund risk level;
and in the process of handling the current business, adopting a highest security authentication mode corresponding to the fund risk level.
Optionally, after the service page of the current service is normally displayed, the method further includes:
determining a fund risk level corresponding to the current business;
determining a security authentication mode corresponding to the fund risk level;
and in the process of handling the current business, adopting a minimum security authentication mode corresponding to the fund risk level.
A dynamic setup security policy apparatus, comprising:
the identification unit is used for identifying the ambient environment information of the mobile terminal in the using process of the bank application;
a judging unit, configured to judge whether the surrounding environment has the user himself or herself based on the determined surrounding environment information, and judge whether a visual focus that is not the user himself or herself is located on a display interface of the mobile terminal;
the first hiding unit is used for dynamically setting the lowest display level suitable for the current service if the surrounding environment has the user and has a visual focus which is not the user and is positioned on the display interface of the mobile terminal, and processing the service page of the current service based on the lowest display level so as to hide the privacy information in the service page;
and the second hiding unit is used for dynamically setting the hiding operation of the current service if the surrounding environment does not have the user and has a visual focus which is not the user and is positioned on the display interface of the mobile terminal.
Optionally, the method further includes:
the normal display unit is used for normally displaying a business page of the current business if the surrounding environment has the user and does not have the visual focus of the non-user and is positioned on a display interface of the mobile terminal;
and the black screen unit is used for dynamically setting the black screen operation of the mobile terminal if the surrounding environment does not have the user and does not have the visual focus of the non-user.
A mobile terminal, comprising:
the system comprises a multi-user eyeball tracking module, an identification module and a processor;
the processor is used for identifying the surrounding environment information of the mobile terminal in the using process of bank application through the multi-user eyeball tracking module and the identification module; judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of a non-user identity is positioned on a display interface of the mobile terminal or not; if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on a display interface of the mobile terminal, the lowest display grade suitable for the current service is dynamically set, and a service page of the current service is processed based on the lowest display grade so as to hide privacy information in the service page; and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service.
Through the technical means, the following beneficial effects can be realized:
the invention identifies the surrounding environment information of the mobile terminal in the using process of bank application, judges whether the surrounding environment has a user or not according to the surrounding environment information, and the visual focus of the non-user is positioned on the display interface of the mobile terminal.
When the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on the display interface of the mobile terminal, the surrounding environment is temporarily unsafe, in order to avoid the privacy information from being leaked, the lowest display level suitable for the current service is dynamically set at the moment, and the service page of the current service is processed based on the lowest display level to hide the privacy information in the service page, so that the purpose of protecting the privacy information of the user is achieved, and the possibility of the privacy information being leaked is reduced as much as possible.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a mobile device disclosed in an embodiment of the present application;
fig. 2 is a flowchart of a method for dynamically setting a security policy according to an embodiment of the present application;
FIG. 3 is a flowchart of another method for dynamically setting security policies disclosed in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a device for dynamically setting a security policy according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, the present invention provides a mobile terminal, wherein a multi-user eyeball tracking module, an identification module and a processor are disposed on a front surface of the mobile terminal.
Wherein the identification module may include: an iris recognition module, an image recognition module or a face recognition module. The processor is internally provided with a bank application, the bank application and the multi-person eyeball tracking module perform data interaction, and the bank application and the identification module perform data interaction.
The bank application in the processor is used for identifying the surrounding environment information of the mobile terminal in the using process of the bank application through the multi-user eyeball tracking module and the identification module; judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of a non-user identity is positioned on a display interface of the mobile terminal or not; if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on a display interface of the mobile terminal, the lowest display grade suitable for the current service is dynamically set, and a service page of the current service is processed based on the lowest display grade so as to hide privacy information in the service page; and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service.
The detailed execution process of the processor is detailed in the embodiments shown in fig. 2 and 3, and will not be described in detail here.
In order to protect the privacy information of the user himself, the application provides a method for dynamically setting a security policy, which is applied to the banking application shown in fig. 1. Referring to fig. 2, the following steps may be included:
step S201: and identifying the ambient environment information of the mobile terminal in the using process of the bank application.
Step S202: and judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of a non-user identity is positioned on a display interface of the mobile terminal or not.
