CN114022029A - Terminal security risk management method and device and terminal - Google Patents

Terminal security risk management method and device and terminal Download PDF

Info

Publication number
CN114022029A
CN114022029A CN202111386915.7A CN202111386915A CN114022029A CN 114022029 A CN114022029 A CN 114022029A CN 202111386915 A CN202111386915 A CN 202111386915A CN 114022029 A CN114022029 A CN 114022029A
Authority
CN
China
Prior art keywords
terminal
risk
determining
point
state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111386915.7A
Other languages
Chinese (zh)
Inventor
张子敬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ontim Technology Co Ltd
Original Assignee
Beijing Ontim Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ontim Technology Co Ltd filed Critical Beijing Ontim Technology Co Ltd
Priority to CN202111386915.7A priority Critical patent/CN114022029A/en
Publication of CN114022029A publication Critical patent/CN114022029A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis

Abstract

The invention relates to a management method, a device and a terminal for terminal security risks, wherein the method comprises the following steps: when detecting that a hardware debugging point of the terminal is in a risk state, acquiring the operation behavior of the hardware debugging point in a connection state; determining a safety risk warning level according to the operation behavior; and when the hardware debugging point of the terminal is detected to be in a safe state, reminding the safety risk warning level. According to the method and the device, the safety risk warning level of the terminal is determined by monitoring the operation behavior of the hardware debugging point in the connection state in real time, and after the hardware debugging point is determined to be in the safety state, the safety risk warning level is reminded, so that a user can know whether the terminal has a safety risk in time, the service safety warning function is increased, and the user experience is improved.

Description

Terminal security risk management method and device and terminal
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for managing security risks of a terminal, and a terminal.
Background
Mobile terminals have entered the 5G era, innovations to terminals are constantly being explored, and are also constantly being updated and iterated, and with the development of technologies, the requirements for service security of terminals are also becoming higher and higher, so people are constantly trying to explore service security in the aspects of service access, attack protection, data security, warning and reminding and the like.
In the development process of the terminal, a terminal PCB board usually has hardware debug points (URAT debug point, JTAG debug point, forced download point, etc.) for debugging, measuring, etc. functions of the terminal. Just the function debugging point of the hardware is often utilized by a malicious user to carry out malicious attack and analysis, and bugs of the software and the hardware of the terminal can be found, so that the security of the terminal is in danger. And when the terminal breaks down and is maintained, the rear cover can be detached, the debugging points are completely exposed, for example, the mobile phone is attacked or a malicious program is implanted, whether the mobile phone is attacked or not can not be known after the mobile phone returns to the hand of the user after maintenance, and when a malicious event occurs in a certain day, the user does not know when the mobile phone is in a safety risk.
The hardware debugging point of the terminal hardware PCB board can be covered and shielded in a mode of painting a paint coating before leaving a factory, but the debugging point is usually easy to identify, the debugging point can be connected to debug or attack by scraping the coating, and the security risk is extremely high.
Disclosure of Invention
Based on the method, the device and the terminal, the safety state is monitored by detecting the rear cover attaching device and the hardware debugging point of the terminal. And a service safety warning function is added, and user experience is improved.
According to a first aspect of some embodiments of the present application, there is provided a method for managing security risks of a terminal, the method including the steps of:
when detecting that a hardware debugging point of the terminal is in a risk state, acquiring the operation behavior of the hardware debugging point in a connection state;
determining a safety risk warning level according to the operation behavior;
and when the hardware debugging point of the terminal is detected to be in a safe state, reminding the safety risk warning level.
Further, the operational behavior includes at least one of: target data of operation, operation type, access times and access duration;
wherein the target data comprises at least one of: normal data, sensitive data, confidential data;
the type of operation includes at least one of: reading, adding, modifying and deleting.
Further, determining a security risk level based on the operational behavior, comprising: determining a first risk parameter according to the target data; determining a second risk parameter according to the operation type; determining a third risk parameter according to the access times; determining a fourth risk parameter according to the access duration; and determining the safety risk warning level according to the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
Further, determining the security risk alert level according to the first risk parameter, the second risk parameter, the third risk parameter, and the fourth risk parameter includes:
and determining the safety risk warning level according to the weighted sum of the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
Further, the method also comprises the following steps: acquiring the connection state of a rear cover attaching device of the terminal; when the rear cover attaching device is in an unconnected state, acquiring the connection state of a hardware debugging point of the terminal; and if the hardware debugging point is in the connection state, determining that the hardware debugging point of the terminal is in the risk state.
Further, after the hardware debugging point of the terminal is determined to be in the risk state, the method further includes:
when the rear cover attaching device is detected to be in a connection state, determining that a hardware debugging point of the terminal is in a safe state;
and sending the stored operation record to a cloud server for security evaluation analysis and vulnerability remediation.
Further, the terminal includes an electrochromic film, the alerting the security risk alert level includes: and controlling the electrochromic film to display the color corresponding to the safety risk warning grade.
Further, the back cover attachment device includes at least one of: NFC antenna, fingerprint module, electrochromic membrane; the hardware debug point comprises at least one of: URAT debug point, JTAG debug point, force download point.
According to a second aspect of some embodiments of the present application, there is provided an apparatus for management of security risks of a terminal, comprising:
an operation behavior acquisition module, configured to acquire an operation behavior of a hardware debug point in a connected state when detecting that the hardware debug point of the terminal is in a risk state;
the warning grade determining module is used for determining a safety risk warning grade according to the operation behavior;
and the warning grade reminding module is used for reminding the safety risk warning grade when detecting that the hardware debugging point of the terminal is in a safe state.
According to a third aspect of some embodiments of the present application, there is provided a terminal comprising: at least one memory and at least one processor;
the memory for storing one or more programs;
when executed by the at least one processor, the one or more programs cause the at least one processor to implement the steps of a method of terminal security risk management as described in the first aspect of some embodiments herein.
According to the method, the device and the terminal for managing the terminal safety risk, the safety risk warning level of the terminal is determined by monitoring the operation behavior of the hardware debugging point in the connection state in real time, and after the hardware debugging point is determined to be in the safety state, the safety risk warning level is reminded, so that a user can know whether the terminal has the safety risk in time, the service safety warning function is added, and the user experience is improved. Secondly, this application confirms the risk state and the security state of terminal through the attached device of back lid and the connection state of hardware debugging point to the risk of terminal is evaluateed through high in the clouds server, and remedies to the security leak that probably exists. The scheme can provide a powerful way for terminal manufacturers to protect the security of the mobile phone terminal while increasing the service security warning function, so that the terminal security risk judgment is more accurate.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Drawings
Fig. 1 is a schematic diagram of an application scenario of a method for managing terminal security risks according to the present invention;
fig. 2 is a schematic step diagram of a method for managing security risks of a terminal according to the present invention;
fig. 3 is a schematic block diagram of an apparatus for managing security risks of a terminal according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
It should be understood that the embodiments described are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the embodiments in the present application.
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the present application. As used in the examples of this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims. In the description of the present application, it is to be understood that the terms "first," "second," "third," and the like are used solely to distinguish one from another similar human body, and are not necessarily used to describe a particular order or sequence, nor are they to be construed as indicating or implying relative importance. The specific meaning of the above terms in the present application can be understood by those of ordinary skill in the art as appropriate.
Further, in the description of the present application, "a plurality" means two or more unless otherwise specified. "and/or" describes an associative relationship with a human body, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the context of the associated human is an "or" relationship.
To solve the technical problem in the background art, an embodiment of the present application provides a method for managing security risks of a terminal, where the method is applied to a terminal, as shown in fig. 1, in an example, the terminal 100 is a smart phone. The terminal 100 has a processor 101, a back cover attachment device 102, a hardware debug point 103, and an electrochromic film 104.
In other examples, the terminal may also be other mobile terminals (e.g., tablet computers), wearable devices (e.g., smart watches, sports bracelets, smart glasses), smart car-mounted devices, etc. having 4G or 5G communication capabilities.
The processor 101 serves as a central processing unit of the terminal 100 and is configured to be connected to the rear cover attaching device 102, the hardware debugging point 103 and the electrochromic film 104, and the processor 101 is configured to obtain connection signals of the rear cover attaching device 102 and the hardware debugging point 103 and apply different voltages to the electrochromic film 104. In other examples, the processor 101 may also be a processing chip specifically configured to perform the method steps of the embodiments of the present application.
The existing hardware debugging point of the mobile phone terminal hardware PCB board is covered and shielded by a paint coating painting mode before leaving a factory, but the debugging point is usually easy to identify, the debugging point can be connected to debug or attack by scraping the coating, and the security risk is extremely high.
To solve the above problems. Referring to fig. 2, in a specific example, fig. 2 is a schematic diagram illustrating steps of a method for managing security risks of a terminal according to the present invention, where the method may be executed by the processor 102 in fig. 1.
In step S201, when it is detected that the hardware debug point of the terminal is in a risk state, an operation behavior of the hardware debug point in a connected state is acquired.
The hardware debug point refers to a debug point exposed on the hardware PCB, and optionally, the hardware debug point includes at least one of the following: JTAG debug point, URAT debug point, force download point. The JTAG technique is an embedded debug technique, and is mainly used for internal test of a chip, in which a special test circuit TAP (test access port) is packaged inside the chip, and internal nodes are tested by arranging JTAG debug points on the surface of a PCB of a terminal. UART (Universal Asynchronous Receiver/Transmitter) is commonly called Universal Asynchronous Receiver/Transmitter (UART) and converts data to be transmitted between serial communication and parallel communication as a chip converting parallel input signals into serial output signals, and the UART debug point is a point where UART is integrated into a link of other communication interfaces. The forced downloading point is arranged on the PCB surface of the terminal and used for triggering the application processor to enter a forced downloading mode.
The hardware debugging point is in a risk state and used for indicating that the terminal has the risk of damage, and the risk mainly aims at the exposure risk of the hardware debugging point of the rear cover of the terminal. For example, the exposed hardware debugging point is forcibly downloaded by malicious connection of other users, or data transmission is carried out, so that private data of the user is revealed. The risk state may detect whether the terminal is attacked or invaded through the operating system of the terminal.
When the terminal is in a connection state, the terminal and the terminal processor have signal transmission, acquire the signal transmission data, and determine the data belonging to the operation behavior to store.
In step S202, a safety risk alert level is determined according to the operation behavior.
The operation behavior indicates behavior data of connection, access, attack or download analysis and the like of other users on the terminal through the hardware debugging point.
The operational behavior comprises at least one of: target data of operation, operation type, access times and access duration. Wherein the target data comprises at least one of: normal data, sensitive data, confidential data; the type of operation includes at least one of: reading, adding, modifying and deleting.
The safety risk warning level may be preset with a corresponding safety risk warning level according to different operation behaviors. The safety risk warning level is used for indicating the level of the safety risk state of the terminal caused by the risk condition, if the safety risk warning level is high, the hardware debugging point of the terminal is in a relatively dangerous state, and if the safety risk warning level is low, the terminal is in a relatively safe state. For example, when the operation behavior includes reading the confidential data more than 10 times and for more than 10 minutes, indicating that the security risk status of the terminal is high, the higher the security risk alert level.
In step S203, when it is detected that the hardware debug point of the terminal is in a safe state, the security risk warning level is prompted.
The security state is used to indicate that the hardware debug point of the terminal is not exposed to risk. For example, when the rear cover attaching device of the terminal is in a connected state, it indicates that the rear cover of the terminal is not opened, and the hardware debugging point on the PCB is not exposed.
The reminding of the safety risk warning level can be realized by setting warning ring tone, warning vibration, warning message or warning color and the like at the terminal and correspondingly prompting the safety risk warning level of the risk.
According to the method and the device, the safety risk warning level of the terminal is determined by monitoring the operation behavior of the hardware debugging point in the connection state in real time, and after the hardware debugging point is determined to be in the safety state, the safety risk warning level is reminded, so that a user can timely know whether the terminal has a safety risk or not and the level of the safety risk, the service safety warning function is increased, and the user experience is improved.
In a preferred embodiment, in order to ensure that the risk state judgment of the terminal is accurate, in step S201, it is detected that the hardware debug point of the terminal is in a risk state, and the method further includes the following steps:
and acquiring the connection state of the rear cover attaching device of the terminal.
The rear cover attaching device refers to a device attached to the rear cover of the terminal, and optionally, the rear cover attaching device includes at least one of the following components: NFC antenna, fingerprint module, electrochromic membrane etc.. The NFC antenna, namely the NFC technology, is a short-distance and high-frequency radio technology, can perform identification and data exchange with compatible equipment in a short distance, and is mainly integrated with NFC in the mobile terminal to realize corresponding functions; the fingerprint module is used for supporting fingerprint identification equipment to acquire a fingerprint image of a user through the fingerprint module; the electrochromic film is a material with electrochromic performance, generates a stable and reversible color change phenomenon under the action of an external electric field, shows reversible changes of color and transparency in appearance, is applied to a shell of a terminal, and can be specifically a rear cover of the terminal and the like, so that a user can directly observe the color change position.
The connection state of the rear cover attaching device is used for representing a processor of the terminal which is accessed or not accessed by the rear cover attaching device. For example, when the rear cover attachment device is a fingerprint module, the processor and the fingerprint module have signal transmission, and the fingerprint module and the processor are in a connection state; when the processor and the fingerprint module have no signal transmission, the electrochromic film and the processor are in an unconnected state. If the rear cover attaching device is in a connection state, it indicates that the rear cover is not opened and the terminal is not in a safety risk state; if the rear cover attaching device is in an unconnected state, it indicates that the rear cover of the terminal is opened, and the hardware debugging point has an exposed risk. The same applies to the rear cover attaching devices such as NFC antennas, electrochromic films, and the like. Through the signal transmission of the attached device of lid and terminal processor behind the real-time detection, acquire the attached device's of back lid connection state to whether the lid is opened behind the definite terminal, whether hardware debugging point has the danger of exposing.
And when the rear cover attaching device is in an unconnected state, acquiring the connection state of the hardware debugging point of the terminal.
The connection status of the hardware debug point is used to indicate whether the terminal is accessed to the terminal data through the hardware debug point. For example, when the rear cover attaching device is in an unconnected state and the signal transmission between the forced download point of the terminal and the terminal processor is that external access is received, it indicates that the hardware debugging point is in a connected state; and when the rear cover attaching device is in an unconnected state and the forced downloading point does not receive external access, indicating that the hardware debugging point is in an unconnected state. The connection state of the hardware debugging point is obtained by detecting the signal transmission between the hardware debugging point and the terminal processor in real time, so that whether the hardware debugging point is maliciously connected or attacked by other users is determined.
If the hardware debugging point is in a connection state, the terminal is considered to have a security risk from malicious attack and analysis through the hardware debugging point, and the hardware debugging point is in a risk state at the moment. Since the operation behavior includes a plurality of different types of determination bases, in order to clarify the security risk level corresponding to each type, in a specific embodiment, in step S202, determining the security risk level according to the operation behavior includes:
and determining a first risk parameter according to the target data.
And determining a second risk parameter according to the operation type.
And determining a third risk parameter according to the access times.
And determining a fourth risk parameter according to the access duration.
And determining the safety risk warning level according to the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
The first risk parameters sequentially correspond to common data, sensitive data and confidential data from low to high; the second risk parameters are correspondingly read, increased, modified and deleted from low to high in sequence; the third risk parameters sequentially correspond to the access times from low to high from few to many; the fourth risk parameter corresponds to the visit duration from short to long in sequence from low to high.
The safety risk warning level can be determined by equal weight or weighting according to the magnitude of the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter. For example, the risk level may be determined to be highest when the first, second, third, and fourth risk parameters are all highest.
The operation behavior comprises more types of judgment bases and different types of grades, so that the safety risk warning grade can be effectively and comprehensively reminded. In a preferred embodiment, determining the security risk alert level according to the first risk parameter, the second risk parameter, the third risk parameter, and the fourth risk parameter includes:
and determining the safety risk warning level according to the weighted sum of the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
The user presets the weights of the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter according to the safety guarantee requirements of the terminal, and then determines the safety risk warning grade according to the grade corresponding to each risk parameter. For example, if the weight of the first risk parameter is preset to be 40%, the weight of the second risk parameter is preset to be 30%, the weight of the third risk parameter is preset to be 20%, and the weight of the fourth risk parameter is preset to be 10%, when the weighted sum of the four risk parameters is greater than 80%, the safety risk warning level is determined to be high risk; when the weighted sum is less than 80 percent and greater than 50 percent, determining the safety risk warning level as middle risk; when the weighted sum is less than 50 percent, the security risk alert level is determined to be low risk.
Specifically, for example, when the operation behavior includes that the common data is read within 5 times within ten minutes, the safety risk warning level can be judged to be low risk; when the operation behavior comprises that the sensitive data is modified within 5 times in ten minutes, the safety risk warning grade can be judged as middle risk; when the action includes deleting the confidential data within 5 times within ten minutes, the security risk alert level may be determined to be high risk.
In a preferred embodiment, in order to make the user quickly and clearly know the security risk of the terminal, the user may be reminded by a warning color, the terminal includes an electrochromic film, and in step S203, the reminding the security risk warning level includes:
and controlling the electrochromic film to display the color corresponding to the safety risk warning grade.
And the terminal presets a corresponding voltage value according to the safety risk warning grade, and applies the corresponding voltage value to an electrochromic film electrode plate for controlling the electrochromic film, so that the electrochromic film presents a color corresponding to the safety risk warning grade. Different colors correspond to different safety risk warning levels, e.g., red for high risk levels, yellow for medium risk levels, and green for low risk levels.
The storage resources of the terminal are limited, if the operation behavior is stored in the terminal device, the access of the data system has the problems of mutual interference and low access efficiency, and the data is directly stored in the device, which also causes the problems of low security and low data access flexibility. Therefore, in order to improve the efficiency and security of the terminal for storing and reading data, in another embodiment, after step S203, the following steps are further included:
after determining that the hardware debugging point of the terminal is in a risk state, the method further comprises the following steps:
when the rear cover attaching device is detected to be in a connection state, determining that a hardware debugging point of the terminal is in a safe state;
and sending the stored operation record to a cloud server for security evaluation analysis and vulnerability remediation.
The safety risk warning grade standard of the cloud server can be the same as that of the terminal, the cloud server can specify rules and standards of the safety risk warning grade and send the rules and standards to the terminal, and the terminal executes the rules and standards which are the same as those of the terminal. The operation records are transmitted to the cloud server for security analysis and vulnerability remediation, the security of the mobile phone terminal can be protected by a terminal manufacturer while the service security warning function is added, and user experience is improved.
Corresponding to the above method for managing terminal security risk, an embodiment of the present invention further provides a device, as shown in fig. 3, fig. 3 is a schematic block diagram of a device for managing terminal security risk according to the present invention, where the device 300 includes:
an operation behavior obtaining module 301, configured to obtain an operation behavior of a hardware debug point in a connected state when it is detected that the hardware debug point of the terminal is in a risk state.
In an optional embodiment, the behavior obtaining module 301 further includes:
and the first state acquisition unit is used for acquiring the connection state of the rear cover attaching device of the terminal.
And the second state acquisition unit is used for acquiring the connection state of the hardware debugging point of the terminal when the rear cover attaching device is in the unconnected state.
And the risk state determining unit is used for determining that the hardware debugging point of the terminal is in a risk state if the hardware debugging point is in a connection state.
And an alert level determining module 302, configured to determine a security risk alert level according to the operation behavior.
In an alternative embodiment, the rank determination module 302 further comprises:
the first parameter unit is used for determining a first risk parameter according to the target data;
the second parameter unit is used for determining a second risk parameter according to the operation type;
a third parameter unit, configured to determine a third risk parameter according to the number of accesses;
the fourth parameter unit is used for determining a fourth risk parameter according to the access duration;
and the grade determining unit is used for determining the safety risk warning grade according to the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
In an optional embodiment, the rank determining unit further comprises:
a level determining element to determine the security risk alert level according to a weighted sum of the first risk parameter, the second risk parameter, the third risk parameter, and the fourth risk parameter.
And an alert level reminding module 303, configured to remind the security risk alert level when the hardware debug point of the terminal is detected to be in a security state.
In an alternative embodiment, the terminal includes an electrochromic film, and the reminder module 303 further includes:
and the reminding unit is used for controlling the electrochromic film to display the color corresponding to the safety risk warning grade.
In an optional embodiment, after determining that the hardware debug point of the terminal is in the risk state, the apparatus 300 further includes:
the safety state determining module is used for determining that a hardware debugging point of the terminal is in a safety state when the rear cover attaching device is detected to be in a connection state;
and the vulnerability remediation module is used for sending the stored operation records to the cloud server for security evaluation analysis and vulnerability remediation.
In an alternative embodiment, the back cover attachment means comprises at least one of:
NFC antenna, fingerprint module, electrochromic membrane.
In an optional embodiment, the hardware debug point comprises at least one of:
URAT debug point, JTAG debug point, force download point.
Corresponding to the method for triggering the safety warning by detecting the safety risk of the terminal, an embodiment of the present application further provides a terminal, including:
at least one memory and at least one processor;
the memory for storing one or more programs;
when executed by the at least one processor, the one or more programs cause the at least one processor to implement the steps of a method for detecting a security risk of a terminal to trigger a security alert as described in any one of the embodiments above.
In particular, the terminal may be a mobile terminal (e.g., a tablet computer) having 4G or 5G communication capabilities, a wearable device (e.g., a smart watch, a sports bracelet, smart glasses), a smart car-mounted device, and the like.
According to the method, the device and the terminal for managing the terminal safety risk, the safety risk warning level of the terminal is determined by monitoring the operation behavior of the hardware debugging point in the connection state in real time, and after the hardware debugging point is determined to be in the safety state, the safety risk warning level is reminded, so that a user can know whether the terminal has the safety risk in time, the service safety warning function is added, and the user experience is improved. Secondly, this application confirms the risk state and the security state of terminal through the attached device of back lid and the connection state of hardware debugging point to the risk of terminal is evaluateed through high in the clouds server, and remedies to the security leak that probably exists. The scheme can provide a powerful way for terminal manufacturers to protect the security of the mobile phone terminal while increasing the service security warning function, so that the terminal security risk judgment is more accurate.
It is to be understood that the embodiments of the present application are not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the embodiments of the present application is limited only by the following claims. The above-mentioned embodiments only express a few embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for those skilled in the art, variations and modifications can be made without departing from the concept of the embodiments of the present application, and these embodiments are within the scope of the present application.

Claims (10)

1. A management method for terminal security risk is characterized by comprising the following steps:
when detecting that a hardware debugging point of the terminal is in a risk state, acquiring the operation behavior of the hardware debugging point in a connection state;
determining a safety risk warning level according to the operation behavior;
and when the hardware debugging point of the terminal is detected to be in a safe state, reminding the safety risk warning level.
2. The method for managing the security risk of the terminal according to claim 1, wherein:
the operational behavior includes at least one of:
target data of operation, operation type, access times and access duration;
wherein the target data comprises at least one of:
normal data, sensitive data, confidential data;
the type of operation includes at least one of:
reading, adding, modifying and deleting.
3. The method for managing the security risk of the terminal according to claim 2, wherein determining the security risk level according to the operation behavior comprises:
determining a first risk parameter according to the target data;
determining a second risk parameter according to the operation type;
determining a third risk parameter according to the access times;
determining a fourth risk parameter according to the access duration;
and determining the safety risk warning level according to the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
4. The method for managing terminal security risk according to claim 3, wherein determining the security risk alert level according to the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter includes:
and determining the safety risk warning level according to the weighted sum of the first risk parameter, the second risk parameter, the third risk parameter and the fourth risk parameter.
5. The method for managing the security risk of the terminal according to claim 1, further comprising the steps of:
acquiring the connection state of a rear cover attaching device of the terminal;
when the rear cover attaching device is in an unconnected state, acquiring the connection state of a hardware debugging point of the terminal;
and if the hardware debugging point is in the connection state, determining that the hardware debugging point of the terminal is in the risk state.
6. The method for managing security risk of a terminal according to claim 5, wherein after determining that the hardware debug point of the terminal is in a risk state, the method further comprises:
when the rear cover attaching device is detected to be in a connection state, determining that a hardware debugging point of the terminal is in a safe state;
and sending the stored operation record to a cloud server for security evaluation analysis and vulnerability remediation.
7. The method for managing the security risk of the terminal according to claim 1, wherein the terminal comprises an electrochromic film, and the reminding the security risk warning level comprises:
and controlling the electrochromic film to display the color corresponding to the safety risk warning grade.
8. The method for managing the security risk of the terminal according to claim 5, wherein:
the rear cover attachment device includes at least one of: NFC antenna, fingerprint module, electrochromic membrane;
the hardware debug point comprises at least one of: URAT debug point, JTAG debug point, force download point.
9. An apparatus for managing security risks of a terminal, comprising:
an operation behavior acquisition module, configured to acquire an operation behavior of a hardware debug point in a connected state when detecting that the hardware debug point of the terminal is in a risk state;
the warning grade determining module is used for determining a safety risk warning grade according to the operation behavior;
and the warning grade reminding module is used for reminding the safety risk warning grade when detecting that the hardware debugging point of the terminal is in a safe state.
10. A terminal, comprising:
at least one memory and at least one processor;
the memory for storing one or more programs;
when executed by the at least one processor, cause the at least one processor to perform the steps of a method for managing security risks of a terminal as claimed in any one of claims 1 to 8.
CN202111386915.7A 2021-11-22 2021-11-22 Terminal security risk management method and device and terminal Pending CN114022029A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111386915.7A CN114022029A (en) 2021-11-22 2021-11-22 Terminal security risk management method and device and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111386915.7A CN114022029A (en) 2021-11-22 2021-11-22 Terminal security risk management method and device and terminal

Publications (1)

Publication Number Publication Date
CN114022029A true CN114022029A (en) 2022-02-08

Family

ID=80065734

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111386915.7A Pending CN114022029A (en) 2021-11-22 2021-11-22 Terminal security risk management method and device and terminal

Country Status (1)

Country Link
CN (1) CN114022029A (en)

Similar Documents

Publication Publication Date Title
CN109117250B (en) Simulator identification method, simulator identification equipment and computer readable medium
EP2562673B1 (en) Apparatus and method for securing mobile terminal
US10133863B2 (en) Zero-day discovery system
US20080096526A1 (en) Apparatus and a security node for use in determining security attacks
CN104517054B (en) Method, device, client and server for detecting malicious APK
CN108235754B (en) Method and device for prompting user to update application version
CN109040419B (en) Screen recording method and device, mobile terminal and storage medium
CN108009424A (en) Virus behavior detection method, apparatus and system
CN105069354A (en) Attack tree model based Android software hybrid detection method
CN113468515A (en) User identity authentication method and device, electronic equipment and storage medium
CN111464513A (en) Data detection method, device, server and storage medium
US8947109B2 (en) Protection device, corresponding method and computer software product
CN109102144B (en) Method and device for determining operation risk possibility grade and storage medium
CN109815702B (en) Software behavior safety detection method, device and equipment
CN113987468A (en) Security check method and security check device
CN109542511A (en) A kind of detection method of application installation package, device and mobile device
CN114022029A (en) Terminal security risk management method and device and terminal
CN112788601A (en) Mobile terminal information safety protection system and method based on big data
CN114021153A (en) Method and device for triggering safety warning by detecting terminal safety risk and terminal
CN105447348B (en) A kind of hidden method of display window, device and user terminal
CN112035831A (en) Data processing method, device, server and storage medium
CN104484968B (en) Method, device and system for human detection
CN111800427A (en) Internet of things equipment evaluation method, device and system
CN108763014B (en) Information reminding method and device, mobile terminal and computer readable medium
CN101221615B (en) Method for monitoring objective software and intelligent cryptographic key device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination