TWI673667B - Built-in smart security mobile device - Google Patents

Built-in smart security mobile device Download PDF

Info

Publication number
TWI673667B
TWI673667B TW106102831A TW106102831A TWI673667B TW I673667 B TWI673667 B TW I673667B TW 106102831 A TW106102831 A TW 106102831A TW 106102831 A TW106102831 A TW 106102831A TW I673667 B TWI673667 B TW I673667B
Authority
TW
Taiwan
Prior art keywords
processing unit
control module
mobile device
code
motherboard
Prior art date
Application number
TW106102831A
Other languages
Chinese (zh)
Other versions
TW201828186A (en
Inventor
楊建綱
Original Assignee
楊建綱
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 楊建綱 filed Critical 楊建綱
Priority to TW106102831A priority Critical patent/TWI673667B/en
Priority to CN201710187742.3A priority patent/CN108345785B/en
Priority to US15/600,143 priority patent/US10216913B2/en
Priority to JP2017121167A priority patent/JP6591495B2/en
Priority to EP17177219.7A priority patent/EP3355221B1/en
Publication of TW201828186A publication Critical patent/TW201828186A/en
Priority to HK19101397.6A priority patent/HK1258920A1/en
Application granted granted Critical
Publication of TWI673667B publication Critical patent/TWI673667B/en

Links

Abstract

一種內建智慧安全行動裝置,包括一包含一控制模組及一儲存模組的權限控管單元、一儲存一應用程式的記憶體單元及一處理單元,該處理單元透過該應用程式傳送一認證資訊給該權限控管單元,且該控制模組根據該認證資訊判斷該應用程式合法時,允許該處理單元與其建立連線,且該處理單元透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模組,該控制模組根據一權限控管資料表查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在一密碼表的一使用者密碼相符時,允許該處理單元在該使用權限範圍內使用該儲存模組。 A built-in smart security mobile device includes a permission control unit including a control module and a storage module, a memory unit storing an application program, and a processing unit. The processing unit transmits an authentication through the application program When the information is given to the authority control unit, and the control module judges that the application is legal according to the authentication information, the processing unit is allowed to establish a connection with the processing unit, and the processing unit transmits a user identification code and a use through the application A password to the control module, the control module queries a use right of the user identification code according to a permission control data table, and determines that the user password matches a user password recorded in a password table, The processing unit is allowed to use the storage module within the usage permission range.

Description

內建智慧安全行動裝置 Built-in smart security mobile device

本發明是有關於一種行動裝置,特別是指一種內建智慧安全行動裝置。 The present invention relates to a mobile device, and particularly to a built-in smart security mobile device.

現有的行動裝置,例如一智慧型手機讓使用者可以藉由外插一SD卡,並利用智慧型手機通過SD卡的驗證及授權後,使用SD卡內存的交易憑證資訊來執行一行動支付,例如台灣第I537851號專利。 Existing mobile devices, such as a smart phone, allow users to perform a mobile payment by plugging in an SD card and using the smart phone to pass the SD card's transaction credential information after the SD card is authenticated and authorized. For example, Taiwan Patent No. I537851.

因此,本發明的目的,即在提供一種由行動裝置本身對使用者進行身份驗證及權限控管之內建智慧安全行動裝置。 Therefore, an object of the present invention is to provide a built-in smart secure mobile device that performs identity verification and authority control on users by the mobile device itself.

於是,本發明內建智慧安全行動裝置,包括一權限控管單元、一記憶體單元及一處理單元。該權限控管單元包含一控制模組及一儲存模組,該控制模組具有一權限控管資料表及一密碼表,該權限控管資料表記錄一使用者識別碼及其使用該儲存模組的一使用權限,該密碼表記錄該使用者識別碼及其對應的一使用者密碼;該記憶體單元儲存一應用程式;該處理單元與該權限控管單 元及該記憶體單元電連接,且該處理單元執行該應用程式時,該應用程式傳送一認證資訊給該權限控管單元,且該控制模組根據該認證資訊判斷該應用程式合法時,允許該處理單元與其建立連線,且該處理單元透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模組,該控制模組根據該權限控管資料表查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在該密碼表的該使用者密碼相符時,允許該處理單元在該使用權限範圍內使用該儲存模組。 Therefore, the built-in smart security mobile device of the present invention includes a permission control unit, a memory unit and a processing unit. The authority control unit includes a control module and a storage module. The control module has a authority control data table and a password table. The authority control data table records a user identification code and the use of the storage module. A group of use permissions, the password table records the user identification code and a corresponding user password; the memory unit stores an application program; the processing unit and the permission control list And the memory unit are electrically connected, and when the processing unit executes the application, the application sends an authentication information to the authority control unit, and the control module judges that the application is legal based on the authentication information, allowing The processing unit establishes a connection with it, and the processing unit sends a user identification code and a user password to the control module through the application program, and the control module queries the user identification code according to the authority control data table When it is determined that the user password matches the user password recorded in the password table, the processing unit is allowed to use the storage module within the range of the use permission.

在本發明的一些實施態樣中,該控制模組記錄有該應用程式的一識別碼及一密碼,且該控制模組判斷該認證資訊中包含的一識別碼及一密碼與該控制模組記錄的該識別碼及密碼相同時,即判定該應用程式合法。 In some embodiments of the present invention, the control module records an identification code and a password of the application program, and the control module determines an identification code and a password included in the authentication information and the control module. When the recorded identification code and password are the same, the application is determined to be legal.

在本發明的一些實施態樣中,該控制模組能對該儲存模組規劃一隱密資料區,且該控制模組判斷該使用權限允許存取該儲存模組的該隱密資料區時,則允許該處理單元存取該儲存模組的該隱密資料區。 In some embodiments of the present invention, the control module can plan a hidden data area for the storage module, and when the control module judges that the use right allows access to the hidden data area of the storage module , The processing unit is allowed to access the hidden data area of the storage module.

在本發明的一些實施態樣中,該控制模組判斷該使用權限允許設定與更新該權限控管資料表及/或該密碼表時,允許該處理單元對該權限控管資料表及/或該密碼表進行設定及更新。 In some embodiments of the present invention, when the control module determines that the use permission allows setting and updating the permission control data table and / or the password table, the processing unit allows the processing unit to control the permission control data table and / or The password table is set and updated.

在本發明的一些實施態樣中,該控制模組判斷該使用權 限允許規劃該隱密資料區時,該處理單元能透過該控制模組對該隱密資料區規劃多個私密空間,且該控制模組判斷該使用權限允許存取該等私密空間至少其中之一時,允許該處理單元存取該私密空間,並將該處理單元傳來的資料進行加密後再存入該私密空間,或者將該處理單元需要的資料從該私密空間讀出並對其解密後,再傳送給該處理單元。 In some embodiments of the invention, the control module determines the use right Only when the hidden data area is allowed to be planned, the processing unit can plan multiple private spaces for the hidden data area through the control module, and the control module judges that the use right allows access to at least one of the private spaces At one time, the processing unit is allowed to access the private space, and the data transmitted by the processing unit is encrypted and then stored in the private space, or the data required by the processing unit is read from the private space and decrypted. And send it to the processing unit.

在本發明的一些實施態樣中,該行動裝置包括一輸入單元,其接受輸入該使用者識別碼及該使用者密碼並將其傳送給該處理單元。 In some aspects of the invention, the mobile device includes an input unit that accepts the user identification code and the user password and sends them to the processing unit.

在本發明的一些實施態樣中,該控制模組還包含一金融晶片,其中儲存一密鑰及一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片時,將該處理單元傳來的一要被押碼的資料傳送給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。 In some embodiments of the present invention, the control module further includes a financial chip in which a key and a bet code program are stored, and when the control module judges that the use right allows the processing unit to access the financial chip , Transmitting the data of the bet code from the processing unit to the financial chip, so that the bet code program is executed, and the data of the bet code is betted with the key to generate a transaction bet code, and The transaction bet code is returned to the processing unit.

在本發明的一些實施態樣中,該隱密資料區存有一密鑰,該控制模組具有一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該隱密資料區時,讀取儲存於該隱密資料區的該密鑰,且接受該處理單元傳來的一要被押碼的資料,並執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回 傳該交易押碼給該處理單元。 In some embodiments of the present invention, a key is stored in the hidden data area, the control module has a code program, and the control module judges that the use right allows the processing unit to access the hidden data area. When reading the key stored in the hidden data area, and accepting the data to be coded from the processing unit, and executing the code program, the key is used for the code to be coded. Generate a transaction bet with the data bet and return Pass the transaction bet code to the processing unit.

在本發明的一些實施態樣中,該控制模組還包含一儲存一押碼程式的金融晶片,該隱密資料區存有一密鑰,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片及該隱密資料區時,該控制模組讀取儲存於該隱密資料區的該密鑰,並將該密鑰及該處理單元傳來的一要被押碼的資料提供給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。 In some embodiments of the present invention, the control module further includes a financial chip storing a betting code program, a key is stored in the hidden data area, and the control module judges that the use permission allows the processing unit to store When fetching the financial chip and the hidden data area, the control module reads the key stored in the hidden data area, and provides the key and a piece of data to be coded from the processing unit. Give the financial chip to execute the bet code program, use the key to bet the data to be bet code to generate a transaction bet code, and return the transaction bet code to the processing unit.

在本發明的一些實施態樣中,該行動裝置具有一主機板,該處理單元設置在該主機板上,且該權限控管單元是一設置在該主機板上的晶片;或者,該權限控管單元的該控制模組是一設置在該主機板上的第一晶片,該權限控管單元的該儲存模組是一設置在該主機板上的第二晶片。 In some embodiments of the invention, the mobile device has a motherboard, the processing unit is disposed on the motherboard, and the authority control unit is a chip disposed on the motherboard; or, the authority control The control module of the management unit is a first chip provided on the motherboard, and the storage module of the authority control unit is a second chip provided on the motherboard.

在本發明的一些實施態樣中,該行動裝置具有一主機板及一與該主機板電連接的電路板,該處理單元設置在該主機板上,且該權限控管單元是設置在該電路板上;或者,該權限控管單元的該控制模組設置在該電路板上,該權限控管單元的該儲存模組設置在該主機板上。 In some embodiments of the invention, the mobile device has a motherboard and a circuit board electrically connected to the motherboard. The processing unit is disposed on the motherboard and the authority control unit is disposed on the circuit. On the board; or, the control module of the authority control unit is disposed on the circuit board, and the storage module of the authority control unit is disposed on the motherboard.

本發明的功效在於:藉由內建在行動裝置中的該權限控管單元,能對該處理單元存取該權限控管單元中的該儲存模組,尤 其是該儲存模組中的該隱密資料區進行存取權限的控管,並讓該權限控管單元能以單一晶片或獨立的兩個晶片與該處理單元設置在同一個或不同的電路板上,而達成本發明的目的。 The effect of the present invention is that the storage module in the permission control unit can be accessed by the processing unit through the permission control unit built in the mobile device. It is the control of the access authority of the hidden data area in the storage module, and allows the authority control unit to set a single chip or two independent chips and the processing unit on the same or different circuits. Board, and achieve the purpose of the invention.

1‧‧‧行動裝置 1‧‧‧ mobile device

10‧‧‧記憶體單元 10‧‧‧Memory Unit

11‧‧‧輸入單元 11‧‧‧ input unit

12‧‧‧處理單元 12‧‧‧ processing unit

13‧‧‧權限控管單元 13‧‧‧ Authority Control Unit

14‧‧‧控制模組 14‧‧‧Control Module

15‧‧‧儲存模組 15‧‧‧Storage Module

16‧‧‧密碼表 16‧‧‧Password form

17‧‧‧權限控管資料表 17‧‧‧ Authority Control Data Sheet

18‧‧‧顯示單元 18‧‧‧display unit

20‧‧‧電路板 20‧‧‧Circuit Board

100‧‧‧主機板 100‧‧‧ Motherboard

140‧‧‧金融晶片 140‧‧‧finance chip

141‧‧‧控制晶片 141‧‧‧control chip

142‧‧‧控制韌體 142‧‧‧Control firmware

143‧‧‧應用程式介面 143‧‧‧Application Programming Interface

151‧‧‧系統部分 151‧‧‧System part

152‧‧‧儲存部分 152‧‧‧Storage section

153‧‧‧隱密資料區 153‧‧‧hidden data area

154‧‧‧可視區 154‧‧‧Viewable Area

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是一電路方塊圖,說明本發明行動裝置的一實施例主要包含的電路方塊;圖2是一電路方塊圖,說明本實施例的權限控管單元主要包含的電路方塊;圖3是一示意圖,說明本實施例的權限控管單元設置在主機板上;圖4是一示意圖,說明本實施例的權限控管單元的控制模組及儲存模組各自獨立地設置在主機板上;圖5是一示意圖,說明本實施例的權限控管單元設置在一與主機板電連接的電路板上;及圖6是一示意圖,說明本實施例的權限控管單元的儲存模組設置在主機板上,且權限控管單元的控制模組設置在一與主機板電連接的電路板上。 Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, wherein: FIG. 1 is a circuit block diagram illustrating circuit blocks mainly included in an embodiment of the mobile device of the present invention; FIG. 2 is A circuit block diagram illustrating circuit blocks mainly included in the authority control unit of this embodiment; FIG. 3 is a schematic diagram illustrating that the authority control unit of this embodiment is provided on a motherboard; FIG. 4 is a schematic diagram illustrating the implementation The control module and storage module of the authority control unit of the example are independently provided on the motherboard; FIG. 5 is a schematic diagram illustrating that the authority control unit of the embodiment is disposed on a circuit board electrically connected to the motherboard And FIG. 6 is a schematic diagram illustrating that the storage module of the authority control unit of this embodiment is disposed on the motherboard, and the control module of the authority control unit is disposed on a circuit board electrically connected to the motherboard.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。 Before the present invention is described in detail, it should be noted that in the following description, similar elements are represented by the same numbers.

參閱圖1,是本發明內建智慧安全行動裝置的一實施例,本實施例的行動裝置1可以是智慧型手機、平板電腦、筆記型電腦等可攜式電子裝置,但不以此為限,且其主要包括一記憶體單元10、一輸入單元11、一顯示單元18,一與記憶體單元10、顯示單元18及輸入單元11電連接的處理單元12及一與處理單元12電連接的權限控管單元13。 Refer to FIG. 1, which is an embodiment of a built-in smart security mobile device according to the present invention. The mobile device 1 in this embodiment may be a portable electronic device such as a smart phone, a tablet computer, a notebook computer, but is not limited thereto. And it mainly includes a memory unit 10, an input unit 11, a display unit 18, a processing unit 12 electrically connected to the memory unit 10, the display unit 18 and the input unit 11, and an electrically connected to the processing unit 12 Authority control unit 13.

在本實施例中,輸入單元1可以是一鍵盤或一觸控面板。記憶體單元10儲存有至少一應用程式,處理單元12可以是一應用處理器(Application Processor,AP)或中央處理器。權限控管單元13主要包含一控制模組14及一儲存模組15,該控制模組14具有一密碼表16及一權限控管資料表17。其中該權限控管資料表17記錄至少一使用者識別碼及其使用該儲存模組15的一使用權限,該密碼表16記錄該使用者識別碼及其對應的一使用者密碼。藉此,當該處理單元12為了存取儲存模組15內的資料而執行一應用程式時,該應用程式會先傳送一認證資訊給該權限控管單元13,並由其中的該控制模組14根據該認證資訊判斷該應用程式合法時,才允許該處理單元12與其建立連線,然後該處理單元12透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模 組14,該控制模組14根據該權限控管資料表17查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在該密碼表16的該使用者密碼是否相符,若是,才允許該處理單元12在該使用權限範圍內使用該儲存模組15。藉此,達到對欲存取儲存模組15的使用者進行身份驗證及權限控管的目的。 In this embodiment, the input unit 1 may be a keyboard or a touch panel. The memory unit 10 stores at least one application program, and the processing unit 12 may be an application processor (AP) or a central processing unit. The authority control unit 13 mainly includes a control module 14 and a storage module 15. The control module 14 has a password table 16 and a authority control data table 17. The authority control data table 17 records at least one user identification code and a use right for using the storage module 15, and the password table 16 records the user identification code and a corresponding user password. Therefore, when the processing unit 12 executes an application program in order to access the data in the storage module 15, the application program first sends an authentication information to the authority control unit 13, and the control module therein 14 Only when the application is judged to be legal according to the authentication information, the processing unit 12 is allowed to establish a connection with it, and then the processing unit 12 sends a user identification code and a user password to the control module through the application. In group 14, the control module 14 inquires a use right of the user identification code according to the authority control information table 17 and determines whether the user password matches the user password recorded in the password table 16. If yes, Only the processing unit 12 is allowed to use the storage module 15 within the scope of the use authority. Thereby, the purpose of performing identity verification and authority control on users who want to access the storage module 15 is achieved.

具體而言,如圖2所示,本實施例的控制模組14主要包含一控制器晶片141及燒錄於控制器晶片141中的一控制韌體142以及一應用程式介面(application program interface;API)143,且該密碼表16及該權限控管資料表17被燒錄儲存在控制韌體142中。其中如下表1所示,密碼表16存有行動裝置之使用者的使用者識別碼(例如ID1、ID2、ID3等)與使用者密碼(例如CODE1、CODE2、CODE3等),供驗正使用者的身份。且實際上儲存在密碼表16中的密碼,是經過加密而以亂碼化方式儲存的密碼,以確保密碼不會遭到非法竊取。此外,密碼表16還存有被權限控管單元13認可且合法的應用程式的一識別碼及其對應的一密碼。 Specifically, as shown in FIG. 2, the control module 14 of this embodiment mainly includes a controller chip 141 and a control firmware 142 and an application program interface (application program interface). API) 143, and the password table 16 and the authority control data table 17 are programmed and stored in the control firmware 142. Among them, as shown in Table 1 below, the password table 16 stores the user identification code (such as ID1, ID2, ID3, etc.) and the user password (such as CODE1, CODE2, CODE3, etc.) of the user of the mobile device for verification of the user. identity of. In fact, the password stored in the password table 16 is a password that is encrypted and stored in a garbled manner to ensure that the password cannot be stolen illegally. In addition, the password table 16 also stores an identification code of a valid application program approved by the authority control unit 13 and a corresponding password.

儲存模組15包括一系統部分151及一儲存部分152。系統部分151內建基本操作資訊(basic operation information)。儲存部分152包括一隱密資料區153及一可視區154。可視區154允許被行動裝置1的處理單元12(即作業系統(OS))存取,而相當於行動碟的用途,以Android®系統舉例來說,可視區154能被檔案管理程式(file management program)存取。但隱密資料區153則無法被處理單元12(作業系統)存取,亦即處理單元12不能對隱密資料區153儲存的檔案進行讀取、寫入或修改。相反的,處理單元12只有在完成特定的驗證及授權順序之後,處理單元12才能透過控制器晶片141中的控制韌體142存取隱密資料區153。因此處理單元12無法顯示隱密資料區153給使用者,且只有當時使用者藉由處理單元12通過所述驗證及授權順序時,使用者才能透過處理單元12存取隱密資料區153。 The storage module 15 includes a system portion 151 and a storage portion 152. The system part 151 has built-in basic operation information. The storage section 152 includes a hidden data area 153 and a visible area 154. The viewable area 154 is allowed to be accessed by the processing unit 12 (ie, operating system (OS)) of the mobile device 1 and is equivalent to the use of a mobile disk. Taking the Android® system as an example, the viewable area 154 can be accessed by a file management program. program) access. However, the hidden data area 153 cannot be accessed by the processing unit 12 (operating system), that is, the processing unit 12 cannot read, write, or modify the files stored in the hidden data area 153. In contrast, the processing unit 12 can only access the hidden data area 153 through the control firmware 142 in the controller chip 141 after completing the specific authentication and authorization sequence. Therefore, the processing unit 12 cannot display the hidden data area 153 to the user, and the user can access the hidden data area 153 through the processing unit 12 only when the user passes the authentication and authorization sequence through the processing unit 12 at that time.

因此,如下表2所示,該權限控管資料表17主要儲存使用者的使用者識別碼(例如ID1、ID2、ID3等)與其對應的一使用權限,例如使用者識別碼ID1的使用權限為可讀、寫隱密資料區153,使用者識別碼ID2的使用權限為可讀隱密資料區153、使用者識別碼ID3的使用權限為可讀、寫及刪除隱密資料區153等,以供驗證使用者是否具有對隱密資料區153資料之讀取、更新和刪除的權限。 Therefore, as shown in Table 2 below, the authority control data table 17 mainly stores a user's user identification code (for example, ID1, ID2, ID3, etc.) and a corresponding use right. For example, the user ID ID1 has the use right of Read and write the hidden data area 153. The use right of the user ID ID2 is readable and hidden data area 153, and the use right of the user ID ID3 is read, write and delete the hidden data area 153. It is used to verify whether the user has read, update and delete permissions to the data in the hidden data area 153.

舉例來說,假設隱密資料區153儲存有一密鑰,且該密鑰是對應於一用於行動支付的虛擬帳戶,則當行動裝置1欲使用該密鑰以執行一行動支付時,處理單元12會執行一應用程式(例如一種支付軟體)並輸出一訊息至行動裝置1的一顯示單元18,要求使用者從輸入單元11輸入其使用者識別碼及/或使用者密碼(當然應用程式也可以直接使用先前已記錄的使用者識別碼及使用者密碼,而不需要使用者輸入)。接著處理單元12的應用程式將其包含有一識別碼及一密碼的認證資訊及該使用者密碼以及與該行動支付相關的一要被押碼的資料傳送給控制模組14的應用程式介面143,則應用程式介面143會先執行一建立連線功能,根據密碼表16,判斷該應用程式提供的識別碼及密碼是否有記錄在密碼表16中,若是,則判定該應用程式合法。應用程式介面143接著執行一權限控管管理功能,根據權限控管資料表17確認該應用程式提供的使用者識別碼,例如ID2的使用權限為讀取,並判斷該應用程式提供的使用者密碼(ID2)與密碼表16中記錄的一使用者密碼相符,則允許該應用程式透過控制韌體142讀取儲存於隱密資料區153的該密鑰,且由控制韌體142根據該密鑰及該要被押碼的資料 產生一交易押碼並回傳給處理單元12,使處理單元12據以進行後續的行動支付作業。 For example, if the secret data area 153 stores a key, and the key corresponds to a virtual account used for mobile payment, when the mobile device 1 wants to use the key to perform a mobile payment, the processing unit 12 will execute an application (such as a payment software) and output a message to a display unit 18 of the mobile device 1, asking the user to input his user identification code and / or user password from the input unit 11 (of course the application also You can directly use the previously recorded user ID and user password without user input). Then, the application program of the processing unit 12 transmits the authentication information including an identification code and a password, the user password, and the data to be charged related to the mobile payment to the application program interface 143 of the control module 14, Then, the application program interface 143 first executes a connection establishment function, and determines whether the identification code and the password provided by the application program are recorded in the password table 16 according to the password table 16, and if so, determines that the application program is legal. The application program interface 143 then executes a permission control management function, confirms the user identification code provided by the application according to the permission control data table 17, for example, the use permission of ID2 is read, and determines the user password provided by the application (ID2) matches a user password recorded in the password table 16, allowing the application to read the key stored in the hidden data area 153 through the control firmware 142, and the control firmware 142 according to the key And the information to be charged Generate a transaction bet code and send it back to the processing unit 12 to enable the processing unit 12 to perform subsequent action payment operations.

此外,本實施例的控制模組14還可包含一金融晶片140,其中儲存有一發行該金融晶片140之金融機構的密鑰及一押碼程式。因此,當行動裝置1之處理單元12欲使用該密鑰,並通過上述的身份及權限驗證後,控制模組14的控制韌體142會將處理單元12透過應用程式傳來的一要被押碼的資料傳送給金融晶片140,使執行押碼程式,以該密鑰對要被押碼的資料押碼而產生一交易押碼,並透過該應用程式回傳給處理單元12,使處理單元12據以進行後續的行動支付作業。有關上述本實施例之金融晶片應用於行動支付的細節可參見台灣第I537851號專利。 In addition, the control module 14 of this embodiment may further include a financial chip 140, in which a key of a financial institution issuing the financial chip 140 and a code program are stored. Therefore, when the processing unit 12 of the mobile device 1 wants to use the key and passes the above-mentioned identity and authority verification, the control firmware 142 of the control module 14 will detain the processing unit 12 through the application program to be charged. The code data is transmitted to the financial chip 140, so that the betting code program is executed, and the transaction code is generated by using the key to bet the data to be betted, and is returned to the processing unit 12 through the application program, so that the processing unit 12 Based on the follow-up payment operations. For details about the application of the financial chip of this embodiment to mobile payment, please refer to Taiwan Patent No. I537851.

由此可知,本實施例的控制模組14不論是否包含金融晶片140,若行動裝置1要用於行動支付的該密鑰儲存在隱密資料區153時,則於通過上述的身份及權限驗證後,由控制韌體142讀取儲存於隱密資料區153的該密鑰,並執行預存於控制模組14內的該押碼程式,以根據該密鑰及處理單元12提供之該要被押碼的資料產生一交易押碼,關於此行動支付的細節可參見台灣第I509542專利;或者,當控制模組14內包含金融晶片140,且行動裝置1要用於行動支付的該密鑰(由非發行金融晶片140之金融機構提供)是儲存在隱密資料區153時,則於通過上述的身份及權限驗證後, 由控制韌體142讀取儲存於隱密資料區153的該密鑰,並將該密鑰及要被押碼的資料傳送給金融晶片140,由金融晶片140執行該押碼程式,以該密鑰對要被押碼的資料押碼而產生一交易押碼;又或者,若行動裝置1要用於行動支付的該密鑰是儲存在金融晶片140內時,則於通過上述的身份及權限驗證後,控制模組14的控制韌體142會將要被押碼的資料傳送給金融晶片140,由金融晶片140執行該押碼程式,以該密鑰對要被押碼的資料押碼而產生一交易押碼。因此金融晶片140可視實際應用所需而被包含於控制模組14中或者省略。 It can be known from this that whether the control module 14 of this embodiment includes the financial chip 140 or not, if the key used by the mobile device 1 for mobile payment is stored in the secret data area 153, the identity and authority verification is passed. After that, the control firmware 142 reads the key stored in the hidden data area 153 and executes the code program pre-stored in the control module 14 so as to be based on the key and the key provided by the processing unit 12. The data of the security code generates a transaction security code. For details about this mobile payment, please refer to Taiwan Patent No. I509542; or, when the control module 14 includes the financial chip 140 and the mobile device 1 uses the key for mobile payment ( Provided by a financial institution that does not issue financial chip 140) is stored in the hidden data area 153, after passing the above identity and authority verification, The control firmware 142 reads the key stored in the hidden data area 153, and transmits the key and the data to be staked to the financial chip 140, and the financial chip 140 executes the bet code program to use the secret The key generates a transaction bet on the data to be betted; or, if the key to be used for mobile payment by the mobile device 1 is stored in the financial chip 140, the above identity and authority are passed. After verification, the control firmware 142 of the control module 14 transmits the data to be coded to the financial chip 140, and the financial chip 140 executes the coded code program and generates the code to be coded with the key. One transaction bet. Therefore, the financial chip 140 may be included in the control module 14 or omitted according to actual application requirements.

再者,本實施例至少具有身份識別、權限控管、私密空間及個資保護四種功能。針對身份識別功能,該儲存模組15的隱密資料區153可記錄一使用者的一身份識別資料,當處理單元12執行一應用程式要讀取該身份識別資料而自動提供或者由輸入單元11輸入一使用者識別碼及其使用者密碼給權限控管單元13時,應用程式介面143以如同上述程序驗證應用程式合法後,並根據權限控管資料表17判斷該使用者識別碼具有存取該儲存模組15的隱密資料區153的權限,並判斷該使用者密碼與該密碼表16記錄的使用者密碼相符時,則允許該處理單元12透過控制韌體142讀取儲存於隱密資料區153的該身份識別資料,以供行動裝置1進行後續身份識別的應用。 Furthermore, this embodiment has at least four functions of identity identification, authority control, private space, and personal asset protection. For the identification function, the hidden data area 153 of the storage module 15 can record an identification data of a user. When the processing unit 12 executes an application program to read the identification data, it is automatically provided or provided by the input unit 11 When a user identification code and a user password are input to the authority control unit 13, after the application program interface 143 verifies that the application program is legal according to the above procedure, it is determined that the user identification code has access according to the authority control data table 17. When the authority of the hidden data area 153 of the storage module 15 is determined and the user password is consistent with the user password recorded in the password table 16, the processing unit 12 is allowed to read and store the hidden information through the control firmware 142 The identification information in the data area 153 is used by the mobile device 1 for subsequent identification applications.

而針對權限控管功能,主要是在使用者取得行動裝置1之前,將預先建立的密碼表16及權限控管資料表17透過應用程式介面143燒錄在控制韌體142中,其中密碼表16主要記錄使用行動裝置1之每一使用者的使用者識別碼及其對應的使用者密碼,權限控管資料表17主要記錄每一使用者識別碼及其對儲存模組15之隱密資料區153中的資料讀取、更新及刪除等權限,因此不同的使用者對於隱密資料區153的使用權限會有所不同。 For the authority control function, before the user obtains the mobile device 1, the pre-created password table 16 and the authority control data table 17 are burned into the control firmware 142 through the application program interface 143, among which the password table 16 It mainly records the user ID of each user using the mobile device 1 and its corresponding user password, and the authority control data table 17 mainly records each user ID and its hidden data area of the storage module 15 The data read, update, and delete permissions in 153, so different users have different permissions to use the hidden data area 153.

且應用程式介面143除了上述的建立連線功能及權限控管管理功能外,還具有線上個人化作業(Preso)管理功能,其能讓處理單元12執行一應用程式與應用程式介面143建立連線後,並於通過上述的身份及權限驗證時,讓使用者根據實際應用所需對密碼表16及權限控管資料表17進行設定與更新,並能依實際應用所需將儲存模組15規劃(切割)成多個不同的區塊以供儲存不同類型的資料,例如上述儲存部分152的可視區154及隱密資料區153。 In addition to the above-mentioned connection establishment function and permission control management function, the application program interface 143 also has an online personalization (Preso) management function, which enables the processing unit 12 to execute an application program to establish a connection with the application program interface 143 Later, when passing the above identity and permission verification, the user is allowed to set and update the password table 16 and the authority control data table 17 according to the actual application requirements, and can plan the storage module 15 according to the actual application requirements (Cut) into a plurality of different blocks for storing different types of data, such as the visible area 154 and the hidden data area 153 of the storage portion 152 described above.

針對私密空間功能,當處理單元12執行的一應用程式與控制模組14的應用程式介面143已建立連線,並通過上述權限控管管理功能的驗證及授權,控制模組14的應用程式介面143能根據處理單元12執行的該應用程式下達的指令,利用線上個人化作業(Preso)管理功能將隱密資料區153切割出多個私密空間,以供存放不同種類的私密資料,例如行動支付相關資料、個人醫療(就 醫)資料、各種憑證等。並且控制模組14可在權限控管資料表中針對不同的使用者識別碼(即不同的使用者)設定其對該等私密空間的存取權限。 For the private space function, when an application program executed by the processing unit 12 and the application program interface 143 of the control module 14 have established a connection, and through the verification and authorization of the authority control management function, the application program interface of the control module 14 143 can use the online personalization (Preso) management function to cut the private data area 153 into multiple private spaces according to the instructions issued by the application program executed by the processing unit 12 for storing different types of private data, such as mobile payment Related information, personal medical treatment (for Medical) information, various credentials, etc. In addition, the control module 14 can set its access authority to these private spaces in the authority control data table for different user identification codes (that is, different users).

針對個資保護功能,控制模組14的應用程式介面143會建置一加解密功能,而能使用3DES(Triple Data Encryption Algorithm symmetric-key block cipher)、AES(Advanced Encryption Standard)或RSA等演算法對資料進行加密或解密。例如當處理單元12執行的一應用程式與控制模組14的應用程式介面143已建立連線,並且通過上述權限控管管理功能的驗證,且該應用程式要寫入一個資資料至隱密資料區153的一個資保護區塊(由上述線上個人化作業(Preso)管理功能規劃的一私密空間,圖未示)時,應用程式介面143會以該加解密功能對該個資資料進行加密,再透過控制韌體142將加密後的該個資資料寫入隱密資料區153的該個資保護區塊。而若處理單元12執行的該應用程式要讀取存於隱密資料區153的該個資保護區塊的資料時,控制韌體142會將資料從該個資保護區塊讀出並傳送給應用程式介面143,使應用加解密功能對該資料解密後,再透過控制韌體142將解密後的資料傳送給處理單元12。 For the personal data protection function, the application program interface 143 of the control module 14 will build an encryption and decryption function, and can use algorithms such as 3DES (Triple Data Encryption Algorithm symmetric-key block cipher), AES (Advanced Encryption Standard), or RSA. Encrypt or decrypt data. For example, when an application program executed by the processing unit 12 and the application program interface 143 of the control module 14 have established a connection and passed the verification of the above-mentioned authority control management function, and the application program needs to write an information to the hidden data When a data protection block of area 153 (a private space planned by the above-mentioned online personalization (Preso) management function is not shown), the application program interface 143 encrypts the data with the encryption and decryption function. The encrypted data is then written into the data protection block of the hidden data area 153 through the control firmware 142. If the application program executed by the processing unit 12 reads the data of the data protection block stored in the hidden data area 153, the control firmware 142 will read the data from the data protection block and send it to the data protection block. The application program interface 143 enables the application encryption and decryption function to decrypt the data, and then transmits the decrypted data to the processing unit 12 through the control firmware 142.

此外,在本實施例中,如圖3所示,該行動裝置1具有一主機板100,該處理單元12及該權限控管單元13設置在該主機板100上,且該權限控管單元13是以一晶片的型態實現。 In addition, in this embodiment, as shown in FIG. 3, the mobile device 1 has a motherboard 100, the processing unit 12 and the authority control unit 13 are disposed on the motherboard 100, and the authority control unit 13 It is realized in the form of a wafer.

或者,在本實施例中,如圖4所示,該權限控管單元13的該控制模組14及該儲存模組15可以各自獨立設置在該主機板100上,且控制模組14是以一第一晶片的型態實現,儲存模組15是以一第二晶片的型態實現。 Alternatively, in this embodiment, as shown in FIG. 4, the control module 14 and the storage module 15 of the authority control unit 13 may be independently disposed on the motherboard 100, and the control module 14 is A type of a first chip is implemented, and the storage module 15 is implemented in a type of a second chip.

或者,在本實施例中,如圖5所示,該行動裝置1還具有一與該主機板100電連接的電路板20,該處理單元12設置在該主機板100上,且該權限控管單元13是設置在該電路板20上,並以一晶片的型態實現。 Alternatively, in this embodiment, as shown in FIG. 5, the mobile device 1 further includes a circuit board 20 electrically connected to the motherboard 100, the processing unit 12 is disposed on the motherboard 100, and the authority control The unit 13 is disposed on the circuit board 20 and is implemented in the form of a wafer.

又或者,在本實施例中,如圖6所示,該處理單元12及該權限控管單元13的儲存模組15設置在該主機板100上,且儲存模組15是以一晶片的型態實現,而該權限控管單元13的控制模組14設置在該電路板20上,並以一晶片的型態實現。 Or, in this embodiment, as shown in FIG. 6, the storage module 15 of the processing unit 12 and the authority control unit 13 is disposed on the motherboard 100, and the storage module 15 is a chip type The control module 14 of the authority control unit 13 is disposed on the circuit board 20 and is implemented in the form of a chip.

綜上所述,本發明藉由內建在行動裝置1中的權限控管單元13,對處理單元12於存取權限控管單元13中的儲存模組15時,進行權限控管,尤其是對儲存模組15中的隱密資料區153之存取權限控管,並讓權限控管單元13能以單一晶片或獨立的兩個晶片與處理單元12設置在同一個或不同的電路板上,而達成本發明的功效與 目的。 In summary, the present invention uses the authority control unit 13 built in the mobile device 1 to perform authority control on the processing unit 12 when accessing the storage module 15 in the authority control unit 13, especially Control the access authority to the hidden data area 153 in the storage module 15 and allow the authority control unit 13 to set a single chip or two independent chips and the processing unit 12 on the same or different circuit boards And the effectiveness of the invention and purpose.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。 However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, any simple equivalent changes and modifications made according to the scope of the patent application and the contents of the patent specification of the present invention are still Within the scope of the invention patent.

Claims (12)

一種內建智慧安全行動裝置,包括:一權限控管單元,其包含一控制模組及一儲存模組,該控制模組具有一權限控管資料表及一密碼表,該權限控管資料表記錄一使用者識別碼及其使用該儲存模組的一使用權限,該密碼表記錄該使用者識別碼及其對應的一使用者密碼;一記憶體單元,儲存一應用程式;及一處理單元,與該權限控管單元及該記憶體單元電連接,且該處理單元執行該應用程式時,該應用程式傳送一認證資訊給該權限控管單元,且該控制模組根據該認證資訊判斷該應用程式合法時,允許該處理單元與其建立連線,且該處理單元透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模組,該控制模組根據該權限控管資料表查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在該密碼表的該使用者密碼相符時,允許該處理單元在該使用權限範圍內使用該儲存模組;其中該控制模組能對該儲存模組規劃一隱密資料區,且該控制模組判斷該使用權限允許存取該儲存模組的該隱密資料區時,則允許該處理單元存取該儲存模組的該隱密資料區;且該控制模組判斷該使用權限允許規劃該隱密資料區時,該處理單元能透過該控制模組對該隱密資料區規劃多個私密空間,且該控制模組判斷該使用權限允許存取該等私密空間至少其中之一時,允許該處理單元存取 該私密空間,並將該處理單元傳來的資料進行加密後再存入該私密空間,或者將該處理單元需要的資料從該私密空間讀出並對其解密後,再傳送給該處理單元。 A built-in smart security mobile device includes a permission control unit including a control module and a storage module. The control module has a permission control data table and a password table. The permission control data table Recording a user identification code and a use right for using the storage module, the password table records the user identification code and a corresponding user password; a memory unit storing an application program; and a processing unit , Is electrically connected to the authority control unit and the memory unit, and when the processing unit executes the application program, the application program sends an authentication information to the authority control unit, and the control module judges the authority based on the authentication information When the application is valid, the processing unit is allowed to establish a connection with the processing unit, and the processing unit sends a user identification code and a user password to the control module through the application, and the control module controls the data table according to the permission When querying a use right of the user identification code, and judging that the user password matches the user password recorded in the password table, the processing is allowed Yuan uses the storage module within the scope of the use permission; wherein the control module can plan a hidden data area for the storage module, and the control module judges that the use permission allows access to the hidden module of the storage module When the secret data area is allowed, the processing unit is allowed to access the hidden data area of the storage module; and when the control module judges that the use right allows the secret data area to be planned, the processing unit can pass the control module When a plurality of private spaces are planned for the hidden data area, and the control module judges that the use right allows access to at least one of the private spaces, the processing unit is allowed to access The private space is encrypted after the data transmitted from the processing unit is stored in the private space, or the data required by the processing unit is read from the private space and decrypted, and then transmitted to the processing unit. 如請求項1所述內建智慧安全行動裝置,其中該控制模組記錄有該應用程式的一識別碼及一密碼,且該控制模組判斷該認證資訊中包含的一識別碼及一密碼與該控制模組記錄的該識別碼及密碼相同時,即判定該應用程式合法。 The built-in smart security mobile device according to claim 1, wherein the control module records an identification code and a password of the application, and the control module judges an identification code and a password included in the authentication information and When the identification code and password recorded by the control module are the same, it is determined that the application is legitimate. 如請求項1所述內建智慧安全行動裝置,其中該控制模組判斷該使用權限允許設定與更新該權限控管資料表及/或該密碼表時,允許該處理單元對該權限控管資料表及/或該密碼表進行設定及更新。 The built-in smart security mobile device according to claim 1, wherein the control module allows the processing unit to control the authority control data when the use authority judges that the authority permission is allowed to set and update the authority control data table and / or the password table. And / or the password table. 如請求項1所述內建智慧安全行動裝置,其中該行動裝置包括一輸入單元,其與該處理單元電連接,該輸入單元接受輸入該使用者識別碼及該使用者密碼並將其傳送給該處理單元。 The built-in smart security mobile device according to claim 1, wherein the mobile device includes an input unit electrically connected to the processing unit, and the input unit accepts input of the user identification code and the user password and transmits it to The processing unit. 如請求項1所述內建智慧安全行動裝置,其中該控制模組還包含一金融晶片,其中儲存一密鑰及一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片時,將該處理單元傳來的一要被押碼的資料傳送給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。 The built-in smart security mobile device according to claim 1, wherein the control module further includes a financial chip in which a key and a code program are stored, and the control module determines that the use right allows the processing unit to access When the financial chip is used, the data to be staked from the processing unit is transmitted to the financial chip, so that the bet code program is executed to generate a transaction by using the key to bet the data to be staked. Bet code and return the transaction bet code to the processing unit. 如請求項1所述內建智慧安全行動裝置,其中該隱密資料區存有一密鑰,該控制模組具有一押碼程式,且該控制模 組判斷該使用權限允許該處理單元存取該隱密資料區時,讀取儲存於該隱密資料區的該密鑰,且接受該處理單元傳來的一要被押碼的資料,並執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。 The built-in smart security mobile device according to claim 1, wherein a key is stored in the hidden data area, the control module has a code program, and the control module When the group judges that the use right allows the processing unit to access the hidden data area, it reads the key stored in the hidden data area, and accepts data to be coded from the processing unit, and executes The bet code program generates a transaction bet code by using the key to bet the data to be bet code, and returns the transaction bet code to the processing unit. 如請求項1所述內建智慧安全行動裝置,其中該控制模組還包含一儲存一押碼程式的金融晶片,該隱密資料區存有一密鑰,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片及該隱密資料區時,該控制模組讀取儲存於該隱密資料區的該密鑰,並將該密鑰及該處理單元傳來的一要被押碼的資料提供給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。 The built-in smart security mobile device according to claim 1, wherein the control module further includes a financial chip storing a code program, the secret data area stores a key, and the control module judges that the use permission allows When the processing unit accesses the financial chip and the hidden data area, the control module reads the key stored in the hidden data area, and transfers the key and a key from the processing unit to be charged. The code data is provided to the financial chip, so that the betting code program is executed, a transaction bet code is generated with the key to bet the data to be bet code, and the transaction bet code is returned to the processing unit. 如請求項1所述內建智慧安全行動裝置,其中該行動裝置具有一主機板,該處理單元設置在該主機板上,且該權限控管單元是一設置在該主機板上的晶片。 The built-in smart security mobile device according to claim 1, wherein the mobile device has a motherboard, the processing unit is disposed on the motherboard, and the authority control unit is a chip disposed on the motherboard. 如請求項1所述內建智慧安全行動裝置,其中該行動裝置具有一主機板,該處理單元設置在該主機板上,且該控制模組是一設置在該主機板上的第一晶片,該儲存模組是一設置在該主機板上的第二晶片。 The built-in smart security mobile device according to claim 1, wherein the mobile device has a motherboard, the processing unit is disposed on the motherboard, and the control module is a first chip disposed on the motherboard, The storage module is a second chip disposed on the motherboard. 如請求項1所述內建智慧安全行動裝置,其中該行動裝置具有一主機板及一與該主機板電連接的電路板,該處理單元設置在該主機板上,且該權限控管單元是設置在該電路板上。 The built-in smart security mobile device according to claim 1, wherein the mobile device has a motherboard and a circuit board electrically connected to the motherboard, the processing unit is disposed on the motherboard, and the authority control unit is Set on this circuit board. 如請求項1所述內建智慧安全行動裝置,其中該行動裝置具有一主機板及一與該主機板電連接的電路板,該處理單元設置在該主機板上,且該控制模組設置在該電路板上,該儲存模組設置在該主機板上。 The built-in smart security mobile device according to claim 1, wherein the mobile device has a motherboard and a circuit board electrically connected to the motherboard, the processing unit is disposed on the motherboard, and the control module is disposed on On the circuit board, the storage module is disposed on the motherboard. 如請求項1至11其中任一所述內建智慧安全行動裝置,其中該行動裝置是一智慧型手機、一平板電腦或一筆記型電腦。 The built-in smart security mobile device according to any one of claims 1 to 11, wherein the mobile device is a smart phone, a tablet computer, or a notebook computer.
TW106102831A 2017-01-25 2017-01-25 Built-in smart security mobile device TWI673667B (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
TW106102831A TWI673667B (en) 2017-01-25 2017-01-25 Built-in smart security mobile device
CN201710187742.3A CN108345785B (en) 2017-01-25 2017-03-27 Built-in intelligent safety action device
US15/600,143 US10216913B2 (en) 2017-01-25 2017-05-19 Mobile device with built-in access control functionality
JP2017121167A JP6591495B2 (en) 2017-01-25 2017-06-21 Mobile device with built-in access control function
EP17177219.7A EP3355221B1 (en) 2017-01-25 2017-06-21 Mobile device with built-in access control functionality
HK19101397.6A HK1258920A1 (en) 2017-01-25 2019-01-28 Mobile device with built-in access control functionality

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106102831A TWI673667B (en) 2017-01-25 2017-01-25 Built-in smart security mobile device

Publications (2)

Publication Number Publication Date
TW201828186A TW201828186A (en) 2018-08-01
TWI673667B true TWI673667B (en) 2019-10-01

Family

ID=63960228

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106102831A TWI673667B (en) 2017-01-25 2017-01-25 Built-in smart security mobile device

Country Status (1)

Country Link
TW (1) TWI673667B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112801669A (en) 2018-10-25 2021-05-14 创新先进技术有限公司 Method, device and equipment for identity authentication, number storage and sending and number binding

Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030061504A1 (en) * 2001-08-13 2003-03-27 Sprigg Stephen A. Application level access privilege to a storage area on a computer device
CN1713756A (en) * 2004-06-23 2005-12-28 华为技术有限公司 Security guarantee for memory data information of mobile terminal
US20100161928A1 (en) * 2008-12-18 2010-06-24 Rotem Sela Managing access to an address range in a storage device
CN101916388A (en) * 2010-07-27 2010-12-15 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
US20120210443A1 (en) * 2011-02-11 2012-08-16 Mocana Corporation Securing and managing apps on a device
TW201245956A (en) * 2011-05-04 2012-11-16 Chien-Kang Yang Memory card and its access, data encryption, golden key generation and changing method
CN102917346A (en) * 2012-10-17 2013-02-06 浙江大学城市学院 Security policy management system and method for Android-based application program during operation
US20130042295A1 (en) * 2011-08-10 2013-02-14 Charles C. Kelly Method and apparatus for providing a secure virtual environment on a mobile device
US20130173736A1 (en) * 2011-12-29 2013-07-04 the Province of Ontario, Canada) Communications system providing enhanced trusted service manager (tsm)verification features and related methods
US20130227652A1 (en) * 2012-02-24 2013-08-29 Pantech Co., Ltd Terminal and method for assigning permission to application
US20130232573A1 (en) * 2012-03-02 2013-09-05 Hassen Saidi Method and system for application-based policy monitoring and enforcement on a mobile device
TW201401100A (en) * 2012-06-22 2014-01-01 Wistron Corp Permission management method for applications, electronic device thereof, and computer readable medium
US20140108794A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
CN103902862A (en) * 2012-12-30 2014-07-02 联想(北京)有限公司 Mobile device management method and device and mobile device
CN104156637A (en) * 2014-07-11 2014-11-19 北京奇虎科技有限公司 Method and device for protecting private contents in intelligent terminal
US20150046706A1 (en) * 2013-08-07 2015-02-12 Kaspersky Lab Zao System and Method for Controlling Access to Encrypted Files
EP2840755A1 (en) * 2013-08-22 2015-02-25 British Telecommunications public limited company Processing device and method of operation thereof
TWI509542B (en) * 2013-09-11 2015-11-21 Chien Kang Yang Plug and play trading equipment, computer equipment, portable payment device , And payment card
CN105160239A (en) * 2015-08-11 2015-12-16 小米科技有限责任公司 Application program access restriction method and apparatus
US20160110178A1 (en) * 2013-02-28 2016-04-21 Google Inc. Splitting Application Permissions on Devices
US20160117673A1 (en) * 2012-02-24 2016-04-28 Cryptomathic Limited System and method for secured transactions using mobile devices
US20160205082A1 (en) * 2013-08-12 2016-07-14 Graphite Software Corporation Secure authentication and switching to encrypted domains
CN105956426A (en) * 2016-04-26 2016-09-21 上海斐讯数据通信技术有限公司 Application program authority authentication and authorization method and intelligent equipment
TW201638843A (en) * 2015-04-17 2016-11-01 jian-gang Yang Mobile payment method
CN106157037A (en) * 2014-09-11 2016-11-23 杨建纲 Mobile payment method and mobile payment equipment
US20160359862A1 (en) * 2015-06-08 2016-12-08 Microsoft Technology Licensing, Llc System and method for using per-application profiles in a computing device
TWM540328U (en) * 2017-01-25 2017-04-21 Chien-Kang Yang Built-in intelligence security mobile device

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030061504A1 (en) * 2001-08-13 2003-03-27 Sprigg Stephen A. Application level access privilege to a storage area on a computer device
CN1713756A (en) * 2004-06-23 2005-12-28 华为技术有限公司 Security guarantee for memory data information of mobile terminal
US20100161928A1 (en) * 2008-12-18 2010-06-24 Rotem Sela Managing access to an address range in a storage device
CN101916388A (en) * 2010-07-27 2010-12-15 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
US20120210443A1 (en) * 2011-02-11 2012-08-16 Mocana Corporation Securing and managing apps on a device
TW201245956A (en) * 2011-05-04 2012-11-16 Chien-Kang Yang Memory card and its access, data encryption, golden key generation and changing method
US20130042295A1 (en) * 2011-08-10 2013-02-14 Charles C. Kelly Method and apparatus for providing a secure virtual environment on a mobile device
US20130173736A1 (en) * 2011-12-29 2013-07-04 the Province of Ontario, Canada) Communications system providing enhanced trusted service manager (tsm)verification features and related methods
US20160117673A1 (en) * 2012-02-24 2016-04-28 Cryptomathic Limited System and method for secured transactions using mobile devices
US20130227652A1 (en) * 2012-02-24 2013-08-29 Pantech Co., Ltd Terminal and method for assigning permission to application
US20130232573A1 (en) * 2012-03-02 2013-09-05 Hassen Saidi Method and system for application-based policy monitoring and enforcement on a mobile device
TW201401100A (en) * 2012-06-22 2014-01-01 Wistron Corp Permission management method for applications, electronic device thereof, and computer readable medium
US20140108794A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
CN102917346A (en) * 2012-10-17 2013-02-06 浙江大学城市学院 Security policy management system and method for Android-based application program during operation
CN103902862A (en) * 2012-12-30 2014-07-02 联想(北京)有限公司 Mobile device management method and device and mobile device
US20160110178A1 (en) * 2013-02-28 2016-04-21 Google Inc. Splitting Application Permissions on Devices
US20150046706A1 (en) * 2013-08-07 2015-02-12 Kaspersky Lab Zao System and Method for Controlling Access to Encrypted Files
US20160205082A1 (en) * 2013-08-12 2016-07-14 Graphite Software Corporation Secure authentication and switching to encrypted domains
EP2840755A1 (en) * 2013-08-22 2015-02-25 British Telecommunications public limited company Processing device and method of operation thereof
TWI509542B (en) * 2013-09-11 2015-11-21 Chien Kang Yang Plug and play trading equipment, computer equipment, portable payment device , And payment card
CN104156637A (en) * 2014-07-11 2014-11-19 北京奇虎科技有限公司 Method and device for protecting private contents in intelligent terminal
CN106157037A (en) * 2014-09-11 2016-11-23 杨建纲 Mobile payment method and mobile payment equipment
TW201638843A (en) * 2015-04-17 2016-11-01 jian-gang Yang Mobile payment method
US20160359862A1 (en) * 2015-06-08 2016-12-08 Microsoft Technology Licensing, Llc System and method for using per-application profiles in a computing device
CN105160239A (en) * 2015-08-11 2015-12-16 小米科技有限责任公司 Application program access restriction method and apparatus
CN105956426A (en) * 2016-04-26 2016-09-21 上海斐讯数据通信技术有限公司 Application program authority authentication and authorization method and intelligent equipment
TWM540328U (en) * 2017-01-25 2017-04-21 Chien-Kang Yang Built-in intelligence security mobile device

Also Published As

Publication number Publication date
TW201828186A (en) 2018-08-01

Similar Documents

Publication Publication Date Title
CN108345785B (en) Built-in intelligent safety action device
US8898477B2 (en) System and method for secure firmware update of a secure token having a flash memory controller and a smart card
US8572392B2 (en) Access authentication method, information processing unit, and computer product
EP3355231B1 (en) Mobile data storage device with access control functionality
US6367017B1 (en) Apparatus and method for providing and authentication system
US8051052B2 (en) Method for creating control structure for versatile content control
US8601283B2 (en) Method for versatile content control with partitioning
TWI483204B (en) Multi user electronic wallet and management thereof
ES2599985T3 (en) Validation at any time for verification tokens
US9075957B2 (en) Backing up digital content that is stored in a secured storage device
US8966580B2 (en) System and method for copying protected data from one secured storage device to another via a third party
EP2189922A2 (en) Memory system with versatile content control
US20060242150A1 (en) Method using control structure for versatile content control
US20090276474A1 (en) Method for copying protected data from one secured storage device to another via a third party
US20060242067A1 (en) System for creating control structure for versatile content control
TW201530344A (en) Application program access protection method and application program access protection device
CN110383240A (en) The method and apparatus of safe computing resource for containerization
KR20090052321A (en) Content control system and method using versatile control structure
TWM540328U (en) Built-in intelligence security mobile device
TWI673667B (en) Built-in smart security mobile device
CN110352411A (en) Method and apparatus for controlling the access to safe computing resource
KR20230044953A (en) Computing method and system for managing files through account authentication of blockchain
KR100868676B1 (en) A security module of usb type
TWI651624B (en) Smart hardware safety carrier
TWM540327U (en) Smart hardware safety carrier