The specific implementation process of step S201 and step S202 can be detailed in the embodiment shown in fig. 3, which is not described for the moment.
It is understood that C ═ 1 is taken to mean that the surrounding environment has the user himself, and C ═ 0 is taken to mean that the surrounding environment does not have the user himself; and F-1 represents a display interface with a visual focus of a non-user person located on the mobile terminal, and F-0 represents a display interface without a visual focus of a non-user person located on the mobile terminal.
Then four cases can be obtained after obtaining the determination result in step 202: c is 1, F is 1, C is 0, F is 1, C is 1, F is 0, C is 0, F is 0, and these correspond to the four cases shown in step S203 to step S206, respectively, and the following describes the four cases.
Step S203: if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is located on a display interface of the mobile terminal, the lowest display level suitable for the current service is dynamically set, and the service page of the current service is processed based on the lowest display level so as to hide privacy information in the service page.
When C is 1 and F is 1, the mobile terminal is in a surrounding environment where the user is present, but the user is not present at the gaze display interface. At the moment, the bank application is operated, so that privacy information can be disclosed to the maximum extent, and the lowest display level suitable for the current business is dynamically set.
It will be appreciated that the display level for different current transactions may be different and the banking application may determine the display level for the current transaction and then select the lowest display level. The lowest display level is the minimum number of characters that can be normally displayed in the display page.
The lowest display level corresponds to more hidden data types, the service page of the current service is processed based on the lowest display level, namely, the data value corresponding to the hidden data type in the service page is subjected to hiding operation, so that the privacy information in the service page is hidden. For example, a preset character ". sup.x" is used instead of a data value. Therefore, the privacy information can be ensured not to be leaked to the maximum extent.
Step S204: and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service.
When C is 0 and F is 1, it is described that the mobile terminal is located in an environment where a user is not present, but a non-user is present looking at the display interface. At this time, the bank application may be operated by a non-user himself and reveal privacy information. For this purpose, the hidden operation of the current service is dynamically set.
In order to avoid the current business of the bank application operated by a non-user, the quitting operation of the current business is dynamically set. Or, in order to avoid that a non-user operates all the services in the bank application, the quitting operation of the bank application is dynamically set.
Step S205: and if the surrounding environment has the user and does not have the visual focus of the non-user, the visual focus is positioned on the display interface of the mobile terminal, and the service page of the current service is normally displayed.
When C is 1 and F is 0, that is, when the surrounding environment only has the user himself, the surrounding environment is relatively safe in this case, and the user can normally execute the service page of the current service.
Step S206: and if the surrounding environment does not have the user and does not have the visual focus of the non-user, the black screen operation of the mobile terminal is dynamically set.
In the case that C is 0 and F is 0, neither the user nor the non-user is present, that is, no people are present around, in this case, in order to prevent the trouble, the mobile terminal may be dynamically set to be in a black screen operation, so as to protect the privacy information of the service page, and simultaneously save the power.
Through the technical means, the following beneficial effects can be realized:
the invention identifies the surrounding environment information of the mobile terminal in the using process of bank application, judges whether the surrounding environment has a user or not according to the surrounding environment information, and the visual focus of the non-user is positioned on the display interface of the mobile terminal.
When the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on the display interface of the mobile terminal, the surrounding environment is temporarily unsafe, in order to avoid the privacy information from being leaked, the lowest display level suitable for the current service is dynamically set at the moment, and the service page of the current service is processed based on the lowest display level to hide the privacy information in the service page, so that the purpose of protecting the privacy information of the user is achieved, and the possibility of the privacy information being leaked is reduced as much as possible. Optionally, in the case of protecting the private information, in order to further improve the security, the security authentication method may be adjusted in cooperation with the embodiment shown in fig. 2.
It will be appreciated that the surrounding environment does not have the user himself in S204 and step S206, and therefore the user himself cannot continue to operate the banking application. The surrounding environment has the user himself who can continue to operate the banking application in steps S203 and S206.
Then, after dynamically setting the lowest display level suitable for the current service in step S203, the method further includes:
determining a fund risk level corresponding to the current business;
determining a security authentication mode corresponding to the fund risk level;
and in the process of handling the current business, adopting a highest security authentication mode corresponding to the fund risk level. And a highest security authentication mode corresponding to the fund risk level is set, so that the security in the bank application operation process can be further ensured.
Then, after the step S206 normally presents the service page of the current service, the method further includes:
determining a fund risk level corresponding to the current business;
determining a security authentication mode corresponding to the fund risk level;
