WO2014079139A1 - Procédé et système de protection de données d'un terminal mobile - Google Patents

Procédé et système de protection de données d'un terminal mobile Download PDF

Info

Publication number
WO2014079139A1
WO2014079139A1 PCT/CN2013/001016 CN2013001016W WO2014079139A1 WO 2014079139 A1 WO2014079139 A1 WO 2014079139A1 CN 2013001016 W CN2013001016 W CN 2013001016W WO 2014079139 A1 WO2014079139 A1 WO 2014079139A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
mobile terminal
module
data
owner
Prior art date
Application number
PCT/CN2013/001016
Other languages
English (en)
Chinese (zh)
Inventor
柯宗贵
杨育斌
梁大海
黄千帆
刘命
Original Assignee
蓝盾信息安全技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 蓝盾信息安全技术股份有限公司 filed Critical 蓝盾信息安全技术股份有限公司
Publication of WO2014079139A1 publication Critical patent/WO2014079139A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to a method and system for protecting data of a mobile terminal.
  • the mobile terminal owner is While using mobile terminals to bring convenience, it also faces the threat of data security in mobile terminals. Because the mobile terminal is apt to obtain data from the mobile terminal by the unauthorized person without the permission of the owner, how to prevent the data from being obtained by the unauthorized person becomes a problem that people are paying more and more attention to.
  • the invention patent of the patent No. 200510086529.0 discloses a mobile phone automatic destruction method and a mobile phone thereof, which mainly discloses that a destruction module is set inside the mobile phone.
  • the owner reports the case to the operator, and the operator transmits the serial number through the mobile phone.
  • Obtain the current status of the mobile phone send a command to the mobile phone to activate the destruction module to destroy the mobile phone information storage device.
  • the current mainstream scheme for remote data erasing is that the user sends a pre-set operation instruction to the lost terminal in the case that the mobile terminal is determined to be lost, and the terminal verifies that the instruction is correct after receiving the instruction. Then delete the data.
  • the object of the present invention is to overcome the deficiencies of the prior art and provide a method and system for protecting data of a mobile terminal, by which the security of data of the mobile terminal can be effectively protected.
  • a mobile terminal data protection system comprises five modules, namely an initialization template, a screen lock module, an active protection module, a passive protection module and a decryption module;
  • the initialization module is configured to provide the mobile terminal with parameters corresponding to the function modules provided by the system before the protection is provided, and all of the setting parameters are stored in the built-in storage device of the mobile terminal after being encrypted;
  • the screen lock module activates the module when the mobile terminal does not receive any operation event within a specified time to prevent the non-authorized person from viewing the mobile terminal data;
  • the active protection module is an attempt to acquire data by violently cracking the screen lock when the non-authorized user obtains the terminal, and the module records the number of times the unauthorized user attempts to unlock the unsuccessful, when the consecutive times reach the preset maximum number of times, The module will be triggered, and the module will automatically protect the data according to a preset protection policy;
  • the passive protection module when the mobile terminal owner finds that the mobile terminal is lost, the mobile terminal owner can send a preset security password to the lost mobile terminal. After the mobile terminal receives the password, the module automatically performs the preset processing according to the preset. Way to delete data or encrypt backup;
  • the decryption module activates the module when the mobile terminal owner needs to decrypt the encrypted data.
  • a method for protecting data of a mobile terminal is to first initialize the mobile terminal, set parameters related to the function modules of the system, build the built-in storage device, and then listen to all operation events of the unauthorized user, when automatically The screen is automatically locked without any operation event during the lock time, and all external interface permissions are blocked.
  • the illegal licensee must input the verification password when viewing the stored content. If the password verification fails to reach the maximum number of errors allowed, the active protection is activated.
  • the passive protection module through the active protection strategy to achieve data encryption or deletion; when the mobile terminal owner finds that the mobile terminal is lost, the passive protection module is activated to call the corresponding protection policy to protect the security of related data; when the mobile terminal owner misuses, Start the decryption module to decrypt all encrypted data.
  • the beneficial effects of the technical solution of the present invention can effectively protect data on the mobile terminal, and ensure that the data is not obtained by an unauthorized person.
  • the present invention can provide an active protection policy, and even if the mobile terminal owner does not find that the terminal has fallen into the hands of an unauthorized person, the present invention can effectively protect the data without taking any measures.
  • the invention also prevents the mobile terminal owner Unnecessary loss caused by misoperation under misjudgment, and the present invention provides different protection strategies in both active protection and passive protection modules, and the mobile terminal owner can take corresponding protection measures according to his own judgment.
  • the invention also provides a remote decryption strategy for associated mobile phones, and makes protection as convenient and flexible as possible while ensuring data security.
  • 1 is a flow chart showing the setting of an initialization module in the present invention
  • Figure 5 is a flow chart showing the operation of the decryption module of the present invention.
  • the present invention is directed to a method and system for protecting mobile terminal data that is proposed when the mobile terminal leaves the mobile terminal owner to prevent its data from falling into the hands of an unauthorized person.
  • the invention can effectively protect the security of the mobile terminal data.
  • a protection system for mobile terminal data includes five modules, namely an initialization template, a screen lock module, an active protection module, a passive protection module, and a decryption module.
  • the initialization module is that before providing protection, the mobile terminal owner needs to set parameters corresponding to the function modules provided by the system to the mobile terminal, and all of the setting parameters are stored in the built-in storage device of the mobile terminal after being encrypted.
  • the screen lock module activates the module when the mobile terminal does not receive any operational events within a specified time to prevent non-authorized persons from viewing the mobile terminal data.
  • the active protection module is configured to obtain data by violently cracking the screen lock and entering the terminal when the non-authorized user obtains the terminal, and the module records the number of times the unauthorized user attempts to unlock the unsuccessful, when the consecutive times reach the preset number of times preset, Will trigger the mode Block, the module automatically protects the data according to a pre-set protection policy.
  • the passive protection module when the mobile terminal owner finds that the mobile terminal is lost, the mobile terminal owner can send a preset security password to the lost mobile terminal. After the mobile terminal receives the password, the module automatically performs the preset processing according to the preset. Ways to delete data or encrypt backups.
  • the decryption module activates the module when the mobile terminal owner needs to decrypt the encrypted data.
  • the invention provides a method for protecting data of a mobile terminal by first initializing the mobile terminal, setting some parameters related to the function modules of the system, built in the storage device, and then listening to all operation events of the unauthorized user, When there is no operation event in the automatic locking time, the screen is automatically locked, and all external interface permissions are blocked. After the screen lock, the illegal authorized person should input the verification password when viewing the stored content. The password verification fails to reach the maximum number of allowed errors.
  • the active protection module is activated, the data is encrypted or deleted by the active protection policy.
  • the passive protection module is activated to invoke the corresponding protection policy to protect the security of related data;
  • the decryption module will be started to decrypt all encrypted data.
  • the screen lock module is the first layer of protection provided by the system for data, and is also the entrance to activate the active protection module.
  • the processing steps of the module are shown in Figure 2:
  • the active protection module is automatically activated when the number of times the unauthorized user continuously verifies that the number of password errors exceeds a preset maximum value, which is the main invention point of the present invention which is superior to and different from other prior art solutions.
  • the specific processing steps are as shown in FIG. :
  • the active protection module When the active protection module is activated, the current mobile terminal abnormality information is first sent to the associated mobile phone, and the terminal location information may be included according to different devices;
  • the active protection policy includes: 1) encrypting the data and deleting the original data.
  • the passive protection module only sends the operation password through the associated mobile phone when the mobile terminal owner finds that the mobile terminal is lost.
  • the password is parsed by the parser and can be activated after the verification is passed. The specific processing steps are as shown in Figure 4:
  • the mobile terminal owner finds that the mobile terminal is lost, it sends a preset remote operation password to the lost mobile terminal through the associated mobile phone.
  • the lost mobile terminal After the lost mobile terminal receives the password, it first passes the password to the short message parser.
  • the parser reads all the text content from the password and reads the pre-set encrypted password content decryption from the memory. If there is no password in the memory, it means that the owner has not set the password and ends the module directly. If there is a password in the memory, the received password is compared verbatim with the stored password. If the two are different, it indicates that the received password is not a remotely destroyed password, and the module is terminated. If the two passwords are compared verbatim, the now received password is identical to the contents of the password stored in the memory, indicating that the received password is the default remote protection password.
  • the parser will invoke the corresponding protection policy, or delete or encrypt the backup related data.
  • the decryption module is used for misoperation caused by the misjudgment of the mobile terminal owner.
  • the data is not deleted. It is only encrypted backup. everybody wants to re-acquire these data to start.
  • the specific operation is shown in Figure 5:
  • the mobile terminal owner finds a misoperation, it sends a preset remote operation password to the misplaced mobile terminal through the associated mobile phone.
  • the mobile terminal After the mobile terminal receives the password by mistake, first pass the password to the short-distance parser, and the parser All text content is read out from the password, and the pre-set encrypted password content decryption is read from the memory. If there is no password in the memory, it means that the owner has not set the password and ends the module directly. If there is a password in the memory, the received password is compared verbatim with the stored password. If the two are different, it indicates that the received password is not a remote unlock password, and the module is terminated. If the two passwords are compared verbatim, the received password is exactly the same as the password stored in the memory, indicating that the received password is a preset remote resolution password.
  • the technical solution of the invention can effectively protect data on the mobile terminal and ensure that the data is not obtained by the non-authorized person.
  • the present invention can provide an active protection policy, and even if the mobile terminal owner does not find that the terminal has fallen into the hands of an unauthorized person, the present invention can effectively protect the data without taking any measures.
  • the invention can also prevent unnecessary loss caused by the erroneous operation of the mobile terminal owner due to misjudgment, and the invention provides different protection strategies in the active protection and passive protection modules, and the mobile terminal owner can according to its own Judging the corresponding protection measures, the present invention also provides a remote decryption strategy for the associated mobile phone, and as far as possible, the protection is made convenient and flexible under the premise of ensuring data security.
  • the active protection module can also be removed to protect the lost terminal data, but the timeliness will be reduced, and the security of the data will not be reliably and comprehensively protected.
  • the associated mobile phone in the present invention can also be removed, although The use of the present invention can be made more convenient and faster, but the security performance of the decryption module can be reduced.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention concerne un système de protection de données d'un terminal mobile. Le système comprend cinq modules d'un modèle d'initialisation, un module de verrouillage d'écran, un module de protection active, un module de protection passive, et un module de décryptage. Par ailleurs, l'invention concerne également un procédé de protection de données d'un terminal mobile. Conformément à la présente invention, lorsque le terminal mobile est éloigné d'un propriétaire du terminal mobile, il est impossible à une personne non autorisée de voler les données, de sorte que la sécurité des données du terminal mobile peut être efficacement protégée.
PCT/CN2013/001016 2012-11-26 2013-08-27 Procédé et système de protection de données d'un terminal mobile WO2014079139A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210488831.9 2012-11-26
CN2012104888319A CN103034813A (zh) 2012-11-26 2012-11-26 一种移动终端数据的保护方法及系统

Publications (1)

Publication Number Publication Date
WO2014079139A1 true WO2014079139A1 (fr) 2014-05-30

Family

ID=48021699

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/001016 WO2014079139A1 (fr) 2012-11-26 2013-08-27 Procédé et système de protection de données d'un terminal mobile

Country Status (2)

Country Link
CN (1) CN103034813A (fr)
WO (1) WO2014079139A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573576A (zh) * 2015-01-13 2015-04-29 北京乐动卓越科技有限公司 一种移动终端及移动终端的锁屏保护方法

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103034813A (zh) * 2012-11-26 2013-04-10 蓝盾信息安全技术股份有限公司 一种移动终端数据的保护方法及系统
CN103501377A (zh) * 2013-09-24 2014-01-08 北京大学 一种触屏智能手机的解锁方法及安全防护方法
CN104077510A (zh) * 2013-09-25 2014-10-01 苏州天鸣信息科技有限公司 一种解锁装置及其方法
CN104077508A (zh) * 2013-09-25 2014-10-01 苏州天鸣信息科技有限公司 一种解锁装置及其方法
CN103778035A (zh) * 2014-03-03 2014-05-07 联想(北京)有限公司 一种信息处理的方法和装置
CN104268469B (zh) * 2014-09-26 2017-07-28 深圳北控信息发展有限公司 一种移动终端及其信息安全保护方法和装置
CN104994217A (zh) * 2015-05-13 2015-10-21 惠州Tcl移动通信有限公司 一种检测移动终端状态的方法及移动终端
CN106547647B (zh) * 2016-09-19 2020-06-02 捷开通讯(深圳)有限公司 一种自动备份文件的方法及具有备份功能的移动终端
CN107332989B (zh) * 2017-06-27 2020-09-15 中国联合网络通信集团有限公司 移动终端的数据保护系统和数据保护方法
CN109684858A (zh) * 2018-12-26 2019-04-26 北京天诚安信科技股份有限公司 一种多用户访问的数据保护方法、设备及介质
CN110457875B (zh) * 2019-07-31 2021-04-27 创新先进技术有限公司 基于区块链的数据授权方法及装置
US11251963B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
US11252166B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11057189B2 (en) 2019-07-31 2021-07-06 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11310051B2 (en) 2020-01-15 2022-04-19 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN111508617B (zh) * 2020-07-01 2020-09-25 智博云信息科技(广州)有限公司 疫情数据维护方法、装置、计算机设备和可读存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917680A (zh) * 2006-09-05 2007-02-21 华为技术有限公司 移动通讯终端用户的鉴权方法及移动通讯终端
CN101179401A (zh) * 2007-10-16 2008-05-14 中兴通讯股份有限公司 一种终端遗失管理的方法和系统
CN102196422A (zh) * 2010-03-11 2011-09-21 北京明朝万达科技有限公司 一种手持通信终端丢失后文件防泄密方法
CN102693391A (zh) * 2011-03-22 2012-09-26 联想(北京)有限公司 显示方法和电子设备
CN103034813A (zh) * 2012-11-26 2013-04-10 蓝盾信息安全技术股份有限公司 一种移动终端数据的保护方法及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917680A (zh) * 2006-09-05 2007-02-21 华为技术有限公司 移动通讯终端用户的鉴权方法及移动通讯终端
CN101179401A (zh) * 2007-10-16 2008-05-14 中兴通讯股份有限公司 一种终端遗失管理的方法和系统
CN102196422A (zh) * 2010-03-11 2011-09-21 北京明朝万达科技有限公司 一种手持通信终端丢失后文件防泄密方法
CN102693391A (zh) * 2011-03-22 2012-09-26 联想(北京)有限公司 显示方法和电子设备
CN103034813A (zh) * 2012-11-26 2013-04-10 蓝盾信息安全技术股份有限公司 一种移动终端数据的保护方法及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573576A (zh) * 2015-01-13 2015-04-29 北京乐动卓越科技有限公司 一种移动终端及移动终端的锁屏保护方法
CN104573576B (zh) * 2015-01-13 2018-04-27 北京乐动卓越科技有限公司 一种移动终端及移动终端的锁屏保护方法

Also Published As

Publication number Publication date
CN103034813A (zh) 2013-04-10

Similar Documents

Publication Publication Date Title
WO2014079139A1 (fr) Procédé et système de protection de données d'un terminal mobile
US8321916B2 (en) Method, apparatus and system for remote management of mobile devices
US7184750B2 (en) Smart terminal remote lock and format
US8931081B2 (en) Device identification for externalizing password from device coupled with user control of external password service
US20040046638A1 (en) Terminal lock system comprising key device carried by user and terminal-associated device incorporated in terminal device
CN100495421C (zh) 一种基于usb设备的认证保护方法
WO2011088652A1 (fr) Terminal mobile avec sécurité antivol et procédé de sécurité antivol pour terminal mobile
JP2013534796A (ja) 安全な携帯型演算装置
KR20150079864A (ko) 스크린 잠금해제 방법, 장치, 단말기, 프로그램 및 기록매체
CN103634482A (zh) 一种手持智能设备应用软件安全保护方法
CN103440446A (zh) 智能终端私密内容保护解锁操作方法和装置
JPH08272742A (ja) データ漏洩防止システム
WO2018000509A1 (fr) Procédé de fonctionnement sans danger, dispositif de fonctionnement et terminal
CN103729310A (zh) 一种硬盘数据的保护方法
US20150047019A1 (en) Information processing method and electronic device
CN104820805A (zh) 一种用户身份识别卡信息防盗的方法及装置
WO2011130970A1 (fr) Dispositif et procédé pour protéger les données d'un terminal mobile
US20180199202A1 (en) Mobile Device Security Lock
WO2010133108A1 (fr) Procédé, système et terminal mobile de récupération de données flash de terminal mobile
CN105809045A (zh) 一种设备系统在数据重置时的处理方法和装置
CN103745143B (zh) 一种计算机保护的方法
JP2009081487A (ja) セキュリティ端末装置、コンピュータプログラムおよび情報通信システム
US9262619B2 (en) Computer system and method for protecting data from external threats
JP4894382B2 (ja) セキュリティシステム、情報処理装置、情報保護方法、プログラム
KR20170038340A (ko) 데이터 유출 방지장치 및 그 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13857609

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13857609

Country of ref document: EP

Kind code of ref document: A1