WO2009052732A1 - Method, system and apparatus for terminal information protection - Google Patents

Method, system and apparatus for terminal information protection Download PDF

Info

Publication number
WO2009052732A1
WO2009052732A1 PCT/CN2008/072661 CN2008072661W WO2009052732A1 WO 2009052732 A1 WO2009052732 A1 WO 2009052732A1 CN 2008072661 W CN2008072661 W CN 2008072661W WO 2009052732 A1 WO2009052732 A1 WO 2009052732A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
identifier
command
password
data
Prior art date
Application number
PCT/CN2008/072661
Other languages
French (fr)
Chinese (zh)
Inventor
Shouling Cui
Xiaoqian Chai
Kepeng Li
Linyi Tian
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to KR1020097013685A priority Critical patent/KR101118971B1/en
Priority to JP2009545810A priority patent/JP5065416B2/en
Publication of WO2009052732A1 publication Critical patent/WO2009052732A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the embodiments of the present invention relate to the field of device management (DM), and in particular, to a method, system, and device for protecting terminal data in a DM. Background technique
  • the Open Mobile Alliance ( ⁇ ) DM (hereinafter referred to as the DM specification) is the latest unified device management standard specification.
  • the DM system provides a low-cost solution for third-party management and setting up wireless networks.
  • the environment and configuration information of terminal devices (such as mobile phone terminals and functional objects in the terminal), solve the problems encountered during the use of these network devices, and perform software and firmware installation and upgrade operations through the wireless network (OTA) mode. And provide more personalized and personalized services to enhance the user experience.
  • OTA wireless network
  • the DM command is used to lock the terminal in the prior art.
  • the DM server locks or unlocks the terminal by modifying the value of the TerminalSecurity/DeviceLock/LockLevel sub-node under the management tree in the terminal. If the value of the child node is true, the terminal is locked. If the value is false, the terminal is unlocked.
  • the DM server can also operate the TerminalSecurity/DeviceWipe node through the DM command, and issue a data erasure command to the node to instruct the terminal to erase all relevant data of the user saved by itself, including the expansion card. The data in .
  • Locking and unlocking of the terminal are implemented in the prior art, specifically, the terminal is locked. It is a lock on all functions; when unlocked, it can only be unlocked by the server that initiated the lock, and the user experience is poor.
  • the process of data erasing implemented in the prior art only all data related to the user in the terminal can be erased, so that some useful data is also erased at the same time, the erasing effect is poor, and the user experience is also compared. difference.
  • the embodiment of the invention provides a method, a system and a device for protecting data of a terminal, so as to solve the problem that the authority control mechanism of the server existing in the prior art is unreasonable and the user experience is poor.
  • a method for protecting data of a terminal comprising:
  • the first device management server sends a lock command to the terminal, where the lock command includes lock information indicating that the terminal locks all functions or locks some functions; and the command is carried by the device management DM protocol.
  • the terminal 4 locks all or part of the functions according to the locking command.
  • a method for protecting data of a terminal comprising:
  • the device management server sends an erase command to the terminal according to the erasable data item, and the command is carried by the DM protocol;
  • the terminal erases the data item to be erased.
  • a system for protecting terminal data comprising:
  • the first device management server includes a lock command issuing module, and is configured to send a lock command, where the command includes lock information indicating that the terminal locks all functions or locks some functions, and the command is carried by the device management DM protocol;
  • Terminal including:
  • a first receiving module configured to receive the locking command
  • a system for protecting terminal data comprising:
  • the terminal includes:
  • a first receiving module configured to receive an erase command issued by the device management server, and an erasing module, configured to erase a data item corresponding to the data item identifier.
  • the embodiment of the present invention sends a lock information locking command including the lock information indicating that the terminal locks all functions or locks some functions to the terminal by the DM server, and the terminal locks the function indicated by the lock information. Users can lock as needed to make the user experience better.
  • FIG. 1 is a schematic diagram of a management tree structure for locking or unlocking a terminal in the prior art
  • FIG. 2 (a), FIG. 2 (b), FIG. 2 (c), FIG. 2 (d), and FIG. 2 (e) are A schematic diagram of a system structure for terminal data protection in the first embodiment of the present invention
  • FIG. 3 is a schematic flowchart of protecting terminal data in Embodiment 2 of the present invention
  • FIG. 4 is a schematic structural diagram of a terminal management tree according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of a terminal determining whether a DM server has an unlocking right according to Embodiment 3 of the present invention
  • FIG. 6 is a schematic flowchart of determining, by a terminal, whether a user has an unlocking right according to Embodiment 4 of the present invention
  • FIG. 7 is a schematic structural diagram of a terminal management tree in Embodiment 5 of the present invention.
  • FIG. 8 is a schematic structural diagram of a terminal management tree in Embodiment 5 of the present invention.
  • FIG. 9 is a schematic flowchart of a data item corresponding to a terminal erasing a data item identifier according to Embodiment 7 of the present invention.
  • FIG. 10 is a schematic structural diagram of a system for protecting data of a terminal according to Embodiment 9 of the present invention. detailed description
  • FIG. 2 is a schematic structural diagram of a system for protecting data of a terminal according to Embodiment 1 of the present invention, where the system includes: a first device management server 11 and a terminal 12
  • the first device management server 11 includes a lock command issuing module 21, configured to send a lock command, where the command includes lock information indicating that the terminal locks all functions or locks some functions
  • the terminal 12 includes a first receiving module. 31 and a locking module 32, wherein the first receiving module 31 is configured to receive the locking command; and the locking module 32 is configured to lock all or part of the function according to the locking information.
  • the lock information is an identifier of whether all locks, and if the identifier is all locks, the lock module 32 is used to lock all functions; if the identifier is partially locked The lock module 32 is used to lock a preset function.
  • the second case is as shown in FIG. 2( b ): the lock information is a data item identifier corresponding to one or more data items to be locked; then the lock module 32 is configured to lock the data item corresponding to the identifier .
  • the first device management server 11 further includes an acquisition command issuing module 22 and a second receiving module 23, wherein the obtaining command issuing module 22 is configured to send an obtaining command to the terminal; and the second receiving module 23 is configured to receive the terminal reporting.
  • the data item identifier; the terminal 12 further includes a storage module 33 and a reporting module 34, wherein the storage module 33 is configured to store a data item identifier corresponding to the data item that can be locked by itself; the reporting module 34 is configured to store the data item The data item identifier is reported to the first device management server 11.
  • the lock information is one of the IDs that are all locked, and/or the data item identifier corresponding to the data item to be locked. If the identifier is all locked, the locking module 32 is used to lock all functions; if the identifier is partially locked, the locking module 32 is used to lock a preset function; if the identifier is a data item identifier
  • the locked information may also be a combination of all the lock identifiers and the data item identifiers, or a combination of the partial lock identifiers and the data item identifiers. In this embodiment, it is set whether the identifiers of all the locked identifiers have higher priority than the data item identifiers.
  • the locking module 32 can execute only all the locking labels The operation corresponding to the identification or partial locking is not performed, and the operation corresponding to the data item identification is not performed.
  • the DM server can instruct the terminal to unlock the locked function, that is, the so-called unlocking process in the embodiment of the present invention.
  • the process of unlocking may be various, including but not limited to the following:
  • the system further includes a second device management server 13 for delivering the data to the terminal 12.
  • the terminal 12 further includes a first judging module 35 and an unlocking module 36, wherein the first judging module 35 is configured to determine the received security password and the first device management server delivered by the second device management server 13.
  • the security passwords issued by the 11 are the same.
  • the unlocking module 36 is triggered.
  • the unlocking module 36 is configured to perform an unlocking operation.
  • the terminal 12 further includes a second determining module 37, configured to use the second device management server.
  • the identifier of 13 is compared with the identifier of the first device management server 11, and if the identifier is the same, the unlocking module 36 is instructed to perform an operation.
  • the terminal further includes a third determining module 38, configured to receive the password. Compared with the preset password, if the password is the same, the unlocking module 36 is instructed to perform an operation.
  • the pre-set password is the issued unlock password.
  • the lock command issuing module 21 is further configured to issue an identifier that allows unlocking with the local password
  • the preset password is a local password saved by the terminal itself.
  • Fig. 2 (c), Fig. 2 (d) and Fig. 2 (e) can also be combined together, such as stepwise judgment according to the set priority conditions. When the set conditions are met, the terminal will be Unlock.
  • various commands and parameters sent by the DM server are carried by the DM protocol, and the parameters sent by the DM may be delivered together with the lock command or the unlock command, or may be the DM protocol. Issued separately.
  • the method of the present invention is described in detail below in conjunction with specific embodiments.
  • the server involved in the embodiments of the present invention is a DM server.
  • FIG. 3 it is a schematic flowchart of protecting terminal data in Embodiment 2 corresponding to Embodiment 1 of the present invention.
  • all or part of the functions of the DM server are first locked, and in the subsequent unlocking process,
  • the function of the unlocked function is as follows: Step S301: The DM server sends a lock command to the terminal, where the command includes lock information, the lock information indicates that the terminal locks all functions, or locks some functions.
  • Step S302 After receiving the lock command, the terminal locks all functions or partial functions according to the lock information, and reports a response message indicating whether the lock is successful to the DM server.
  • the terminal locks all functions means: except for legally allowed sessions (eg, emergency call sessions) and DM sessions, the user will not be able to use the functions of the terminal, all external connections (such as Bluetooth) , USB connection, etc.) can not get the data of the terminal.
  • the terminal locks part of the function means: The terminal or server predetermines the function to be locked when receiving the lock information, such as the call-in function, the legally allowed session, and the DM session, all other functions are locked. However, in order to subsequently enable the user to implement the unlocking process, the locked terminal can provide an input interface to receive the password entered by the user, which will be described in the subsequent embodiments.
  • the first case the terminal and the server pre-agreed, when the terminal receives the lock information sent by the DM server as an all-locked identifier, if the identifier is all locked, the terminal locks all functions; if the identifier is part When locked, the terminal locks the preset function.
  • the lock information sent by the DM server to the terminal is the identifier of the data item that is to be locked. If the data item identifier includes all the data item identifiers that the terminal can lock, the terminal locks all functions; if the data item identifier The terminal identifies the data item corresponding to the identifier, and the terminal locks the data item corresponding to the identifier.
  • the third case the lock information sent by the DM server to the terminal is one of the all locked identifiers, and/or the data item identifier corresponding to the data item to be locked.
  • the operation is performed according to the first case or the second case; when the lock information includes one of the all locked identifiers and the data item identifier corresponding to the data item to be locked, due to Whether the priority of all the locked identifiers is higher than the data item identifier, the terminal only performs operations corresponding to whether the all locked identifiers are used.
  • Step S303 If the DM server also sends a security password to the terminal, the terminal can be unlocked as long as the DM server can correctly provide the security password during the unlocking process.
  • the second DM server that meets the access control authority (ACL) can initiate an unlocking command to the terminal, and if the unlocking command carries the correct security password, the terminal will Its own lock is released.
  • ACL access control authority
  • the DM server that originally issued the lock command and the user who knows the security password can also decode the terminal.
  • Step S304 The DM server sends an erasure command to the terminal, where the erasure command includes one or more data item identifiers corresponding to the data items to be erased.
  • Step S305 The terminal erases the data item corresponding to the identifier saved by the terminal, and reports to the DM server whether the response message is successfully erased.
  • the data item to be erased is a data content information classification in the terminal, such as a short message, a multimedia message, an address book, a call record, a notepad, a mail, a photo, a recording, a video, a password, etc., and the terminal receives the wipe.
  • the terminal In addition to the command carrying one or more identifiers indicating the data items to be erased, the terminal erases the data items to be erased.
  • Step S304 and step S305 and the foregoing steps S301 to S303 have no absolute sequence, and the erasing command may be issued before the terminal is locked, or may be executed after the terminal is locked.
  • the solution in the embodiment of the present invention may be implemented by using a terminal management tree.
  • the commands sent by the DM server may be operations on nodes in the terminal management tree.
  • the following sections describe the locking, unlocking, and erasing data of the terminal in detail.
  • the locking and solution of the terminal can be implemented by operating some or all of the nodes in FIG. Lock and erase data operations.
  • Embodiment 3 of the present invention describes a solution for realizing data protection for a terminal by locking and unlocking the terminal.
  • a Lock sub-node is generated under the Operation node, and the Lock sub-node is an executable node.
  • the lock command issued by the DM server can be received, and the corresponding operation is performed.
  • the description of the Lock sub-node is as shown in Table 1.
  • the parameter information carried in the command is saved in each sub-node of the LockConfig node.
  • the LAWMO/LockConfig/IsFullLocked subnode is used to hold the lock information.
  • the value of the IsFullLocked subnode is true or false. When the value is true, it indicates that the terminal will lock all functions. When it is false, it indicates that the terminal will lock some functions.
  • the description of the IsFullLocked subnode is shown in Table 2.
  • the LAWMO/LockConfig/Security Code sub-node is used to save the security password sent by the DM server, and is used to verify the identity of the DM server that needs to be unlocked.
  • the number of occurrences of the child node is 0 or 1. If the DM server does not send a security password, the node may not exist.
  • the description of the Security Code sub-node is shown in Table 3. Status Tree Occurrence Format Min.Access Types
  • the LAWMO/LockConfig/Server ID sub-node is used to save the ID of the DM server that issued the lock command. If the DM server subsequently requests to unlock the terminal, the AAA server may not need to verify the security password, as long as it passes through the server ID sub-node.
  • the ID information determines that the terminal is required to be locked and the same DM server is required to be unlocked, and the unlocking operation is performed.
  • the description of the Server ID sub-node is shown in Table 4.
  • the LAWMO/Operation/UnLock sub-node is an executable node that receives the unlock command issued by the DM server and performs an unlock operation.
  • the description of the UnLock subnode is shown in Table 5.
  • the LAWMO/Operation/UnLock/SecurityCode sub-node is used to match the security password in the received unlock command with the security password saved in LAWMO/LockConfig/SecurityCode to verify the unlocking authority of the DM server that issued the unlock command.
  • the description of the UnLock/SecurityCode subnode is shown in Table 6.
  • the first DM server sends a lock command to the LAWMO/Operation/Lock executable node of the terminal, where the lock command carries the lock information, the security password, and the ID information of the lock.
  • the lock information, the security password, and the ID information of the user may be delivered together with the lock command, or may be directly sent by the DM server using the DM protocol.
  • the lock information may be an identifier of whether or not all locks, the identifier may be a parameter of IsFullLocked, and its value is true. If the terminal needs to maintain the incoming call function, set the value of the issued IsFullLocked parameter to false.
  • the first DM server After the first DM server locks the terminal, if you want to assign the unlocking authority to the second DM server, you need to send the SecurityCode parameter. When the second DM server unlocks the terminal, you need to provide SecurityCode to verify the permission.
  • the first DM server does not set SecurityCode, you can set it to any other DM server to unlock the terminal, or any other DM server does not have the right to unlock.
  • the SecurityCode may not be provided, and the terminal may determine the authority of the first DM server through the recorded Server1D.
  • the terminal After receiving the lock command, the terminal assigns the parameter carried in the lock command to the corresponding node, and performs a lock operation according to the parameter.
  • the terminal After receiving the security password, the terminal assigns the value of the security password to the LAWMO/LockConfig/SecurityCode node. After receiving the lock information, the terminal assigns the lock information value to the LAWMO/LockConfig /IsFullLocked node. The terminal extracts the ID of the DM server that issued the lock command from the DM session, and assigns the ID value to the LAWMO/LockConfig/ServerlD node.