and in the process of handling the current business, adopting a minimum security authentication mode corresponding to the fund risk level. The lowest security authentication mode corresponding to the fund risk level is set, so that the user can conveniently perform security authentication under the condition of ensuring fund security, and convenience is improved.
The invention provides a method for dynamically setting a security policy, which is applied to bank application in a mobile terminal shown in figure 1. Referring to fig. 3, the following steps may be included:
step S300: and identifying the ambient environment information of the mobile terminal in the using process of the bank application.
User privacy information is largely involved in the use process of the bank application, so that the bank application can identify the surrounding environment information of the mobile terminal in the use process.
The bank application identifies and obtains the user feature set through the identification module, and the bank application collects and obtains eyeball focuses in the surrounding environment through the eyeball tracking sensor.
For the eyeball tracking sensor, the bank application triggers the eyeball tracking sensor to be started, and the eyeball tracking sensor is used for collecting eyeball focus of the surrounding environment. The detailed implementation of the eye tracking sensor is a mature technology, and is not described here.
For the recognition module, the recognition module is mainly used for acquiring a user feature set of the surrounding environment so as to subsequently judge whether a user is in the surrounding environment.
Optionally, the recognition module may perform face recognition on the surrounding environment by using a face recognition module, and obtain a plurality of face features of the surrounding environment, where the user feature set is a plurality of face features.
Optionally, the identification module may perform iris identification on the surrounding environment by using the iris identification module, and obtain a plurality of iris data in the surrounding environment, where the user feature set is the plurality of iris data.
Optionally, the identification module may adopt an image identification module to capture the surrounding environment to obtain an image, and identify the image features of the image, so that the user feature set is a plurality of image features.
Of course, the identification module may also be implemented in other ways, and the present application is not limited thereto.
Step S301: the method comprises the steps of converting eyeball focus in the surrounding environment to visual focus of a plane where a display interface is located and determining the number of visual focuses located in the display interface.
The eyeball tracking sensor acquires and obtains eyeball focuses in the surrounding environment, and the eyeball focuses in the surrounding environment can be converted to a plane where the display interface is located through some data conversion operations, and the focuses in the plane where the display interface is located are called visual focuses for convenience of distinguishing. The conversion operation is well-established and will not be described herein.
And if the visual focus is positioned in the display interface, indicating that a user watches the display interface of the mobile terminal. This step may determine the number of visual foci in the display interface.
Step S302: whether the surrounding environment has the user himself or herself is judged based on the determined surrounding environment information. If so, the process proceeds to step S303, otherwise, the process proceeds to step S308.
And judging whether the surrounding environment has the user himself or not based on the user feature set acquired by the identification module in the surrounding environment information. It will be appreciated that the bank application stores preset user characteristics of the user himself (i.e. the rightful owner of the bank account in the mobile terminal).
Comparing the user characteristics in the user characteristic set with preset user characteristics, and if one user characteristic in the user characteristic set conforms to the preset user characteristics, determining that the user himself/herself is in the surrounding environment, and entering step S303, namely determining that C is 1; otherwise, determining that the user does not exist in the surrounding environment, and determining that C is 0; the process advances to step S308.
Step S303: and judging whether the number of the visual focuses in the display interface is greater than 1, if so, entering a step S304, and otherwise, entering a step S306.
Under the condition that the surrounding environment has the user himself, the visual focus of the user himself is located in the display interface to a great extent, so that whether the number of the visual focus located in the display interface is greater than 1 or not is judged, if so, it is indicated that other people watch the display interface, namely F is 1; otherwise, it indicates that there is no other person to watch the display interface, i.e. F ═ 0.
Step S304: determining that the surrounding environment has the user himself and has a visual focus that is not the user himself at a display interface of the mobile terminal. That is, C is 1 and F is 1.
Step S305: dynamically setting a lowest display grade suitable for the current service, processing a service page of the current service based on the lowest display grade to hide privacy information in the service page, and setting a highest security authentication mode corresponding to the current service.
Step S305 has already been described in S203 in the embodiment shown in fig. 2, and is not described again here.
Step S306: and determining that the visual focus of the surrounding environment with the user and without the non-user is positioned on the display interface of the mobile terminal. That is, C is 1 and F is 0.
Step S307: and normally displaying the service page of the current service, and setting a minimum security authentication mode corresponding to the current service.
Step S307 has already been described in S205 in the embodiment shown in fig. 2, and is not described again here.
Step S308: and judging whether the number of the visual focuses in the display interface is greater than 0, if so, entering a step S309, and otherwise, entering a step S311.
When the user himself is not present in the surrounding environment, that is, when C is 0, the user himself is not necessarily looking at the display interface, and therefore, if there is a visual focus in the display interface, it indicates that there is another person, that is, F is 1, whereas otherwise, it indicates that there is no person, that is, F is 0.
Step S309: determining that the surrounding environment does not have the user himself and has a visual focus that is not the user himself at a display interface of the mobile terminal.
Step S310: and dynamically setting the hidden operation of the current service.
Step S310 has already been described in S204 in the embodiment shown in fig. 2, and is not described herein again.
Step S311: and determining that the surrounding environment does not have the user and the visual focus of the surrounding environment is not the user and is positioned on the display interface of the mobile terminal.
Step S312: and dynamically setting the black screen operation of the mobile terminal.
Step S312 is already described in S206 in the embodiment shown in fig. 2, and is not described herein again.
One specific embodiment of the invention is provided below:
an iris recognition module: and the security policy module is used for acquiring iris data of all users before the display interface and sending the iris data to the mobile phone bank application.
A multi-person eyeball tracking module: and tracking the eye changes of all users in real time before the display interface, finding the eyeball focuses of all the users, and sending the eyeball focuses to a security policy module applied to the mobile phone bank.
A security level identification module: the method comprises the steps of obtaining current business of bank application, using business identification, inquiring fund risk level from a wind control system, obtaining an available safety tool list L according to the fund risk level, wherein the safety levels are arranged from small to large and are marked as L { L1, L2 … … Ln }, and sending L to a safety strategy module of mobile banking application.
A display grade identification module: the method comprises the steps of obtaining current business of bank application, using business identification, inquiring fund risk level from a wind control system, obtaining an available display level list S according to the fund risk level, wherein the display levels are arranged from small to large, and the S is { S1, S2 … … Sn }, and sending the S to a security policy module of mobile banking application.
The mobile phone bank negative work security policy module: and outputting the optimal security strategy T according to the following rules according to the input from the iris recognition module, the multi-person eyeball tracking module, the security level recognition module and the display level recognition module.
And judging according to the iris data of the iris recognition module and preset iris data and outputting an iris recognition result C, wherein if the iris data of the client is recorded as C which is 1, and if the iris data of the client is not recorded as C which is 0.
The eyeball focus is obtained from the multi-person eyeball tracking module and is converted into the visual focus, and the number of the current visual focus is judged. If the non-user is present on the gaze display interface, the value is F is 1, and if the non-user is not present on the gaze display interface, the value is F is 0.
When C is 1 and F is 1, that is, when the user himself or the non-user himself is present in the surrounding environment, T is Ln and S1.
And when C is 0 and F is 1, setting the mobile terminal to be in a black screen state.
When C is 1 and F is 0, T is L1 and Sn when the surrounding environment only has the user himself.
And when C is 0 and F is 0, setting the mobile terminal to be in a black screen state.
Referring to fig. 4, the present invention provides a device for dynamically setting a security policy, including:
an identification unit 41 for identifying ambient environment information of the mobile terminal during the use of the bank application;
a determination unit 42 configured to determine whether the surrounding environment has the user himself or herself based on the determined surrounding environment information, and determine whether a visual focus that is not the user himself or herself is located on a display interface of the mobile terminal;
a first hiding unit 43, configured to dynamically set a lowest display level suitable for a current service if the surrounding environment has the user himself and has a visual focus that is not the user himself located on a display interface of the mobile terminal, and process a service page of the current service based on the lowest display level to hide privacy information in the service page;
a second hiding unit 44, configured to dynamically set a hiding operation of the current service if the surrounding environment does not have the user himself and has a visual focus that is not the user himself located on the display interface of the mobile terminal.
A normal display unit 45, configured to normally display a service page of a current service if the surrounding environment has the user himself and does not have a visual focus of a non-user himself located on a display interface of the mobile terminal;
and the black screen unit 46 is used for dynamically setting the black screen operation of the mobile terminal if the surrounding environment does not have the user and does not have the visual focus of the non-user on the display interface of the mobile terminal.
The implementation of the dynamic security policy setting device can be detailed in the embodiments shown in fig. 2 and fig. 3, and will not be described herein again.
The functions described in the method of the present embodiment, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for dynamically setting a security policy, comprising:
identifying the ambient environment information of the mobile terminal in the using process of the bank application;
judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of a non-user identity is positioned on a display interface of the mobile terminal or not;
if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on a display interface of the mobile terminal, the lowest display grade suitable for the current service is dynamically set, and a service page of the current service is processed based on the lowest display grade so as to hide privacy information in the service page;
and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service.
2. The method of claim 1, further comprising:
if the surrounding environment has the user and does not have the visual focus of the non-user, the visual focus is located on a display interface of the mobile terminal, and a service page of the current service is displayed normally;
and if the surrounding environment does not have the user and does not have the visual focus of the non-user, the black screen operation of the mobile terminal is dynamically set.
3. The method of claim 2, wherein the dynamically setting the hidden operation for the current traffic comprises:
dynamically setting the black screen operation of the mobile terminal;
dynamically setting the exit operation of the current service; or the like, or, alternatively,
and dynamically setting the exit operation of the bank application.
4. A method according to any one of claims 1-3, wherein the mobile terminal is provided with an eye tracking sensor and an identification module, and the identifying the mobile terminal's ambient environment information during use of the banking application comprises:
identifying and obtaining a user feature set through the identification module, and acquiring eyeball focuses in the surrounding environment through the eyeball tracking sensor;
the determining whether the surrounding environment has the user himself based on the determined surrounding environment information, and determining whether a visual focus that is not the user himself is located on a display interface of the mobile terminal includes:
judging whether the user characteristic set has user characteristics which accord with preset user characteristics;
if yes, determining that the surrounding environment has the user, otherwise, determining that the surrounding environment does not have the user;
converting eyeball focuses in the surrounding environment into visual focuses of a plane where a display interface is located and determining the number of the visual focuses in the display interface;
under the condition that the surrounding environment is determined to have the user, if the number of the visual focuses located in the display interface is larger than 1, the visual focuses with the non-user are determined to be located in the display interface of the mobile terminal;
under the condition that the surrounding environment is determined not to have the user, if the number of the visual focuses located in the display interface is larger than 0, the visual focuses with the non-user are determined to be located in the display interface of the mobile terminal.
5. The method of claim 4, wherein the identification module comprises:
an iris recognition module, an image recognition module or a face recognition module.
6. The method of claim 1, further comprising, after dynamically setting a minimum display level suitable for a current service:
determining a fund risk level corresponding to the current business;
determining a security authentication mode corresponding to the fund risk level;
and in the process of handling the current business, adopting a highest security authentication mode corresponding to the fund risk level.
7. The method of claim 2, wherein after normally presenting the business page of the current business, further comprising:
determining a fund risk level corresponding to the current business;
determining a security authentication mode corresponding to the fund risk level;
and in the process of handling the current business, adopting a minimum security authentication mode corresponding to the fund risk level.
8. An apparatus for dynamically setting a security policy, comprising:
the identification unit is used for identifying the ambient environment information of the mobile terminal in the using process of the bank application;
a judging unit, configured to judge whether the surrounding environment has the user himself or herself based on the determined surrounding environment information, and judge whether a visual focus that is not the user himself or herself is located on a display interface of the mobile terminal;
the first hiding unit is used for dynamically setting the lowest display level suitable for the current service if the surrounding environment has the user and has a visual focus which is not the user and is positioned on the display interface of the mobile terminal, and processing the service page of the current service based on the lowest display level so as to hide the privacy information in the service page;
and the second hiding unit is used for dynamically setting the hiding operation of the current service if the surrounding environment does not have the user and has a visual focus which is not the user and is positioned on the display interface of the mobile terminal.
9. The apparatus of claim 8, further comprising:
the normal display unit is used for normally displaying a business page of the current business if the surrounding environment has the user and does not have the visual focus of the non-user and is positioned on a display interface of the mobile terminal;
and the black screen unit is used for dynamically setting the black screen operation of the mobile terminal if the surrounding environment does not have the user and does not have the visual focus of the non-user.
10. A mobile terminal, comprising:
the system comprises a multi-user eyeball tracking module, an identification module and a processor;
the processor is used for identifying the surrounding environment information of the mobile terminal in the using process of bank application through the multi-user eyeball tracking module and the identification module; judging whether the surrounding environment has the user identity or not based on the determined surrounding environment information, and judging whether a visual focus of a non-user identity is positioned on a display interface of the mobile terminal or not; if the surrounding environment has the user and has a visual focus which is not the user, the visual focus is positioned on a display interface of the mobile terminal, the lowest display grade suitable for the current service is dynamically set, and a service page of the current service is processed based on the lowest display grade so as to hide privacy information in the service page; and if the surrounding environment does not have the user and the visual focus of the non-user is positioned on the display interface of the mobile terminal, dynamically setting the hidden operation of the current service.
CN201911419556.3A 2019-12-31 2019-12-31 Method and device for dynamically setting security policy and mobile device Active CN111125772B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911419556.3A CN111125772B (en) 2019-12-31 2019-12-31 Method and device for dynamically setting security policy and mobile device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911419556.3A CN111125772B (en) 2019-12-31 2019-12-31 Method and device for dynamically setting security policy and mobile device

Publications (2)

Publication Number Publication Date
CN111125772A true CN111125772A (en) 2020-05-08
CN111125772B CN111125772B (en) 2022-06-03

Family

ID=70507372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911419556.3A Active CN111125772B (en) 2019-12-31 2019-12-31 Method and device for dynamically setting security policy and mobile device

Country Status (1)

Country Link
CN (1) CN111125772B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112037004A (en) * 2020-07-14 2020-12-04 北京文思海辉金信软件有限公司 Business processing result presentation method and device, computer equipment and storage medium
CN112202963A (en) * 2020-09-29 2021-01-08 中国银行股份有限公司 Mobile banking peep-proof screen method and device, storage medium and electronic equipment
CN112330312A (en) * 2020-11-17 2021-02-05 葛云霞 Data processing method based on block chain payment and facial recognition and big data platform

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103413082A (en) * 2013-08-29 2013-11-27 贝壳网际(北京)安全技术有限公司 Application program control method and device and client
CN103473494A (en) * 2013-09-03 2013-12-25 小米科技有限责任公司 Application running method, device and terminal device
CN104580731A (en) * 2015-01-13 2015-04-29 广东欧珀移动通信有限公司 Communication interface display method and device and mobile terminal
CN105303091A (en) * 2015-10-23 2016-02-03 广东小天才科技有限公司 Eyeball tracking technology based privacy protection method and system
WO2017131012A1 (en) * 2016-01-29 2017-08-03 シャープ株式会社 Daylighting blind, daylighting device, and lighting system
CN107077217A (en) * 2016-09-28 2017-08-18 达闼科技(北京)有限公司 For the control method of electronic equipment, device and electronic equipment
CN107169329A (en) * 2017-05-24 2017-09-15 维沃移动通信有限公司 A kind of method for protecting privacy, mobile terminal and computer-readable recording medium
CN108090382A (en) * 2017-12-29 2018-05-29 阿里巴巴集团控股有限公司 Show the method and apparatus of sensitive information

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103413082A (en) * 2013-08-29 2013-11-27 贝壳网际(北京)安全技术有限公司 Application program control method and device and client
CN103473494A (en) * 2013-09-03 2013-12-25 小米科技有限责任公司 Application running method, device and terminal device
CN104580731A (en) * 2015-01-13 2015-04-29 广东欧珀移动通信有限公司 Communication interface display method and device and mobile terminal
CN105303091A (en) * 2015-10-23 2016-02-03 广东小天才科技有限公司 Eyeball tracking technology based privacy protection method and system
WO2017131012A1 (en) * 2016-01-29 2017-08-03 シャープ株式会社 Daylighting blind, daylighting device, and lighting system
CN107077217A (en) * 2016-09-28 2017-08-18 达闼科技(北京)有限公司 For the control method of electronic equipment, device and electronic equipment
CN107169329A (en) * 2017-05-24 2017-09-15 维沃移动通信有限公司 A kind of method for protecting privacy, mobile terminal and computer-readable recording medium
CN108090382A (en) * 2017-12-29 2018-05-29 阿里巴巴集团控股有限公司 Show the method and apparatus of sensitive information

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SHIGUO LIAN ET AL: "Smart privacy-preserving screen based on multiple sensor fusion", 《IEEE TRANSACTIONS ON CONSUMER ELECTRONICS》, vol. 59, no. 1, 4 April 2013 (2013-04-04), pages 136 - 143, XP011499415, DOI: 10.1109/TCE.2013.6490252 *
王兴隆: "基于眼动轨迹的智能移动设备安全鉴权机制的研究与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)(信息科技辑)》, vol. 2019, no. 2, 15 February 2019 (2019-02-15), pages 138 - 189 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112037004A (en) * 2020-07-14 2020-12-04 北京文思海辉金信软件有限公司 Business processing result presentation method and device, computer equipment and storage medium
CN112202963A (en) * 2020-09-29 2021-01-08 中国银行股份有限公司 Mobile banking peep-proof screen method and device, storage medium and electronic equipment
CN112330312A (en) * 2020-11-17 2021-02-05 葛云霞 Data processing method based on block chain payment and facial recognition and big data platform

Also Published As

Publication number Publication date
CN111125772B (en) 2022-06-03

Similar Documents

Publication Publication Date Title
CN111125772B (en) Method and device for dynamically setting security policy and mobile device
US10503925B1 (en) System and method for concealing sensitive data on a computing device
CN107292150B (en) User identity confirmation method and device in security information processing
CN109086317B (en) Risk control method and related device
CN107657159A (en) A kind of method for secret protection and device, terminal and readable storage medium storing program for executing
CN110276178B (en) Risk control method, device and equipment based on identity verification
EP3594879A1 (en) System and method for authenticating transactions from a mobile device
CN106778381B (en) Important information processing method and terminal
WO2021244531A1 (en) Payment method and apparatus based on facial recognition
CN107169338A (en) Unlocking method and device
CN110751488A (en) Intelligent terminal safety payment method, terminal and medium
CN103456104B (en) Delinquency prevention system and delinquency prevention method
CN107786349B (en) Security management method and device for user account
CN113052605A (en) Transaction authorization method and device and virtual reality equipment
CN111192150B (en) Method, device, equipment and storage medium for processing vehicle danger-giving agent service
CN112202963A (en) Mobile banking peep-proof screen method and device, storage medium and electronic equipment
WO2016206041A1 (en) Terminal data protection method and apparatus
CN108449518B (en) Insurance contract revisiting method and device
CN110866292A (en) Interface display method and device, terminal equipment and server
CN115906028A (en) User identity verification method and device and self-service terminal
CN111882425B (en) Service data processing method, device and server
CN107770476B (en) Method for automatically reducing video window, mobile terminal and storage device
CN111125660B (en) Privacy protection method, mobile terminal and device with storage function
CN112328998A (en) Computer information security monitoring method
WO2020098375A1 (en) Risk identification-based account transfer request processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant