CN113961887A

CN113961887A - System permission unlocking method and device, electronic equipment and storage medium

Info

Publication number: CN113961887A
Application number: CN202110990180.2A
Authority: CN
Inventors: 张豪; 许雄斌; 宋建军
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2021-08-26
Filing date: 2021-08-26
Publication date: 2022-01-21

Abstract

The disclosure relates to a method and a device for unlocking system permission, an electronic device and a storage medium, wherein the method comprises the following steps: receiving an unlocking request of a boot loader of a terminal, wherein the unlocking request carries a user account initiating the unlocking request, and the boot loader is used for guiding the starting of a flashing process of the terminal; determining the account type of the user account according to the unlocking request; determining an unlocking condition corresponding to the account type according to the account type of the user account; and if the unlocking information carried in the unlocking request meets the unlocking condition, unlocking the boot loader of the terminal. Therefore, the boot loader of the terminal is unlocked only when the account type of the user account is judged and the unlocking information carried in the unlocking request meets the unlocking condition corresponding to the account type, so that the phenomenon of malicious machine refreshing is reduced, and the safety of the terminal is improved.

Description

System permission unlocking method and device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of electronic technologies, and in particular, to a method and an apparatus for unlocking system permissions, an electronic device, and a storage medium.

Background

The android handset locks the Bootloader when the android handset leaves the factory, so that the system and important data in the handset are prevented from being easily tampered. Therefore, when a user needs to refresh the terminal, that is, reinstall the system, the refresh process includes: when a terminal receives a flashing instruction triggered by a user, a boot loader is started, for example, the boot loader may be a Bootloader program or the like, and the boot loader is safely locked. In the related art, the security of unlocking the boot loader is not high, which is disadvantageous to the security of a system in which the mobile phone is installed. Therefore, how to improve the security of the android mobile phone system becomes a technical problem which needs to be solved urgently.

Disclosure of Invention

In order to overcome the problems in the related art, the present disclosure provides a method, an apparatus, an electronic device and a storage medium for unlocking system permissions, where the technical scheme is as follows:

according to a first aspect of the embodiments of the present disclosure, a method for unlocking system permissions is provided, where the method includes:

receiving an unlocking request of a boot loader of a terminal, wherein the unlocking request carries a user account initiating the unlocking request, and the boot loader is used for guiding the starting of a flashing process of the terminal;

determining the account type of the user account according to the unlocking request;

determining an unlocking condition corresponding to the account type according to the account type of the user account;

and if the unlocking information carried in the unlocking request meets the unlocking condition, unlocking the boot loader of the terminal.

In some embodiments, the unlocking information comprises: the current unlocking times;

if the unlocking information carried in the unlocking request meets the unlocking condition, unlocking the boot loader of the terminal, comprising the following steps:

and if the current unlocking times are smaller than an unlocking time threshold value in a preset time period, unlocking the boot loader of the terminal, wherein the unlocking time threshold value is the highest unlocking times of the account type corresponding to the user account in the preset time period.

In some embodiments, the unlocking information comprises: a terminal state corresponding to the terminal;

and if the terminal state corresponding to the terminal is not the target state, unlocking the boot loader of the terminal.

In some embodiments, the determining, according to the unlocking request, an account type of the user account includes:

determining whether the user account is a blacklist account or not according to the unlocking request;

and if the account is not the blacklist account, determining the account type of the user account.

In some embodiments, the unlocking the bootstrap loader of the terminal if the current unlocking number is smaller than the threshold of the unlocking number in the preset time period includes:

if the user account is a first-class user account and the current unlocking times are smaller than the unlocking time threshold of the preset time period, determining an unlocking waiting time length according to the current unlocking times;

and after the unlocking waiting time is over, unlocking the boot loader of the terminal.

In some embodiments, the method further comprises:

if the user account is a preset subtype user account in the first type of user account, determining whether the user account is a risk account;

after the unlocking waiting time is over, unlocking the bootstrap loader of the terminal, including:

and if the user account is not the risk account, unlocking the boot loader of the terminal after the unlocking waiting time is over.

In some embodiments, the unlocking information comprises: the equipment address where the user account logs in;

and if the user account is a second type of user account and the equipment address logged by the user account meets the equipment address condition, unlocking a boot loader of the terminal.

In some embodiments, if the user account is a second type of user account and the device address where the user account logs in meets the device address condition, unlocking a boot loader of the terminal includes at least one of:

if the user account is a first sub-class user account in a second class of user accounts and the equipment address where the user account logs in is a first preset equipment address, unlocking a boot loader of the terminal, wherein the first preset equipment address is an equipment address bound by the user account;

and if the user account is a second sub-class user account in a second class of user accounts and the equipment address where the user account logs in is a second preset equipment address, unlocking a boot loader of the terminal, wherein the second preset equipment address is an equipment address connected with a preset local area network.

In some embodiments, the method further comprises:

and if the unlocking request does not meet the unlocking condition, outputting prompt information of unlocking failure.

According to a second aspect of the embodiments of the present disclosure, there is provided a system permission unlocking apparatus, the apparatus including:

the terminal comprises a receiving module, a starting module and a processing module, wherein the receiving module is used for receiving an unlocking request of a boot loader of the terminal, the unlocking request comprises a user account of the terminal, and the boot loader is used for guiding the starting of a flashing process of the terminal;

the first determining module is used for determining the account type of the user account according to the unlocking request;

the second determining module is used for determining an unlocking condition corresponding to the account type according to the account type of the user account;

and the unlocking module is used for unlocking the boot loader of the terminal if the unlocking information carried in the unlocking request meets the unlocking condition.

the unlocking module is further configured to:

In some embodiments, the first determining module is further configured to:

In some embodiments, the unlocking module is further configured to:

In some embodiments, the apparatus further comprises:

the third determining module is used for determining whether the user account is a risk account if the user account is a preset subtype user account in the first type of user account;

the unlocking module is specifically configured to:

the unlocking module is further configured to:

In some embodiments, the unlocking module is specifically configured to at least one of:

if the first sub-class user account in the second class user accounts of the user accounts and the equipment address where the user accounts log in is a first preset equipment address, unlocking a boot loader of the terminal, wherein the first preset equipment address is an equipment address bound by the user accounts;

In some embodiments, the apparatus further comprises:

and the processing module is used for outputting unlocking failure prompt information if the unlocking request does not meet the unlocking condition.

According to a third aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to: when the method is executed, the system authority unlocking method is realized.

In a fourth aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, where instructions in the storage medium, when executed by a processor of a mobile terminal, enable the mobile terminal to perform the steps of implementing any of the system permission unlocking methods described above.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:

in the embodiment of the disclosure, by receiving an unlocking request for a boot loader of a terminal, where the unlocking request carries a user account initiating the unlocking request, the boot loader can be used for starting a flashing process of the boot terminal; then determining the account type of the user account according to the unlocking request; determining an unlocking condition corresponding to the account type according to the account type of the user account; and if the unlocking information carried in the unlocking request meets the unlocking condition, unlocking the boot loader of the terminal. Therefore, different unlocking conditions can be given at least according to different account types, the boot loader of the terminal can be unlocked only under the condition that the unlocking information carried in the unlocking request meets the corresponding unlocking conditions, and the system of the terminal can be refreshed only after the boot loader of the terminal is successfully unlocked, so that the phenomenon of malicious refresh can be reduced, and the safety of the system of the terminal is improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

FIG. 1 is a flow diagram illustrating a method for unlocking system permissions in accordance with an exemplary embodiment;

FIG. 2 is a diagram illustrating a system privilege unlocking scenario, according to an example embodiment;

FIG. 3 is a schematic diagram illustrating a user interface for unlocking system permissions, according to an example embodiment;

FIG. 4 is a schematic diagram of another user interface illustrating unlocking of system permissions, according to an exemplary embodiment;

FIG. 5 is a schematic diagram illustrating a user interface for successful unlocking in unlocking system permissions, according to an example embodiment;

FIG. 6 is a schematic diagram illustrating a user interface for an unlock failure in a system privilege unlock in accordance with an illustrative embodiment;

FIG. 7 is a schematic diagram illustrating another user unlock with an unlock failure in a system permissions unlock, according to an example embodiment;

FIG. 8 is a further flowchart illustrating a system privilege unlocking method in accordance with an exemplary embodiment;

FIG. 9 is a block diagram illustrating a system privilege unlocking apparatus in accordance with an exemplary embodiment;

FIG. 10 is a block diagram illustrating a terminal in accordance with an exemplary embodiment;

FIG. 11 is a block diagram illustrating a server in accordance with an example embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.

The Bootloader is a boot program before the system is started. In an embedded operating system, Bootloader is run before the operating system kernel is run. In order to ensure the security of the terminal, some terminals generally lock bootoaer files when leaving a factory, the terminals provided with the locked Bootloader files cannot be bootstrapped directly, when a user needs to reboot, the Bootloader needs to be unlocked through an official unlocking channel, and the terminal can be bootstrapped after the Bootloader is successfully unlocked, so that the security of the terminal is ensured.

In the related art, the terminal user can unlock the Bootloader only by registering the user account in the authority, which is obviously not beneficial to the security of the system of the terminal.

The method and the device aim to improve the unlocking safety of the terminal Bootloader so as to further improve the safety of a system of the terminal.

Fig. 1 is a flow chart illustrating a method for unlocking system permissions, which may include the steps of:

step 11: receiving an unlocking request of a boot loader of a terminal, wherein the unlocking request carries a user account initiating the unlocking request, and the boot loader is used for guiding the starting of a flashing process of the terminal;

step 12: determining the account type of the user account according to the unlocking request;

step 13: determining an unlocking condition corresponding to the account type according to the account type of the user account;

step 14: and if the unlocking information carried in the unlocking request meets the unlocking condition, unlocking the boot loader of the terminal.

It is added that the method is performed by an electronic device provided by a service provider that locks Bootloader. In some embodiments, the method is performed by a server, where the server is provided for a service provider that locks the Bootloader, and is used to perform operations such as identity authentication on a user account that is unlocked.

Exemplarily, referring to fig. 2, fig. 2 is a schematic view illustrating a scenario of unlocking a system permission according to an exemplary embodiment, and as shown in fig. 2, an application scenario of the method is mainly applied to include: the unlocking system comprises a terminal to be unlocked 20, an operation terminal 21 connected with the terminal to be unlocked 20, and a service terminal 22 connected with the operation terminal 21. It should be noted that the connection here may be a wireless connection or a wired connection. For example, the terminal to be unlocked 20 and the operation terminal 21 may be connected through a data line such as USB, and the operation terminal 21 and the service terminal 22 may be connected through a wired network or a wireless network. It is understood that the terminal 20 to be unlocked is the terminal, and the server 22 may be the server.

It is understood that the terminal to be unlocked 20, the operation terminal 21 and the service terminal 22 may be at least one of a mobile phone, a tablet computer, a notebook computer or other intelligent devices, respectively.

For example, the terminal 20 to be unlocked is a mobile phone, and the operation terminal 21 is a computer. The procedure of performing Bootloader unlocking on the to-be-unlocked terminal 20 may include:

the first step is as follows: the mobile phone enters a line brush mode, wherein the line brush mode is a phone brushing mode for connecting the mobile phone by using a USB data line key. Illustratively, the line brush mode can be a Fastboot mode.

Here, the Fastboot mode is entered by pressing the power key and volume down key of the handset. Of course, it is understood that the shortcut key to enter the Fastboot mode is set by the user.

The second step is that: connecting a computer, and logging in a user account on a flashing tool of the computer;

it should be added that, referring to fig. 3, fig. 3 is a schematic diagram illustrating a user interface for unlocking system permissions according to an exemplary embodiment, as shown in fig. 3, after the mobile phone is connected to the computer, a login interface of a user account is output for a user to input the user account, so that the user inputs the user account, so that the server performs identity verification on the user account.

It should be added that, referring to fig. 4, fig. 4 is another schematic diagram of a user interface for unlocking system permissions shown according to an exemplary embodiment, and as shown in fig. 4, before inputting a user account, a server prompts a user to connect to a mobile phone, that is, connect to a terminal to be unlocked, and perform an unlocking operation. In some possible implementation manners, the server instructs the computer to output an operation page unlocked by the user, so that the user clicks an "unlock" button to unlock.

The third step: the server determines whether the unlocking qualification is met;

for example, the server may determine whether the data sent from the computer, i.e., the data related to the unlocking request, meets the unlocking qualification. And if the unlocking qualification is met, unlocking. The unlocking qualification here may be considered as the unlocking condition described above.

The fourth step: and (4) according with the unlocking qualification, and clicking to unlock by the user.

The present embodiment is intended to optimize whether or not the unlocking qualification in the third step is met. Different unlocking conditions are given to different user accounts, and unlocking is performed only when the unlocking information carried in the unlocking request meets the unlocking conditions corresponding to the user account of the unlocking request, so that the safety of a system of the terminal is improved.

The above is taken as an example that the mobile phone enters the line swiping mode, and in fact, the mobile phone can also perform bootloader unlocking by entering the card swiping mode, which is not limited herein.

The user account here may be an account that a user of the terminal registers with an official server before using the terminal, so that the user can log in to a system of the terminal through the user account and authorize the system using the terminal. It can be understood that the user account may be bound to one terminal or bound to multiple terminals, and in short, the user account may be used to apply for opening the system usage right of the terminal.

Of course, in other embodiments, the user account may be an account granted to a part of users in a special case, for example, the manufacturer of the terminal provides an account just given to the employee.

Here, the user account initiating the unlocking request may be the same as or different from the user account of the terminal that the unlocking request is to request to unlock. For example, if the user account a is within the scope of authority, the terminal of the user account B may also be unlocked.

It should be noted that the account types of the user accounts are already divided according to the user accounts at the time of registration. Or the user account is determined according to the type of the user account which is applied for registration when the user account is registered. Or, the server distributes the type of the user account according to the data submitted by the user. It will be appreciated that the materials that need to be reviewed or filled in when applications are registered for account types of different user accounts are different.

For example, the account type of the user account may include, but is not limited to, at least one of: a general user account type, an employee user account type, a white list user account type, and a seed user account type. Here, the common user account type is an account type that a wide range of users can register; here, the account type of the employee user is an account type which can be registered by an employee of a service provider of the terminal; here, the white list user account type is a user account set for a specific terminal, and here, the seed user account type is an account set for simulating unlocking by a general user, and may be a test account.

For example, the user account of the employee user account type may complete the registration application when registering the application, for example, based on at least a local area network of a company where the employee is located. The user account of the seed user account type may complete the registration application upon registration application, for example, based at least on the developer's development environment.

Here, the unlocking request carries a user account, and in some embodiments, in step 12, determining an account type of the user account according to the unlocking request may include:

analyzing a user account in the unlocking request according to the unlocking request; and determining the account type according to the account identification of the user account.

It will be appreciated that different user accounts have different account identities, for example, a common user account type is different than an account identity of an employee user account type. It will be appreciated that the account id may be a number or letter of two or more digits, and account ids in different digits may be used to identify different meanings of the user's account. For example, the last digit of the account identification may be used as an identification digit to distinguish the user account type.

Illustratively, analyzing the user account in the unlocking request according to the unlocking request may include: and analyzing the identification bit of the user account type of the account identification of the user account in the unlocking request according to the unlocking request, and determining the account type according to the numerical value on the identification bit of the user account type.

It can be understood that different account types correspond to different unlocking conditions, so that unlocking of bootloaders by different user accounts can be restricted, and the security of a terminal system can be ensured. For example, the unlocking conditions for some accounts inside the service provider are different from those of the account of the general user.

Compared with the prior art, as long as the user account can unlock the Bootloader, in the embodiment of the disclosure, different unlocking conditions are restricted for different account types, and the Bootloader of the terminal can be unlocked only when the unlocking information carried in the unlocking request meets the unlocking condition corresponding to the account type of the user account of the unlocking request, so that the phenomenon that some lawbreakers holding the user account unlock and swipe a flash arbitrarily can be reduced, and the security of the system of the terminal is improved.

In addition, it should be noted that, because the embodiment of the present disclosure restricts different unlocking conditions of different user accounts, and only when the unlocking information carried in the unlocking request meets the unlocking condition corresponding to the account type of the user account of the unlocking request, the Bootloader of the terminal can be unlocked, which can prevent some lawless persons from loading the overseas system after the system of the terminal is booted, and reduce the loss of the manufacturer of the terminal while ensuring the security of the system of the terminal.

In some exemplary embodiments, the unlocking information includes: the current unlocking times;

step 14, if the unlocking information carried in the unlocking request satisfies the unlocking condition, unlocking the bootloader of the terminal, which may include:

and unlocking the boot loader of the terminal if the current unlocking times are smaller than an unlocking time threshold value in a preset time period, wherein the unlocking time threshold value in the preset time period is the highest unlocking times of the account type corresponding to the user account in the preset time period.

It is understood that the current unlocking times may include: the user account applies for the number of times of unlocking, and the unlocking application can be the same terminal or different terminals. For example, the user account a may apply for unlocking not only the terminal a but also the terminal B, and once for each application, the same terminal applies for unlocking for multiple times.

It can be understood that the server may store the number of times of unlocking the same user account, and it can be understood that the server performs recording every time the server unlocks the same user account. For example, each time the user account a is unlocked once, the corresponding table of the user account a and the unlocking times is updated, and the unlocking times corresponding to the user account a is increased by 1.

In some embodiments, the unlocking the bootstrap loader of the terminal if the current unlocking number is smaller than the threshold of the unlocking number in the preset time period may include:

and if the current unlocking times are smaller than an Nth unlocking time threshold of an Nth preset time period, unlocking the bootstrap loader of the terminal, wherein N is a positive integer greater than or equal to 1.

Different preset time periods correspond to different unlocking times threshold values. For the same user account, the longer the preset time period is, the larger the corresponding unlocking time threshold value is. For example, the preset time period is one year, the corresponding threshold value of the unlocking times is larger than the corresponding threshold value of the unlocking times when the preset time period is one month; the preset time period is one month, the corresponding unlocking time threshold is one day, and the corresponding unlocking time threshold is larger than the preset time period.

Illustratively, the threshold of the number of unlocking times per month of the common user account type is 1, and the threshold of the number of unlocking times per year is 4; limiting the account number type of the employee user according to the unlocking time threshold value every day; the white list user account type may be based on a monthly unlocking number applied by the white list user account itself as a monthly unlocking number threshold, and a daily unlocking number applied by the white list user account itself as a daily unlocking number threshold. The seed user account type can also be used as a daily unlocking time threshold value according to the set daily unlocking time, and a monthly unlocking time threshold value.

It should be added that the unlocking of the same terminal is repeated for 1 time.

Here, taking the type of the common user account as an example, according to the unlocking request, if the current unlocking number is less than the monthly unlocking number threshold, that is, 1 time, and less than the yearly unlocking number threshold, that is, 4 times, the bootloader of the terminal may be unlocked, otherwise, the terminal cannot be unlocked.

Therefore, according to the embodiment of the disclosure, when the unlocking times of the plurality of preset time periods all satisfy the unlocking condition, the boot loader of the terminal is unlocked, so that it is ensured that each time period does not exceed the threshold of the unlocking times of the corresponding time period, and the unlocking safety is further improved.

Fig. 5 is a schematic diagram illustrating a user interface of successful unlocking in system permission unlocking according to an exemplary embodiment, where as shown in fig. 5, if an unlocking request satisfies an unlocking condition, an interface of successful unlocking is output. Here, if the current unlocking number is smaller than the unlocking number threshold of the preset time period, the condition of the unlocking number threshold of the preset time period is at least met, in a possible implementation manner, the server feeds back the successful unlocking to the terminal, and thus the terminal outputs an unlocking successful interface to prompt the user that the unlocking is successful.

In other embodiments, the method further comprises: and if the current unlocking times are larger than or equal to the unlocking time threshold of the preset time period, the unlocking of the bootstrap loader of the terminal is failed.

For example, referring to fig. 6, if the current unlocking time is less than or equal to the unlocking time threshold in the preset time period, it indicates that the account number has insufficient authority, the account number is limited, the account number cannot be unlocked, and an interface with unlocking failure is output. Or, referring to fig. 7, if the user account is a common user account, an unlocking failure interface is displayed, where the account only has an unlocking permission of a common account user, and the user may apply a white list permission or may unlock after the developer selects to bind the account.

It is to be added that, in some exemplary embodiments, if the unlocking request does not satisfy the unlocking condition, a prompt message indicating that the unlocking has failed is output.

It is understood that the prompt message of the unlocking failure here may be interface information of a user interface output to the terminal, where the interface information includes content information indicating the unlocking failure. In other embodiments, the prompt message of unlocking failure may also be a voice message output to the terminal, for outputting the voice message by the terminal to prompt that unlocking failure occurs.

It should be noted that, if the current unlocking number is greater than or equal to the unlocking number threshold of the preset time period, in some possible implementations, if the user account is of the ordinary user account type, since the unlocking number threshold of the ordinary user account type per month is 1, if the account type of the current user account is of the ordinary user account type and the unlocking number is greater than or equal to 1, the system will limit unlocking of the user account. For example, please refer to fig. 7, fig. 7 is a schematic diagram of a user interface with unlocking failure in system permission unlocking according to an exemplary embodiment, and as shown in fig. 7, when the unlocking times are greater than or equal to an unlocking time threshold of a preset time period determined by more types of corresponding user accounts, it indicates that the permission of the user account is insufficient and the account is unlocked limitedly, so that a prompt message related to the user interface with unlocking failure is output to the terminal.

Still taking the account type of the current user account as the common user account type as an example, if the unlocking time is greater than or equal to the unlocking time threshold of the preset time period corresponding to the common user, for example, please refer to fig. 8, as shown in fig. 8, and a related prompt message of the user interface with the unlocking failure is output. In a possible implementation manner, the prompting content of the prompting message can clearly prompt the reason of the unlocking failure, and an unlocking manner is provided, so that a user can unlock according to the prompting message. For example, the prompting content of the prompting message may be "this account can be unlocked only by a general user, and please apply for a white list authority or an employee account authority, etc.

In further exemplary embodiments, the unlocking information includes: a terminal state corresponding to the terminal, in step 14, if the unlocking information carried in the unlocking request satisfies the unlocking condition, unlocking the boot loader of the terminal may include:

The terminal here is the terminal that the unlocking request requests to unlock. The terminal status herein may include, but is not limited to, a status in which the terminal is registered in the server. It will be appreciated that in some scenarios, if a user's terminal is lost, the terminal may be registered as a lookup state by logging in to a user account bound to the terminal. The target state here may be a look-up state. For example, when the server receives an unlocking request, the server may first query a terminal state of a terminal corresponding to a user account, and if the user account opens a search terminal, if the terminal is not in the search state, the boot loader of the terminal may be unlocked.

In the embodiment, the boot loader of the terminal can be unlocked only when the terminal is not in a searching state, that is, the terminal is not registered as lost, so that the phenomena of terminal data leakage or terminal data loss and the like caused by malicious flash due to terminal loss can be reduced, and the system security of the terminal is improved.

It can be understood that the user account initiating the unlocking request may be the same as or different from the user account bound to the terminal.

In some embodiments, the method further comprises:

determining whether a user account bound by the terminal is consistent with a user account initiating an unlocking request;

and if the user account bound by the terminal is inconsistent with the user account initiating the unlocking request and the terminal state is the target state, unlocking the boot loader of the terminal.

It should be noted that, if the user account bound to the terminal is inconsistent with the user account initiating the unlocking request, it indicates that the user requesting the unlocking and the user of the terminal may not be the same user, and there is a risk of illegal unlocking. Therefore, the unlocking of the boot loader of the terminal is prohibited by limiting that the user account bound by the terminal is inconsistent with the user account initiating the unlocking request and the terminal state is the target state, so that the unlocking and flashing phenomena of illegal users can be reduced, and the safety of the terminal is improved.

In some embodiments, if the user account bound by the terminal is inconsistent with the user account initiating the unlocking request, the binding prompt information is output.

In other embodiments, if the user account bound to the terminal is consistent with the user account initiating the unlocking request and the terminal is in the target state, the boot loader of the terminal may be unlocked.

It should be noted that, if the user account bound to the terminal is consistent with the user account initiating the unlocking request, it may be indicated that the user requesting the unlocking and the user of the terminal may be the same user, and thus, through the verification of the user account bound to the terminal and the user account initiating the unlocking request, when the user account bound to the terminal is consistent with the user account initiating the unlocking request, the unlocking authority of the boot loader of the terminal is released, so that the user of the terminal may unlock the boot loader of the terminal by using the user account bound to the terminal, and unnecessary operation steps are reduced, for example, the user account is logged in first to modify the terminal state of the terminal, and the like, thereby improving the operation experience of the user.

In order to facilitate management of the user account and improve the efficiency of the server in the next verification of the same user account, in other embodiments, if the user account bound to the terminal is inconsistent with the user account initiating the request and the terminal state is a target state, the user account initiating the request is listed as a blacklisted account.

For efficiency of the unlocking verification, in other embodiments, the determining the account type of the user account according to the unlocking request in step 12 may include:

In the embodiment of the disclosure, according to the unlocking request, whether the user account is a blacklist account is firstly verified, and the account type of the user account is determined only on the premise that the user account initiating the unlocking request is not the blacklist account, so that subsequent steps of verifying and unlocking because the user account initiating the unlocking is the blacklist account can be reduced, resource occupation of a server is reduced, and the efficiency of verifying and unlocking is improved.

It should be noted that the above embodiments may be implemented separately or in any combination, and are not limited herein.

In other exemplary embodiments, referring to fig. 8, fig. 8 is a further flowchart illustrating a method for unlocking a system permission according to an exemplary embodiment, where as shown in fig. 8, unlocking a bootloader of the terminal if the current unlocking time is less than an unlocking time threshold of a preset time period may include:

In other embodiments, the current unlocking times may include not only: the number of times of applying for unlocking by the user account may further include: and the number of terminals applying for unlocking, which are located in the batch to which the terminals apply for unlocking by the user account number. For example, 10 terminals in the batch to which the terminal a belongs, and 5 other terminals have already applied for unlocking, if the user account applies for unlocking the terminal a, the unlocking times of the user account may be determined as 6 th terminal in the batch to which the terminal a belongs, that is, the current unlocking times is 6. Therefore, the unlocking operation for the terminals in the same batch in a large batch can be reduced, and the phenomenon that the terminals are maliciously unlocked to sell the terminals in the large batch is reduced.

Based on this, if the user account is a first-class user account and the current unlocking time is less than the unlocking time threshold of the preset time period, determining the unlocking waiting time length according to the current unlocking time, which may include one of the following:

if the user account is a first type of user account and the number of times of unlocking application of the user account is smaller than the unlocking time threshold of the preset time period, determining unlocking waiting time according to the number of unlocking application units in the batch to which the terminal to which the user account applies for unlocking is located;

if the user account is a first type of user account and the application unlocking times of the user account are smaller than the unlocking time threshold of the preset time period, determining unlocking waiting time according to the application unlocking times of the user account;

if the user account is the first type of user account, and the number of unlocking application times that the terminal, which is unlocked by the user account, is located in the batch to which the terminal belongs is smaller than the threshold of the unlocking times of the preset time period, the unlocking waiting time length is determined according to the number of unlocking application times that the terminal, which is unlocked by the user account, is located in the batch to which the terminal belongs.

It should be noted that the first type of user account may include, for example, a user account of a common user account type. Of course, the first type of user account may also be other types of user accounts, and is not limited herein

In this embodiment, by introducing the unlocking waiting time length, that is, before unlocking the bootloader of the terminal, the unlocking waiting needs to be performed first, so that the malicious flash phenomenon of illegal molecules can be reduced, and the system security of the terminal is improved.

In some possible implementations, the current unlocking times and the unlocking waiting time duration are positively correlated. That is, if the current unlocking times are larger, the corresponding unlocking waiting time length is longer. For example, if the current unlocking time is 1 time, the corresponding waiting unlocking time period may be 168 hours, and the current unlocking time is 2 times, the corresponding waiting unlocking time period may be 336 hours.

For the first type of user account, the present embodiment adopts a mechanism in which the unlocking waiting time length is directly correlated with the unlocking times, so that the malicious flash phenomenon caused by an illegal user can be further reduced, and the security of the system of the terminal can be further improved.

In order to further ensure the security of the system of the terminal, in other exemplary embodiments, the method further includes:

after the unlocking waiting time is over, unlocking the boot loader of the terminal, which may include:

and if the user account is not a risk account, unlocking the boot loader of the terminal after the unlocking waiting time is over.

In this embodiment, for a user account of a preset subtype, a judgment mechanism of a risk account is introduced, and the bootloader of the terminal is unlocked only when the user account is not the risk account.

It is understood that the user account of the preset subtype may be an account evaluated to be available to the public, such as a general user account. Of course, the user account of the preset subtype may also be, for example, a user account with a risk behavior, or a user account with a higher possibility of a risk behavior, and the like, which is not limited herein.

It should be noted that, whether the user account is the risk account is verified, and no limitation is made herein, which may be after the unlocking waiting time is over or before the unlocking waiting time is over.

In other embodiments, the method further comprises:

and if the user account is a risk account, after the unlocking waiting time is over, forbidding unlocking the boot loader of the terminal.

In some embodiments, the unlock request carries: the equipment address where the user account logs in;

the determining whether the user account is a risk account may include:

and determining whether the first equipment address and the registration address of the user account are the same home address or not by the equipment address logged in by the user account, and if not, determining that the user account is the risk account.

Here, the first device address may be understood as a Mac address and/or an IP address of a computer, a mobile phone, or the like, in which the user account is registered.

Here, the registration address may be understood as a Mac address and/IP address of a computer, a mobile phone, or the like used for registering the user account.

The same home address here, in one possible implementation, may be considered an address managed by the same home country. For example, when the user account is registered in china, the home location of the corresponding registration address is different from the home location of the device address where the user account is registered in a country other than china.

In this embodiment, by detecting the attribution of the registered address and the registered device address, it is possible to reduce the phenomenon of cross-border flash, ensure the security of the terminal system, ensure the economic benefit of the terminal manufacturer, and reduce illegal merchants from selling the terminal to abroad, for example.

It should be noted that, in order to reduce the subsequent determination process for the risky account and improve the verification efficiency, in some embodiments, if the device address is different from the home location of the registered address, the registered device address is included in a blacklist address, for example.

It is to be added that, in other embodiments, if the device address logged in by the user account initiating the unlocking request is a blacklist address, the user account is listed in a blacklist user account.

In other embodiments, the unlocking information includes: the equipment address where the user account logs in;

if the unlocking information carried in the unlocking request meets the unlocking condition, unlocking the boot loader of the terminal, which may include:

Here, the second type of user account may be, for example, the white list user account and/or the employee user account described above. It should be noted that the second type of user account may be a related user account having a requirement for a logged-in device address. For example, the employee user account must be the local area network address of the employee within the work scope used during registration, and must also be the local area network address of the employee within the work scope during login. As another example, the white list user account must be performed on an authorized terminal. In summary, the second type of user account may be a related user account type with certain limitations on the login device of the user account.

In this embodiment, by introducing a determination mechanism that the logged-in device address satisfies the device address condition, the unlocking request for the second type of user account can be better verified, so that the security of the system of the terminal is ensured.

In some exemplary embodiments, if the user account is a second type of user account and the device address where the user account logs in meets the device address condition, unlocking the boot loader of the terminal may include at least one of:

For example, the first sub-category user accounts may be white list user accounts, and since the white list users need to unlock the bound terminal devices, the first preset device address may be a device address bound to the user account.

For example, the second sub-category user account may be, for example, an employee user account, and since the employee user account needs to log in to a local area network address of a working range of the user to unlock the user, the second preset device address may be a device address connected to the preset local area network.

In the embodiment of the disclosure, by adopting a verification scheme of different device addresses for different sub-types of user accounts of the second type of user accounts, the unlocking security of the boot loader of the terminal can be further improved, so that the security of a system of the terminal is further improved.

Further, the present disclosure also provides a specific embodiment to further understand the system permission unlocking method provided by the embodiment of the present disclosure.

The embodiment aims to reduce the possibility that lawbreakers such as cattle may carry out a second sale after the system of the terminal is refurbished, especially to the overseas market, which is not beneficial to the security of the system of the terminal on the one hand and the economic benefit of the terminal manufacturer on the other hand.

Referring to fig. 2 again, as shown in fig. 2, the terminal 20 to be unlocked, i.e. the terminal, is a mobile phone, the operation terminal 21 connected to the terminal 20 to be unlocked is a notebook computer, and the service terminal 22 connected to the operation terminal 21 is a server provided by a terminal manufacturer.

In some exemplary embodiments, the account types of the user account may include, but are not limited to, the following: a general user account type, an employee user account type, a white list user account type, and a seed user account type.

The system permission unlocking method aiming at the user account initiating the unlocking request which is of the white list user account type can comprise the following steps:

firstly, determining whether the user account is a blacklist user account, and if not, determining whether a device address logged in by the user account is a device address bound by the user account; if so, determining whether the unlocking times of the user account are less than the unlocking times threshold corresponding to each day or each month or each year, and if so, unlocking the bootstrap loader of the terminal.

Aiming at the user account initiating the unlocking request as the user account of the employee user account type, the system permission unlocking method can comprise the following steps:

firstly, determining whether the user account is a blacklist user account, if not, determining whether an equipment address logged by the user account is a company local area network address where an employee works, if so, then determining whether the unlocking times of the user account are less than the unlocking times threshold value corresponding to each day, month or year, and if so, unlocking a bootstrap loader of the terminal.

For a user account initiating an unlocking request, which is a seed user account type, the system permission unlocking method may include:

firstly, determining whether the user account is a blacklist user account, if not, determining whether the unlocking times of the user account is less than the unlocking time threshold corresponding to each day, month or year, if so, determining whether the mobile phone is in a searching state, if not, determining the unlocking waiting time according to the unlocking times, and after the unlocking waiting time is over, unlocking the boot loader of the terminal.

For a user account initiating an unlocking request, which is a common user account type, the system permission unlocking method may include:

firstly, determining whether the user account is a blacklist user account, if not, determining whether the unlocking times of the user account is less than the unlocking time threshold corresponding to each day, month or year, if so, determining whether the mobile phone is in a searching state, if not, determining the unlocking waiting time according to the unlocking times, after the unlocking waiting time is over, determining whether the user account is a risk account, and if not, unlocking a boot loader of the terminal.

Here, the related embodiment of determining the risk account number is the same as or similar to the embodiment of determining the risk account number described above.

In the embodiment, the unlocking waiting time is introduced into the limitation of the unlocking condition for the user account of the common user account type, and the unlocking waiting time can be increased along with the increase of the unlocking times.

In the above embodiment, for account types of different user accounts, corresponding to different unlocking conditions, in the embodiment of the present disclosure, whether the unlocking request satisfies the unlocking condition is determined, and the boot loader of the terminal may be unlocked only when the unlocking request of the user account satisfies the unlocking condition corresponding to the account type corresponding to the user account, so that the unlocking security of the boot loader of the terminal may be ensured, the security of the terminal is ensured, and the security of the system of the terminal is ensured.

In addition, on the premise that the security of the terminal system is guaranteed, malicious flash of the terminal by a lawless person and secondary sales after the malicious flash can be reduced, and therefore economic benefits of terminal manufacturers are guaranteed.

Fig. 9 illustrates a system right unlocking device according to an exemplary embodiment, which includes:

a receiving module 91, configured to receive an unlocking request for a boot loader of a terminal, where the unlocking request carries a user account initiating the unlocking request, and the boot loader is used to guide starting of a flashing process of the terminal;

a first determining module 92, configured to determine an account type of the user account according to the unlocking request;

a second determining module 93, configured to determine, according to an account type of the user account, an unlocking condition corresponding to the account type;

and the unlocking module 94 is configured to unlock the boot loader of the terminal if the unlocking information carried in the unlocking request meets the unlocking condition.

In some optional embodiments, the unlocking information includes: the current unlocking times;

the unlocking module 94 is further configured to:

In some optional embodiments, the unlocking information includes: a terminal state corresponding to the terminal;

the unlocking module 94 is further configured to:

In some optional embodiments, the first determining module 92 is further configured to:

In some optional embodiments, the unlocking module 94 is further configured to:

In some optional embodiments, the apparatus further comprises:

the unlocking module 94 is specifically configured to:

In some optional embodiments, the unlocking information includes: the equipment address where the user account logs in;

the unlocking module 94 is further configured to:

In some optional embodiments, the unlocking module 94 is specifically configured to at least one of:

In some optional embodiments, the apparatus further comprises:

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

Fig. 10 is a block diagram illustrating a terminal 1200 according to an example embodiment. For example, the terminal 1200 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, and the like.

Referring to fig. 10, terminal 1200 may include one or more of the following components: a processing component 1202, a memory 1204, a power component 1206, a multimedia component 1208, an audio component 1210, an input/output (I/O) interface 1212, a sensor component 1214, and a communications component 1216.

The processing component 1202 generally controls overall operation of the terminal 1200, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 1202 may include one or more processors 1220 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 1202 can include one or more modules that facilitate interaction between the processing component 1202 and other components. For example, the processing component 1202 can include a multimedia module to facilitate interaction between the multimedia component 1208 and the processing component 1202.

The memory 1204 is configured to store various types of data to support operation at the terminal 1200. Examples of such data include instructions for any application or method operating on terminal 1200, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 1204 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power component 1206 provides power to the various components of terminal 1200. Power components 1206 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for terminal 1200.

The multimedia components 1208 include a screen providing an output interface between the terminal 1200 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 1208 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the terminal 1200 is in an operation mode, such as a photographing mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

Audio component 1210 is configured to output and/or input audio signals. For example, the audio assembly 1210 includes a Microphone (MIC) configured to receive external audio signals when the terminal 1200 is in an operating mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 1204 or transmitted via the communication component 1216. In some embodiments, audio assembly 1210 further includes a speaker for outputting audio signals.

The I/O interface 1212 provides an interface between the processing component 1202 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 1214 includes one or more sensors for providing various aspects of state assessment for the terminal 1200. For example, sensor assembly 1214 can detect an open/closed state of terminal 1200, the relative positioning of components, such as a display and keypad of terminal 1200, sensor assembly 1214 can also detect a change in position of terminal 1200 or a component of terminal 1200, the presence or absence of user contact with terminal 1200, orientation or acceleration/deceleration of terminal 1200, and a change in temperature of terminal 1200. The sensor assembly 1214 may include a proximity sensor configured to detect the presence of a nearby object in the absence of any physical contact. The sensor assembly 1214 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 1214 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

Communications component 1216 is configured to facilitate communications between terminal 1200 and other devices, either wired or wirelessly. The terminal 1200 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 1216 receives the broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communications component 1216 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the terminal 1200 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer readable storage medium comprising instructions, such as memory 1204 comprising instructions, executable by processor 1220 of terminal 1200 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

Fig. 11 is a block diagram illustrating a server 1300 according to an example embodiment. Referring to fig. 11, server 1300 includes a processing component 1322, which further includes one or more processors, and memory resources, represented by memory 1332, for storing instructions, such as application programs, that may be executed by processing component 1322. The application programs stored in memory 1332 may include one or more modules that each correspond to a set of instructions. Further, the processing component 1322 is configured to execute instructions to perform the method for unlocking processing applied to the system authority according to the various embodiments of the method described above.

The server 1300 may also include a power component 1326 configured to perform power management for the server 1300, a wired or wireless network interface 1350 configured to connect the server 1300 to a network, and an input-output (I/O) interface 1358. The server 1300 may operate based on an operating system stored in memory 1332, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

A non-transitory computer-readable storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the breakpoint information processing method according to the above embodiments. The electronic device may be the terminal described above, or may be the server described above.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims

1. A method for unlocking system authority, which is characterized in that the method comprises the following steps:

2. The method of claim 1, wherein the unlocking information comprises: current unlocking times;

3. The method of claim 1, wherein the unlocking information comprises: a terminal state corresponding to the terminal;

4. The method of claim 1, wherein determining the account type of the user account according to the unlocking request comprises:

5. The method according to any one of claims 2 to 4, wherein the unlocking the bootloader of the terminal if the current unlocking number is smaller than an unlocking number threshold of a preset time period comprises:

6. The method of claim 5, further comprising:

7. The method according to any one of claims 2 to 4, wherein the unlocking information comprises: the equipment address where the user account logs in;

8. The method according to claim 7, wherein if the user account is a second type of user account and the device address where the user account logs in meets the device address condition, unlocking a boot loader of the terminal includes at least one of:

9. The method of claim 2, further comprising:

10. A system authority unlocking apparatus, comprising:

the terminal comprises a receiving module, a starting module and a processing module, wherein the receiving module is used for receiving an unlocking request of a boot loader of the terminal, the unlocking request carries a user account initiating the unlocking request, and the boot loader is used for guiding the starting of a flashing process of the terminal;

11. The apparatus of claim 10, wherein the unlocking information comprises: the current unlocking times;

the unlocking module is further configured to:

12. The apparatus of claim 10, wherein the unlocking information comprises: a terminal state corresponding to the terminal;

the unlocking module is further configured to:

13. The apparatus of claim 10, wherein the first determining module is further configured to:

14. The apparatus of claims 11-13, wherein the unlocking module is further configured to:

15. The apparatus of claim 14, further comprising:

the unlocking module is specifically configured to:

16. The apparatus according to any one of claims 11 to 13, wherein the unlocking information comprises: the equipment address where the user account logs in;

the unlocking module is further configured to:

17. The device according to claim 16, wherein the unlocking module is specifically configured for at least one of:

18. The apparatus of claim 11, further comprising:

19. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to: when implemented, perform the method steps of any of claims 1 to 9.

20. A computer-readable storage medium, on which a computer program is stored, characterized in that the instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method steps of implementing any of claims 1 to 9.