WO2015106513A1 - Method for protecting user data, terminal and computer storage medium - Google Patents

Method for protecting user data, terminal and computer storage medium Download PDF

Info

Publication number
WO2015106513A1
WO2015106513A1 PCT/CN2014/077826 CN2014077826W WO2015106513A1 WO 2015106513 A1 WO2015106513 A1 WO 2015106513A1 CN 2014077826 W CN2014077826 W CN 2014077826W WO 2015106513 A1 WO2015106513 A1 WO 2015106513A1
Authority
WO
WIPO (PCT)
Prior art keywords
user data
location
terminal
unit
user
Prior art date
Application number
PCT/CN2014/077826
Other languages
French (fr)
Chinese (zh)
Inventor
陈国强
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015106513A1 publication Critical patent/WO2015106513A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to the field of information security, and in particular, to a method, a terminal, and a computer storage medium for protecting user data. Background technique
  • the user data protection unit is configured to perform protection operations on the user data in the storage unit according to the location acquired by the location obtaining unit and the preset security policy.
  • the embodiment of the present invention provides a method for protecting user data, a terminal, and a computer storage medium, and obtains a current location of the terminal, and performs a corresponding security policy according to the location of the terminal, thereby protecting user data stored in the terminal.
  • FIG. 1 is a schematic flowchart of a method for protecting user data according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of an application scenario according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of an authentication process according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • FIG. 5 is a schematic structural diagram of another terminal according to an embodiment of the present invention. detailed description
  • the corresponding security policy is executed according to the current location of the terminal, thereby protecting the user data stored in the terminal, and the probability and risk of the user terminal leaking the user data is low.
  • the method can be applied to any terminal device capable of storing user data, such as: a mobile phone, a tablet computer, a laptop computer, or a palm.
  • the computer or the like the embodiment of the present invention does not specifically
  • the user data may also include, but is not limited to, a contact, a short message and a call record corresponding to the contact, a multimedia information such as a picture video, and a user-installed application, etc., which are not specifically limited in this embodiment of the present invention.
  • the method can include:
  • the embodiment of the present invention is described by using the scenario shown in FIG. 2 as a specific application scenario, where the scenario includes the terminal 21, the GPS satellite 22, the cell base station 23 accessed by the terminal, and the terminal currently connected.
  • obtaining the current location of the terminal 21 can be implemented in various manners, including but not limited to: the GPS module in the terminal 21 acquires the current GPS location of the terminal 21 through the GPS satellite 22. The information is used as the location where the terminal 21 is currently located. The location information of the cell base station 23 can be used as the location where the terminal 21 is currently located. The location information of the wireless access point 24 of the wireless local area network, as the current location of the terminal 21;
  • the real position of the terminal is within the error range of the acquired location, because there is a certain error between the acquired location and the real location of the terminal. Then, the obtained location can be used as the current location of the terminal. As shown in FIG. 2, if the terminal is located by the currently accessed cell base station, the location information of the cell base station is used as the current location of the terminal regardless of the location within the coverage of the cell base station. The location of the terminal obtained by other acquisition methods is similar to that of the terminal, and will not be described again.
  • the location where the terminal is located may be performed when the terminal screen is awakened, for example, the terminal is powered on, the terminal is unlocked, and the like, and is not specifically limited herein. According to the protection operation;
  • the preset security policy may specifically include a first location set, where the user includes at least one location information preset by the user, where the location information in the first location set may be a location that the user considers to be secure, for example:
  • the location of the first location set is not limited by the embodiment of the present invention.
  • the location of the user is considered to be a dangerous location, for example, a location of a large number of people in a downtown area, a suburb, or a field; There may be more than one, and multiple first location sets may be set according to different situations.
  • the location information according to the first location is a secure location or a dangerous location
  • the protection operation of the user data stored in the terminal according to the location and the preset security policy may include A or B respectively.
  • Case A if the location information in the first location set is a dangerous location, then when the location is in the first location set, the user data saved in the terminal is hidden, and when the location is not in the location When the first location set is described, the user data saved in the terminal is displayed;
  • the user data saved in the terminal is hidden, and when leaving the dangerous location, it can be considered as safe, and the user data does not need to be hidden. Or you can display hidden user data.
  • the location where the terminal is currently located is considered to be a secure location by the user, and the user data does not need to be hidden; when leaving the secure location, it can be considered dangerous, and the user data needs to be hidden.
  • the number of the first location set may be more than one
  • the number of user data groups may be more than one
  • the user data group and the first location set may have corresponding relationships; optionally, the user data group may be
  • the identifier of the corresponding first location set is set to the same label to indicate the corresponding relationship between the two, for example: the user data group A and the first location set A are corresponding, the user data group B and the A set of positions B is corresponding, and so on.
  • the user data saved in the terminal is protected according to the location and the preset security policy, and the location information in the first location is a secure location or a dangerous location, respectively.
  • Case C if the location information in the first location set is a dangerous location, when the location is in the first location set, hiding user data in the user data group, and when the location is not in the first location
  • the user data in the user data group is displayed; specifically, if the current location of the terminal is regarded as a dangerous location by the user, the user data in the user data group is hidden, when leaving the dangerous When the location is considered to be safe, it is not necessary to hide the user data in the user data group, or the user data in the hidden user data group can be displayed.
  • the current location of the terminal is considered by the user to be a secure location, and the user data in the user data group does not need to be hidden; when leaving the secure location, it can be considered dangerous, and the user data needs to be User data in the group is hidden.
  • the specific authentication process is as shown in FIG. 3, and may include:
  • S301 Receive user authentication information and perform verification
  • the current operating terminal is the user, so the hidden user data is displayed.
  • the embodiment of the present invention provides a method for protecting user data, and performs a corresponding security policy according to the location of the terminal, thereby protecting user data stored in the terminal, and reducing the probability and risk of the user terminal leaking user data.
  • the location obtaining unit 402 is configured to acquire a current location of the terminal.
  • the embodiment of the present invention is described by using the scenario shown in FIG. 2 as a specific application scenario of the method, and the specific description of FIG. 2 and the foregoing implementation. The examples are consistent and will not be described here. It should be noted that the terminal 21 described in FIG. 2 is the same as the terminal 40 described in this embodiment. It is to be understood that the scenario is only used to describe the embodiment of the present invention, and is not specifically limited. .
  • the user data in the storage unit 401 is not all important data such as private information.
  • some game classes and news applications in the storage unit 401 generally do not include the user's private information, so
  • the user data protection unit 403 does not need to protect all user data. Therefore, as shown in FIG. 5, the terminal 40 may further include: a generating unit 404 configured to generate a user data group according to at least one piece of the user data in the storage unit 401; and an important user may be pre-assigned by the user in the user data group Data is set to get;
  • the receiving unit 405 is configured to receive authentication information of the user
  • the verification unit 406 is configured to verify the authentication information received by the receiving unit 405.
  • the authentication information may be a password input by the user or an iconic information of the user.
  • the receiving unit 405 may take the user's face photo or The feature information such as sound is pre-saved, and then the receiving unit 405 captures the user's avatar through the camera or collects the voice sent by the user with the microphone to obtain the authentication information, and then the verification unit 406 compares the authentication information received by the receiving unit 405 with the pre-saved feature information. The comparison is performed; if the comparison is consistent, the verification is successful, and if the comparison is inconsistent, the certificate is unsuccessful.
  • the user data protection unit 403 can also be configured to
  • the verification unit 406 fails to verify the authentication information
  • the terminal is restored to the factory settings or the storage unit 401 of the terminal 40 is formatted; Specifically, when the authentication information is successfully verified by the verification unit 406, indicating that the current operation terminal is a user, the user data protection unit 403 displays the hidden user data.
  • the user data protection unit 403 may restore the terminal 40 to the factory settings or The storage unit is formatted to eliminate user data, ensuring that user privacy is not compromised.
  • the embodiment of the present invention provides a terminal 40, which performs a corresponding security policy by using the location where the terminal 40 is located, thereby protecting user data stored in the terminal 40, and competing for the probability and risk of the user terminal leaking user data.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware aspects. Moreover, the invention can take the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the embodiment of the present invention further provides a computer storage medium, wherein the method for protecting user data provided by the embodiment of the present invention is stored, and the corresponding security policy can be executed according to the location of the terminal, thereby Protect user data stored in the terminal,
  • P strives for the probability and risk of leaking user data by user terminals.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a method for protecting user data, a terminal and a computer storage medium. The method comprises: acquiring a position where a terminal is located currently; and according to the position and a pre-set security policy, conducting a protection operation on user data saved in the terminal.

Description

一种保护用户数据的方法、 终端和计算机存储介质 技术领域  Method, terminal and computer storage medium for protecting user data
本发明涉及信息安全领域, 尤其涉及一种保护用户数据的方法、 终端 和计算机存储介质。 背景技术  The present invention relates to the field of information security, and in particular, to a method, a terminal, and a computer storage medium for protecting user data. Background technique
随着终端设备处理能力的提升以及体积的减小, 越来越多的用户会将 个人的隐私信息以及社交信息等数据保存在随身携带的终端设备中, 而社 会环境的复杂, 容易造成终端设备的遗失, 从而使得用户数据泄露的风险 和危害也越来越大; 并且, 很有可能会被他人读取以及非法利用, 从而造 成用户隐私信息的泄露。 发明内容  With the improvement of the processing capability of the terminal device and the reduction of the volume, more and more users will save personal privacy information and social information in the terminal device that is carried with them, and the social environment is complicated, which is easy to cause the terminal device. The loss, the risk and harm of user data leakage is also increasing; and, it is likely to be read and illegally used by others, resulting in the leakage of user privacy information. Summary of the invention
为解决现有存在的技术问题, 本发明实施例期望提供一种保护用户数 据的方法、 终端和计算机存储介质, 能保护终端中存储的用户数据, 避免 用户的隐私信息泄露。  In order to solve the existing technical problems, embodiments of the present invention are expected to provide a method, a terminal, and a computer storage medium for protecting user data, which can protect user data stored in the terminal and prevent leakage of privacy information of the user.
本发明实施例的技术方案是这样实现的:  The technical solution of the embodiment of the present invention is implemented as follows:
第一方面, 本发明实施例提供了一种保护用户数据的方法, 所述方法 包括:  In a first aspect, an embodiment of the present invention provides a method for protecting user data, where the method includes:
获取终端当前所在的位置; 保护操作。  Get the current location of the terminal; protect the operation.
第二方面, 本发明实施例提供了一种终端, 包括保存用户数据的存储 单元, 所述终端还包括: 位置获取单元, 配置为获取所述终端当前所在的位置; In a second aspect, an embodiment of the present invention provides a terminal, including a storage unit that stores user data, where the terminal further includes: a location obtaining unit, configured to acquire a current location of the terminal;
用户数据保护单元, 配置为根据所述位置获取单元获取的位置以及预 设的安全策略对所述存储单元中的用户数据进行保护操作。  The user data protection unit is configured to perform protection operations on the user data in the storage unit according to the location acquired by the location obtaining unit and the preset security policy.
第三方面, 本发明实施例提供了一种计算机存储介质, 其中存储有计 算机程序, 该计算机程序用于执行所述的保护用户数据的方法。  In a third aspect, an embodiment of the present invention provides a computer storage medium in which a computer program is stored, the computer program being configured to execute the method for protecting user data.
本发明实施例提供了一种保护用户数据的方法、 终端和计算机存储介 质, 获取终端当前所在位置, 根据终端所在位置的不同执行相应的安全策 略, 从而保护存储在终端中的用户数据, P争低用户终端泄露用户数据的概 率和风险。 附图说明  The embodiment of the present invention provides a method for protecting user data, a terminal, and a computer storage medium, and obtains a current location of the terminal, and performs a corresponding security policy according to the location of the terminal, thereby protecting user data stored in the terminal. The probability and risk of leaking user data by low user terminals. DRAWINGS
图 1为本发明实施例提供的一种保护用户数据的方法的流程示意图; 图 2为本发明实施例提供的一种应用场景示意图;  FIG. 1 is a schematic flowchart of a method for protecting user data according to an embodiment of the present invention; FIG. 2 is a schematic diagram of an application scenario according to an embodiment of the present invention;
图 3为本发明实施例提供的一种鉴权过程示意图;  3 is a schematic diagram of an authentication process according to an embodiment of the present invention;
图 4为本发明实施例提供的一种终端的结构示意图;  FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;
图 5为本发明实施例提供的另一种终端的结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of another terminal according to an embodiment of the present invention. detailed description
在本发明实施例中, 根据终端当前所在的位置执行相应的安全策略, 从而保护存储在终端中的用户数据, P争低用户终端泄露用户数据的概率和 风险。  In the embodiment of the present invention, the corresponding security policy is executed according to the current location of the terminal, thereby protecting the user data stored in the terminal, and the probability and risk of the user terminal leaking the user data is low.