  • the terminal After receiving the Lock command, the terminal performs corresponding operations according to the parameters carried.
  • the unlock command is sent to the LAMO/Operation/UnLock node of the terminal; otherwise, the second DM server needs to carry the security password when sending the unlock command to the terminal. .
  • the second DM server can send security passwords in two ways:
  • the Replace command directly delivers the parameters, and the second is carried by the data element in Exec.
  • the specific implementations of the two schemes are as follows:
  • the terminal After receiving the unlocking command, the terminal determines whether the second DM server has an unlocking function. Permissions, if yes, perform an unlock operation, otherwise, refuse execution and return an error message.
  • the authentication process of the terminal to the DM server is shown in Figure 5.
  • the process mainly includes the following steps:
  • Step S501 The terminal determines whether the ID of the second DM server that sends the unlock command is the same as the ID of the first DM server that sends the lock command. If yes, step S504 is performed. Otherwise, step S502 is performed.
  • the terminal extracts the ID of the second DM server that sends the unlocking command from the DM session. If the DM server that sends the command twice is the same, the second DM server has the unlocking authority by default, and the terminal directly performs the unlocking operation. If the server that issued the command is different, you need to continue to determine whether the second DM server that issued the unlock command has the unlock permission.
  • Step S502 The terminal determines whether the security password is carried in the lock command. If yes, step S503 is performed. Otherwise, step S504 is performed.
  • the matching security password is required to be sent when the unlock command is sent. If the security password is not carried in the original lock command, the DM server can be unlocked by default. Permission, the terminal directly performs the unlock operation.
  • Step S503 Determine whether the security password carried in the unlocking command matches the security password carried in the locking command. If yes, go to step S504; otherwise, go to step S505.
  • the second DM server that issued the unlocking command provides the security password
  • the second DM server that issues the unlocking command is considered to be the same as the security password carried in the locking command. Has unlock permission.
  • Step S504 The terminal performs an unlocking operation.
  • Step S505 The terminal maintains the original locked state.
  • the terminal is The security password saved in the LAWMO/Operation/UnLock/SecurityCode node will be cleared to prevent it from being used by the next unlock command.
  • the second DM server is authenticated by comprehensively determining the DM server ID and the security password. This is only a case of the embodiment of the present invention.
  • the terminal may also use other different judgment sequences, or may only use
  • the second DM server is authenticated according to the DM server ID or the security password.
  • a process for manually unlocking by a user which mainly includes the following steps:
  • the DM server sends a lock command to the terminal, and the command includes an identifier that allows manual unlocking.
  • the process of issuing the lock command in this step is similar to that in the third embodiment.
  • the DM server can also send the parameter information that is sent together with the lock command in the first step of the third embodiment, and the user can be implemented in this embodiment. Manually unlocking, the DM server can also be implemented to unlock according to the third embodiment.
  • the lock command may carry an identifier indicating whether manual unlocking is allowed, and the identifier indicates whether the terminal is allowed to manually unlock by inputting an unlock password by the user.
  • the terminal saves the identifier to the LAWMO/LockConfig/AllowLocallyUnlock sub-node. If the identifier is true, the user is allowed to unlock the terminal. If the identifier is false, the user is not allowed to unlock the terminal.
  • the description of the AllowLocallyUnlock subnode is shown in Table 7.
  • the identifier is not carried in the lock command, it can be manually unlocked by default, or the manual unlock is not allowed by default.
  • the DM server allows the user to manually unlock, and the lock command may also include a solution. Lock the password, the terminal saves the received unlock password to
  • the unlock password is the check code when the user manually unlocks. If the user correctly inputs the unlock password to the terminal when unlocking, the user is considered to have the decoding right.
  • the description of the LAWMO/LockConfig/UnLockCode sub-node is shown in Table 8.
  • the lock command also carries an identifier that allows the unlocking with the local password, and the terminal saves the identifier in the LAWMO/LockConfig/LocalPwdAvailable sub-node. If the identifier is true, the user is allowed to input the local password. To unlock the terminal's LAW MO level; if the value is false, it means not allowed.
  • the description of the LocalPwdAvailable subnode is shown in Table 9.
  • the terminal After receiving the unlocking command, the terminal determines whether the user who inputs the unlocking password has the right to unlock. If yes, the unlocking operation is performed. Otherwise, the execution is refused.
  • Step S601 If the terminal determines that the identifier saved in the LAWMO/LockConfig/AllowLocallyUnlock sub-node is true, step S602 is performed, and if it is false, the process is performed. Step S607.
  • Step S602 The terminal determines whether the unlock password is saved. If yes, step S603 is performed; otherwise, step S604 is performed.
  • LAWMO/LockConfig/UnLockCode subnode value is blank, further determination is required to allow the user to unlock using the terminal's native password.
  • Step S603 The terminal determines whether the received unlock password input by the user matches the saved unlock password. If yes, step S606 is performed; otherwise, step S607 is performed.
  • the password matching involved in the various embodiments of the present invention can be considered as the same password.
  • the terminal can provide the user with a UI interface through which the user can enter a password, regardless of whether the terminal is in the full function lock state or in the state in which the set function is locked.
  • Step S604 The terminal determines whether the user is allowed to use the local password to unlock. If yes, step S605 is performed; otherwise, step S607 is performed.
  • Step S605 The terminal determines whether the received local password input by the user matches the saved local password. If yes, step S606 is performed; otherwise, step S607 is performed.
  • Step S606 The terminal is unlocked.
  • Step S607 The terminal remains in a locked state.
  • the user is manually unlocked by using the unlocking password unlocking and the local password unlocking.
  • the terminal may also use other different order to judge, or only unlock according to the unlocking password or the local device.
  • the way to unlock the password is to achieve manual unlocking.
  • FIG. 4 is only one implementation of the solution of the present invention.
  • the structure of the terminal management tree may also be the structure shown in FIG. 7.
  • the ⁇ Y>* child node under the LockConfig node is used instead of the LAWMO/LockConfig/IsFullLocked node in FIG.
  • LAWMO /LockConfig/ SecurityCode node LAWMO/LockConfig/UnlockCode node
  • LAWMO/LockConfig/ServerlD node LAWMO/LockConfig One or more of the /AllowLocallyUnlock node and the LAWMO/LockConfig/LocalPwdAvailable node, etc., of course, the present embodiment is not limited to the above several nodes.
  • the process of implementing the locking and unlocking in the fifth embodiment of the present invention is similar to the process in the third embodiment and the fourth embodiment.
  • the DM server issues the locking command, it will be IsFullLocked, SecurityCode, UnlockCode, ServerlD,
  • AllowLocallyUnlock and LocalPwdAvailable parameters are also sent to the terminal and saved in the ⁇ Y >* node.
  • the terminal then sets the lock status according to these parameters and configures the terminal's unlock permission.
  • the specific delivery process can be described by the following procedure.
  • the procedure only describes the process of the security password, and the other parameters are similar.
  • Embodiments 3 through 5 provide various schemes for terminal data protection, corresponding to the system described in Embodiment 1.
  • the sixth embodiment of the present invention further provides protection of the terminal data by locking the data item.
  • So-called data items include, but are not limited to, short messages, contact information, and email.
  • the list of data item information can be saved in the LAWMO/OperableContent/ ⁇ X> node, as shown in Figure 4, and its content can be determined by the terminal.
  • the description of the node is shown in Table 10.
  • a child node ⁇ X>* is generated under the Lock node, as shown in Figure 8.
  • the X node stores the name of the data item that the DM server requires to lock.
  • the IsFullLocked subnode may not be required under the LockConfig node.
  • the DM server sends an acquisition command and obtains a data item that the terminal can lock.
  • the DM server can use the Get command to get the terminal management tree.
  • the DM server requests to obtain an identifier of the lockable data item.
  • the terminal returns the content under the OperableContent node to the DM server by using the Results command.
  • step 1 may not appear.
  • the data agreed by the terminal and the server, or the data items that have been standardized may not appear.
  • the DM server sends a lock command to the terminal, where the command includes one or more data item identifiers corresponding to the data items to be locked, and the terminal locks the data item corresponding to the identifier.
  • the DM server can use the data element in the Add command, the Replace command, or the Exec command to deliver the data item identifier.
  • the process of delivering the data element in the Exec command and the process in the third embodiment is similar to the process in the third embodiment, and is not described here.
  • the process of sending an identifier using the Add command is as follows:
  • the terminal After receiving the lock command, the terminal determines whether there is a child node under the Lock node, or the content of the child node is empty, indicating that the DM server does not specify a data item to be locked, and the terminal may follow the third and fourth embodiments.
  • the solution of the fifth is locked; if the terminal determines that the content of the child node under the Lock node is SMS and AddressBook, the terminal locks the SMS and AddressBook functions, that is, the terminal cannot send and receive text messages, and cannot view or modify the phone.
  • the terminal unlocks according to the unlock command issued by the DM server.
  • This unlocking process can be similar to the ones in the third, fourth and fifth embodiments.
  • the third embodiment and the sixth embodiment of the present invention respectively describe two schemes for performing full locking or partial locking on the terminal, and the two schemes can also be combined to realize full locking or partial locking of the terminal.
  • the three identifiers in the issued lock information are in the relationship of "or”; when the values are 0 and 2 (or 1 and 2), at this time, whether the lock information of all the lock information and the data item identifier are "and" in the lock information, indicating that the lock information is the identifier of all (partial) lock, but the child under the lock node If one or more data item identifiers are added to the node ⁇ X>*, the schemes of the third embodiment and the sixth embodiment can be simultaneously performed. Further, if it is set whether the priority of the all-locked identifier is higher than the data item identifier, the operation may be performed according to the scheme of the third embodiment, and the scheme of the sixth embodiment is not executed.
  • a solution for protecting data of a terminal by erasing the content of the terminal item by item includes:
  • the DM server obtains a data item that the terminal can erase.
  • the DM server can obtain the erasable data item of the terminal before issuing the erasing command, and the obtaining manner is similar to that in the sixth embodiment. In addition, this step may not appear.
  • the data items are the same, that is, the values of the child nodes under the LAWMO/OperableContent node. Other nodes can also be generated under the terminal management tree to save data items that the terminal can erase.
  • the DM server sends an erasure command to the terminal, where the command carries one or more data item identifiers corresponding to the data items to be erased by the terminal.
  • the erase command issued by the DM server is to operate the LAWMO/Operation/wipe executable node under the terminal management tree.
  • the description of the wipe node is shown in Table 11.
  • Table 11 There may also be a child node ⁇ X>* under the wipe node. This node holds the data item identifier corresponding to the data item that the DM server wishes to erase when executing the erase command. The description of the node is shown in Table 12.
  • the DM server sends one or more data item identifiers corresponding to the data items to be erased by the terminal.
  • There are two ways to deliver the parameters one is to directly send the parameters through the Replace command, and the second is to use the data in the Exec.
  • the element is carried, similar to the process of the sixth embodiment. 3.
  • the terminal erases the data item corresponding to the data item identifier. As shown in FIG. 9, the process may include:
  • step S901 if there is no X child node or the X child node value is null under the LAWMO/Operation/wipe node of the terminal, that is, the data item identifier corresponding to the data item to be erased by the terminal is not delivered, step S904 is performed, otherwise execution is performed. Step S902.
  • Step S902 The terminal determines whether the data item identifier that is erasable by the terminal includes the received data item identifier. If yes, step S903 is performed; otherwise, step S905 is performed.
  • Step S903 The terminal erases the data item corresponding to the received data item identifier. If the DM server sends a data item identifier to the terminal, the command is as follows:
  • Step S904 The terminal erases all data of the user according to the erasure command, including data on the storage space of the device, data on the extended storage medium, and even data on the SIM card.
  • Step S905 The terminal refuses to perform an erase operation.
  • Embodiment 7 of the present invention describes a scheme for realizing data protection for a terminal by erasing the content of the terminal item by item.
  • the DM server sends an erase command to the terminal, and sends a data item identifier corresponding to the data item to be erased by one or more terminals; the difference of the alternative is that the DM server
  • the terminal sends an erase command and delivers an indication of the data item to be erased on one or more terminals.
  • the indication may be the name of the data item to be erased, the identifier of the data item to be erased, or the erasure indication of the erasable data item on the terminal management tree.
  • the DM server There are two ways for the DM server to deliver the indication. One is to directly send parameters through the Replace command, and the second is to use the data element in Exec. The specific method is similar to the procedure in the sixth embodiment.
  • the terminal After receiving the erase command, the terminal erases the data item to be erased.
  • erasing the password is a more specific embodiment.
  • the DM server can also instruct the terminal to modify or set the password.
  • the eighth embodiment of the present invention is a method for a terminal to erase and modify a password, and the method mainly includes the following steps:
  • the DM server sends an erase command to the terminal.
  • the DM server issues a command to erase the password on the terminal by operating the Wipe executable node.
  • the LAWMO/LocalLock/ClearPwd sub-node can also be operated under the terminal management tree.
  • the sub-node is used to erase the password on the terminal.
  • the description of the sub-node is shown in Table 13.
  • the instructions for the DM server to operate on the ClearPwd subnode are as follows:
  • the instructions for the DM server to operate on the ChangePwd subnode are as follows:
  • the terminal replaces the original terminal password, and the received new terminal password is used as its own terminal password; or the terminal receives the new terminal password to overwrite the original terminal. password.
  • a LAWMO/Operation/FactoryReset subnode can be generated under the terminal management tree.
  • the child node is an executable node, and the DM server can operate the node to instruct the terminal to set its own parameter to the factory value.
  • the description of the node is shown in Table 15.
  • a LAWMO/State node can be generated, which is used to reflect whether the state of the current terminal is locked. According to different values, different states of the terminal are reflected. For example, when the value of the node is set to 0, the terminal is locked and locked for all functions. When the value of the node is 1, the terminal is locked and set. The function is locked. When the value of the node is 2, the terminal is in the unlocked state. When the value of the node is 3, the terminal is in other states.
  • the ninth embodiment of the present invention further provides a system for protecting data of the terminal.
  • the system includes: a device management server 41, including an erasure command issuing module 51.
  • the command is used to send an erase command, where the command carries one or more data item identifiers corresponding to data items to be erased, and the command is carried by the DM protocol;
  • the terminal 42 includes a first receiving module 61 and an erasing module 62.
  • the first receiving module 61 is configured to receive an erase command issued by the device management server 41
  • the erasing module 62 is configured to erase the data item corresponding to the data item identifier.
  • the device management server 41 further includes an acquisition command issuing module 52 and a second receiving module 53, wherein the obtaining command issuing module 52 is configured to send an obtaining command to the terminal; and the second receiving module 53 is configured to receive data reported by the terminal. Item identifier.
  • the terminal 42 further includes a storage module 63 and a reporting module 64, wherein the storage module 63 is configured to save the data item identifier corresponding to the data item that can be erased by itself; the reporting module 64 is configured to report the stored data item identifier.
  • the server is managed by the device.
  • the terminal further includes a setting module 65, configured to erase the original terminal password, and receive the The new terminal password is used as its own terminal password; or the terminal will overwrite the original terminal password with the new terminal password received.
  • the user can lock some or all functions of the terminal according to requirements, and the permission control mechanism is more reasonable, and is more flexible in the unlocking process, which facilitates the user and reduces the pressure of the DM server; , allowing single or multiple erasure of the terminal's operable content, improving the erasing efficiency.
  • Non-volatile storage medium which can be a CD-ROM, a USB flash drive, a mobile hard disk, etc.
  • a computer device may It is a personal computer, a server, or a network device, etc. that performs the methods described in various embodiments of the present invention.

Abstract

A method, a system and an apparatus are provided. The method includes: transmitting a lock instruction to a terminal from a first device management server, and wherein the instruction including lock information which instructs the terminal to lock all or part functions and carried by DM protocol; locking all or part of functions by the terminal according to the lock information. The solution makes a user lock functions on demands and provides the user good experience. A system for terminal information protection is also provided.

Description

对终端数据保护的方法、 系统及装置 技术领域  Method, system and device for protecting terminal data
本发明实施例涉及设备管理( Device Management, DM )领域, 尤其涉及一种在 DM中对终端数据保护的方法、 系统及装置。 背景技术  The embodiments of the present invention relate to the field of device management (DM), and in particular, to a method, system, and device for protecting terminal data in a DM. Background technique
在开放移动联盟( Open Mobile Alliance , ΟΜΑ ) 的 DM (以下简 称 DM规范) 是最新制定的设备管理统一标准规范, DM系统提供了 一种低成本方案, 主要用于第三方管理和设置无线网络中终端设备 (比如手机终端及终端中的功能对象)的环境和配置信息, 解决这些 网络设备在使用过程中遇到的问题 ,通过无线网络(OTA)方式进行软 件和固件的安装、 升级等操作, 并提供更加人性化和个性化的服务, 提高用户体验。  The Open Mobile Alliance (ΟΜΑ) DM (hereinafter referred to as the DM specification) is the latest unified device management standard specification. The DM system provides a low-cost solution for third-party management and setting up wireless networks. The environment and configuration information of terminal devices (such as mobile phone terminals and functional objects in the terminal), solve the problems encountered during the use of these network devices, and perform software and firmware installation and upgrade operations through the wireless network (OTA) mode. And provide more personalized and personalized services to enhance the user experience.
随着移动终端的大量使用,一台移动终端上集中了人们大量的重 要资产, 一旦遗失或者忘带将会带来重大的损失, 例如, 被泄露移动 终端上存储的各种数据 (包括短信、 彩信、 通讯录、 通话记录、 记事 本、 邮件、 照片、 录音、 录像等) 而带来的影响。  With the heavy use of mobile terminals, a large number of important assets are concentrated on one mobile terminal. Once lost or forgotten, it will bring significant losses, for example, various data stored on the mobile terminal (including SMS, The impact of MMS, contacts, call logs, notepads, emails, photos, recordings, videos, etc.).
为了解决这些问题, 现有技术中通过 DM命令来对终端进行锁 定, 如图 1 所示, DM 服务器通过修改终端中管理树下 TerminalSecurity/DeviceLock/LockLevel子节点的值 ,来对终端锁定或 解锁。 若该子节点的值为 true, 则锁定终端, 若值为 false, 则对终端 解锁。 除了实现对终端的锁定之外, DM服务器还可以通过 DM命令 对 TerminalSecurity/DeviceWipe节点进行操作, 对该节点下发数据擦 除命令, 指示终端擦除自身保存的用户的所有相关数据, 包括扩展卡 中的数据。  To solve these problems, the DM command is used to lock the terminal in the prior art. As shown in Figure 1, the DM server locks or unlocks the terminal by modifying the value of the TerminalSecurity/DeviceLock/LockLevel sub-node under the management tree in the terminal. If the value of the child node is true, the terminal is locked. If the value is false, the terminal is unlocked. In addition to the locking of the terminal, the DM server can also operate the TerminalSecurity/DeviceWipe node through the DM command, and issue a data erasure command to the node to instruct the terminal to erase all relevant data of the user saved by itself, including the expansion card. The data in .
现有技术中实现了对终端的锁定和解锁, 具体而言, 在锁定终端 时为对全部功能的锁定; 解锁时仅能由发起锁定的服务器解锁, 用户 体验较差。 此外, 现有技术实现的数据擦除的过程中, 只能将终端中 所有与用户相关的数据都擦除, 使一些有用的数据同时也被擦除,擦 除效果较差, 用户体验亦较差。 Locking and unlocking of the terminal are implemented in the prior art, specifically, the terminal is locked. It is a lock on all functions; when unlocked, it can only be unlocked by the server that initiated the lock, and the user experience is poor. In addition, in the process of data erasing implemented in the prior art, only all data related to the user in the terminal can be erased, so that some useful data is also erased at the same time, the erasing effect is poor, and the user experience is also compared. difference.
发明内容 Summary of the invention
本发明实施例提供一种对终端数据保护的方法、 系统及装置, 以 解决现有技术中存在的服务器的权限控制机制不合理,用户体验较差 的问题。  The embodiment of the invention provides a method, a system and a device for protecting data of a terminal, so as to solve the problem that the authority control mechanism of the server existing in the prior art is unreasonable and the user experience is poor.
一种对终端数据保护的方法, 该方法包括:  A method for protecting data of a terminal, the method comprising:
第一设备管理服务器向终端下发锁定命令,该锁定命令中包含指 示终端将全部功能锁定或将部分功能锁定的锁定信息;且该命令由设 备管理 DM协议承载。  The first device management server sends a lock command to the terminal, where the lock command includes lock information indicating that the terminal locks all functions or locks some functions; and the command is carried by the device management DM protocol.
所述终端 4艮据所述锁定命令将全部或部分功能锁定,  The terminal 4 locks all or part of the functions according to the locking command.
一种对终端数据保护的方法, 该方法包括:  A method for protecting data of a terminal, the method comprising:
在终端管理树上保存终端的可擦除的数据项;  Saving the erasable data item of the terminal on the terminal management tree;
设备管理服务器根据该可擦除的数据项向终端下发擦除命令,且 该命令由 DM协议 载;  The device management server sends an erase command to the terminal according to the erasable data item, and the command is carried by the DM protocol;
终端擦除所述待擦除的数据项。  The terminal erases the data item to be erased.
一种对终端数据保护的系统, 该系统包括:  A system for protecting terminal data, the system comprising:
第一设备管理服务器, 包括锁定命令下发模块, 用于下发锁定命 令,该命令中包含指示终端将全部功能锁定或将部分功能锁定的锁定 信息, 且该命令由设备管理 DM协议承载;  The first device management server includes a lock command issuing module, and is configured to send a lock command, where the command includes lock information indicating that the terminal locks all functions or locks some functions, and the command is carried by the device management DM protocol;
终端, 包括:  Terminal, including:
第一接收模块, 用于接收所述锁定命令;  a first receiving module, configured to receive the locking command;
锁定模块, 用于根据所述锁定信息将全部或部分功能锁定。 一种对终端数据保护的系统, 该系统包括:  And a locking module, configured to lock all or part of the function according to the locking information. A system for protecting terminal data, the system comprising:
设备管理服务器, 包括擦除命令下发模块,用于通过由 DM协议 下发擦除命令, 该命令中携带一个或多个待擦除的数据项的指示; 终端, 包括: Device management server, including an erase command delivery module, for passing the DM protocol And issuing an erasing command, where the command carries an indication of one or more data items to be erased; the terminal includes:
第一接收模块, 用于接收所述设备管理服务器下发的擦除命令; 擦除模块, 用于擦除所述数据项标识对应的数据项。  a first receiving module, configured to receive an erase command issued by the device management server, and an erasing module, configured to erase a data item corresponding to the data item identifier.
与现有技术相比,本发明实施例通过由 DM服务器向终端下发包 含指示终端将全部功能锁定或将部分功能锁定的锁定信息锁定命令, 终端将所述锁定信息指示的功能锁定的方案,用户可以按照需要进行 锁定, 使得用户体验较好。 附图说明  Compared with the prior art, the embodiment of the present invention sends a lock information locking command including the lock information indicating that the terminal locks all functions or locks some functions to the terminal by the DM server, and the terminal locks the function indicated by the lock information. Users can lock as needed to make the user experience better. DRAWINGS
图 1为现有技术中实现对终端锁定或解锁的管理树结构示意图; 图 2 ( a )、 图 2 ( b )、 图 2 ( c )、 图 2 ( d )和图 2 ( e )为本发明 实施例一中对终端数据保护的系统结构示意图;  1 is a schematic diagram of a management tree structure for locking or unlocking a terminal in the prior art; FIG. 2 (a), FIG. 2 (b), FIG. 2 (c), FIG. 2 (d), and FIG. 2 (e) are A schematic diagram of a system structure for terminal data protection in the first embodiment of the present invention;
图 3为本发明实施例二中对终端数据进行保护的流程示意图; 图 4为本发明实施例中终端管理树结构示意图;  3 is a schematic flowchart of protecting terminal data in Embodiment 2 of the present invention; FIG. 4 is a schematic structural diagram of a terminal management tree according to an embodiment of the present invention;
图 5为本发明实施例三中终端判断 DM服务器是否具有解锁的权 限的流程示意图;  FIG. 5 is a schematic flowchart of a terminal determining whether a DM server has an unlocking right according to Embodiment 3 of the present invention;
图 6 为本发明实施例四中终端判断用户是否具有解锁的权限的 流程示意图;  6 is a schematic flowchart of determining, by a terminal, whether a user has an unlocking right according to Embodiment 4 of the present invention;
图 7为本发明实施例五中终端管理树结构示意图;  7 is a schematic structural diagram of a terminal management tree in Embodiment 5 of the present invention;
图 8为本发明实施例五中终端管理树结构示意图;  8 is a schematic structural diagram of a terminal management tree in Embodiment 5 of the present invention;
图 9 为本发明实施例七中终端擦除数据项标识对应的数据项的 流程示意图;  9 is a schematic flowchart of a data item corresponding to a terminal erasing a data item identifier according to Embodiment 7 of the present invention;
图 10为本发明实施例九中一种对终端数据保护的系统结构示意 图。 具体实施方式  FIG. 10 is a schematic structural diagram of a system for protecting data of a terminal according to Embodiment 9 of the present invention. detailed description
下面结合说明书附图详细描述本发明。 如图 2 ( a )、 图 2 ( b )和图 2 ( c )所示, 为本发明实施例一中对 终端数据保护的系统结构示意图, 该系统包括: 第一设备管理服务器 11和终端 12, 其中, 第一设备管理服务器 11包括锁定命令下发模块 21 , 用于下发锁定命令, 该命令中包含指示终端将全部功能锁定或将 部分功能锁定的锁定信息;终端 12包括第一接收模块 31和锁定模块 32, 其中, 第一接收模块 31用于接收所述锁定命令; 锁定模块 32用 于才艮据所述锁定信息将全部或部分功能锁定。 The invention will be described in detail below with reference to the accompanying drawings. As shown in FIG. 2( a ), FIG. 2 ( b ) and FIG. 2 ( c ), FIG. 2 is a schematic structural diagram of a system for protecting data of a terminal according to Embodiment 1 of the present invention, where the system includes: a first device management server 11 and a terminal 12 The first device management server 11 includes a lock command issuing module 21, configured to send a lock command, where the command includes lock information indicating that the terminal locks all functions or locks some functions; the terminal 12 includes a first receiving module. 31 and a locking module 32, wherein the first receiving module 31 is configured to receive the locking command; and the locking module 32 is configured to lock all or part of the function according to the locking information.
将信息全部锁定和部分锁定可以有三种情况:  There are three situations in which information can be locked and partially locked:
第一种情况如图 2 ( a ) 所示: 所述锁定信息为是否全部锁定的 标识, 若该标识为全部锁定, 则所述锁定模块 32用于将全部功能锁 定; 若该标识为部分锁定, 则所述锁定模块 32用于将预先设定的功 能锁定。  The first case is as shown in FIG. 2( a ): the lock information is an identifier of whether all locks, and if the identifier is all locks, the lock module 32 is used to lock all functions; if the identifier is partially locked The lock module 32 is used to lock a preset function.
第二种情况如图 2 ( b ) 所示: 所述锁定信息为一个或多个待锁 定的数据项对应的数据项标识; 则所述锁定模块 32用于将所述标识 对应的数据项锁定。  The second case is as shown in FIG. 2( b ): the lock information is a data item identifier corresponding to one or more data items to be locked; then the lock module 32 is configured to lock the data item corresponding to the identifier .
所述第一设备管理服务器 11还包括获取命令下发模块 22和第二 接收模块 23 ,其中,获取命令下发模块 22用于向终端下发获取命令; 第二接收模块 23用于接收终端上报的数据项标识;则所述终端 12还 包括存储模块 33和上报模块 34 , 其中, 存储模块 33用于存储自身 能够锁定的数据项对应的数据项标识; 上报模块 34用于将存储的所 述数据项标识上报至所述第一设备管理服务器 11。  The first device management server 11 further includes an acquisition command issuing module 22 and a second receiving module 23, wherein the obtaining command issuing module 22 is configured to send an obtaining command to the terminal; and the second receiving module 23 is configured to receive the terminal reporting. The data item identifier; the terminal 12 further includes a storage module 33 and a reporting module 34, wherein the storage module 33 is configured to store a data item identifier corresponding to the data item that can be locked by itself; the reporting module 34 is configured to store the data item The data item identifier is reported to the first device management server 11.
第三种情况: 锁定信息为是否全部锁定的标识中的一个, 和 /或 待锁定的数据项对应的数据项标识。 若该标识为全部锁定, 则所述锁 定模块 32用于将全部功能锁定; 若该标识为部分锁定, 则所述锁定 模块 32用于将预先设定的功能锁定; 若该标识为数据项标识, 则所 锁定信息还可以是全部锁定标识和数据项标识的组合,或部分锁 定标识和数据项标识的组合, 在本实施例中,设定是否全部锁定的标 识的优先级高于数据项标识, 则锁定模块 32可以只执行全部锁定标 识或部分锁定标识对应的操作, 而不执行数据项标识对应的操作。 在上述三种锁定过程之后, DM服务器可以指示终端将已锁定的 功能解锁, 即本发明实施例中所谓的解锁过程。 在本发明实施例中, 解锁的过程可以有多种, 包括但不限于以下几种: The third case: the lock information is one of the IDs that are all locked, and/or the data item identifier corresponding to the data item to be locked. If the identifier is all locked, the locking module 32 is used to lock all functions; if the identifier is partially locked, the locking module 32 is used to lock a preset function; if the identifier is a data item identifier The locked information may also be a combination of all the lock identifiers and the data item identifiers, or a combination of the partial lock identifiers and the data item identifiers. In this embodiment, it is set whether the identifiers of all the locked identifiers have higher priority than the data item identifiers. , the locking module 32 can execute only all the locking labels The operation corresponding to the identification or partial locking is not performed, and the operation corresponding to the data item identification is not performed. After the above three locking processes, the DM server can instruct the terminal to unlock the locked function, that is, the so-called unlocking process in the embodiment of the present invention. In the embodiment of the present invention, the process of unlocking may be various, including but not limited to the following:
1、 如图 2 ( c )所示, 若所述锁定命令下发模块 21还用于下发 安全密码, 则所述系统还包括第二设备管理服务器 13 , 用于向所述 终端 12下发解锁命令和安全密码; 终端 12还包括第一判断模块 35 和解锁模块 36, 其中, 第一判断模块 35用于判断接收到的第二设备 管理服务器 13下发的安全密码与第一设备管理服务器 11下发的安全 密码是否相同, 当相同时, 触发所述解锁模块 36; 解锁模块 36用于 执行解锁操作。  As shown in FIG. 2(c), if the lock command issuing module 21 is further configured to send a security password, the system further includes a second device management server 13 for delivering the data to the terminal 12. The terminal 12 further includes a first judging module 35 and an unlocking module 36, wherein the first judging module 35 is configured to determine the received security password and the first device management server delivered by the second device management server 13. The security passwords issued by the 11 are the same. When the same, the unlocking module 36 is triggered. The unlocking module 36 is configured to perform an unlocking operation.
2、 如图 2 ( d ) 所示, 若所述锁定命令下发模块 21还用于下发 自身的标识, 则终端 12还包括第二判断模块 37 , 用于将所述第二设 备管理服务器 13的标识与第一设备管理服务器 11的标识进行比较, 若标识相同, 则指示所述解锁模块 36执行操作。  2. As shown in FIG. 2(d), if the lock command issuing module 21 is further configured to send its own identifier, the terminal 12 further includes a second determining module 37, configured to use the second device management server. The identifier of 13 is compared with the identifier of the first device management server 11, and if the identifier is the same, the unlocking module 36 is instructed to perform an operation.
3、 如图 2 ( e )所示, 若所述锁定命令下发模块 21还用于下发 允许手动解锁的标识, 则所述终端还包括第三判断模块 38 , 用于将 接收到的密码与预先设定的密码进行比较, 若密码相同, 则指示所述 解锁模块 36执行操作。  3. As shown in FIG. 2(e), if the lock command issuing module 21 is further configured to send an identifier that allows manual unlocking, the terminal further includes a third determining module 38, configured to receive the password. Compared with the preset password, if the password is the same, the unlocking module 36 is instructed to perform an operation.
若所述锁定命令下发模块 21还用于下发解锁密码, 则所述预先 设定的密码为下发的所述解锁密码。  If the lock command is sent to the unlocking password, the pre-set password is the issued unlock password.
若所述锁定命令下发模块 21还用于下发允许利用本机密码解锁 的标识, 则所述预先设定的密码为终端自身保存的本机密码。  If the lock command issuing module 21 is further configured to issue an identifier that allows unlocking with the local password, the preset password is a local password saved by the terminal itself.
图 2 ( c )、 图 2 ( d )和图 2 ( e )所示的三种解锁方式也可以综合 一起, 如按照设定的优先级条件逐步进行判断, 当满足设定条件时, 将终端解锁。  The three unlocking methods shown in Fig. 2 (c), Fig. 2 (d) and Fig. 2 (e) can also be combined together, such as stepwise judgment according to the set priority conditions. When the set conditions are met, the terminal will be Unlock.
在本发明个实施例中, DM服务器下发的各种命令及参数都是通 过 DM协议承载的, 并且 DM下发的参数可以是和锁定命令或解锁 命令一起下发, 也可以是利用 DM协议分别下发的。 下面结合具体实施例详细描述本发明方法。 In the embodiment of the present invention, various commands and parameters sent by the DM server are carried by the DM protocol, and the parameters sent by the DM may be delivered together with the lock command or the unlock command, or may be the DM protocol. Issued separately. The method of the present invention is described in detail below in conjunction with specific embodiments.
在本发明各实施例中所涉及的服务器为 DM服务器。如图 3所示, 为本发明实施例一对应的实施例二中对终端数据进行保护的流程示 意图, 在本实施例中, DM服务器首先终端的全部或部分功能进行锁 定, 后续解锁过程中, 将已被锁定的功能解锁, 具体包括如下步骤: 步骤 S301 : DM服务器向终端下发锁定命令,该命令中包含锁定 信息, 该锁定信息指示终端将全部功能锁定, 或将部分功能锁定。  The server involved in the embodiments of the present invention is a DM server. As shown in FIG. 3, it is a schematic flowchart of protecting terminal data in Embodiment 2 corresponding to Embodiment 1 of the present invention. In this embodiment, all or part of the functions of the DM server are first locked, and in the subsequent unlocking process, The function of the unlocked function is as follows: Step S301: The DM server sends a lock command to the terminal, where the command includes lock information, the lock information indicates that the terminal locks all functions, or locks some functions.
步骤 S302: 终端接收到所述锁定命令后, 根据所述锁定信息将 全部功能或部分功能锁定,并向 DM服务器上报锁定是否成功的响应 消息。  Step S302: After receiving the lock command, the terminal locks all functions or partial functions according to the lock information, and reports a response message indicating whether the lock is successful to the DM server.
在本实施例和后续实施例中, 终端将全部功能锁定是指: 除法律 允许的会话(如: 紧急呼叫会话)和 DM会话之外, 用户将不能使用 终端的功能, 所有外部连接(如蓝牙、 USB 连接等)都不能获得终 端的数据。 终端将部分功能锁定是指: 终端或服务器预先确定当接收 到锁定信息时要锁定的功能, 如除呼入功能、 法律允许的会话和 DM 会话之外,其他功能全部锁定。但是,为了后续让用户实现解锁过程, 已锁定的终端可以提供输入接口,接收用户输入的密码, 这些内容将 在后续实施例描述。  In this embodiment and subsequent embodiments, the terminal locks all functions means: except for legally allowed sessions (eg, emergency call sessions) and DM sessions, the user will not be able to use the functions of the terminal, all external connections (such as Bluetooth) , USB connection, etc.) can not get the data of the terminal. The terminal locks part of the function means: The terminal or server predetermines the function to be locked when receiving the lock information, such as the call-in function, the legally allowed session, and the DM session, all other functions are locked. However, in order to subsequently enable the user to implement the unlocking process, the locked terminal can provide an input interface to receive the password entered by the user, which will be described in the subsequent embodiments.
在具体的实现全部或部分功能锁定时可以有三种情况:  There are three situations when implementing specific or partial functional locking:
第一种情况: 终端和服务器预先约定, 当终端接收到 DM服务器 下发的锁定信息为是否全部锁定的标识, 若该标识为全部锁定, 则所 述终端将全部功能锁定; 若该标识为部分锁定, 则所述终端将预先设 定的功能锁定。  The first case: the terminal and the server pre-agreed, when the terminal receives the lock information sent by the DM server as an all-locked identifier, if the identifier is all locked, the terminal locks all functions; if the identifier is part When locked, the terminal locks the preset function.
第二种情况: DM服务器向终端下发的锁定信息为希望被锁定 的数据项标识, 若该数据项标识包含终端能够锁定的所有数据项标 识, 则终端将全部功能锁定; 若该数据项标识为终端能够锁定的部分 数据项标识, 则所述终端将所述标识对应的数据项锁定。  The second case: the lock information sent by the DM server to the terminal is the identifier of the data item that is to be locked. If the data item identifier includes all the data item identifiers that the terminal can lock, the terminal locks all functions; if the data item identifier The terminal identifies the data item corresponding to the identifier, and the terminal locks the data item corresponding to the identifier.
第三种情况: DM服务器向终端下发的锁定信息为是否全部锁定 的标识中的一个, 和 /或待锁定的数据项对应的数据项标识。 当锁定 信息中包含上述三种标识中的一个,则按照第一种情况或第二种情况 执行操作; 当锁定信息包含是否全部锁定的标识中的一个和待锁定的 数据项对应的数据项标识,由于是否全部锁定的标识的优先级高于数 据项标识, 则终端只执行是否全部锁定的标识对应的操作。 The third case: the lock information sent by the DM server to the terminal is one of the all locked identifiers, and/or the data item identifier corresponding to the data item to be locked. When locked If the information includes one of the above three types of identifiers, the operation is performed according to the first case or the second case; when the lock information includes one of the all locked identifiers and the data item identifier corresponding to the data item to be locked, due to Whether the priority of all the locked identifiers is higher than the data item identifier, the terminal only performs operations corresponding to whether the all locked identifiers are used.
步骤 S303: 若 DM服务器还向终端下发安全密码, 则在解锁过 程中, 只要能够正确提供该安全密码的 DM服务器就能够将终端解 锁。  Step S303: If the DM server also sends a security password to the terminal, the terminal can be unlocked as long as the DM server can correctly provide the security password during the unlocking process.
若第一 DM服务器在锁定终端时下发了安全密码,则只要满足访 问控制权限(ACL ) 的第二 DM服务器就可以向终端发起解锁命令, 在该解锁命令中携带正确的安全密码, 则终端将自身的锁定解除。  If the first DM server sends a security password when the terminal is locked, the second DM server that meets the access control authority (ACL) can initiate an unlocking command to the terminal, and if the unlocking command carries the correct security password, the terminal will Its own lock is released.
原下发锁定命令的 DM服务器和获知安全密码的用户也可以将 终端解码。  The DM server that originally issued the lock command and the user who knows the security password can also decode the terminal.
终端被解锁后, 将向 DM服务器上报是否成功解锁的响应消息。 步骤 S304: DM服务器向终端下发擦除命令,该擦除命令中包含 一个或多个指示待擦除的数据项对应的数据项标识。  After the terminal is unlocked, a response message indicating whether the user is successfully unlocked is reported to the DM server. Step S304: The DM server sends an erasure command to the terminal, where the erasure command includes one or more data item identifiers corresponding to the data items to be erased.
步骤 S305: 终端将自身保存的所述标识对应的数据项擦除, 并 向 DM服务器上报是否成功擦除的响应消息。  Step S305: The terminal erases the data item corresponding to the identifier saved by the terminal, and reports to the DM server whether the response message is successfully erased.
在本实施例中, 要擦除的数据项是终端中的数据内容信息分类, 如短信、 彩信、 通讯录、 通话记录、 记事本、 邮件、 照片、 录音、 录 像和密码等,终端收到擦除命令中携带一个或多个指示待擦除数据项 的标识, 终端将该待擦除的数据项擦除。  In this embodiment, the data item to be erased is a data content information classification in the terminal, such as a short message, a multimedia message, an address book, a call record, a notepad, a mail, a photo, a recording, a video, a password, etc., and the terminal receives the wipe. In addition to the command carrying one or more identifiers indicating the data items to be erased, the terminal erases the data items to be erased.
步骤 S304和步骤 S305与前述步骤 S301至步骤 S303没有绝对 的先后顺序, 可以在终端锁定之前就下发擦除命令, 也可以在终端锁 定之后执行。  Step S304 and step S305 and the foregoing steps S301 to S303 have no absolute sequence, and the erasing command may be issued before the terminal is locked, or may be executed after the terminal is locked.
本发明实施例中的方案可以通过终端管理树来具体实现, DM服 务器下发的各种命令可以是对该终端管理树中的节点进行操作。下面 分别就对终端的锁定、 解锁和擦除数据这几个方面进行详细的描述。  The solution in the embodiment of the present invention may be implemented by using a terminal management tree. The commands sent by the DM server may be operations on nodes in the terminal management tree. The following sections describe the locking, unlocking, and erasing data of the terminal in detail.
如图 4所示,为实现本发明实施例的一种终端管理树的结构示意 图, 通过对图 4中部分或全部节点的操作, 可以实现终端的锁定、 解 锁和擦除数据操作。 As shown in FIG. 4, in order to implement a structure diagram of a terminal management tree in the embodiment of the present invention, the locking and solution of the terminal can be implemented by operating some or all of the nodes in FIG. Lock and erase data operations.
本发明实施例三描述了一种对通过对终端锁定和解锁来实现对 终端数据保护的方案, 从图 4中可以看出, 在 Operation节点下生成 Lock子节点, 该 Lock子节点是可执行节点, 可以接收 DM服务器下 发的锁定命令, 并执行相应的操作, 该 Lock子节点的描述如表 1所  Embodiment 3 of the present invention describes a solution for realizing data protection for a terminal by locking and unlocking the terminal. As can be seen from FIG. 4, a Lock sub-node is generated under the Operation node, and the Lock sub-node is an executable node. The lock command issued by the DM server can be received, and the corresponding operation is performed. The description of the Lock sub-node is as shown in Table 1.
Figure imgf000010_0001
Figure imgf000010_0001
表 1  Table 1
终端接收到的 DM服务器下发的锁定命令后,将该命令中携带的 各种参数信息保存在 LockConfig节点的各子节点下, 下面具体描述 这些子节点:  After the lock command sent by the DM server is received by the terminal, the parameter information carried in the command is saved in each sub-node of the LockConfig node. These sub-nodes are described in detail below:
LAWMO/LockConfig/IsFullLocked子节点, 用于保存锁定信息, IsFullLocked子节点的值为 true或 false。 当值为 true时, 表示指示终 端将全部功能锁定, 当为 false时, 表示指示终端将部分功能锁定。 IsFullLocked子节点的描述如表 2所示。  The LAWMO/LockConfig/IsFullLocked subnode is used to hold the lock information. The value of the IsFullLocked subnode is true or false. When the value is true, it indicates that the terminal will lock all functions. When it is false, it indicates that the terminal will lock some functions. The description of the IsFullLocked subnode is shown in Table 2.
Figure imgf000010_0002
Figure imgf000010_0002
表 2  Table 2
LAWMO/LockConfig/Security Code子节点, 用于保存 DM服务 器下发的安全密码, 在后续用来验证要求解锁的 DM服务器的身份。 该子节点出现的次数为 0或 1次, 若 DM服务器没有下发安全密码, 则该节点可以不存在。 Security Code子节点的描述如表 3所示。 Status Tree Occurrence Format Min.Access TypesThe LAWMO/LockConfig/Security Code sub-node is used to save the security password sent by the DM server, and is used to verify the identity of the DM server that needs to be unlocked. The number of occurrences of the child node is 0 or 1. If the DM server does not send a security password, the node may not exist. The description of the Security Code sub-node is shown in Table 3. Status Tree Occurrence Format Min.Access Types
REQUIRED ZeroorOne 字符型 ( Chr ) No Get, Replace 表 3 REQUIRED ZeroorOne Character ( Chr ) No Get, Replace Table 3
LAWMO/LockConfig/Server ID子节点, 用于保存下发锁定命令 的 DM服务器的 ID, 若该 DM服务器在后续要求对终端解锁, 则可 以不需要验证安全密码,只要通过该 Server ID子节点中的 ID信息确 定要求锁定终端和要求解锁的是同一个 DM服务器, 则执行解锁操 作。 Server ID子节点的描述如表 4所示。 The LAWMO/LockConfig/Server ID sub-node is used to save the ID of the DM server that issued the lock command. If the DM server subsequently requests to unlock the terminal, the AAA server may not need to verify the security password, as long as it passes through the server ID sub-node. The ID information determines that the terminal is required to be locked and the same DM server is required to be unlocked, and the unlocking operation is performed. The description of the Server ID sub-node is shown in Table 4.
Figure imgf000011_0002
Figure imgf000011_0002
表 4  Table 4
LAWMO/Operation/UnLock子节点是一个可执行节点,用于接收 DM服务器下发的解锁命令, 并执行解锁操作。 UnLock子节点的描 述如表 5所示。 The LAWMO/Operation/UnLock sub-node is an executable node that receives the unlock command issued by the DM server and performs an unlock operation. The description of the UnLock subnode is shown in Table 5.
Figure imgf000011_0003
Figure imgf000011_0003
Figure imgf000011_0001
Figure imgf000011_0001
LAWMO/Operation/UnLock/SecurityCode子节点, 用于将接收到 的解锁命令中的安全密码与 LAWMO/LockConfig/SecurityCode 中保 存的安全密码进行匹配, 验证下发解锁命令的 DM服务器的解锁权 限。 UnLock/SecurityCode子节点的描述如表 6所示。 The LAWMO/Operation/UnLock/SecurityCode sub-node is used to match the security password in the received unlock command with the security password saved in LAWMO/LockConfig/SecurityCode to verify the unlocking authority of the DM server that issued the unlock command. The description of the UnLock/SecurityCode subnode is shown in Table 6.
Figure imgf000011_0004
Figure imgf000011_0004
表 6 通过对表 1至表 6中几个节点的描述, 本发明实施例三的锁定、 解锁方案如下: Table 6 Through the description of several nodes in Tables 1 to 6, the locking and unlocking scheme of the third embodiment of the present invention is as follows:
S1、第一 DM服务器向终端的 LAWMO/Operation/Lock可执行节 点下发锁定命令,该锁定命令中携带锁定信息、安全密码和自身的 ID 信息。  S1. The first DM server sends a lock command to the LAWMO/Operation/Lock executable node of the terminal, where the lock command carries the lock information, the security password, and the ID information of the lock.
在本实施例中, 锁定信息、 安全密码和自身的 ID信息可以和锁 定命令一起下发, 也可以是直接由 DM服务器利用 DM协议下发。  In this embodiment, the lock information, the security password, and the ID information of the user may be delivered together with the lock command, or may be directly sent by the DM server using the DM protocol.
若第一 DM服务器想将终端的功能全部锁定,只允许法律允许的 会话和 DM会话, 则所述锁定信息可以为是否全部锁定的标识, 该标 识可以是 IsFullLocked的参数, 且其值为 true。 若需要终端保持呼入 功能, 则把下发的 IsFullLocked的参数值设为 false。  If the first DM server wants to lock all the functions of the terminal and only allows the legally allowed session and the DM session, the lock information may be an identifier of whether or not all locks, the identifier may be a parameter of IsFullLocked, and its value is true. If the terminal needs to maintain the incoming call function, set the value of the issued IsFullLocked parameter to false.
第一 DM服务器锁定终端后,若希望将解锁权限赋予第二 DM服 务器, 则还需下发 SecurityCode参数, 第二 DM服务器解锁终端时, 需要提供 SecurityCode来验证权限。  After the first DM server locks the terminal, if you want to assign the unlocking authority to the second DM server, you need to send the SecurityCode parameter. When the second DM server unlocks the terminal, you need to provide SecurityCode to verify the permission.
若第一 DM服务器不设置 SecurityCode, 则可以设定为任何其他 的 DM服务器都有解锁终端的权限, 或任何其他的 DM服务器都没 有解锁的权限。 另外, 下发锁定命令的第一 DM服务器再次发起解锁 命令时, 可以不提供 SecurityCode , 终端可以通过记录的 ServerlD确 定第一 DM服务器的权限。  If the first DM server does not set SecurityCode, you can set it to any other DM server to unlock the terminal, or any other DM server does not have the right to unlock. In addition, when the first DM server that issues the lock command initiates the unlock command again, the SecurityCode may not be provided, and the terminal may determine the authority of the first DM server through the recorded Server1D.
第一 DM服务器下发 IsFullLocked, SecurityCode和 ServerlD的 参数时,和后续下发 UnlockCode等的参数时,可以通过替代( Replace ) 命令直接下发参数, 下面是一个具体的实现实例:  When the parameters of IsFullLocked, SecurityCode, and Server1D are delivered by the first DM server, and the parameters such as UnlockCode are sent later, the parameters can be directly delivered by the Replace command. The following is a specific implementation example:
<Replace>  <Replace>
<CmdID>4</CmdID>  <CmdID>4</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/LockConfig/IsFullLocked  <LocURI>/LAWMO/LockConfig/IsFullLocked
</LocURI>  </LocURI>
</Target> <Data>true</Data> <!— IsFullLocked的值 ~> </Target> <Data>true</Data><!— IsFullLocked value~>
</Item>  </Item>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/LockConfig/SecurityCode  <LocURI>/LAWMO/LockConfig/SecurityCode
</LocURI>  </LocURI>
</Target>  </Target>
<Data>ABCD 1234</Data> <!— SecurityCode的值 ― > </Item>  <Data>ABCD 1234</Data> <!- SecurityCode value ― > </Item>
</Replace>  </Replace>
52、终端接收到锁定命令后,将锁定命令中携带的参数赋予到对 应的节点中, 并根据所述参数执行锁定操作。 52. After receiving the lock command, the terminal assigns the parameter carried in the lock command to the corresponding node, and performs a lock operation according to the parameter.
终端接收到安全密码后 , 将该安全密码的值赋予 LAWMO/LockConfig/SecurityCode节点; 终端接收到锁定信息后, 将 该锁定信息值赋予 LAWMO/LockConfig /IsFullLocked节点。 终端从 此次 DM会话中提取出下发锁定指令的 DM服务器的 ID,将该 ID值 赋予 LAWMO/LockConfig/ServerlD节点。  After receiving the security password, the terminal assigns the value of the security password to the LAWMO/LockConfig/SecurityCode node. After receiving the lock information, the terminal assigns the lock information value to the LAWMO/LockConfig /IsFullLocked node. The terminal extracts the ID of the DM server that issued the lock command from the DM session, and assigns the ID value to the LAWMO/LockConfig/ServerlD node.
终端接收到 Lock指令后, 根据携带的参数进行相应的操作。 After receiving the Lock command, the terminal performs corresponding operations according to the parameters carried.
53、若向终端下发锁定命令的第一 DM服务器要求解锁,则直接 向终端的 LAWMO/Operation/UnLock节点下发解锁命令; 否则, 第二 DM服务器向终端下发解锁命令时需要携带安全密码。 If the first DM server that sends the lock command to the terminal requests to be unlocked, the unlock command is sent to the LAMO/Operation/UnLock node of the terminal; otherwise, the second DM server needs to carry the security password when sending the unlock command to the terminal. .
第二 DM服务器下发安全密码的方式可以有两种: 一种通过 The second DM server can send security passwords in two ways:
Replace命令直接下发参数, 第二种是用 Exec中的 data元素携带,这 两种方案的具体实现如下所示: The Replace command directly delivers the parameters, and the second is carried by the data element in Exec. The specific implementations of the two schemes are as follows:
1、 通过 Replace命令直接下发参数。  1. Directly issue parameters through the Replace command.
<Sequence>  <Sequence>
<Replace>  <Replace>
<CmdID>4</CmdID>  <CmdID>4</CmdID>
<Item> <Target> <Item> <Target>
<LocURI>/LAWMO/Operation/UnLock/SecurityCode <LocURI>/LAWMO/Operation/UnLock/SecurityCode
</LocURI> </LocURI>
</Target>  </Target>
<Data>ABCD 1234</Data> <!一安全密码 ― >  <Data>ABCD 1234</Data> <! A secure password ― >
</Item>  </Item>
</Replace>  </Replace>
<Exec>  <Exec>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/Operation/Unlock </LocURI>  <LocURI>/LAWMO/Operation/Unlock </LocURI>
</Target>  </Target>
</Item>  </Item>
</Exec>  </Exec>
</Sequence>  </Sequence>
2、 用 Exec指令中的 Data元素携带参数。 2. Carry the parameters with the Data element in the Exec command.
方法如下:  Methods as below:
<Exec>  <Exec>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/Operation/Unlock </LocURI> </Target>  <LocURI>/LAWMO/Operation/Unlock </LocURI> </Target>
<Data>ABCD1234 </Data> <!—安全密码 —>  <Data>ABCD1234 </Data> <!—Security Password —>
</Item>  </Item>
</Exec>  </Exec>
S4、终端接收到解锁命令后,判断第二 DM服务器是否具有解锁 的权限, 若具有, 则执行解锁操作, 否则, 拒绝执行, 并返回错误信 息。 S4. After receiving the unlocking command, the terminal determines whether the second DM server has an unlocking function. Permissions, if yes, perform an unlock operation, otherwise, refuse execution and return an error message.
终端对 DM服务器的鉴权过程如图 5所示,该过程主要包括以下 步骤:  The authentication process of the terminal to the DM server is shown in Figure 5. The process mainly includes the following steps:
步骤 S501、终端判断下发解锁命令的第二 DM服务器的 ID与下 发锁定命令的第一 DM服务器 ID是否相同,若相同,执行步骤 S504, 否则, 执行步骤 S502。  Step S501: The terminal determines whether the ID of the second DM server that sends the unlock command is the same as the ID of the first DM server that sends the lock command. If yes, step S504 is performed. Otherwise, step S502 is performed.
终端从 DM会话中提取出下发解锁命令的第二 DM服务器的 ID , 若下发两次命令的 DM服务器相同, 则默认该第二 DM服务器具有 解锁的权限,终端直接执行解锁操作。若下发两次命令的服务器不同, 则需要继续判断下发解锁命令的第二 DM服务器是否具有解锁权限。  The terminal extracts the ID of the second DM server that sends the unlocking command from the DM session. If the DM server that sends the command twice is the same, the second DM server has the unlocking authority by default, and the terminal directly performs the unlocking operation. If the server that issued the command is different, you need to continue to determine whether the second DM server that issued the unlock command has the unlock permission.
步骤 S502、 终端判断锁定命令中是否携带了安全密码, 若是, 则执行步骤 S503。 否则, 执行步骤 S504。  Step S502: The terminal determines whether the security password is carried in the lock command. If yes, step S503 is performed. Otherwise, step S504 is performed.
若 LAWMO/LockConfig/SecurityCode子节点中保存了安全密码, 则需要下发解锁命令时携带匹配的安全密码;若下发原锁定命令中未 携带安全密码, 则可以默认为任何 DM服务器都有解锁的权限, 终端 直接执行解锁操作。  If the security password is saved in the LAMO/LockConfig/SecurityCode sub-node, the matching security password is required to be sent when the unlock command is sent. If the security password is not carried in the original lock command, the DM server can be unlocked by default. Permission, the terminal directly performs the unlock operation.
当然, 在其他实例中, 也可以设定: 若锁定命令中未携带安全密 码, 则默认为除下发锁定命令的 DM服务器之外, 其他 DM服务器 都没有解锁的权限。  Of course, in other instances, you can also set: If the security command is not carried in the lock command, the default is that the DM server except the DM server that issued the lock command has no permission to unlock.
步骤 S503、 判断解锁命令携带的安全密码与锁定命令中携带的 安全密码是否匹配,若匹配,则执行步骤 S504,否则,执行步骤 S505。  Step S503: Determine whether the security password carried in the unlocking command matches the security password carried in the locking command. If yes, go to step S504; otherwise, go to step S505.
若下发解锁命令的第二 DM服务器提供了安全密码,则将该安全 到步骤 S503时, 若判断该安全密码与锁定命令中携带的安全密码相 同, 则认为下发解锁命令的第二 DM服务器具有解锁权限。  If the second DM server that issued the unlocking command provides the security password, the second DM server that issues the unlocking command is considered to be the same as the security password carried in the locking command. Has unlock permission.
步骤 S504、 终端执行解锁操作。  Step S504: The terminal performs an unlocking operation.
步骤 S505、 终端保持原锁定状态。  Step S505: The terminal maintains the original locked state.
无论终端是否解锁, 当步骤 S504或步骤 S505执行之后,终端都 将清除 LAWMO/Operation/UnLock/SecurityCode节点中保存的安全密 码, 以防止被下一次的解锁命令所使用。 Whether the terminal is unlocked or not, after the step S504 or the step S505 is performed, the terminal is The security password saved in the LAWMO/Operation/UnLock/SecurityCode node will be cleared to prevent it from being used by the next unlock command.
在 S4中, 通过综合判断 DM服务器 ID和安全密码的方式来对 第二 DM服务器进行鉴权,这只是本发明实施例的一种情况,终端也 可以利用其他的不同的判断顺序, 还可以只根据 DM服务器 ID或安 全密码来对第二 DM服务器进行鉴权。  In S4, the second DM server is authenticated by comprehensively determining the DM server ID and the security password. This is only a case of the embodiment of the present invention. The terminal may also use other different judgment sequences, or may only use The second DM server is authenticated according to the DM server ID or the security password.
通过对实施例三的描述, 完成了一次由第一 DM服务器锁定终 端, 并且由第二 DM服务器来解锁的过程。 在本发明实施例四中, 还 提供一种由用户来手动解锁的过程, 主要包括以下步骤:  Through the description of the third embodiment, the process of locking the terminal by the first DM server and unlocking by the second DM server is completed. In the fourth embodiment of the present invention, a process for manually unlocking by a user is further provided, which mainly includes the following steps:
Sl、 DM服务器向终端下发锁定命令, 该命令中包含允许手动解 锁的标识。  The DM server sends a lock command to the terminal, and the command includes an identifier that allows manual unlocking.
本步骤中下发锁定命令的过程与实施例三中类似, DM服务器还 可以下发在实施例三的步骤 1中与锁定命令一并下发的参数信息,则 本实施例中既可以实现用户手动解锁,也可以按照实施例三的方式实 现 DM服务器来解锁。  The process of issuing the lock command in this step is similar to that in the third embodiment. The DM server can also send the parameter information that is sent together with the lock command in the first step of the third embodiment, and the user can be implemented in this embodiment. Manually unlocking, the DM server can also be implemented to unlock according to the third embodiment.
锁定命令中可以携带是否允许手动解锁的标识,该标识指示终端 是否允许通过用户输入解锁密码来手动解锁。 终端将该标识保存到 LAWMO/LockConfig/AllowLocallyUnlock子节点中,若该标识取值为 true, 则允许用户将终端解锁; 若该标识取值为 false, 则不允许用户 将终端解锁。 该 AllowLocallyUnlock子节点的描述如表 7所示。  The lock command may carry an identifier indicating whether manual unlocking is allowed, and the identifier indicates whether the terminal is allowed to manually unlock by inputting an unlock password by the user. The terminal saves the identifier to the LAWMO/LockConfig/AllowLocallyUnlock sub-node. If the identifier is true, the user is allowed to unlock the terminal. If the identifier is false, the user is not allowed to unlock the terminal. The description of the AllowLocallyUnlock subnode is shown in Table 7.
若锁定命令中未携带该标识, 可以默认为允许手动解锁, 或默认 为不允许手动解锁。  If the identifier is not carried in the lock command, it can be manually unlocked by default, or the manual unlock is not allowed by default.
Figure imgf000016_0001
Figure imgf000016_0001
表 7  Table 7
DM服务器允许用户手动解锁, 则所述锁定命令中还可以包含解 锁 密 码 , 终 端 将 接 收 到 的 解 锁 密 码 保 存 到The DM server allows the user to manually unlock, and the lock command may also include a solution. Lock the password, the terminal saves the received unlock password to
LAWMO/LockConfig/UnLockCode子节点中, 该解锁密码为用户手动 解锁时的校验码, 若用户在解锁时向终端正确输入该解锁密码, 则认 为该用户具有解码的权限。该 LAWMO/LockConfig/UnLockCode子节 点的描述如表 8所示。 In the LAWMO/LockConfig/UnLockCode sub-node, the unlock password is the check code when the user manually unlocks. If the user correctly inputs the unlock password to the terminal when unlocking, the user is considered to have the decoding right. The description of the LAWMO/LockConfig/UnLockCode sub-node is shown in Table 8.
Figure imgf000017_0001
Figure imgf000017_0001
表 8 用户除了可以利用解锁密码将终端解锁之外,还可以利用终端的 本机密码来解锁。 此情况下, 锁定命令中还携带是否允许利用本机密 码 解 锁 的 标 识 , 终 端 将 该 标 识 保 存 在 LAWMO/LockConfig/LocalPwdAvailable 子节点中, 若该标识取值为 true,则表示允许用户输入本机密码来解锁终端的 LAW MO级别的锁 定; 若该标识取值为 false , 则表示不允许。 该 LocalPwdAvailable子 节点的描述如表 9所示。  Table 8 In addition to unlocking the terminal with the unlock password, the user can also use the terminal's local password to unlock. In this case, the lock command also carries an identifier that allows the unlocking with the local password, and the terminal saves the identifier in the LAWMO/LockConfig/LocalPwdAvailable sub-node. If the identifier is true, the user is allowed to input the local password. To unlock the terminal's LAW MO level; if the value is false, it means not allowed. The description of the LocalPwdAvailable subnode is shown in Table 9.
Figure imgf000017_0002
Figure imgf000017_0002
表 9  Table 9
S2、终端接收到解锁命令后, 判断输入解锁密码的用户是否具有 解锁的权限, 若具有, 则执行解锁操作, 否则, 拒绝执行。 S2. After receiving the unlocking command, the terminal determines whether the user who inputs the unlocking password has the right to unlock. If yes, the unlocking operation is performed. Otherwise, the execution is refused.
终端对用户的鉴权过程如图 6所示, 该过程主要包括以下步骤: 步骤 S601、终端若判断 LAWMO/LockConfig/AllowLocallyUnlock 子节点中保存的标识是 true, 则执行步骤 S602 , 若是 false, 则执行 步骤 S607。  The authentication process of the terminal to the user is as shown in FIG. 6. The process mainly includes the following steps: Step S601: If the terminal determines that the identifier saved in the LAWMO/LockConfig/AllowLocallyUnlock sub-node is true, step S602 is performed, and if it is false, the process is performed. Step S607.
当取值为 true时,表示允许用户通过输入密码手动解锁, 当取值 为 false时, 表示不允许用户手动解锁, 则无论用户向终端输入什么 密码, 都将保持终端的锁定状态。 When the value is true, it means that the user is allowed to manually unlock by entering a password. When the value is false, it means that the user is not allowed to manually unlock, no matter what the user inputs to the terminal. The password will keep the terminal locked.
步骤 S602、 终端判断是否保存了解锁密码, 若是, 则执行步骤 S603 , 否则执行步骤 S604。  Step S602: The terminal determines whether the unlock password is saved. If yes, step S603 is performed; otherwise, step S604 is performed.
若 LAWMO/LockConfig/UnLockCode子节点值为空,则需要进一 步判断是否允许用户利用终端本机密码来解锁。  If the LAWMO/LockConfig/UnLockCode subnode value is blank, further determination is required to allow the user to unlock using the terminal's native password.
步骤 S603、 终端判断接收到的用户输入的解锁密码与保存的解 锁密码是否匹配, 若相同, 则执行步骤 S606, 否则, 执行步骤 S607。  Step S603: The terminal determines whether the received unlock password input by the user matches the saved unlock password. If yes, step S606 is performed; otherwise, step S607 is performed.
在本发明的各实施例中所涉及的密码匹配都可以看作是密码相 同。  The password matching involved in the various embodiments of the present invention can be considered as the same password.
不论终端此时处于全部功能锁定状态,还是处于将设定的功能锁 定的状态, 终端都可以向用户提供一个 UI接口, 用户可以通过此接 口向终端输入密码。  The terminal can provide the user with a UI interface through which the user can enter a password, regardless of whether the terminal is in the full function lock state or in the state in which the set function is locked.
步骤 S604、 终端判断是否允许用户利用本机密码解锁, 若是, 则执行步骤 S605, 否则, 执行步骤 S607。  Step S604: The terminal determines whether the user is allowed to use the local password to unlock. If yes, step S605 is performed; otherwise, step S607 is performed.
步骤 S605、 终端判断接收到的用户输入的本机密码与保存的本 机密码是否匹配, 若相同, 则执行步骤 S606, 否则, 执行步骤 S607。  Step S605: The terminal determines whether the received local password input by the user matches the saved local password. If yes, step S606 is performed; otherwise, step S607 is performed.
步骤 S606、 终端解锁。  Step S606: The terminal is unlocked.
步骤 S607、 终端保持锁定状态。  Step S607: The terminal remains in a locked state.
在 S2中, 通过综合利用解锁密码解锁和本机密码解锁的方式来 进行手动解锁, 在本发明实施例中, 终端也可以利用其他的不同的顺 序来判断, 或只根据解锁密码解锁或本机密码解锁的方式, 来实现手 动解锁。  In S2, the user is manually unlocked by using the unlocking password unlocking and the local password unlocking. In the embodiment of the present invention, the terminal may also use other different order to judge, or only unlock according to the unlocking password or the local device. The way to unlock the password is to achieve manual unlocking.
本发明实施例三和实施例四中所描述的两种实现终端锁定与解 锁的过程都是基于图 4所描述的终端管理树而言的, 实际上, 图 4只 是实现本发明方案的一种情况,终端管理树的结构还可以为图 7所示 的结构, 在此结构中, 利用 LockConfig节点下的 <Y>*子节点来替代 图 4 中 的 LAWMO/LockConfig/IsFullLocked 节点 、 LAWMO /LockConfig/SecurityCode节点、 LAWMO/LockConfig/UnlockCode节 点 、 LAWMO/LockConfig/ServerlD 节 点 、 LAWMO/LockConfig /AllowLocallyUnlock节点和 LAWMO/LockConfig/LocalPwdAvailable 节点等中的一个或多个, 当然, 本实施例中也不限于以上几个节点。 The two processes for implementing terminal locking and unlocking described in Embodiment 3 and Embodiment 4 of the present invention are based on the terminal management tree described in FIG. 4. In fact, FIG. 4 is only one implementation of the solution of the present invention. In the case, the structure of the terminal management tree may also be the structure shown in FIG. 7. In this structure, the <Y>* child node under the LockConfig node is used instead of the LAWMO/LockConfig/IsFullLocked node in FIG. 4, LAWMO /LockConfig/ SecurityCode node, LAWMO/LockConfig/UnlockCode node, LAWMO/LockConfig/ServerlD node, LAWMO/LockConfig One or more of the /AllowLocallyUnlock node and the LAWMO/LockConfig/LocalPwdAvailable node, etc., of course, the present embodiment is not limited to the above several nodes.
基于图 7所示的管理树结构, 本发明实施例五中实现锁定、解锁 的过程与实施例三和实施例四中的过程类似, DM服务器在下发锁定 命令时, 将 IsFullLocked , SecurityCode、 UnlockCode , ServerlD , Based on the management tree structure shown in FIG. 7, the process of implementing the locking and unlocking in the fifth embodiment of the present invention is similar to the process in the third embodiment and the fourth embodiment. When the DM server issues the locking command, it will be IsFullLocked, SecurityCode, UnlockCode, ServerlD,
AllowLocallyUnlock和 LocalPwdAvailable参数中的一个或多个也下 发到终端,保存在 <Y >*节点中, 终端再根据这些参数设置锁定状态, 配置终端的解锁权限。 One or more of the AllowLocallyUnlock and LocalPwdAvailable parameters are also sent to the terminal and saved in the <Y >* node. The terminal then sets the lock status according to these parameters and configures the terminal's unlock permission.
具体的下发过程可以用以下程序描述,该程序只描述了下法安全 密码的过程, 其他参数的下法也类似。  The specific delivery process can be described by the following procedure. The procedure only describes the process of the security password, and the other parameters are similar.
<Add> <Add>
<CmdID>2</CmdID>  <CmdID>2</CmdID>
<Item>  <Item>
<Target><LocURI>LAWMO/LockConfig/SecurityCode</LocURI> </Target>  <Target><LocURI>LAWMO/LockConfig/SecurityCode</LocURI> </Target>
<Data>ABCD 1234</Data> <!一安全密码的值 ― > <Data>ABCD 1234</Data> <! The value of a secure password ->
</Item> </Item>
</Add> 实施例三至实施例五提供了多种对终端数据保护的方案,与实施 例一中描述的系统对应。 </Add> Embodiments 3 through 5 provide various schemes for terminal data protection, corresponding to the system described in Embodiment 1.
除了前述实施例描述的通过将终端锁定的方式实现终端数据保 护之外,本发明实施例六还提供通过对数据项的锁定来实现对终端数 据的保护。所谓的数据项包括但不限于:短消息、联系人信息和 Email。 数据项信息列表可以保存在 LAWMO/OperableContent/<X>节点中, 如图 4所示, 其内容可以由终端确定, 该节点的描述如表 10所示。  In addition to the terminal data protection by means of locking the terminal as described in the foregoing embodiment, the sixth embodiment of the present invention further provides protection of the terminal data by locking the data item. So-called data items include, but are not limited to, short messages, contact information, and email. The list of data item information can be saved in the LAWMO/OperableContent/<X> node, as shown in Figure 4, and its content can be determined by the terminal. The description of the node is shown in Table 10.
Figure imgf000019_0001
Figure imgf000019_0001
表 10 为了实现该能力, 在图 4的基础上, Lock节点下生成一个子节 点 <X>*, 如图 8所示。 X节点中保存 DM服务器要求锁定的数据项 名称。 在此情况下, 在 LockConfig 节点下可以不需要 IsFullLocked 子节点。 Table 10 To achieve this capability, on the basis of Figure 4, a child node <X>* is generated under the Lock node, as shown in Figure 8. The X node stores the name of the data item that the DM server requires to lock. In this case, the IsFullLocked subnode may not be required under the LockConfig node.
本发明实施例六中实现对终端的数据项逐项锁定与解锁的过程 包括以下步骤:  The process of locking and unlocking the data items of the terminal item by item in the sixth embodiment of the present invention includes the following steps:
1、 DM服务器下发获取命令, 并获取终端可锁定的数据项。 1. The DM server sends an acquisition command and obtains a data item that the terminal can lock.
DM 服务器可以利用 Get 命令获取终端管理树上The DM server can use the Get command to get the terminal management tree.
LAWMO/OperableContent/<X>节点的值 , 具体的实现流程可以如下:The value of the LAWMO/OperableContent/<X> node, the specific implementation process can be as follows:
( 1 )、 DM服务器要求获取可锁定的数据项的标识。 (1) The DM server requests to obtain an identifier of the lockable data item.
<Get> <Get>
<CmdID>4</CmdID>  <CmdID>4</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/Operablecontent </LocURI>  <LocURI>/LAWMO/Operablecontent </LocURI>
</Target>  </Target>
</Item>  </Item>
</Get> </Get>
( 2 )、 终端利用 Results命令将 OperableContent节点下的内容返 回给 DM服务器。 (2) The terminal returns the content under the OperableContent node to the DM server by using the Results command.
若 OperableContent 节点下的内容为短消息 ( SMS )、 地址簿 If the content under the OperableContent node is short message (SMS), address book
( AddressBook )和 SIM卡信息( SIMCard ) , 则终端返回给 DM服务 器的消息如下: (AddressBook) and SIM card information (SIMCard), the message returned by the terminal to the DM server is as follows:
<Results> <Results>
<MsgRef K/MsgRef <CmdRef 4</CmdRef  <MsgRef K/MsgRef <CmdRef 4</CmdRef
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Source>  <Source>
<LocURI>/LAWMO/Operablecontent </LocURI> </Source> <LocURI>/LAWMO/Operablecontent </LocURI> </Source>
<Data>SMS/AdressBook/SimCard/</Data>  <Data>SMS/AdressBook/SimCard/</Data>
</Item>  </Item>
</Results> </Results>
本实施例中, 步骤 1也可以不出现。 比如终端和服务器约定好的 数据, 或者已经被标准化的数据项。  In this embodiment, step 1 may not appear. For example, the data agreed by the terminal and the server, or the data items that have been standardized.
2、 DM服务器向终端下发锁定命令, 该命令中包含一个或多个 指示待锁定的数据项对应的数据项标识,终端将该标识对应的数据项 锁定。 The DM server sends a lock command to the terminal, where the command includes one or more data item identifiers corresponding to the data items to be locked, and the terminal locks the data item corresponding to the identifier.
DM服务器在下发锁定命令时, 同时还可以按照实施例三、 四和 五的方案下发其他的参数。  When the DM server issues a lock command, other parameters can be delivered according to the schemes of Embodiments 3, 4, and 5.
DM服务器可以利用 Add命令、 Replace命令或 Exec命令中的 data元素下发数据项标识。 其中, 利用 Replace命令直接下发和 Exec 命令中的 data元素下发的过程与实施例三中的过程类似,此处不再赘 述。 利用 Add命令下发标识的过程如下:  The DM server can use the data element in the Add command, the Replace command, or the Exec command to deliver the data item identifier. The process of delivering the data element in the Exec command and the process in the third embodiment is similar to the process in the third embodiment, and is not described here. The process of sending an identifier using the Add command is as follows:
<Sequence> <Sequence>
<Add>  <Add>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target>  <Target>
</Target> </Target>
<Data>AdressBook</Data>  <Data>AdressBook</Data>
</Item>  </Item>
</Add>  </Add>
<Exec>  <Exec>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target> <LocURI>/LAWMO/Operation/Lock</LocURI> </Target> <Target> <LocURI>/LAWMO/Operation/Lock</LocURI></Target>
</Item>  </Item>
</Exec>  </Exec>
</Sequence> 终端接收到锁定命令后, 判断 Lock节点下是否有子节点, 或者 其子节点中内容为空, 则表示 DM服务器没有指定需要锁定的数据 项, 终端可以按照实施例三、 四和五中的方案进行锁定; 若终端判断 Lock节点下的子节点的内容为 SMS和 AddressBook ,则终端锁定 SMS 和 AddressBook功能, 即终端不能收发短信, 且不能查看或修改电话 </Sequence> After receiving the lock command, the terminal determines whether there is a child node under the Lock node, or the content of the child node is empty, indicating that the DM server does not specify a data item to be locked, and the terminal may follow the third and fourth embodiments. The solution of the fifth is locked; if the terminal determines that the content of the child node under the Lock node is SMS and AddressBook, the terminal locks the SMS and AddressBook functions, that is, the terminal cannot send and receive text messages, and cannot view or modify the phone.
3、 终端根据 DM服务器下发的解锁命令进行解锁。 3. The terminal unlocks according to the unlock command issued by the DM server.
该解锁过程可以与实施例三、 四和五中的方案类似。  This unlocking process can be similar to the ones in the third, fourth and fifth embodiments.
本发明实施例三和实施例六分别描述了两种对终端执行全部锁 定或部分锁定的方案,这两种方案还可以结合在一起实现对终端的全 部锁定或部分锁定。 例如:  The third embodiment and the sixth embodiment of the present invention respectively describe two schemes for performing full locking or partial locking on the terminal, and the two schemes can also be combined to realize full locking or partial locking of the terminal. E.g:
1、 将 IsFullLocked子节点设置为三态, 分别取值为 0、 1和 2。 当取值为 0或 1时,表示 DM服务器下发的锁定信息为是否全部锁定 的标识, 则按照实施例三的方案执行操作; 当取值为 2时, 表示 DM 服务器下发的锁定信息为待锁定的数据项对应的数据项标识,则按照 实施例六的方案执行操作, 此时, 下发的锁定信息中的三种标识为 "或" 的关系; 当取值为 0和 2 (或 1和 2 ) 时, 此时, 下发的锁定 信息中是否全部锁定的标识与数据项标识为 "和" 的关系, 表示锁定 信息为全部(部分)锁定的标识, 但是在 Lock节点下的子节点 <X>* 中添加了一个或多个数据项标识,则可以同时执行实施例三和实施例 六的方案。 进一步地, 若设定是否全部锁定的标识的优先级高于数据 项标识, 则可以按照实施例三的方案执行操作, 而不再执行实施例六 的方案。  1. Set the IsFullLocked subnode to tristate, with values 0, 1, and 2, respectively. If the value is 0 or 1, it indicates that the lock information sent by the DM server is the identifier of the lock. The operation is performed according to the scheme of the third embodiment. When the value is 2, the lock information sent by the DM server is The data item identifier corresponding to the data item to be locked is performed according to the scheme of the sixth embodiment. At this time, the three identifiers in the issued lock information are in the relationship of "or"; when the values are 0 and 2 (or 1 and 2), at this time, whether the lock information of all the lock information and the data item identifier are "and" in the lock information, indicating that the lock information is the identifier of all (partial) lock, but the child under the lock node If one or more data item identifiers are added to the node <X>*, the schemes of the third embodiment and the sixth embodiment can be simultaneously performed. Further, if it is set whether the priority of the all-locked identifier is higher than the data item identifier, the operation may be performed according to the scheme of the third embodiment, and the scheme of the sixth embodiment is not executed.
但是, 若设定是否全部锁定的标识的优先级低于数据项标识, 按 照实施例六的方案执行操作, 而不再执行实施例三的方案。 However, if it is set whether the priority of all locked identifiers is lower than the data item identifier, press The operation of the embodiment 6 is performed, and the solution of the third embodiment is not executed.
本发明实施例七中,还提供了一种通过逐项擦除终端内容来实现 对终端数据保护的方案, 该方案包括:  In the seventh embodiment of the present invention, a solution for protecting data of a terminal by erasing the content of the terminal item by item is provided, and the solution includes:
1、 DM服务器获取终端可擦除的数据项。  1. The DM server obtains a data item that the terminal can erase.
DM服务器下发擦除命令之前可以先获取终端的可擦除数据项, 获取方式与实施例六中的方式类似。 另外, 此步骤也可以不出现。 的数据项相同, 即都为 LAWMO/OperableContent节点下子节点的值。 也可以在终端管理树下生成其他节点来保存终端可擦除的数据项。  The DM server can obtain the erasable data item of the terminal before issuing the erasing command, and the obtaining manner is similar to that in the sixth embodiment. In addition, this step may not appear. The data items are the same, that is, the values of the child nodes under the LAWMO/OperableContent node. Other nodes can also be generated under the terminal management tree to save data items that the terminal can erase.
2、 DM服务器向终端下发擦除命令, 该命令中携带一个或多个 指示终端待擦除的数据项对应的数据项标识。  2. The DM server sends an erasure command to the terminal, where the command carries one or more data item identifiers corresponding to the data items to be erased by the terminal.
DM 服务器 下发的擦除命令是对终端 管 理树下 LAWMO/Operation/wipe可执行节点进行操作,该 wipe节点的描述如 表 11所示。  The erase command issued by the DM server is to operate the LAWMO/Operation/wipe executable node under the terminal management tree. The description of the wipe node is shown in Table 11.
Figure imgf000023_0001
Figure imgf000023_0001
表 11 该 wipe节点下还可以有一个子节点 <X>*,此节点保存了 DM服 务器执行擦除命令时希望擦除的数据项对应的数据项标识 ,该节点的 描述如表 12所示。  Table 11 There may also be a child node <X>* under the wipe node. This node holds the data item identifier corresponding to the data item that the DM server wishes to erase when executing the erase command. The description of the node is shown in Table 12.
Figure imgf000023_0002
Figure imgf000023_0002
表 12  Table 12
DM服务器下发一个或多个指示终端待擦除的数据项对应的数 据项标识, 下发参数的方式有两种, 一种通过 Replace命令直接下发 参数, 第二种是用 Exec中的 data元素携带, 与实施例六过程类似。 3、 终端擦除所述数据项标识对应的数据项, 如图 9所示, 该过 程可以包括: The DM server sends one or more data item identifiers corresponding to the data items to be erased by the terminal. There are two ways to deliver the parameters, one is to directly send the parameters through the Replace command, and the second is to use the data in the Exec. The element is carried, similar to the process of the sixth embodiment. 3. The terminal erases the data item corresponding to the data item identifier. As shown in FIG. 9, the process may include:
步骤 S901、 若终端的 LAWMO/Operation/wipe节点下没有 X子 节点或 X子节点值为空, 即没有下发指示终端待擦除的数据项对应 的数据项标识, 则执行步骤 S904, 否则执行步骤 S902。  In step S901, if there is no X child node or the X child node value is null under the LAWMO/Operation/wipe node of the terminal, that is, the data item identifier corresponding to the data item to be erased by the terminal is not delivered, step S904 is performed, otherwise execution is performed. Step S902.
步骤 S902、 终端判断自身可擦除的数据项标识中是否包含接收 到的数据项标识, 若是则执行步骤 S903 , 否则执行步骤 S905。  Step S902: The terminal determines whether the data item identifier that is erasable by the terminal includes the received data item identifier. If yes, step S903 is performed; otherwise, step S905 is performed.
步骤 S903、 终端将接收到的数据项标识对应的数据项擦除。 若 DM服务器向终端下发数据项标识的指令如下:  Step S903: The terminal erases the data item corresponding to the received data item identifier. If the DM server sends a data item identifier to the terminal, the command is as follows:
<Exec> <Exec>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/Operation/Wipe </LocURI>  <LocURI>/LAWMO/Operation/Wipe </LocURI>
</Target>  </Target>
<Data>AddressBook </Data>  <Data>AddressBook </Data>
</Item>  </Item>
</Exec> 则终端擦除电话簿对应的数据, 此时擦除过程结束。 </Exec> The terminal erases the data corresponding to the phone book, and the erasing process ends.
步骤 S904、 终端根据擦除命令擦除自身的所有数据, 包括设备 存储空间上的数据、 扩展存储介质上的数据, 甚至可以包括 SIM卡 上的数据。  Step S904: The terminal erases all data of the user according to the erasure command, including data on the storage space of the device, data on the extended storage medium, and even data on the SIM card.
步骤 S905、 终端拒绝执行擦除操作。  Step S905: The terminal refuses to perform an erase operation.
本发明实施例七描述了一种通过逐项擦除终端内容来实现对终 端数据保护的方案。 对于实施例七, 还有一个替代方案, 即对实施例 中的第 2步稍作修改。 实施例七中第 2步为, DM服务器向终端下 发擦除命令,并下发一个或多个终端待擦除的数据项对应的数据项标 识; 此替代方案的不同点在于, DM服务器向终端下发擦除命令, 并 下发一个或多个终端上待擦除的数据项的指示。 所述指示可以是待擦除数据项的名称,也可以是待擦除数据项的 标识, 也可以是终端管理树上可擦除数据项的是否擦除指示。 Embodiment 7 of the present invention describes a scheme for realizing data protection for a terminal by erasing the content of the terminal item by item. For the seventh embodiment, there is an alternative, that is, a slight modification to the second step in the embodiment. In the second step of the seventh embodiment, the DM server sends an erase command to the terminal, and sends a data item identifier corresponding to the data item to be erased by one or more terminals; the difference of the alternative is that the DM server The terminal sends an erase command and delivers an indication of the data item to be erased on one or more terminals. The indication may be the name of the data item to be erased, the identifier of the data item to be erased, or the erasure indication of the erasable data item on the terminal management tree.
DM服务器下发所述指示的方式有两种, 一种通过 Replace命令 直接下发参数, 第二种是用 Exec中的 data元素携带, 具体方式与实 施例六过程类似。  There are two ways for the DM server to deliver the indication. One is to directly send parameters through the Replace command, and the second is to use the data element in Exec. The specific method is similar to the procedure in the sixth embodiment.
终端接收到擦除命令后, 擦除所述待擦除数据项。  After receiving the erase command, the terminal erases the data item to be erased.
在终端执行擦除操作中, 擦除密码是一个较为特殊的实施例, In the terminal performing an erase operation, erasing the password is a more specific embodiment.
DM服务器除了可以指示终端擦除密码之外还可以指示终端修改或 设置密码。 In addition to instructing the terminal to erase the password, the DM server can also instruct the terminal to modify or set the password.
本发明实施例八是一种终端擦除、修改密码的方式, 该方式主要 包括以下步骤:  The eighth embodiment of the present invention is a method for a terminal to erase and modify a password, and the method mainly includes the following steps:
1、 DM服务器向终端下发擦除命令。  1. The DM server sends an erase command to the terminal.
此时可以与实施例八相类似, DM服务器通过对 Wipe可执行节 点的操作下发擦除终端上密码的命令。 也可以对终端管理树下 LAWMO/LocalLock/ClearPwd子节点进行操作,该子节点用于擦除终 端上的密码, 该子节点的描述如表 13所示。  At this time, similar to the eighth embodiment, the DM server issues a command to erase the password on the terminal by operating the Wipe executable node. The LAWMO/LocalLock/ClearPwd sub-node can also be operated under the terminal management tree. The sub-node is used to erase the password on the terminal. The description of the sub-node is shown in Table 13.
Figure imgf000025_0001
Figure imgf000025_0001
表 13  Table 13
DM服务器对 ClearPwd子节点进行操作的指令如下: The instructions for the DM server to operate on the ClearPwd subnode are as follows:
<Exec> <Exec>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/LocalLock/ClearPwd </LocURI> </Target>  <LocURI>/LAWMO/LocalLock/ClearPwd </LocURI> </Target>
</Item>  </Item>
</Exec> 若将密码擦除后还希望从新配置新的密码,则可以对终端管理树 下 LAWMO/LocalLock/ChangerPwd子节点进行操作, 该子节点用于 修改终端上的密码, 描述如表 14所示。 </Exec> If you want to reconfigure a new password after erasing the password, you can operate the LAWMO/LocalLock/ChangerPwd sub-node under the terminal management tree. This sub-node is used to modify the password on the terminal. The description is shown in Table 14.
Figure imgf000026_0001
Figure imgf000026_0001
表 14  Table 14
DM服务器对 ChangePwd子节点进行操作的指令如下: The instructions for the DM server to operate on the ChangePwd subnode are as follows:
<Exec> <Exec>
<CmdID>3</CmdID>  <CmdID>3</CmdID>
<Item>  <Item>
<Target>  <Target>
<LocURI>/LAWMO/LocalLock/ChangePwd </LocURI> <LocURI>/LAWMO/LocalLock/ChangePwd </LocURI>
</Target> </Target>
<Data>ABC 123</Data> <!--终端的新密码— >  <Data>ABC 123</Data> <!--New password for the terminal ->
</Item>  </Item>
</Exec> </Exec>
2、 DM服务器下发新的终端密码, 则所述终端擦除原终端密码 后,接收到的新的终端密码作为自身的终端密码; 或者所述终端将接 收到的新的终端密码覆盖原终端密码。 2. After the DM server sends a new terminal password, the terminal replaces the original terminal password, and the received new terminal password is used as its own terminal password; or the terminal receives the new terminal password to overwrite the original terminal. password.
在图 4中, 除了对上述各个节点的描述之外, 还可以在终端管理 树下生成 LAWMO/Operation/FactoryReset子节点。该子节点是可执行 节点, DM服务器可以对该节点进行操作, 指示终端将自身的参数设 置为出厂值, 该节点的描述如表 15所示。  In Fig. 4, in addition to the description of each of the above nodes, a LAWMO/Operation/FactoryReset subnode can be generated under the terminal management tree. The child node is an executable node, and the DM server can operate the node to instruct the terminal to set its own parameter to the factory value. The description of the node is shown in Table 15.
Figure imgf000026_0002
Figure imgf000026_0002
表 15 另外还可以生成 LAWMO/State节点, 该节点用于反映当前终端 的状态是否被锁定。 根据其取值的不同, 体现终端不同的状态, 例如 设定该节点取值为 0时, 表示终端被锁定且为全部功能锁定状态; 该 节点取值为 1时, 表示终端被锁定且设定功能被锁定状态; 该节点取 值为 2时, 表示终端处于未锁定状态; 该节点取值为 3时, 表示终端 处于其他状态。 Table 15 In addition, a LAWMO/State node can be generated, which is used to reflect whether the state of the current terminal is locked. According to different values, different states of the terminal are reflected. For example, when the value of the node is set to 0, the terminal is locked and locked for all functions. When the value of the node is 1, the terminal is locked and set. The function is locked. When the value of the node is 2, the terminal is in the unlocked state. When the value of the node is 3, the terminal is in other states.
在本发明实施例三至实施例八的各个方案都可以结合在一起成 为新的方案。  The various aspects of the third embodiment to the eighth embodiment of the present invention can be combined to form a new one.
针对本发明实施例七和实施例八,本发明实施例九还提供一种对 终端数据保护的系统, 如图 10所示, 该系统包括: 设备管理服务器 41 , 包括擦除命令下发模块 51 , 用于下发擦除命令, 该命令中携带 一个或多个待擦除的数据项对应的数据项标识,且该命令由 DM协议 承载; 终端 42包括第一接收模块 61和擦除模块 62 , 其中, 第一接 收模块 61用于接收所述设备管理服务器 41下发的擦除命令;擦除模 块 62用于擦除所述数据项标识对应的数据项。  For the seventh embodiment and the eighth embodiment of the present invention, the ninth embodiment of the present invention further provides a system for protecting data of the terminal. As shown in FIG. 10, the system includes: a device management server 41, including an erasure command issuing module 51. The command is used to send an erase command, where the command carries one or more data item identifiers corresponding to data items to be erased, and the command is carried by the DM protocol; the terminal 42 includes a first receiving module 61 and an erasing module 62. The first receiving module 61 is configured to receive an erase command issued by the device management server 41, and the erasing module 62 is configured to erase the data item corresponding to the data item identifier.
所述设备管理服务器 41还包括获取命令下发模块 52和第二接收 模块 53 , 其中, 获取命令下发模块 52用于向终端下发获取命令; 第 二接收模块 53用于接收终端上报的数据项标识。所述终端 42还包括 存储模块 63和上报模块 64, 其中, 存储模块 63用于保存的自身能 够擦除的数据项对应的数据项标识; 上报模块 64用于将存储的所述 数据项标识上报给所述设备管理服务器。  The device management server 41 further includes an acquisition command issuing module 52 and a second receiving module 53, wherein the obtaining command issuing module 52 is configured to send an obtaining command to the terminal; and the second receiving module 53 is configured to receive data reported by the terminal. Item identifier. The terminal 42 further includes a storage module 63 and a reporting module 64, wherein the storage module 63 is configured to save the data item identifier corresponding to the data item that can be erased by itself; the reporting module 64 is configured to report the stored data item identifier. The server is managed by the device.
若所述数据项标识包含终端密码标识,且所述擦除命令下发模块 51用于下发终端密码, 则所述终端还包括设置模块 65 , 用于擦除原 终端密码后,接收到的新的终端密码作为自身的终端密码; 或者所述 终端将接收到的新的终端密码覆盖原终端密码。  If the data item identifier includes a terminal password identifier, and the erasure command is sent by the module 51, the terminal further includes a setting module 65, configured to erase the original terminal password, and receive the The new terminal password is used as its own terminal password; or the terminal will overwrite the original terminal password with the new terminal password received.
通过本发明实施例所描述的方法和系统,用户可以根据需要锁定 终端的部分或全部功能, 权限控制机制更加合理, 在解锁过程中更加 灵活, 方便了用户同时还降低了 DM服务器的压力; 另外, 允许对终 端的可操作内容进行单项或多项擦除, 提高了擦除效率。 通过以上的实施方式的描述,本领域的技术人员可以清楚地了解 到本发明可以通过硬件实现,也可以可借助软件加必要的通用硬件平 台的方式来实现基于这样的理解,本发明的技术方案可以以软件产品 的形式体现出来, 该软件产品可以存储在一个非易失性存储介质(可 以是 CD-ROM, U盘, 移动硬盘等) 中, 包括若干指令用以使得一 台计算机设备(可以是个人计算机, 服务器, 或者网络设备等)执行 本发明各个实施例所述的方法。 Through the method and system described in the embodiments of the present invention, the user can lock some or all functions of the terminal according to requirements, and the permission control mechanism is more reasonable, and is more flexible in the unlocking process, which facilitates the user and reduces the pressure of the DM server; , allowing single or multiple erasure of the terminal's operable content, improving the erasing efficiency. Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by hardware, or can be implemented by means of software plus necessary general hardware platform, and the technical solution of the present invention. It can be embodied in the form of a software product that can be stored in a non-volatile storage medium (which can be a CD-ROM, a USB flash drive, a mobile hard disk, etc.), including a number of instructions for making a computer device (may It is a personal computer, a server, or a network device, etc.) that performs the methods described in various embodiments of the present invention.
