WO2011130970A1 - Device and method for protecting data of mobile terminal - Google Patents

Device and method for protecting data of mobile terminal Download PDF

Info

Publication number
WO2011130970A1
WO2011130970A1 PCT/CN2010/075604 CN2010075604W WO2011130970A1 WO 2011130970 A1 WO2011130970 A1 WO 2011130970A1 CN 2010075604 W CN2010075604 W CN 2010075604W WO 2011130970 A1 WO2011130970 A1 WO 2011130970A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
verification code
data
user
security
Prior art date
Application number
PCT/CN2010/075604
Other languages
French (fr)
Chinese (zh)
Inventor
黄翠荣
李娜娜
何经纬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011130970A1 publication Critical patent/WO2011130970A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the present invention relates to information security technologies, and more particularly to a data protection device and method for a mobile terminal.
  • BACKGROUND OF THE INVENTION Convenient contact can also store a large amount of important information.
  • memory cards and smart phones personal data stored on mobile terminals has become more and more important. If mobile terminals are lost or illegally obtained by others, the loss to users is far greater than the value of mobile terminals themselves. , which will bring a lot of trouble to the user's life or work.
  • Existing mobile terminals basically support network services, and mobile terminal Internet access has become a trend of development. For example, data obtained by hackers and illegally used will have a great impact on users.
  • the data of the mobile terminal is lost, usually in the following situations:
  • Step A Pre-processing the communication terminal to accept a certain instruction, and can send the user information of the communication terminal to other communication terminals and/or networks according to the instruction;
  • the other communication terminal or network should be in a state in which the user can obtain information from the user to ensure that the user can obtain the received information from the user.
  • User data Pre-processing the communication terminal to accept a certain instruction, and can send the user information of the communication terminal to other communication terminals and/or networks according to the instruction;
  • the other communication terminal or network should be in a state in which the user can obtain information from the user to ensure that the user can obtain the received information from the user.
  • User data Step B. When the user data needs to be transferred, the determined instruction is sent to the communication terminal; Step C.
  • the communication terminal After receiving the determined instruction, the communication terminal sends the user data to the user information by means of MMS The other communication terminal and/or the network, and delete the user profile on the communication terminal after the transmission is successful.
  • MMS Mobile Multimedia Subsystem
  • Chinese patent CN200710140321.1 discloses a mobile communication system, which comprises a communication device, a user identification module and a controller; the user identification module comprises the first a SIM card; in the booting process, when the controller detects that the original second SIM card is removed and the first SIM card is installed in the subscriber identity module of the mobile communication system, the transmitting device is lost through the communication device The notification information is sent to the receiving end, and the data contained therein can determine the location of the mobile communication system or determine the telephone number of the user used in the mobile communication system.
  • the present invention provides a data protection device for a mobile terminal, the device comprising: a user security management module, configured to enable or disable a security function of the mobile terminal, and automatically detect whether the security parameter changes when the mobile terminal is powered on and the security function is enabled. If the security parameter changes, the verification code is regenerated and the user is notified by the verification code sending manner, and the mobile terminal is put into the standby state through the new verification code; if the security parameter does not change, the mobile terminal is entered through the original verification code. standby mode;
  • the security parameters include: a user identity module (SIM) card number, a flash memory identifier (FLASH ID), an international mobile device identity code (IMEI) number, and user identity information.
  • SIM user identity module
  • FLASH ID flash memory identifier
  • IMEI international mobile device identity code
  • the user security management module includes: a security function setting module, a verification code generation module, and a verification code sending module;
  • a security function setting module configured to enable or disable a security function of the mobile terminal
  • a verification code generating module configured to generate a verification code by using a cryptographic algorithm for the security parameter in the mobile terminal, and save the verification code in the mobile terminal;
  • the verification code sending module is configured to notify the user that the generated verification code is sent by using the verification code.
  • the security function setting module turns on or off the security function, and specifically includes: if the currently input user identity information is consistent with the user identity information stored in the mobile terminal, encrypting all data of the mobile terminal and re-storing the encrypted Data, and turn on security features;
  • the verification code sending module notifies the user of the generated verification code by using the verification code, and specifically includes: sending the verification code to the network operator, or sending the mobile terminal or the mailbox specified by the user;
  • the modification of the verification code sending manner is specifically: after the correct user identity information is input and the verification is successful, the verification code sending manner is modified.
  • the user security management module further includes: a key generation module and a verification module; wherein a key generation module, configured to generate a generated verification code by using a certain operation and save the key in the mobile terminal;
  • the verification module is configured to verify whether the currently input verification code is consistent with the verification code stored by the mobile terminal after the mobile terminal is powered on and the security function is enabled. If the authentication code is consistent, the mobile terminal enters a standby state; otherwise, the verification code is required to be re-entered.
  • the present invention also provides a data protection method for a mobile terminal, the method comprising: after the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes, and if the security parameter changes, the mobile terminal regenerates the verification code. And the user is notified by the verification code sending manner, and the mobile terminal enters the standby state by using the new verification code; if the security parameter does not change, the mobile terminal is put into the standby state by using the original verification code;
  • the mobile terminal After the mobile terminal that has turned on the security function enters the standby state, the mobile terminal performs encryption or decryption operations on the data inside the mobile terminal and the data inside the storage medium associated with the mobile terminal according to the key generated by the verification code.
  • the security parameter includes: a SIM card number, a FLASH ID, an IMEI number, and user identity information.
  • the mobile terminal regenerating the verification code specifically includes: the mobile terminal generates a verification code by using a cryptographic algorithm, and saves the verification code in the mobile terminal.
  • the notifying the user by using the verification code sending manner includes: sending the verification code to the network operator, or sending the verification code to the mobile terminal or mailbox specified by the user; wherein, the modification of the verification code sending manner Specifically, after the correct user identity information is entered and the verification is successful, the verification code sending mode is modified.
  • the method further includes: the mobile terminal generates a new key by using a certain algorithm by the verification code, and saves the data in the mobile terminal, decrypts all the data by using the original key, and uses the new key. After the key is re-encrypted, the encrypted data is saved.
  • the method further includes: after the mobile terminal is powered on, if the security function is turned off, Then the mobile terminal directly enters the standby state.
  • the data protection device and method for the mobile terminal provided by the present invention, after the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes. If the security parameter changes, the mobile terminal regenerates the verification code and passes the verification code.
  • the sending method notifies the user that the mobile terminal enters the standby state through the new verification code; if the security parameter does not change, the mobile terminal enters the standby state through the original verification code; the mobile terminal pairs the data of the mobile terminal according to the key stored by the mobile terminal. , or the data inside the storage medium associated with the mobile terminal performs an encryption or decryption operation.
  • the data in the SIM card, the FLASH and the external memory card are all encrypted, and the verification code is difficult to obtain, and the key is verified.
  • the code generation is also difficult to obtain, so the data encrypted by the key can ensure the security of the data, can prevent the illegal user from stealing the data of the mobile terminal, and can completely solve the problem of data security of the mobile terminal, and the advantages thereof are as follows:
  • FIG. 1 is a structural diagram of a data protection device of a mobile terminal according to the present invention.
  • FIG. 2 is a menu interface diagram of a security management module in a data protection device of a mobile terminal of the present invention
  • the basic idea of the present invention is: After the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes. If the security parameter changes, the mobile terminal regenerates the verification code and notifies the user through the verification code sending manner, The verification code causes the mobile terminal to enter the standby state; if the security parameter does not change, the mobile terminal enters the standby state through the original verification code; the mobile terminal pairs the data of the mobile terminal according to the key stored by the mobile terminal, and is related to the mobile terminal The data inside the connected storage medium is encrypted or decrypted.
  • the data protection device of the mobile terminal provided by the present invention includes: a user security management module, located in an existing setting module of the mobile terminal, used to enable or disable the security function of the mobile terminal, and when moving When the terminal is powered on and the security function is enabled, the security parameter is automatically detected. If the security parameter changes, the verification code is regenerated and the user is notified by the verification code sending mode, and the mobile terminal is put into the standby state through the new verification code; If there is no change, the mobile terminal is put into the standby state by using the original verification code;
  • the security parameters include: a SIM card number, a flash memory identifier (FLASH ID), an International Mobile Equipment Identity (IMEI) number, and user identity information; wherein the first three parameters are automatically read by the software of the mobile terminal. Take, and the user identity information is entered by the user.
  • FLASH ID flash memory identifier
  • IMEI International Mobile Equipment Identity
  • the security management module includes: a security function setting module, a verification code generation module, and a verification code sending module; wherein
  • a security function setting module configured to enable or disable a security function of the mobile terminal;
  • the security function can be turned on or off by setting the menu option of the security function on the interface. As shown in Figure 2, if the current security function is enabled, the option to turn off the security function is visible; if the current security function is off, it is turned on. The options for the security feature are visible.
  • the opening security function is specifically: if the currently input user identity information is consistent with the user identity information stored in the mobile terminal, encrypting all data of the mobile terminal, re-storing the encrypted data, and enabling the security function;
  • the security function is turned off, specifically: if the currently input verification code is consistent with the verification code stored in the mobile terminal, all the data of the mobile terminal is decrypted and the decrypted data is re-stored, and the security function is turned off;
  • a verification code generating module configured to generate a verification code by using a certain algorithm, such as a non-symmetric password (RSA, Rivest Shamir Adlemen) algorithm, and save the verification code in a flash memory (FLASH) of the mobile terminal;
  • a certain algorithm such as a non-symmetric password (RSA, Rivest Shamir Adlemen) algorithm
  • the verification code sending module is configured to notify the user that the generated verification code is sent by using the verification code.
  • the verification code sending manner may include: sending the verification code to the network operator, where the user can obtain the verification code by logging in to the operator's website. , or send the verification code to the mobile terminal or mailbox specified by the user, so that the user obtains the verification code by means of a mobile phone short message or email; when the verification code needs to be regenerated, the user can freely select one or more of the above verification codes to send. In the mode, a new verification code is obtained. If the user needs to modify the current verification code, the user identity information needs to be entered. Otherwise, the current verification code cannot be modified.
  • the device further includes: a key generation module and a verification module; wherein
  • the key generation module is configured to generate a key by using a certain algorithm and save the key in a mobile terminal; wherein a relatively secure algorithm may be selected according to an actual situation to generate a key.
  • a new key is generated synchronously, and all data of the mobile terminal is decrypted by the original key, and then encrypted with a new key and stored in a SIM card, a FLASH or an external memory card;
  • Verification module after the mobile terminal is powered on and the security function is turned on, verify the current input test Whether the verification code is consistent with the verification code stored by the mobile terminal. If they are consistent, the mobile terminal enters the standby state; otherwise, the verification code is required to be re-entered.
  • the present invention further provides a data protection method for a mobile terminal, and the power-on verification process of the mobile terminal, as shown in FIG. 3, includes the following steps:
  • Step 301 After the mobile terminal is powered on, it is determined whether the security function is enabled. If the security function is enabled, step 302 is performed; otherwise, the mobile terminal directly enters the standby state, and the process ends.
  • the security function is enabled by looking up the corresponding status bit in the software program in the user security management module, for example: the status bit is 1 means to be on, the status bit is 0 means to be off; if the mobile terminal is After the power is turned on, the security function is turned off, and the mobile terminal directly enters the standby state.
  • Step 302 Detect whether the security parameter of the mobile terminal is changed. If there is no change, go to step 304; otherwise, go to step 303;
  • the mobile terminal automatically detects whether the existing security parameters and the security parameters stored during the last shutdown change, wherein the SIM card number, the FLASH ID, and the IMEI number of the mobile terminal can be automatically read by the software.
  • User identity information needs to be input by the user; if all the parameters are consistent with the parameters stored in the previous shutdown, the security parameters are not changed, and step 304 is performed; as long as one parameter changes, the security parameter is changed, and step 303 is performed, usually In this case, these parameters do not change, so there is no need to regenerate the verification code.
  • Step 303 Regenerate the verification code and notify the user, simultaneously update the key and re-encrypt all data, and save the encrypted data;
  • the mobile terminal can automatically read parameters such as the SIM card number, the FLASH ID, and the IMEI number of the mobile terminal. If the user information changes, the user must first input the correct original user identity information, and then input the new user identity information. And storing the new user identity information in the mobile terminal; all the above parameters are notified to the user by using a certain algorithm, such as an RSA algorithm, to generate a verification code, and the verification code is saved in the FLASH of the mobile terminal; after the verification code is updated, the mobile terminal According to Actually, choose a more secure algorithm to generate a new key synchronously, and use the original key to all
  • a certain algorithm such as an RSA algorithm
  • the method for sending the verification code may include: sending the verification code to the network operator, or sending the verification code to the network operator.
  • the user-specified mobile terminal or mailbox can be selected or modified by the user.
  • Step 304 Enter the verification code and determine whether it is correct. If it is correct, the mobile terminal enters the standby state, and ends the process; otherwise, the user is required to re-enter the verification code, and returns to step 304;
  • a verification code is input in the corresponding menu interface, and the input verification code is compared with the verification code stored in the mobile terminal. If the two are consistent, the user verification code is correct, and the mobile terminal enters a standby state; If the two are inconsistent, the user is required to re-enter the verification code.
  • the security function is turned off when the mobile terminal is powered on, the option to enable the security function is visible, and the security function of the mobile terminal can be turned on by inputting the correct user identity information in the setting menu;
  • the security parameters are: SIM card number, The FLASH ID, the IMEI number, and the user identity information are used to generate a verification code to notify the user through a certain algorithm, such as the RSA algorithm, and the verification code is stored in the FLASH of the mobile terminal; meanwhile, the verification code is generated by a relatively secure algorithm, and the All the data of the mobile terminal is encrypted, and the encrypted data is re-stored; after the user obtains the correct verification code, the mobile terminal enters the standby state under the security function by inputting the verification code.
  • the data in the SIM card, the FLASH and the external memory card are all encrypted, and the data stored in the mobile terminal by the key stored by the mobile terminal itself and associated with the mobile terminal can be associated with the mobile terminal.
  • the data inside the storage medium is encrypted or decrypted.
  • Embodiment 1 Modify the data in the SIM card, and encrypt the modified data and rewrite the data SIM card:
  • the data in the SIM card file is read, decrypted into normal data by using the key, and then saved to a temporary file; secondly, the content of the temporary file is modified, and The data of the temporary file is encrypted by using a key; finally, the encrypted data is written into the SIM card file, and the temporary file is automatically deleted by the mobile terminal, thereby protecting the security of the SIM card file.
  • Embodiment 2 Sending the encrypted picture file in the mobile terminal in the form of a multimedia message: Opening the security function of the mobile terminal, after the mobile terminal enters the standby state, first, opening the picture file in the FLASH of the mobile terminal and reading the data, using the key Decrypt the data and save it to a temporary file; secondly, rename the temporary file to the image file name, and then insert the temporary file into the multimedia message, and after the multimedia message is sent, the mobile terminal automatically deletes The above temporary file, thereby ensuring that the file can be normally received by the other party.
  • Embodiment 3 Encrypt the downloaded data and store it on the external memory card:
  • the file is downloaded to an external memory card such as a USB flash drive, and a temporary file is newly created on the external memory card; secondly, the data in the temporary file is read and Encryption is performed using the key, and then the encrypted data is saved in the temporary file, the temporary file is renamed to the downloaded file name, and the downloaded original file is deleted, thereby ensuring storage on the external memory card.
  • an external memory card such as a USB flash drive
  • a temporary file is newly created on the external memory card
  • the data in the temporary file is read and Encryption is performed using the key, and then the encrypted data is saved in the temporary file, the temporary file is renamed to the downloaded file name, and the downloaded original file is deleted, thereby ensuring storage on the external memory card.
  • the encryption or decryption operation of the data stored in the mobile terminal and the storage medium associated with the mobile terminal by the key pair can effectively prevent data loss and theft, thereby greatly improving the mobile terminal.
  • the security of the data can effectively prevent data loss and theft, thereby greatly improving the mobile terminal.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

A device and method for protecting data of mobile terminal are provided in the present invention. After the mobile terminal starts, if the security function is enabled, the mobile terminal automatically detects whether a security parameter changes or not. If yes, the mobile terminal regenerates an authentication code, and informs the user of said authentication code by a transmitting way of authentication code. Then the mobile terminal enters into a standby state through a new authentication code. If the security parameter does not change, the mobile terminal enters into a standby state through an original authentication code. The mobile terminal, according to a key stored in the mobile terminal itself, encrypts or decrypts the data in the mobile terminal and the data in a storage medium associated with the mobile terminal. The device and method in the present invention can prevent an illegal user from using data of the mobile terminal without permission and protect the data security of the mobile terminal.

Description

一种移动终端的数据保护装置及方法 技术领域  Data protection device and method for mobile terminal
本发明涉及信息安全技术, 特别是指一种移动终端的数据保护装置及 方法。 背景技术 方便联系, 还可以存储大量的重要信息。 随着存储卡和智能手机的推出, 移动终端上存储的个人资料变得更多、 更重要, 如果移动终端丟失或被他 人非法获取到, 给用户带来的损失远远大于移动终端本身的价值, 从而会 给用户的生活或工作带来很多的麻烦。 现有移动终端基本上都支持网络服 务, 移动终端上网已经成为发展的趋势, 如被黑客获取数据并且非法利用, 将对用户造成很大的影响。  The present invention relates to information security technologies, and more particularly to a data protection device and method for a mobile terminal. BACKGROUND OF THE INVENTION Convenient contact can also store a large amount of important information. With the introduction of memory cards and smart phones, personal data stored on mobile terminals has become more and more important. If mobile terminals are lost or illegally obtained by others, the loss to users is far greater than the value of mobile terminals themselves. , which will bring a lot of trouble to the user's life or work. Existing mobile terminals basically support network services, and mobile terminal Internet access has become a trend of development. For example, data obtained by hackers and illegally used will have a great impact on users.
移动终端的数据丟失, 通常有下面几种情况:  The data of the mobile terminal is lost, usually in the following situations:
( 1 )移动终端在使用网络时, 移动终端上存储的数据被黑客非法盗取; (1) When the mobile terminal is using the network, the data stored on the mobile terminal is illegally stolen by the hacker;
( 2 ) 移动终端丟失, 用户身份识别模块 ( SIM , Subscriber Identity Module )卡、 闪存(FLASH )数据和外部存储卡数据被非法用户获取;(2) The mobile terminal is lost, and the user identity module (SIM, Subscriber Identity Module) card, flash memory (FLASH) data, and external memory card data are acquired by the illegal user;
( 3 )移动终端使用中, 外部存储卡的数据被非法用户获取。 (3) When the mobile terminal is in use, the data of the external memory card is acquired by the illegal user.
中国专利 CN200810211327.8, 发明名称为 "通信终端数据安全保护方 法及系统" 中公开的技术方案, 可以在移动终端丟失的情况下尽量恢复该 终端的用户数据。 其主要实现方案包括: 步骤 A. 对通信终端进行预处理, 使其能够接受某种确定的指令, 并能够根据该指令将该通信终端的用户资 料发送到其它通信终端和 /或网络上; 并且, 所述其它通信终端或者网络应 处于用户能够从中获取信息的状态, 以保证用户能够从中获取其接收到的 用户资料; 步骤 B. 当需要转移用户资料的时候, 向该通信终端发送所述确 定的指令; 步骤 C. 该通信终端收到所述确定的指令后, 釆用彩信的方式将 用户资料发送到所述其它通信终端和 /或网络上, 并在发送成功后删除该通 信终端上的用户资料。 但是上述方案中, 通过彩信发送数据的可行性很低, 如果 SIM卡余额不足, 彩信就不能发送, 无法实现恢复数据的功能, 可见 此方法不适用于所有的情况。 Chinese patent CN200810211327.8, the technical solution disclosed in the name of "communication terminal data security protection method and system", can restore the user data of the terminal as much as possible when the mobile terminal is lost. The main implementations include: Step A. Pre-processing the communication terminal to accept a certain instruction, and can send the user information of the communication terminal to other communication terminals and/or networks according to the instruction; The other communication terminal or network should be in a state in which the user can obtain information from the user to ensure that the user can obtain the received information from the user. User data; Step B. When the user data needs to be transferred, the determined instruction is sent to the communication terminal; Step C. After receiving the determined instruction, the communication terminal sends the user data to the user information by means of MMS The other communication terminal and/or the network, and delete the user profile on the communication terminal after the transmission is successful. However, in the above solution, the feasibility of sending data through the MMS is very low. If the SIM card balance is insufficient, the MMS cannot be sent, and the function of restoring data cannot be realized. It can be seen that this method is not applicable to all situations.
中国专利 CN200710140321.1 , 发明名称为 "反遭窃与具数据安全的移 动通讯系统" 中公开了一种移动通讯系统, 其包含通讯装置、 用户识别模 块、 控制器; 该用户识别模块包含第一 SIM卡; 在开机程序中, 当该控制 器检测到原先的第二 SIM卡被移出且该第一 SIM卡被装于该移动通讯系统 的该用户识别模块中时, 通过该通讯装置传送装置遗失通知信息至接收端, 其包含的数据可以确定该移动通讯系统所在位置, 或确定使用于该移动通 讯系统中的用户电话号码。 该方案中虽然可以判断出移动终端的丟失, 而 且被更换了 SIM卡, 但是仅仅通知用户此终端丟失, 非法者仍然可以获取 并使用移动终端的数据, 可见该方案并不能保护移动终端数据的安全性。 发明内容  Chinese patent CN200710140321.1, the invention entitled "Anti-theft and data security mobile communication system" discloses a mobile communication system, which comprises a communication device, a user identification module and a controller; the user identification module comprises the first a SIM card; in the booting process, when the controller detects that the original second SIM card is removed and the first SIM card is installed in the subscriber identity module of the mobile communication system, the transmitting device is lost through the communication device The notification information is sent to the receiving end, and the data contained therein can determine the location of the mobile communication system or determine the telephone number of the user used in the mobile communication system. In this solution, although the loss of the mobile terminal can be judged and the SIM card is replaced, but only the user is notified that the terminal is lost, the illegal person can still obtain and use the data of the mobile terminal, and it can be seen that the solution cannot protect the data of the mobile terminal. Sex. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种移动终端的数据保护装置 及方法, 能保证移动终端内部的数据的安全性, 以及与该移动终端相关联 的存储介质内部的数据的安全性。  In view of the above, it is a primary object of the present invention to provide a data protection apparatus and method for a mobile terminal that can ensure the security of data within the mobile terminal and the security of data within the storage medium associated with the mobile terminal.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种移动终端的数据保护装置, 该装置包括: 用户安全 管理模块, 用于开启或关闭移动终端的安全功能, 在移动终端开机并开启 安全功能时, 自动检测安全参数是否发生变化, 若安全参数变化, 则重新 生成验证码并通过验证码发送方式通知用户, 通过新的验证码使移动终端 进入待机状态; 若安全参数没有变化, 则通过原有验证码使移动终端进入 待机状态; The present invention provides a data protection device for a mobile terminal, the device comprising: a user security management module, configured to enable or disable a security function of the mobile terminal, and automatically detect whether the security parameter changes when the mobile terminal is powered on and the security function is enabled. If the security parameter changes, the verification code is regenerated and the user is notified by the verification code sending manner, and the mobile terminal is put into the standby state through the new verification code; if the security parameter does not change, the mobile terminal is entered through the original verification code. standby mode;
还用于在开启安全功能的移动终端进入待机状态后, 根据所述验证码 生成的密钥对移动终端内部的数据, 以及与该移动终端相关联的存储介质 内部的数据进行加密或解密操作。  It is also used to encrypt or decrypt the data inside the mobile terminal and the data inside the storage medium associated with the mobile terminal according to the key generated by the verification code after the mobile terminal that has turned on the security function enters the standby state.
上述方案中, 所述安全参数包括: 用户身份识别模块 (SIM )卡号、 闪存标识(FLASH ID )、 国际移动设备身份码 ( IMEI )号和用户身份信息。  In the above solution, the security parameters include: a user identity module (SIM) card number, a flash memory identifier (FLASH ID), an international mobile device identity code (IMEI) number, and user identity information.
上述方案中, 所述用户安全管理模块包括: 安全功能设置模块、 验证 码生成模块、 验证码发送模块; 其中,  In the above solution, the user security management module includes: a security function setting module, a verification code generation module, and a verification code sending module;
安全功能设置模块, 用于开启或关闭移动终端的安全功能;  a security function setting module, configured to enable or disable a security function of the mobile terminal;
验证码生成模块, 用于将移动终端中的安全参数通过密码算法生成验 证码, 并保存在移动终端中;  a verification code generating module, configured to generate a verification code by using a cryptographic algorithm for the security parameter in the mobile terminal, and save the verification code in the mobile terminal;
验证码发送模块, 用于将生成的验证码通过验证码发送方式通知用户。 上述方案中, 所述安全功能设置模块开启或关闭安全功能, 具体包括: 如果当前输入的用户身份信息与移动终端中存储的用户身份信息一 致, 将移动终端所有数据进行加密并重新存储加密后的数据, 并开启安全 功能;  The verification code sending module is configured to notify the user that the generated verification code is sent by using the verification code. In the foregoing solution, the security function setting module turns on or off the security function, and specifically includes: if the currently input user identity information is consistent with the user identity information stored in the mobile terminal, encrypting all data of the mobile terminal and re-storing the encrypted Data, and turn on security features;
如果当前输入的验证码与移动终端中存储的验证码一致, 将移动终端 的所有数据进行解密并重新存储解密后的数据, 并关闭安全功能。  If the currently entered verification code matches the verification code stored in the mobile terminal, all data of the mobile terminal is decrypted and the decrypted data is re-stored, and the security function is turned off.
上述方案中, 所述验证码发送模块将生成的验证码通过验证码发送方 式通知用户, 具体包括: 将验证码发送给网络运营商, 或者发送给用户指 定的移动终端或邮箱;  In the above solution, the verification code sending module notifies the user of the generated verification code by using the verification code, and specifically includes: sending the verification code to the network operator, or sending the mobile terminal or the mailbox specified by the user;
其中, 所述验证码发送方式的修改, 具体为: 通过输入正确的用户身 份信息并验证成功后, 再修改验证码发送方式。  The modification of the verification code sending manner is specifically: after the correct user identity information is input and the verification is successful, the verification code sending manner is modified.
上述方案中, 所述用户安全管理模块还包括: 密钥生成模块和验证模 块; 其中, 密钥生成模块, 用于将生成的验证码通过一定运算生成密钥并保存在 移动终端中; In the above solution, the user security management module further includes: a key generation module and a verification module; wherein a key generation module, configured to generate a generated verification code by using a certain operation and save the key in the mobile terminal;
验证模块, 用于移动终端开机并开启安全功能后, 验证当前输入的验 证码与移动终端存储的验证码是否一致, 如果一致, 则移动终端进入待机 状态; 否则, 要求重新输入验证码。  The verification module is configured to verify whether the currently input verification code is consistent with the verification code stored by the mobile terminal after the mobile terminal is powered on and the security function is enabled. If the authentication code is consistent, the mobile terminal enters a standby state; otherwise, the verification code is required to be re-entered.
本发明还提供了一种移动终端的数据保护方法, 该方法包括: 移动终端开机后, 如果安全功能开启, 移动终端自动检测安全参数是 否发生变化, 若安全参数变化, 则移动终端重新生成验证码并通过验证码 发送方式通知用户, 通过新的验证码使移动终端进入待机状态; 若安全参 数没有变化, 则通过原有验证码使移动终端进入待机状态;  The present invention also provides a data protection method for a mobile terminal, the method comprising: after the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes, and if the security parameter changes, the mobile terminal regenerates the verification code. And the user is notified by the verification code sending manner, and the mobile terminal enters the standby state by using the new verification code; if the security parameter does not change, the mobile terminal is put into the standby state by using the original verification code;
开启安全功能的移动终端进入待机状态后, 移动终端根据所述验证码 生成的密钥对移动终端内部的数据, 以及与该移动终端相关联的存储介质 内部的数据进行加密或解密操作。  After the mobile terminal that has turned on the security function enters the standby state, the mobile terminal performs encryption or decryption operations on the data inside the mobile terminal and the data inside the storage medium associated with the mobile terminal according to the key generated by the verification code.
上述方案中, 所述安全参数, 包括: SIM卡号、 FLASH ID、 IMEI号 和用户身份信息。  In the foregoing solution, the security parameter includes: a SIM card number, a FLASH ID, an IMEI number, and user identity information.
上述方案中, 所述移动终端重新生成验证码, 具体包括: 移动终端将 安全参数通过密码算法生成验证码, 并保存在移动终端中。  In the foregoing solution, the mobile terminal regenerating the verification code specifically includes: the mobile terminal generates a verification code by using a cryptographic algorithm, and saves the verification code in the mobile terminal.
上述方案中, 所述通过验证码发送方式通知用户, 具体包括: 将验证 码发送给网络运营商, 或者将验证码发送给用户指定的移动终端或邮箱; 其中, 所述验证码发送方式的修改, 具体为: 通过输入正确的用户身 份信息并验证成功后, 再修改验证码发送方式。  In the foregoing solution, the notifying the user by using the verification code sending manner includes: sending the verification code to the network operator, or sending the verification code to the mobile terminal or mailbox specified by the user; wherein, the modification of the verification code sending manner Specifically, after the correct user identity information is entered and the verification is successful, the verification code sending mode is modified.
上述方案中, 所述移动终端重新生成验证码后, 该方法还包括: 移动 终端将验证码通过一定算法生成新的密钥, 并保存在移动终端, 用原密钥 将所有数据解密, 并用新密钥重新加密后, 保存加密后的数据。  In the above solution, after the mobile terminal regenerates the verification code, the method further includes: the mobile terminal generates a new key by using a certain algorithm by the verification code, and saves the data in the mobile terminal, decrypts all the data by using the original key, and uses the new key. After the key is re-encrypted, the encrypted data is saved.
上述方案中, 该方法还包括: 移动终端开机后, 如果安全功能关闭, 则移动终端直接进入待机状态。 In the above solution, the method further includes: after the mobile terminal is powered on, if the security function is turned off, Then the mobile terminal directly enters the standby state.
本发明所提供的移动终端的数据保护装置及方法, 移动终端开机后, 如果安全功能开启, 移动终端自动检测安全参数是否发生变化, 若安全参 数变化, 则移动终端重新生成验证码并通过验证码发送方式通知用户, 通 过新的验证码使移动终端进入待机状态; 若安全参数没有变化, 则通过原 有验证码使移动终端进入待机状态; 移动终端根据自身存储的密钥对移动 终端内部的数据, 或与该移动终端相关联的存储介质内部的数据进行加密 或解密操作。  The data protection device and method for the mobile terminal provided by the present invention, after the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes. If the security parameter changes, the mobile terminal regenerates the verification code and passes the verification code. The sending method notifies the user that the mobile terminal enters the standby state through the new verification code; if the security parameter does not change, the mobile terminal enters the standby state through the original verification code; the mobile terminal pairs the data of the mobile terminal according to the key stored by the mobile terminal. , or the data inside the storage medium associated with the mobile terminal performs an encryption or decryption operation.
釆用本发明所述的装置及方法, 移动终端在安全功能下进入待机状态 后, SIM卡、 FLASH和外部存储卡中的数据都是加密的, 由于验证码不易 获取, 而密钥是通过验证码生成的, 也很难获取, 所以釆用该密钥加密的 数据可以保证数据的安全性, 可以防止非法用户盗用移动终端的数据, 完 全可以解决移动终端的数据安全的问题, 其优点在于:  After the mobile terminal enters the standby state under the security function, the data in the SIM card, the FLASH and the external memory card are all encrypted, and the verification code is difficult to obtain, and the key is verified. The code generation is also difficult to obtain, so the data encrypted by the key can ensure the security of the data, can prevent the illegal user from stealing the data of the mobile terminal, and can completely solve the problem of data security of the mobile terminal, and the advantages thereof are as follows:
1 )如果移动终端在使用网络中, 数据被黑客盗取, 但由于黑客没有密 钥, 也无法获取真实数据;  1) If the mobile terminal is using the network, the data is stolen by the hacker, but since the hacker does not have the key, the real data cannot be obtained;
2 )如果移动终端丟失, SIM卡、 FLASH数据和外部存储卡数据被非 法用户获取, 但由于非法用户没有密钥, 也是同样无法获取真实数据的;  2) If the mobile terminal is lost, the SIM card, FLASH data and external memory card data are acquired by the illegal user, but since the illegal user does not have the key, the real data cannot be obtained as well;
3 )如果移动终端在使用中, 外部存储卡的数据被非法用户获取并放入 其他移动终端, 但是由于读出的数据是加密的, 而且非法用户没有密钥, 也同样无法获取真实数据。 也就是说, 移动终端的数据, 只有在本终端上 才能正常使用, 以其他方式获取的, 都是加密的数据, 由于没有密钥和相 关的终端软件来解密, 仍然无法正常使用数据。 附图说明  3) If the mobile terminal is in use, the data of the external memory card is acquired by the illegal user and placed in another mobile terminal, but since the read data is encrypted, and the illegal user does not have the key, the real data cannot be obtained. That is to say, the data of the mobile terminal can only be used normally on the terminal, and the data obtained by other means is encrypted data. Since there is no key and related terminal software for decryption, the data cannot be used normally. DRAWINGS
图 1为本发明移动终端的数据保护装置组成结构图;  1 is a structural diagram of a data protection device of a mobile terminal according to the present invention;
图 2为本发明移动终端的数据保护装置中安全管理模块的菜单界面示 意图; 2 is a menu interface diagram of a security management module in a data protection device of a mobile terminal of the present invention; Intention
具体实施方式 detailed description
本发明的基本思想是: 移动终端开机后, 如果安全功能开启, 移动终 端自动检测安全参数是否发生变化, 若安全参数变化, 则移动终端重新生 成验证码并通过验证码发送方式通知用户, 通过新的验证码使移动终端进 入待机状态; 若安全参数没有变化, 则通过原有验证码使移动终端进入待 机状态; 移动终端根据自身存储的密钥对移动终端内部的数据, 以及与该 移动终端相关联的存储介质内部的数据进行加密或解密操作。  The basic idea of the present invention is: After the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes. If the security parameter changes, the mobile terminal regenerates the verification code and notifies the user through the verification code sending manner, The verification code causes the mobile terminal to enter the standby state; if the security parameter does not change, the mobile terminal enters the standby state through the original verification code; the mobile terminal pairs the data of the mobile terminal according to the key stored by the mobile terminal, and is related to the mobile terminal The data inside the connected storage medium is encrypted or decrypted.
本发明提供的移动终端的数据保护装置, 如图 1 所示, 该装置包括: 用户安全管理模块, 位于移动终端现有的设置模块中, 用于开启或关闭移 动终端的安全功能, 并当移动终端开机并开启安全功能时, 自动检测安全 参数是否发生变化, 若安全参数变化, 则重新生成验证码并通过验证码发 送方式通知用户, 通过新的验证码使移动终端进入待机状态; 若安全参数 没有变化, 则通过原有验证码使移动终端进入待机状态;  The data protection device of the mobile terminal provided by the present invention, as shown in FIG. 1, includes: a user security management module, located in an existing setting module of the mobile terminal, used to enable or disable the security function of the mobile terminal, and when moving When the terminal is powered on and the security function is enabled, the security parameter is automatically detected. If the security parameter changes, the verification code is regenerated and the user is notified by the verification code sending mode, and the mobile terminal is put into the standby state through the new verification code; If there is no change, the mobile terminal is put into the standby state by using the original verification code;
还用于根据移动终端存储的密钥对移动终端内部的数据, 以及与该移 动终端相关联的存储介质内部的数据进行加密或解密操作, 如: 数据存储、 数据读取。  It is further configured to perform encryption or decryption operations on data internal to the mobile terminal and data internal to the storage medium associated with the mobile terminal based on a key stored by the mobile terminal, such as data storage, data reading.
这里, 所述安全参数包括: SIM卡号、 闪存标识 (FLASH ID )、 国际 移动设备身份码 ( IMEI, International Mobile Equipment Identity ) 号和用户 身份信息; 其中, 前三个参数可由移动终端的软件自动读取, 而用户身份 信息由用户输入。  Here, the security parameters include: a SIM card number, a flash memory identifier (FLASH ID), an International Mobile Equipment Identity (IMEI) number, and user identity information; wherein the first three parameters are automatically read by the software of the mobile terminal. Take, and the user identity information is entered by the user.
进一步的, 所述安全管理模块包括: 安全功能设置模块、 验证码生成 模块、 验证码发送模块; 其中,  Further, the security management module includes: a security function setting module, a verification code generation module, and a verification code sending module; wherein
安全功能设置模块, 用于开启或关闭移动终端的安全功能; 可以通过设置界面上的安全功能的菜单选项来设置安全功能的开启或 关闭, 如图 2所示, 如果当前安全功能开启, 则关闭安全功能的选项是可 见的; 如果当前安全功能关闭, 则开启安全功能的选项是可见的。 a security function setting module, configured to enable or disable a security function of the mobile terminal; The security function can be turned on or off by setting the menu option of the security function on the interface. As shown in Figure 2, if the current security function is enabled, the option to turn off the security function is visible; if the current security function is off, it is turned on. The options for the security feature are visible.
所述开启安全功能, 具体为: 如果当前输入的用户身份信息与移动终 端中存储的用户身份信息一致, 将移动终端所有的数据进行加密并重新存 储加密后的数据, 并开启安全功能; 所述关闭安全功能, 具体为: 如果当 前输入的验证码与移动终端中存储的验证码一致, 将移动终端的所有数据 进行解密并重新存储解密后的数据, 并关闭安全功能;  The opening security function is specifically: if the currently input user identity information is consistent with the user identity information stored in the mobile terminal, encrypting all data of the mobile terminal, re-storing the encrypted data, and enabling the security function; The security function is turned off, specifically: if the currently input verification code is consistent with the verification code stored in the mobile terminal, all the data of the mobile terminal is decrypted and the decrypted data is re-stored, and the security function is turned off;
验证码生成模块, 用于将移动终端中的安全参数通过一定算法如非对 称密码(RSA, Rivest Shamir Adlemen )算法生成验证码, 并将其保存在移 动终端的闪存(FLASH ) 中;  a verification code generating module, configured to generate a verification code by using a certain algorithm, such as a non-symmetric password (RSA, Rivest Shamir Adlemen) algorithm, and save the verification code in a flash memory (FLASH) of the mobile terminal;
验证码发送模块, 用于将生成的验证码通过验证码发送方式通知用户; 其中, 验证码发送方式可以包括: 将验证码发送给网络运营商, 用户 通过登陆运营商的网站可以获取该验证码, 或者将验证码发送给用户指定 的移动终端或邮箱, 使用户通过手机短信或邮件的形式获取该验证码; 当 需要重新生成验证码时, 用户可以自由选择上述一种或几种验证码发送方 式, 获取到新的验证码; 如果用户需要修改当前验证码的发送方式, 则需 要输入正确的用户身份信息, 否则, 不能修改当前验证码的发送方式。  The verification code sending module is configured to notify the user that the generated verification code is sent by using the verification code. The verification code sending manner may include: sending the verification code to the network operator, where the user can obtain the verification code by logging in to the operator's website. , or send the verification code to the mobile terminal or mailbox specified by the user, so that the user obtains the verification code by means of a mobile phone short message or email; when the verification code needs to be regenerated, the user can freely select one or more of the above verification codes to send. In the mode, a new verification code is obtained. If the user needs to modify the current verification code, the user identity information needs to be entered. Otherwise, the current verification code cannot be modified.
该装置还包括: 密钥生成模块和验证模块; 其中,  The device further includes: a key generation module and a verification module; wherein
密钥生成模块, 用于将生成的验证码通过一定算法生成密钥并保存在 移动终端; 其中, 可以根据实际情况选择相对安全的算法以生成密钥。  The key generation module is configured to generate a key by using a certain algorithm and save the key in a mobile terminal; wherein a relatively secure algorithm may be selected according to an actual situation to generate a key.
这里, 当验证码更新时, 会同步生成新的密钥, 并将移动终端所有的 数据用原密钥进行解密, 再用新密钥进行加密后存入 SIM卡、 FLASH或外 部存储卡;  Here, when the verification code is updated, a new key is generated synchronously, and all data of the mobile terminal is decrypted by the original key, and then encrypted with a new key and stored in a SIM card, a FLASH or an external memory card;
验证模块, 用于移动终端开机并开启安全功能后, 验证当前输入的验 证码与移动终端存储的验证码是否一致, 如果一致, 则移动终端进入待机 状态; 否则, 要求重新输入验证码。 Verification module, after the mobile terminal is powered on and the security function is turned on, verify the current input test Whether the verification code is consistent with the verification code stored by the mobile terminal. If they are consistent, the mobile terminal enters the standby state; otherwise, the verification code is required to be re-entered.
基于上述装置, 本发明还提供了一种移动终端的数据保护方法, 移动 终端的开机验证过程, 如图 3所示, 包括以下步骤:  Based on the foregoing apparatus, the present invention further provides a data protection method for a mobile terminal, and the power-on verification process of the mobile terminal, as shown in FIG. 3, includes the following steps:
步骤 301 : 移动终端开机后, 判断安全功能是否开启, 如果安全功能开 启, 则执行步骤 302; 否则, 移动终端直接进入待机状态, 结束流程。  Step 301: After the mobile terminal is powered on, it is determined whether the security function is enabled. If the security function is enabled, step 302 is performed; otherwise, the mobile terminal directly enters the standby state, and the process ends.
本步骤中, 移动终端开机后, 通过在用户安全管理模块中查找软件程 序中相应的状态位来判断安全功能是否开启, 例如: 状态位为 1表示开启, 状态位为 0表示关闭; 如果移动终端开机后, 安全功能关闭, 则移动终端 直接进入待机状态。  In this step, after the mobile terminal is powered on, it is determined whether the security function is enabled by looking up the corresponding status bit in the software program in the user security management module, for example: the status bit is 1 means to be on, the status bit is 0 means to be off; if the mobile terminal is After the power is turned on, the security function is turned off, and the mobile terminal directly enters the standby state.
步骤 302: 检测移动终端的安全参数是否改变, 如果没有改变, 则执行 步骤 304; 否则, 执行步骤 303 ;  Step 302: Detect whether the security parameter of the mobile terminal is changed. If there is no change, go to step 304; otherwise, go to step 303;
本步骤中, 安全功能开启后, 移动终端自动检测现有的安全参数与上 一次关机时存储的安全参数是否有变化, 其中, SIM卡号、 FLASH ID、 移 动终端的 IMEI号可以通过软件自动读取, 用户身份信息需要由用户输入; 如果所有参数与上一次关机时存储的参数相一致, 则安全参数没有改变, 执行步骤 304; 只要有一个参数发生变化, 则安全参数改变,执行步骤 303 , 通常情况下, 这些参数不会发生变化, 因此不用重新生成验证码。  In this step, after the security function is enabled, the mobile terminal automatically detects whether the existing security parameters and the security parameters stored during the last shutdown change, wherein the SIM card number, the FLASH ID, and the IMEI number of the mobile terminal can be automatically read by the software. User identity information needs to be input by the user; if all the parameters are consistent with the parameters stored in the previous shutdown, the security parameters are not changed, and step 304 is performed; as long as one parameter changes, the security parameter is changed, and step 303 is performed, usually In this case, these parameters do not change, so there is no need to regenerate the verification code.
步骤 303: 重新生成验证码并通知用户, 同时更新密钥并重新加密所有 数据, 保存加密后的数据;  Step 303: Regenerate the verification code and notify the user, simultaneously update the key and re-encrypt all data, and save the encrypted data;
本步骤中, 移动终端可以自动读取 SIM卡号、 FLASH ID、 移动终端的 IMEI号等参数, 如果是用户信息发生改变, 则首先需要输入正确的原用户 身份信息, 再输入新的用户身份信息, 并将该新的用户身份信息存入移动 终端; 将上述所有参数通过一定的算法如 RSA算法生成验证码通知用户, 并将该验证码保存在移动终端的 FLASH中; 验证码更新后, 移动终端根据 实际情况选择一种较为安全的算法同步生成新的密钥, 用原密钥将所有In this step, the mobile terminal can automatically read parameters such as the SIM card number, the FLASH ID, and the IMEI number of the mobile terminal. If the user information changes, the user must first input the correct original user identity information, and then input the new user identity information. And storing the new user identity information in the mobile terminal; all the above parameters are notified to the user by using a certain algorithm, such as an RSA algorithm, to generate a verification code, and the verification code is saved in the FLASH of the mobile terminal; after the verification code is updated, the mobile terminal According to Actually, choose a more secure algorithm to generate a new key synchronously, and use the original key to all
SIM卡、 FLASH和外部存储卡的数据进行解密后, 用新密钥重新进行加密 并保存加密后的数据; 其中, 验证码的发送方式可以包括: 将验证码发送 给网络运营商, 或者发送给用户指定的移动终端或邮箱, 上述方式可以由 用户自行选择或修改。 After decrypting the data of the SIM card, the FLASH, and the external memory card, the data is re-encrypted with the new key and the encrypted data is saved. The method for sending the verification code may include: sending the verification code to the network operator, or sending the verification code to the network operator. The user-specified mobile terminal or mailbox can be selected or modified by the user.
步骤 304: 输入验证码并判断是否正确, 如果正确, 则移动终端进入待 机状态, 结束流程; 否则, 要求用户重新输入验证码, 并返回步骤 304;  Step 304: Enter the verification code and determine whether it is correct. If it is correct, the mobile terminal enters the standby state, and ends the process; otherwise, the user is required to re-enter the verification code, and returns to step 304;
本步骤中, 在相应的菜单界面下输入验证码, 并将输入的验证码与移 动终端中存储的验证码相比较, 如果二者一致, 则说明用户验证码正确, 移动终端进入待机状态; 如果二者不一致, 则要求用户重新输入验证码。  In this step, a verification code is input in the corresponding menu interface, and the input verification code is compared with the verification code stored in the mobile terminal. If the two are consistent, the user verification code is correct, and the mobile terminal enters a standby state; If the two are inconsistent, the user is required to re-enter the verification code.
在本申请中, 如果移动终端开机时安全功能关闭, 则开启安全功能的 选项可见, 可以在设置菜单中通过输入正确的用户身份信息, 开启移动终 端的安全功能; 将安全参数如: SIM卡号、 FLASH ID、 IMEI号和用户身 份信息通过一定的算法如 RSA算法生成验证码通知用户, 并将该验证码保 存在移动终端的 FLASH中;同时,将验证码通过较为安全的算法生成密钥, 将移动终端所有的数据进行加密, 并重新存储加密后的数据; 用户获取到 正确的验证码后通过输入该验证码, 使移动终端在安全功能下进入待机状 态。  In the present application, if the security function is turned off when the mobile terminal is powered on, the option to enable the security function is visible, and the security function of the mobile terminal can be turned on by inputting the correct user identity information in the setting menu; the security parameters are: SIM card number, The FLASH ID, the IMEI number, and the user identity information are used to generate a verification code to notify the user through a certain algorithm, such as the RSA algorithm, and the verification code is stored in the FLASH of the mobile terminal; meanwhile, the verification code is generated by a relatively secure algorithm, and the All the data of the mobile terminal is encrypted, and the encrypted data is re-stored; after the user obtains the correct verification code, the mobile terminal enters the standby state under the security function by inputting the verification code.
移动终端在安全功能下进入待机状态后, SIM卡、 FLASH和外部存储 卡中的数据都是加密的, 可通过移动终端自身存储的密钥对移动终端内部 的数据, 以及与该移动终端相关联的存储介质内部的数据进行加密或解密 操作。  After the mobile terminal enters the standby state under the security function, the data in the SIM card, the FLASH and the external memory card are all encrypted, and the data stored in the mobile terminal by the key stored by the mobile terminal itself and associated with the mobile terminal can be associated with the mobile terminal. The data inside the storage medium is encrypted or decrypted.
下面以具体实施例具体说明对移动终端内部的数据, 以及与该移动终 端相关联的存储介质内部的数据进行加密或解密操作过程:  The following describes, in a specific embodiment, the process of encrypting or decrypting data inside the mobile terminal and data inside the storage medium associated with the mobile terminal:
实施例一: 修改 SIM卡中的数据, 并将修改后的数据加密后重新写入 SIM卡: Embodiment 1: Modify the data in the SIM card, and encrypt the modified data and rewrite the data SIM card:
开启移动终端的安全功能,移动终端进入待机状态后, 首先,读取 SIM 卡文件中的数据, 使用密钥解密成正常数据后保存到一个临时文件中; 其 次, 修改该临时文件的内容, 并使用密钥加密该临时文件的数据; 最后, 再将加密后的数据写入到 SIM卡文件中, 并由移动终端自动删除上述临时 文件, 由此, 可以保护 SIM卡文件的安全性。  After the security function of the mobile terminal is turned on, after the mobile terminal enters the standby state, first, the data in the SIM card file is read, decrypted into normal data by using the key, and then saved to a temporary file; secondly, the content of the temporary file is modified, and The data of the temporary file is encrypted by using a key; finally, the encrypted data is written into the SIM card file, and the temporary file is automatically deleted by the mobile terminal, thereby protecting the security of the SIM card file.
实施例二: 将移动终端中加密的图片文件以彩信的形式发出: 开启移动终端的安全功能, 移动终端进入待机状态后, 首先, 打开移 动终端 FLASH中的图片文件并读取数据,使用密钥解密该数据并将其保存 到一个临时文件中; 其次, 将该临时文件重新命名为该图片文件名, 然后 将所述临时文件插入到彩信中, 待发送完该彩信后, 由移动终端自动删除 上述临时文件, 由此, 可以保证文件能够被对方正常接收。  Embodiment 2: Sending the encrypted picture file in the mobile terminal in the form of a multimedia message: Opening the security function of the mobile terminal, after the mobile terminal enters the standby state, first, opening the picture file in the FLASH of the mobile terminal and reading the data, using the key Decrypt the data and save it to a temporary file; secondly, rename the temporary file to the image file name, and then insert the temporary file into the multimedia message, and after the multimedia message is sent, the mobile terminal automatically deletes The above temporary file, thereby ensuring that the file can be normally received by the other party.
实施例三: 将下载的数据加密后存储在外部存储卡:  Embodiment 3: Encrypt the downloaded data and store it on the external memory card:
开启移动终端的安全功能, 移动终端进入待机状态后, 首先, 将文件 下载到外部存储卡如 U盘上, 并在外部存储卡上新建一个临时文件; 其次, 读取该临时文件中的数据并使用密钥进行加密, 然后将加密后的数据保存 在该临时文件中, 将该临时文件重新命名为下载的文件名, 并删除下载的 原文件, 由此, 可以保证存储在外部存储卡上的文件的安全性。  After the security function of the mobile terminal is turned on, after the mobile terminal enters the standby state, first, the file is downloaded to an external memory card such as a USB flash drive, and a temporary file is newly created on the external memory card; secondly, the data in the temporary file is read and Encryption is performed using the key, and then the encrypted data is saved in the temporary file, the temporary file is renamed to the downloaded file name, and the downloaded original file is deleted, thereby ensuring storage on the external memory card. File security.
通过上述的具体实施例, 通过密钥对存储在移动终端中、 以及与移动 终端相关联的存储介质中的数据进行加密或解密操作, 可以有效的防止数 据丟失和窃取, 从而大大提高移动终端中数据的安全性。  Through the foregoing specific embodiments, the encryption or decryption operation of the data stored in the mobile terminal and the storage medium associated with the mobile terminal by the key pair can effectively prevent data loss and theft, thereby greatly improving the mobile terminal. The security of the data.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。  The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included. Within the scope of protection of the present invention.

Claims

权利要求书 Claim
1、 一种移动终端的数据保护装置, 其特征在于, 该装置包括: 用户安 全管理模块, 用于开启或关闭移动终端的安全功能, 在移动终端开机并开 启安全功能时, 自动检测安全参数是否发生变化, 若安全参数变化, 则重 新生成验证码并通过验证码发送方式通知用户, 通过新的验证码使移动终 端进入待机状态; 若安全参数没有变化, 则通过原有验证码使移动终端进 入待机状态;  A data protection device for a mobile terminal, the device comprising: a user security management module, configured to enable or disable a security function of the mobile terminal, and automatically detect whether the security parameter is automatically activated when the mobile terminal is powered on and the security function is enabled. If the security parameter changes, the verification code is regenerated and the user is notified by the verification code transmission mode, so that the mobile terminal enters the standby state through the new verification code; if the security parameter does not change, the mobile terminal is entered through the original verification code. standby mode;
还用于在开启安全功能的移动终端进入待机状态后, 根据所述验证码 生成的密钥对移动终端内部的数据, 以及与该移动终端相关联的存储介质 内部的数据进行加密或解密操作。  It is also used to encrypt or decrypt the data inside the mobile terminal and the data inside the storage medium associated with the mobile terminal according to the key generated by the verification code after the mobile terminal that has turned on the security function enters the standby state.
2、 根据权利要求 1所述的装置, 其特征在于, 所述安全参数包括: 用 户身份识别模块 (SIM )卡号、 闪存标识(FLASH ID )、 国际移动设备身 份码 ( IMEI )号和用户身份信息。  2. The apparatus according to claim 1, wherein the security parameters comprise: a user identity module (SIM) card number, a flash memory identifier (FLASH ID), an international mobile device identity code (IMEI) number, and user identity information. .
3、 根据权利要求 1所述的装置, 其特征在于, 所述用户安全管理模块 包括: 安全功能设置模块、 验证码生成模块、 验证码发送模块; 其中, 安全功能设置模块, 用于开启或关闭移动终端的安全功能;  The device according to claim 1, wherein the user security management module comprises: a security function setting module, a verification code generating module, and a verification code sending module; wherein the security function setting module is configured to be turned on or off The security function of the mobile terminal;
验证码生成模块, 用于将移动终端中的安全参数通过密码算法生成验 证码, 并保存在移动终端中;  a verification code generating module, configured to generate a verification code by using a cryptographic algorithm for the security parameter in the mobile terminal, and save the verification code in the mobile terminal;
验证码发送模块, 用于将生成的验证码通过验证码发送方式通知用户。  The verification code sending module is configured to notify the user that the generated verification code is sent by using the verification code.
4、 根据权利要求 3所述的装置, 其特征在于, 所述安全功能设置模块 开启或关闭安全功能, 具体包括:  The device according to claim 3, wherein the security function setting module turns on or off the security function, specifically:
如果当前输入的用户身份信息与移动终端中存储的用户身份信息一 致, 将移动终端所有数据进行加密并重新存储加密后的数据, 并开启安全 功能;  If the currently input user identity information is consistent with the user identity information stored in the mobile terminal, encrypt all data of the mobile terminal and re-store the encrypted data, and enable the security function;
如果当前输入的验证码与移动终端中存储的验证码一致, 将移动终端 的所有数据进行解密并重新存储解密后的数据, 并关闭安全功能。 If the currently input verification code is consistent with the verification code stored in the mobile terminal, the mobile terminal will be All data is decrypted and the decrypted data is re-stored and the security function is turned off.
5、 根据权利要求 3所述的装置, 其特征在于, 所述验证码发送模块将 生成的验证码通过验证码发送方式通知用户, 具体包括: 将验证码发送给 网络运营商, 或者发送给用户指定的移动终端或邮箱;  The device according to claim 3, wherein the verification code sending module notifies the user of the generated verification code by using a verification code, specifically: sending the verification code to the network operator, or sending the verification code to the user The specified mobile terminal or mailbox;
其中, 所述验证码发送方式的修改, 具体为: 通过输入正确的用户身 份信息并验证成功后, 再修改验证码发送方式。  The modification of the verification code sending manner is specifically: after the correct user identity information is input and the verification is successful, the verification code sending manner is modified.
6、 根据权利要求 2所述的装置, 其特征在于, 所述用户安全管理模块 还包括: 密钥生成模块和验证模块; 其中,  The device according to claim 2, wherein the user security management module further comprises: a key generation module and a verification module;
密钥生成模块, 用于将生成的验证码通过一定运算生成密钥并保存在 移动终端中;  a key generation module, configured to generate a generated verification code by using a certain operation and save the key in the mobile terminal;
验证模块, 用于移动终端开机并开启安全功能后, 验证当前输入的验 证码与移动终端存储的验证码是否一致, 如果一致, 则移动终端进入待机 状态; 否则, 要求重新输入验证码。  The verification module is configured to verify whether the currently input verification code is consistent with the verification code stored by the mobile terminal after the mobile terminal is powered on and the security function is enabled. If the authentication code is consistent, the mobile terminal enters a standby state; otherwise, the verification code is required to be re-entered.
7、 一种移动终端的数据保护方法, 其特征在于, 该方法包括: 移动终端开机后, 如果安全功能开启, 移动终端自动检测安全参数是 否发生变化, 若安全参数变化, 则移动终端重新生成验证码并通过验证码 发送方式通知用户, 通过新的验证码使移动终端进入待机状态; 若安全参 数没有变化, 则通过原有验证码使移动终端进入待机状态;  A data protection method for a mobile terminal, the method comprising: after the mobile terminal is powered on, if the security function is enabled, the mobile terminal automatically detects whether the security parameter changes, and if the security parameter changes, the mobile terminal re-generates the verification. And the user is notified by the verification code sending manner, and the mobile terminal enters the standby state by using the new verification code; if the security parameter does not change, the mobile terminal is put into the standby state by using the original verification code;
开启安全功能的移动终端进入待机状态后, 移动终端根据所述验证码 生成的密钥对移动终端内部的数据, 以及与该移动终端相关联的存储介质 内部的数据进行加密或解密操作。  After the mobile terminal that has turned on the security function enters the standby state, the mobile terminal performs encryption or decryption operations on the data inside the mobile terminal and the data inside the storage medium associated with the mobile terminal according to the key generated by the verification code.
8、 根据权利要求 7所述的方法, 其特征在于, 所述安全参数, 包括: SIM卡号、 FLASH ID、 IMEI号和用户身份信息。  The method according to claim 7, wherein the security parameter comprises: a SIM card number, a FLASH ID, an IMEI number, and user identity information.
9、 根据权利要求 7所述的方法, 其特征在于, 所述移动终端重新生成 验证码, 具体包括: 移动终端将安全参数通过密码算法生成验证码, 并保 存在移动终端中。 The method according to claim 7, wherein the re-generating the verification code by the mobile terminal comprises: the mobile terminal generating the verification code by using a cryptographic algorithm, and ensuring There is a mobile terminal.
10、 根据权利要求 7所述的方法, 其特征在于, 所述通过验证码发送 方式通知用户, 具体包括: 将验证码发送给网络运营商, 或者将验证码发 送给用户指定的移动终端或邮箱;  The method according to claim 7, wherein the notifying the user by the verification code sending manner comprises: sending the verification code to the network operator, or sending the verification code to the mobile terminal or mailbox specified by the user. ;
其中, 所述验证码发送方式的修改, 具体为: 通过输入正确的用户身 份信息并验证成功后, 再修改验证码发送方式。  The modification of the verification code sending manner is specifically: after the correct user identity information is input and the verification is successful, the verification code sending manner is modified.
11、 根据权利要求 7至 10任一项所述的方法, 其特征在于, 所述移动 终端重新生成验证码后, 该方法还包括: 移动终端将验证码通过一定算法 生成新的密钥, 并保存在移动终端, 用原密钥将所有数据解密, 并用新密 钥重新加密后, 保存加密后的数据。  The method according to any one of claims 7 to 10, wherein, after the mobile terminal regenerates the verification code, the method further includes: the mobile terminal generates a new key by using a certain algorithm by using the verification code, and Saved on the mobile terminal, decrypt all the data with the original key, and re-encrypt with the new key to save the encrypted data.
12、 根据权利要求 7所述的方法, 其特征在于, 该方法还包括: 移动 终端开机后, 如果安全功能关闭, 则移动终端直接进入待机状态。  The method according to claim 7, further comprising: after the mobile terminal is powered on, if the security function is turned off, the mobile terminal directly enters a standby state.
PCT/CN2010/075604 2010-04-22 2010-07-30 Device and method for protecting data of mobile terminal WO2011130970A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010153938.9A CN101815292B (en) 2010-04-22 2010-04-22 Device and method for protecting data of mobile terminal
CN201010153938.9 2010-04-22

Publications (1)

Publication Number Publication Date
WO2011130970A1 true WO2011130970A1 (en) 2011-10-27

Family

ID=42622379

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/075604 WO2011130970A1 (en) 2010-04-22 2010-07-30 Device and method for protecting data of mobile terminal

Country Status (2)

Country Link
CN (1) CN101815292B (en)
WO (1) WO2011130970A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480726A (en) * 2010-11-24 2012-05-30 比亚迪股份有限公司 Password protection method, password protection system and mobile terminal with same
CN103209240A (en) * 2013-03-19 2013-07-17 东莞宇龙通信科技有限公司 Method and system for encrypting and deciphering data
CN103338295A (en) * 2013-05-27 2013-10-02 苏州奇可思信息科技有限公司 Mobile phone anti-theft security system
CN105228127B (en) * 2014-05-30 2019-05-21 联想移动通信科技有限公司 A kind of method, apparatus that realizing mobile phone lock network, SIM card and terminal
CN104951408B (en) * 2015-05-25 2018-02-06 小米科技有限责任公司 Data guard method, storage device and terminal device
CN105530637A (en) * 2015-12-11 2016-04-27 北京元心科技有限公司 Method for protecting subscriber privacy of intelligent terminal and intelligent terminal
CN108228211B (en) * 2017-12-15 2021-05-25 中国移动通信集团江苏有限公司 Smart card, and method and system for safely updating data of smart card
CN110968274B (en) * 2019-11-28 2020-10-16 深圳市金城保密技术有限公司 Color printer control method and system based on SOC chip

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1472913A (en) * 2002-08-02 2004-02-04 明基电通股份有限公司 Apparatus and method for assuring user information safety in communication apparatus
US20070082705A1 (en) * 2005-07-25 2007-04-12 Mediatek Inc. Mobile communication apparatus having anti-theft and auto-notification functions
TW200808017A (en) * 2006-07-17 2008-02-01 Inventec Appliances Corp Method of retrieving and encrypting data for mobile communication apparatus
CN101287234A (en) * 2008-05-26 2008-10-15 德信无线通讯科技(北京)有限公司 Anti-theft method and device for mobile communication terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100353787C (en) * 2004-06-23 2007-12-05 华为技术有限公司 Security guarantee for memory data information of mobile terminal
US20080014990A1 (en) * 2005-07-25 2008-01-17 Pixtel Media Technology (P) Ltd. Method of locating a mobile communication system for providing anti theft and data protection during successive boot-up procedure
CN101159542B (en) * 2007-11-12 2010-06-09 中兴通讯股份有限公司 Method and system for saving and/or obtaining authentication parameter on terminal network appliance
CN101257681B (en) * 2008-03-26 2011-05-18 宇龙计算机通信科技(深圳)有限公司 Private data protecting equipment, mobile terminal, private data memory and read method
CN101355765A (en) * 2008-09-19 2009-01-28 中兴通讯股份有限公司 Method and system for protecting safety of communications terminal data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1472913A (en) * 2002-08-02 2004-02-04 明基电通股份有限公司 Apparatus and method for assuring user information safety in communication apparatus
US20070082705A1 (en) * 2005-07-25 2007-04-12 Mediatek Inc. Mobile communication apparatus having anti-theft and auto-notification functions
TW200808017A (en) * 2006-07-17 2008-02-01 Inventec Appliances Corp Method of retrieving and encrypting data for mobile communication apparatus
CN101287234A (en) * 2008-05-26 2008-10-15 德信无线通讯科技(北京)有限公司 Anti-theft method and device for mobile communication terminal

Also Published As

Publication number Publication date
CN101815292B (en) 2014-04-30
CN101815292A (en) 2010-08-25

Similar Documents

Publication Publication Date Title
US8913992B2 (en) Methods and apparatus for access data recovery from a malfunctioning device
WO2011130970A1 (en) Device and method for protecting data of mobile terminal
EP2770702B1 (en) Mobile phone and communication method thereof
CN107508679B (en) Binding and authentication method for intelligent terminal main control chip and encryption chip
WO2012151785A1 (en) Built-in file encryption method for mobile terminal and mobile terminal
EP2357859B1 (en) An authentication method for the mobile terminal and a system thereof
KR101303278B1 (en) FPGA apparatus and method for protecting bitstream
US9276748B2 (en) Data-encrypting method and decrypting method for a mobile phone
WO2008145815A1 (en) Method and apparatus for securing data in memory device
CN101026834A (en) Locking method and unlocking method
JP2005316284A (en) Portable terminal and data security system
WO2019109640A1 (en) Method and device for locking sim card
CN107124279B (en) Method and device for erasing terminal data
JP6231504B2 (en) Method, apparatus and mobile terminal for information security management of mobile terminal
US20170091483A1 (en) Method and Device for Protecting Address Book, and Communication System
CN114785503B (en) Cipher card, root key protection method thereof and computer readable storage medium
CN115150180A (en) Storage device management method, storage device, management device, and storage medium
US9985960B2 (en) Method for protecting data on a mass storage device and a device for the same
CN108173906A (en) Installation kit method for down loading, device, storage medium and electronic equipment
CN111628864A (en) Method for carrying out secret key safety recovery by using SIM card
CN101355424B (en) Method for safely migrating handhold equipment data
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
JP5169904B2 (en) Data backup system, decryption device, and data backup method
CN104573564A (en) Method for managing BIOS (basic input/output system) administrator passwords in system
CN112632586A (en) BIOS hard disk password retrieving method, device, equipment and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10850102

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10850102

Country of ref document: EP

Kind code of ref document: A1