总之, 以上所述仅为本发明的较佳实施例而已, 并非用于限定本 发明的保护范围。 凡在本发明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  In conclusion, the above description is only a preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权利要求 Rights request
1、 一种对终端数据保护的方法, 其特征在于, 所述方法包括: 第一设备管理服务器向终端下发锁定命令,所述锁定命令中包含 指示终端将全部功能锁定或将部分功能锁定的锁定信息 ,且所述命令 由设备管理 DM协议承载; A method for protecting data of a terminal, the method comprising: the first device management server sends a lock command to the terminal, where the lock command includes indicating that the terminal locks all functions or locks some functions. Locking information, and the command is carried by the device management DM protocol;
所述终端 4艮据所述锁定命令将全部或部分功能锁定。  The terminal 4 locks all or part of the function according to the lock command.
2、 如权利要求 1所述对终端数据保护的方法, 其特征在于, 所 述锁定信息为是否全部锁定的标识, 若所述标识为全部锁定, 则所述 终端将全部功能锁定; 若所述标识为部分锁定, 则所述终端将部分功 能锁定。  The method for protecting data of a terminal according to claim 1, wherein the lock information is an identifier of whether all of the locks are locked, and if the identifier is all locked, the terminal locks all functions; When the identification is partially locked, the terminal will lock some functions.
3、 如权利要求 1所述对终端数据保护的方法, 其特征在于, 所 述锁定信息为一个或多个待锁定的数据项对应的数据项标识,则所述 终端将所述标识对应的数据项锁定。  The method for protecting data of a terminal according to claim 1, wherein the lock information is a data item identifier corresponding to one or more data items to be locked, and the terminal corresponding data of the identifier Item lock.
4、 如权利要求 3所述对终端数据保护的方法, 其特征在于, 所 述第一设备管理服务器向终端下发锁定命令之前还包括:  The method for protecting the data of the terminal according to claim 3, wherein before the sending, by the first device management server, the lock command to the terminal, the method further includes:
所述第一设备管理服务器向终端下发获取命令;  The first device management server sends an acquisition command to the terminal;
所述终端将保存的自身能够锁定的数据项对应的数据项标识发 送给所述第一设备管理服务器。  The terminal sends the saved data item identifier corresponding to the data item that can be locked by itself to the first device management server.
5、 如权利要求 1所述对终端数据保护的方法, 其特征在于, 所 述锁定信息为是否全部锁定的标识中的一个, 和 /或待锁定的数据项 对应的数据项标识;  The method for protecting data of a terminal according to claim 1, wherein the lock information is one of an identifier that is all locked, and/or a data item identifier corresponding to the data item to be locked;
若所述标识为全部锁定, 则所述终端将全部功能锁定; 若所述标 识为部分锁定, 则所述终端将预先设定的功能锁定; 若所述标识为数 据项标识, 则所述终端将所述数据项标识对应的数据项锁定。 If the identifier is all locked, the terminal locks all functions; if the identifier is partially locked, the terminal locks a preset function; if the identifier is a data item identifier, the terminal Locking the data item corresponding to the data item identifier.
6、 如权利要求 5所述对终端数据保护的方法, 其特征在于, 所 述是否全部锁定的标识的优先级高于数据项标识。 The method for protecting data of a terminal according to claim 5, wherein whether the all-locked identifier has a higher priority than the data item identifier.
7、 如权利要求 1、 2、 3或 5所述对终端数据保护的方法, 其特 征在于, 若所述第一设备管理服务器还向终端下发安全密码, 则所述 终端根据所述锁定信息将全部或部分功能锁定之后, 还包括:  The method for protecting data of a terminal according to claim 1, 2, 3 or 5, wherein, if the first device management server further sends a security password to the terminal, the terminal according to the lock information After locking all or part of the functionality, it also includes:
第二设备管理服务器向所述终端下发解锁命令和安全密码; 若终端判断接收到的第二设备管理服务器下发的安全密码与第 一设备管理服务器下发的安全密码相同, 则执行解锁操作。  And the second device management server sends an unlocking command and a security password to the terminal; if the terminal determines that the received security password sent by the second device management server is the same as the security password sent by the first device management server, performing the unlocking operation. .
8、 如权利要求 7所述对终端数据保护的方法, 其特征在于, 若 所述第一设备管理服务器还向终端下发自身的标识,则所述方法还包 括:  The method for protecting data of a terminal according to claim 7, wherein, if the first device management server further sends its own identifier to the terminal, the method further includes:
所述终端将下发解锁命令的第二设备管理服务器的标识与第一 设备管理服务器的标识进行比较, 若标识相同, 则执行解锁操作。  The terminal compares the identifier of the second device management server that sends the unlock command with the identifier of the first device management server. If the identifiers are the same, the unlocking operation is performed.
9、 如权利要求 1、 2、 3或 5所述对终端数据保护的方法, 其特 征在于,若所述第一设备管理服务器还向终端下发允许手动解锁的标 识, 则允许用户手动将终端解锁。  The method for protecting data of a terminal according to claim 1, 2, 3 or 5, wherein if the first device management server further sends an identifier that allows manual unlocking to the terminal, the user is allowed to manually connect the terminal. Unlock.
10、 如权利要求 9所述对终端数据保护的方法, 其特征在于, 若 所述第一设备管理服务器还向终端下发解锁密码, 则解锁过程包括: 终端接收到用户输入的解锁密码之后,若判断该解锁密码与接收 到的解锁密码相同, 则执行解锁操作。  The method for protecting data of a terminal according to claim 9, wherein, if the first device management server further sends an unlocking password to the terminal, the unlocking process includes: after the terminal receives the unlocking password input by the user, If it is determined that the unlock password is the same as the received unlock password, an unlocking operation is performed.
11、 如权利要求 9所述对终端数据保护的方法, 其特征在于, 若 所述第一设备管理服务器还向终端下发允许利用本机密码解锁的标 识, 则解锁过程包括:  The method for protecting data of a terminal according to claim 9, wherein if the first device management server further sends an identifier to the terminal that is allowed to be unlocked by using the local password, the unlocking process includes:
终端接收到用户输入的本机密码之后,若判断所述本机密码与自 身保存的本机密码相同, 则执行解锁操作。 After the terminal receives the local password input by the user, if it is determined that the local password is the same as the local password saved by itself, the terminal performs an unlocking operation.
12、 一种对终端数据保护的方法, 其特征在于, 所述方法包括: 在终端管理树上保存终端的可擦除的数据项; 12. A method for protecting data of a terminal, the method comprising: storing an erasable data item of the terminal on a terminal management tree;
设备管理服务器根据所述可擦除的数据项向终端下发擦除命令, 且所述命令由 DM协议承载;  And the device management server sends an erasing command to the terminal according to the erasable data item, and the command is carried by the DM protocol;
终端擦除所述待擦除的数据项。  The terminal erases the data item to be erased.
13、 如权利要求 12所述对终端数据保护的方法, 所述根据可擦 除的数据项向终端下发擦除命令, 其特征在于:  The method for protecting data of a terminal according to claim 12, wherein the erasing command is sent to the terminal according to the erasable data item, and the feature is:
设备管理服务器向终端下发擦除命令,所述擦除命令中携带一个 或多个待擦除数据项的指示。  The device management server issues an erase command to the terminal, the erase command carrying an indication of one or more data items to be erased.
14、 如权利要求 13所述对终端数据保护的方法, 其特征在于: 所述待擦除数据项的指示可以是数据项标识。  The method for protecting data of a terminal according to claim 13, wherein: the indication of the data item to be erased may be a data item identifier.
15、 如权利要求 13所述对终端数据保护的方法, 其特征在于: 所述待擦除数据项的指示可以是数据项的名称或终端管理树上 数据项的是否擦除指示。  The method for protecting data of a terminal according to claim 13, wherein: the indication of the data item to be erased may be a name of the data item or an indication of whether the data item on the terminal management tree is erased.
16、 如权利要求 12所述对终端数据保护的方法, 其特征在于, 所述设备管理服务器向终端下发擦除命令之前还包括:  The method for protecting the data of the terminal according to claim 12, wherein before the device management server sends the erasure command to the terminal, the method further includes:
所述设备管理服务器向终端下发获取命令;  The device management server sends an acquisition command to the terminal;
所述终端将自身保存的能够擦除的数据项对应的数据项标识发 送给所述设备管理服务器。  The terminal sends the data item identifier corresponding to the erasable data item saved by the terminal to the device management server.
17、 如权利要求 16所述对终端数据保护的方法, 其特征在于, 所述数据项标识包含终端密码标识。  The method for protecting data of a terminal according to claim 16, wherein the data item identifier comprises a terminal password identifier.
18、 如权利要求 17所述对终端数据保护的方法, 其特征在于, 所述设备服务器下发新的终端密码, 则所述终端擦除原终端密码后, 接收到的新的终端密码作为自身的终端密码; 或者  The method for protecting data of a terminal according to claim 17, wherein the device server sends a new terminal password, and after the terminal erases the original terminal password, the received new terminal password is used as its own. Terminal password; or
所述终端将接收到的新的终端密码覆盖原终端密码。 The terminal will overwrite the original terminal password with the new terminal password received.
19、 一种对终端数据保护的系统, 其特征在于, 所述系统包括: 第一设备管理服务器, 包括锁定命令下发模块, 用于下发锁定命 令,所述命令中包含指示终端将全部功能锁定或将部分功能锁定的锁 定信息, 且所述命令由设备管理 DM协议承载; A system for protecting data of a terminal, wherein the system includes: a first device management server, including a lock command issuing module, configured to send a lock command, where the command includes indicating that the terminal will perform all functions. Locking or locking information about partial functions, and the command is carried by the device management DM protocol;
终端, 包括:  Terminal, including:
第一接收模块, 用于接收所述锁定命令;  a first receiving module, configured to receive the locking command;
锁定模块, 用于根据所述锁定信息将全部或部分功能锁定。 And a locking module, configured to lock all or part of the function according to the locking information.
20、 如权利要求 19所述对终端数据保护的系统, 其特征在于, 所述锁定信息为是否全部锁定的标识, 若所述标识为全部锁定, 则所 述锁定模块, 用于将全部功能锁定; The system for protecting data of a terminal according to claim 19, wherein the lock information is an identifier of whether all of the locks are locked, and if the identifier is all locked, the lock module is configured to lock all functions. ;
若所述标识为部分锁定, 则所述锁定模块, 用于将预先设定的功 能锁定。  If the identifier is partially locked, the locking module is configured to lock a preset function.
21、 如权利要求 19所述对终端数据保护的系统, 其特征在于, 所述锁定信息为一个或多个待锁定的数据项对应的数据项标识; 则 所述锁定模块, 用于将所述标识对应的数据项锁定。  The system for protecting data of a terminal according to claim 19, wherein the lock information is a data item identifier corresponding to one or more data items to be locked; and the locking module is configured to: Identifies the corresponding data item lock.
22、 如权利要求 21所述对终端数据保护的系统, 其特征在于, 所述设备管理服务器还包括:  The system for protecting data of a terminal according to claim 21, wherein the device management server further comprises:
获取命令下发模块, 用于向终端下发获取命令;  Obtaining a command issuing module, configured to send an obtaining command to the terminal;
第二接收模块, 用于接收终端上报的数据项标识;  a second receiving module, configured to receive a data item identifier reported by the terminal;
所述终端还包括:  The terminal further includes:
存储模块, 用于存储自身能够锁定的数据项对应的数据项标识; a storage module, configured to store a data item identifier corresponding to a data item that can be locked by itself;
23、 如权利要求 19所述对终端数据保护的系统, 其特征在于, 所述锁定信息为是否全部锁定的标识中的一个, 和 /或待锁定的数据 项对应的数据项标识; The system for protecting data of a terminal according to claim 19, wherein the lock information is one of an identifier that is all locked, and/or a data item identifier corresponding to the data item to be locked;
若所述标识为全部锁定,则所述锁定模块,用于将全部功能锁定; 若所述标识为部分锁定, 则所述锁定模块, 用于将预先设定的功能锁 定; 若所述标识为数据项标识, 则所述锁定模块, 用于将所述数据项 标识对应的数据项锁定。  If the identifier is all locked, the locking module is configured to lock all functions; if the identifier is partially locked, the locking module is configured to lock a preset function; if the identifier is The data item identifier is used by the locking module to lock the data item corresponding to the data item identifier.
24、 如权利要求 19所述对终端数据保护的系统, 其特征在于, 所述是否全部锁定的标识的优先级高于数据项标识。  The system for protecting data of a terminal according to claim 19, wherein the identifier of the all locked identifier has a higher priority than the data item identifier.
25、 如权利要求 19所述对终端数据保护的系统, 其特征在于, 若所述锁定命令下发模块, 还用于下发安全密码, 则所述系统还 包括:  The system for protecting data of a terminal according to claim 19, wherein, if the lock command is sent to the module, the system further includes:
第二设备管理服务器, 用于向所述终端下发解锁命令和安全密 码;  a second device management server, configured to send an unlock command and a security password to the terminal;
所述终端还包括第一判断模块和解锁模块, 其中:  The terminal further includes a first determining module and an unlocking module, where:
所述第一判断模块,用于判断接收到的第二设备管理服务器下发 的安全密码与第一设备管理服务器下发的安全密码是否相同, 当相同 时, 触发所述解锁模块;  The first determining module is configured to determine whether the received security password sent by the second device management server is the same as the security password sent by the first device management server, and when the same is the same, triggering the unlocking module;
所述解锁模块, 用于执行解锁操作。  The unlocking module is configured to perform an unlocking operation.
26、 如权利要求 25所述对终端数据保护的系统, 其特征在于, 若所述锁定命令下发模块, 还用于下发自身的标识, 则  The system for protecting the data of the terminal according to claim 25, wherein, if the locking command is sent by the module, the module is further configured to send the identifier of the terminal,
所述终端还包括:  The terminal further includes:
第二判断模块,用于将所述第二设备管理服务器的标识与第一设 备管理服务器的标识进行比较, 若标识相同, 则指示所述解锁模块执 行操作。 The second determining module is configured to compare the identifier of the second device management server with the identifier of the first device management server, and if the identifier is the same, instruct the unlocking module to perform an operation.
27、 如权利要求 25所述对终端数据保护的系统, 其特征在于, 若所述锁定命令下发模块, 还用于下发锁允许手动解锁的标识, 则所 述终端还包括: The system for protecting the data of the terminal according to claim 25, wherein, if the locking command is sent to the module, and the identifier is further used to enable the manual unlocking, the terminal further includes:
第三判断模块, 用于将接收到的密码与预先设定的密码进行比 较, 若密码相同, 则指示所述解锁模块执行操作。  The third determining module is configured to compare the received password with a preset password, and if the password is the same, instruct the unlocking module to perform an operation.
28、 如权利要求 27所述对终端数据保护的系统, 其特征在于, 若所述锁定命令下发模块, 还用于下发解锁密码, 则所述预先设定的 密码为下发的所述解锁密码。  The system for protecting the data of the terminal according to claim 27, wherein, if the lock command issuing module is further configured to send an unlock password, the preset password is the issued Unlock your password.
29、 如权利要求 27所述对终端数据保护的系统, 其特征在于, 若所述锁定命令下发模块, 还用于下发允许利用本机密码解锁的标 识, 则所述预先设定的密码为终端自身保存的本机密码。  The system for protecting data of a terminal according to claim 27, wherein, if the lock command is sent to the module, and the identifier for unlocking with the local password is issued, the preset password is used. The local password saved for the terminal itself.
30、 一种对终端数据保护的系统, 其特征在于, 所述系统包括: 设备管理服务器, 包括擦除命令下发模块,用于通过由 DM协议 下发擦除命令, 该命令中携带一个或多个待擦除的数据项的指示; 终端, 包括:  30. A system for protecting data of a terminal, the system comprising: a device management server, comprising: an erase command issuing module, configured to send an erase command by the DM protocol, where the command carries one or An indication of a plurality of data items to be erased; the terminal includes:
第一接收模块, 用于接收所述设备管理服务器下发的擦除命令; 擦除模块, 用于擦除所述数据项标识对应的数据项。  a first receiving module, configured to receive an erase command issued by the device management server, and an erasing module, configured to erase a data item corresponding to the data item identifier.
31、 如权利要求 30所述对终端数据保护的系统, 其特征在于, 所述设备管理服务器还包括:  The system for protecting data of a terminal according to claim 30, wherein the device management server further comprises:
获取命令下发模块, 用于向终端下发获取命令;  Obtaining a command issuing module, configured to send an obtaining command to the terminal;
第二接收模块, 用于接收终端上报的数据项标识;  a second receiving module, configured to receive a data item identifier reported by the terminal;
所述终端还包括:  The terminal further includes:
存储模块, 用于保存的自身能够擦除的数据项对应的数据项标 识; 务器。 a storage module, configured to save a data item identifier corresponding to the data item that can be erased by itself; Server.
32、 如权利要求 30所述对终端数据保护的系统, 其特征在于, 若所述数据项标识包含终端密码标识, 且所述擦除命令下发模块, 用 于下发终端密码, 则所述终端还包括:  The system for protecting data of a terminal according to claim 30, wherein, if the data item identifier includes a terminal password identifier, and the erasing command issuing module is configured to send a terminal password, The terminal also includes:
设置模块, 用于擦除原终端密码后,接收到的新的终端密码作为 自身的终端密码; 或者  a setting module, configured to erase the original terminal password, and receive the new terminal password as its own terminal password; or
所述终端将接收到的新的终端密码覆盖原终端密码。  The terminal will overwrite the original terminal password with the new terminal password received.
PCT/CN2008/072661 2007-10-17 2008-10-10 Method, system and apparatus for terminal information protection WO2009052732A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020097013685A KR101118971B1 (en) 2007-10-17 2008-10-10 Method, system and apparatus for terminal information protection
JP2009545810A JP5065416B2 (en) 2007-10-17 2008-10-10 Method, system and apparatus for protecting terminal data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710182008.4 2007-10-17
CN2007101820084A CN101415182B (en) 2007-10-17 2007-10-17 Method, system and apparatus for protecting terminal data

Publications (1)

Publication Number Publication Date
WO2009052732A1 true WO2009052732A1 (en) 2009-04-30

Family

ID=40579078

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072661 WO2009052732A1 (en) 2007-10-17 2008-10-10 Method, system and apparatus for terminal information protection

Country Status (4)

Country Link
JP (2) JP5065416B2 (en)
KR (1) KR101118971B1 (en)
CN (2) CN101415182B (en)
WO (1) WO2009052732A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101765076A (en) * 2009-12-17 2010-06-30 中兴通讯股份有限公司 Method, device and system for partially locking termination function
CN101730106A (en) * 2009-12-25 2010-06-09 中兴通讯股份有限公司 Terminal management method, device and system
KR101402956B1 (en) * 2012-09-24 2014-06-02 웹싱크 주식회사 Method and system of providing authorization in dm server
CN102917098A (en) * 2012-10-17 2013-02-06 广东欧珀移动通信有限公司 Method and device for preventing important linkman from being wrongly deleted
JP5544409B2 (en) * 2012-11-15 2014-07-09 株式会社Nttドコモ Communication terminal, mobile communication system and method
CN103856938B (en) * 2012-12-04 2017-07-28 中兴通讯股份有限公司 A kind of method of encrypting and decrypting, system and equipment
EP2930879B1 (en) 2012-12-05 2021-02-24 LG Electronics Inc. Method and apparatus for authenticating access authorization in wireless communication system
DE102015210294A1 (en) * 2015-06-03 2016-12-08 Siemens Aktiengesellschaft Client device and server device for secure activation of functions of a client
EP3516789A4 (en) * 2016-09-23 2020-05-06 Wilson Electronics, LLC Booster with an integrated satellite location system module
CN106357865B (en) * 2016-09-26 2019-03-22 宇龙计算机通信科技(深圳)有限公司 Delete the method and system of contact information
CN111488560A (en) * 2020-04-07 2020-08-04 四川虹美智能科技有限公司 Intelligent device control method and system and intelligent device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040110488A1 (en) * 2002-12-10 2004-06-10 Nokia Corporation System and method for performing security functions of a mobile station
CN1545358A (en) * 2003-11-14 2004-11-10 Method for preventing illegal use of user identification module
CN1717082A (en) * 2004-07-02 2006-01-04 乐金电子(中国)研究开发中心有限公司 Anti-theft method and system of mobile communication terminal
CN1780485A (en) * 2004-11-25 2006-05-31 乐金电子(中国)研究开发中心有限公司 Method for preventing from illegal duplication of mobile communication terminal

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001268216A (en) * 2000-03-15 2001-09-28 Hitachi Ltd Mobile terminal and its control method
KR100547712B1 (en) * 2003-02-28 2006-01-31 삼성전자주식회사 How to lock and unlock the camera on a portable device with a camera
JP2006211377A (en) * 2005-01-28 2006-08-10 Matsushita Electric Ind Co Ltd Wireless terminal device
KR100941540B1 (en) * 2005-06-02 2010-02-10 엘지전자 주식회사 System and method for setting configuration-value inthereof
CN1852138A (en) * 2005-07-30 2006-10-25 华为技术有限公司 Terminal management method and system
WO2007099938A1 (en) * 2006-02-27 2007-09-07 Kyocera Corporation Communication system and communication device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040110488A1 (en) * 2002-12-10 2004-06-10 Nokia Corporation System and method for performing security functions of a mobile station
CN1545358A (en) * 2003-11-14 2004-11-10 Method for preventing illegal use of user identification module
CN1717082A (en) * 2004-07-02 2006-01-04 乐金电子(中国)研究开发中心有限公司 Anti-theft method and system of mobile communication terminal
CN1780485A (en) * 2004-11-25 2006-05-31 乐金电子(中国)研究开发中心有限公司 Method for preventing from illegal duplication of mobile communication terminal

Also Published As

Publication number Publication date
CN102752741B (en) 2016-01-27
CN101415182A (en) 2009-04-22
JP2010516212A (en) 2010-05-13
CN102752741A (en) 2012-10-24
KR101118971B1 (en) 2012-02-28
JP5447882B2 (en) 2014-03-19
CN101415182B (en) 2013-01-30
KR20090087941A (en) 2009-08-18
JP5065416B2 (en) 2012-10-31
JP2012065349A (en) 2012-03-29

Similar Documents

Publication Publication Date Title
WO2009052732A1 (en) Method, system and apparatus for terminal information protection
US10575174B2 (en) Secure protocol for peer-to-peer network
US10162959B2 (en) Method and apparatus for providing subscriber identity module-based data encryption and remote management of portable storage devices
US9596232B2 (en) Managing sharing of wireless network login passwords
US9917698B2 (en) Management of certificates for mobile devices
CN100486173C (en) Configuring of network settings of thin client devices using portable storage media
EP2560346B1 (en) Method and apparatuses for locking information for a mobile terminal
CN102204304B (en) Support of multiple pre-shared keys in access point
JP4764012B2 (en) Configuring an ad hoc wireless network using portable media devices
US8571522B2 (en) Authentication method for the mobile terminal and a system thereof
TW201211815A (en) Method for legally unlocking a SIM card lock, unlocking server, and unlocking system
WO2009015585A1 (en) Method, system and terminal for right control in device management
WO2007003103A1 (en) A method for sharing data and a method for recovering the backup data
US20140184394A1 (en) Communication device and method for controlling electronic device
CN102917098A (en) Method and device for preventing important linkman from being wrongly deleted
WO2018165983A1 (en) Euicc profile deletion method and device
WO2009076866A1 (en) Method, system and device for remote control terminal
JP2011108183A (en) Communication control system, central device, terminal device, and computer program
KR101564733B1 (en) Mobile terminal operation lock system and method thereof
KR101495766B1 (en) System and method for remote security management
JP6223878B2 (en) Communication system, communication terminal, and terminal control method
WO2013104151A1 (en) Device management server and method for executing user data erasure by management device
CN115664692A (en) Control method for restoring factory settings of door lock
US7974267B2 (en) Telephone system, and main unit and terminal registration method therefor
WO2009033431A1 (en) A method to erase terminal data and terminal device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 2323/KOLNP/2009

Country of ref document: IN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08843111

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2009545810

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1020097013685

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08843111

Country of ref document: EP

Kind code of ref document: A1