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进 行清楚、 完整地描述。  The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings.
参见图 1 , 为本发明实施例提供的一种保护用户数据的方法, 可以理解 的, 该方法可以应用在任何一个能够保存用户数据的终端设备上, 例如: 手机、 平板电脑、 笔记本电脑、 掌上电脑等, 本发明实施例对此不作具体 限定; 而用户数据也可以包括但不限于联系人、 与联系人对应短消息和通 话记录、 图片视频等多媒体信息和用户安装的应用程序等, 本发明实施例 对此也不作具体限定。 该方法可以包括: 1 is a method for protecting user data according to an embodiment of the present invention. It can be understood that the method can be applied to any terminal device capable of storing user data, such as: a mobile phone, a tablet computer, a laptop computer, or a palm. The computer or the like, the embodiment of the present invention does not specifically The user data may also include, but is not limited to, a contact, a short message and a call record corresponding to the contact, a multimedia information such as a picture video, and a user-installed application, etc., which are not specifically limited in this embodiment of the present invention. The method can include:
S101 : 获取终端当前所在的位置;  S101: Obtain a current location of the terminal;
为了能够清楚的说明技术方案, 本发明实施例以图 2所示的场景作为 具体应用场景进行说明, 其中, 该场景包括终端 21、 GPS卫星 22、 终端接 入的小区基站 23、 以及终端当前接入的无线局域网的无线接入点 24; 实线 椭圆表示小区基站 23的覆盖范围, 虚线椭圆表示无线接入点 24的覆盖范 围, 可以理解的, 此场景仅用于说明本发明实施例, 并不做任何具体限定。  In order to be able to clearly explain the technical solution, the embodiment of the present invention is described by using the scenario shown in FIG. 2 as a specific application scenario, where the scenario includes the terminal 21, the GPS satellite 22, the cell base station 23 accessed by the terminal, and the terminal currently connected. The wireless access point of the incoming wireless local area network 24; the solid ellipse indicates the coverage of the cell base station 23, and the dashed oval indicates the coverage of the wireless access point 24. It is understood that this scenario is only used to illustrate the embodiment of the present invention, and Do not make any specific restrictions.
示例性的, 在图 2所示的场景中, 获取终端 21当前所在的位置可以通 过多种方式进行实现, 包括但不限于: 终端 21中的 GPS模块通过 GPS卫 星 22获取终端 21当前的 GPS定位信息,作为终端 21当前所在的位置;也 可以通过终端 21当前接入的小区基站 23进行定位, 并将小区基站 23的定 位信息作为终端 21 当前所在的位置; 还可以通过终端 21 当前接入的无线 局域网的无线接入点 24的位置信息, 作为终端 21当前所在的位置;  For example, in the scenario shown in FIG. 2, obtaining the current location of the terminal 21 can be implemented in various manners, including but not limited to: the GPS module in the terminal 21 acquires the current GPS location of the terminal 21 through the GPS satellite 22. The information is used as the location where the terminal 21 is currently located. The location information of the cell base station 23 can be used as the location where the terminal 21 is currently located. The location information of the wireless access point 24 of the wireless local area network, as the current location of the terminal 21;
可以理解的, 由于获取终端当前所在位置的方式的不同, 所获取的位 置和所述终端真实位置之间存在一定的误差, 本实施例中, 所述终端真实 位置在获取的位置的误差范围内, 则可以将获取的位置作为所述终端当前 真实所在的位置。 如图 2 中所示, 若所述终端通过当前接入的小区基站进 行定位, 那么, 所述终端无论在小区基站覆盖范围内的哪个位置, 均以小 区基站的定位信息作为所述终端当前所在的位置, 其他获取方式得到的所 述终端当前所在位置与此类似, 不再赘述。  It can be understood that, in the embodiment, the real position of the terminal is within the error range of the acquired location, because there is a certain error between the acquired location and the real location of the terminal. Then, the obtained location can be used as the current location of the terminal. As shown in FIG. 2, if the terminal is located by the currently accessed cell base station, the location information of the cell base station is used as the current location of the terminal regardless of the location within the coverage of the cell base station. The location of the terminal obtained by other acquisition methods is similar to that of the terminal, and will not be described again.
示例性的, 获取终端当前所在的位置可以在唤醒终端屏幕的时候进行, 例如终端开机、 终端解锁等, 在此也不做具体的限定。 据进行保护操作; For example, the location where the terminal is located may be performed when the terminal screen is awakened, for example, the terminal is powered on, the terminal is unlocked, and the like, and is not specifically limited herein. According to the protection operation;
示例性的, 所述预设的安全策略具体的可以包括第一位置集, 其中包 括用户预先设置的至少一个位置信息, 第一位置集中的位置信息可以是用 户认为是安全的位置, 例如: 住所、 公司等地点; 也可以是用户认为是危 险的位置, 例如: 人多的闹市区、 郊区或者野外等地点; 本发明实施例对 此不作具体的限定, 可以理解的, 第一位置集的数量可以不止一个, 可以 根据不同情况的需要设置多个第一位置集。  Exemplarily, the preset security policy may specifically include a first location set, where the user includes at least one location information preset by the user, where the location information in the first location set may be a location that the user considers to be secure, for example: The location of the first location set is not limited by the embodiment of the present invention. For example, the location of the user is considered to be a dangerous location, for example, a location of a large number of people in a downtown area, a suburb, or a field; There may be more than one, and multiple first location sets may be set according to different situations.
因此, 根据第一位置集中的位置信息是安全的位置或者危险的位置, 所述根据所述位置以及预设的安全策略对所述终端中保存的用户数据进行 保护操作, 可以分别包括 A或者 B两种情况:  Therefore, the location information according to the first location is a secure location or a dangerous location, and the protection operation of the user data stored in the terminal according to the location and the preset security policy may include A or B respectively. Two situations:
情况 A、 若第一位置集中的位置信息是危险的位置, 那么, 当所述位 置在所述第一位置集时, 将所述终端中保存的用户数据进行隐藏, 以及当 所述位置不在所述第一位置集合时 , 将所述终端中保存的用户数据进行显 示;  Case A, if the location information in the first location set is a dangerous location, then when the location is in the first location set, the user data saved in the terminal is hidden, and when the location is not in the location When the first location set is described, the user data saved in the terminal is displayed;
具体的, 终端当前所在的位置被用户认为是危险的位置, 则将终端中 保存的用户数据进行隐藏, 当离开这个危险的位置的时候, 可以认为是安 全的 , 则不需要将用户数据进行隐藏或者可以将隐藏的用户数据进行显示。  Specifically, if the current location of the terminal is regarded as a dangerous location by the user, the user data saved in the terminal is hidden, and when leaving the dangerous location, it can be considered as safe, and the user data does not need to be hidden. Or you can display hidden user data.
情况 B、 若第一位置集中的位置信息是安全的位置, 那么, 当所述位 置在所述第一位置集时, 将所述终端中保存的用户数据进行显示, 以及当 所述位置不在所述第一位置集合时 , 将所述终端中保存的用户数据进行隐 藏;  Case B, if the location information in the first location set is a secure location, when the location is in the first location set, the user data saved in the terminal is displayed, and when the location is not in the location When the first location set is described, the user data saved in the terminal is hidden;
具体的, 终端当前所在的位置被用户认为是安全的位置, 则不需要将 用户数据进行隐藏; 当离开这个安全的位置的时候, 可以认为是危险的, 则需要将用户数据进行隐藏。  Specifically, the location where the terminal is currently located is considered to be a secure location by the user, and the user data does not need to be hidden; when leaving the secure location, it can be considered dangerous, and the user data needs to be hidden.
优选的, 用户数据中也并不全都是重要的隐私信息等数据, 例如, 终 端中的一些游戏类和新闻类的应用程序通常是不包括用户的隐私信息的, 所以, 不需要将所有的用户数据进行保护。 基于此, 该方法还可以包括, 根据至少一条所述用户数据生成用户数据组; 而用户数据组中可以通过用 户预先将重要的用户数据进行设置来得到; Preferably, not all of the user data is important information such as private information, for example, Some of the game and news applications in the terminal usually do not include the user's private information, so there is no need to protect all user data. Based on this, the method may further include: generating a user data group according to the at least one piece of the user data; and the user data group may be obtained by setting an important user data in advance by the user;
由于第一位置集的个数可以不止一个, 那么, 用户数据组的个数也可 以不止一个, 而且, 用户数据组与第一位置集可以是对应的关系; 可选的, 可以将用户数据组的标识与对应的第一位置集的标识设置成同一标号来表 示两者之间的对应的关系, 例如: 用户数据组 A与第一位置集 A之间是对 应的, 用户数据组 B与第一位置集 B是对应的, 等等。  Since the number of the first location set may be more than one, the number of user data groups may be more than one, and the user data group and the first location set may have corresponding relationships; optionally, the user data group may be The identifier of the corresponding first location set is set to the same label to indicate the corresponding relationship between the two, for example: the user data group A and the first location set A are corresponding, the user data group B and the A set of positions B is corresponding, and so on.
在得到用户数据组之后, 根据所述位置以及预设的安全策略对所述终 端中保存的用户数据进行保护操作 , 可以根据前述第一位置集中的位置信 息是安全的位置或者危险的位置, 分别包括 C或者 D两种情况:  After the user data group is obtained, the user data saved in the terminal is protected according to the location and the preset security policy, and the location information in the first location is a secure location or a dangerous location, respectively. Including C or D:
情况 C、 若第一位置集中的位置信息是危险的位置, 当所述位置在所 述第一位置集时, 将用户数据组中的用户数据进行隐藏, 以及当所述位置 不在所述第一位置集合时, 将所述用户数据组中的用户数据进行显示; 具体的, 终端当前所在的位置被用户认为是危险的位置, 则将用户数 据组中的用户数据进行隐藏, 当离开这个危险的位置的时候, 可以认为是 安全的, 则不需要将用户数据组中的用户数据进行隐藏、 或者可以将隐藏 的用户数据组中的用户数据进行显示。  Case C, if the location information in the first location set is a dangerous location, when the location is in the first location set, hiding user data in the user data group, and when the location is not in the first location When the location is set, the user data in the user data group is displayed; specifically, if the current location of the terminal is regarded as a dangerous location by the user, the user data in the user data group is hidden, when leaving the dangerous When the location is considered to be safe, it is not necessary to hide the user data in the user data group, or the user data in the hidden user data group can be displayed.
情况 D、 若第一位置集中的位置信息是安全的位置, 当所述位置在所 述第一位置集时, 将所述用户数据组中的用户数据进行显示, 以及当所述 位置不在所述第一位置集合时, 将所述用户数据组中的用户数据进行隐藏。  Case D, if the location information in the first location set is a secure location, when the location is in the first location set, displaying user data in the user data group, and when the location is not in the location When the first location is aggregated, the user data in the user data group is hidden.
具体的, 终端当前所在的位置被用户认为是安全的位置, 则不需要将 用户数据组中的用户数据进行隐藏; 当离开这个安全的位置的时候, 可以 认为是危险的, 则需要将用户数据组中的用户数据进行隐藏。 示例性的, 当用户数据隐藏之后, 如果需要将隐藏的用户数据进行显 示, 那么, 还需要包括额外的鉴权过程, 具体的鉴权过程如图 3 所示, 可 以包括: Specifically, the current location of the terminal is considered by the user to be a secure location, and the user data in the user data group does not need to be hidden; when leaving the secure location, it can be considered dangerous, and the user data needs to be User data in the group is hidden. For example, after the user data is hidden, if the hidden user data needs to be displayed, an additional authentication process needs to be included. The specific authentication process is as shown in FIG. 3, and may include:
S301 : 接收用户的鉴权信息并进行验证;  S301: Receive user authentication information and perform verification;
具体的, 鉴权信息可以是用户输入的密码, 或者是用户的标志性信息, 比如: 可以将用户的脸型照片或者声音等特征信息进行预保存, 接着通过 摄像头拍摄用户头像或者用麦克风采集用户发出的声音来获得鉴权信息; 然后, 将这些鉴权信息与预保存的特征信息进行比对; 比对一致则说明验 证成功, 比对不一致则说明 ^ 证不成功。  Specifically, the authentication information may be a password input by the user, or an iconic information of the user, for example: pre-save the feature information such as the user's face photo or sound, and then capture the user's avatar through the camera or collect the user through the microphone. The voice is used to obtain the authentication information; then, the authentication information is compared with the pre-stored feature information; if the comparison is consistent, the verification is successful, and if the comparison is inconsistent, the certificate is unsuccessful.
S302: 当所述鉴权信息验证成功时, 将所述隐藏的用户数据进行显示, 结束当前处理流程。  S302: When the authentication information is successfully verified, the hidden user data is displayed, and the current processing flow is ended.
当鉴权信息验证成功, 说明当前操作终端的为用户, 因此将隐藏的用 户数据进行显示。  When the authentication information is successfully verified, the current operating terminal is the user, so the hidden user data is displayed.
S303 : 当所述鉴权信息验证不成功时, 将所述终端恢复出厂设置或者 将所述终端的存储单元进行格式化。  S303: When the authentication information verification is unsuccessful, the terminal is restored to a factory setting or the storage unit of the terminal is formatted.
当鉴权信息验证不成功, 则说明当前终端不在用户身上, 很有可能已 经遗失, 因此为了保护用户数据中的用户隐私, 可以将终端恢复出厂设置 或者格式化存储单元, 从而消除用户数据, 保证了用户隐私不被泄露。  When the authentication information is unsuccessful, it indicates that the current terminal is not on the user, and it is likely to have been lost. Therefore, in order to protect the user privacy in the user data, the terminal can be restored to the factory settings or the storage unit can be formatted, thereby eliminating user data and ensuring User privacy is not compromised.
本发明实施例提供了一种保护用户数据的方法, 根据终端所在位置执 行相应的安全策略, 从而保护存储在终端中的用户数据, 降低用户终端泄 露用户数据的概率和风险。  The embodiment of the present invention provides a method for protecting user data, and performs a corresponding security policy according to the location of the terminal, thereby protecting user data stored in the terminal, and reducing the probability and risk of the user terminal leaking user data.
参见图 4, 为本发明实施例提供的一种终端 40, 终端 40可以包括保存 用户数据的存储单元 401 ,需要说明的是,存储单元 401具体形式可以包括: 可读存储设备、 可读存储基片、 随机或串行存取存储器阵列或设备、 或以 上的一个或多个的组合; 除了存储单元 401之外, 终端 40还可以包括位置获取单元 402和用户 数据保护单元 403 , 其中, Referring to FIG. 4, a terminal 40 is provided in the embodiment of the present invention. The terminal 40 may include a storage unit 401 for storing user data. The specific form of the storage unit 401 may include: a readable storage device and a readable storage base. a chip, random or serial access memory array or device, or a combination of one or more of the above; In addition to the storage unit 401, the terminal 40 may further include a location obtaining unit 402 and a user data protection unit 403, where
位置获取单元 402, 配置为获取所述终端当前所在的位置;  The location obtaining unit 402 is configured to acquire a current location of the terminal.
用户数据保护单元 403 ,配置为根据位置获取单元 402获取的位置以及 预设的安全策略对存储单元 401中的用户数据进行保护操作。  The user data protection unit 403 is configured to perform protection operations on the user data in the storage unit 401 according to the location acquired by the location obtaining unit 402 and the preset security policy.
示例性的, 与前述的方法实施例相同, 为了能够清楚的说明技术方案, 本发明实施例通过以图 2所示的场景作为该方法具体应用的场景进行说明, 图 2 的具体说明与前述实施例一致, 在此不再赘述。 需要说明的是, 图 2 中所描述的终端 21与本实施例中所描述的终端 40为同一个概念, 可以理 解的, 此场景仅用于说明本发明的实施例, 并不做任何具体限定。  Illustratively, in the same manner as the foregoing method embodiment, in order to clearly illustrate the technical solution, the embodiment of the present invention is described by using the scenario shown in FIG. 2 as a specific application scenario of the method, and the specific description of FIG. 2 and the foregoing implementation. The examples are consistent and will not be described here. It should be noted that the terminal 21 described in FIG. 2 is the same as the terminal 40 described in this embodiment. It is to be understood that the scenario is only used to describe the embodiment of the present invention, and is not specifically limited. .
示例性的, 在图 2所示的场景中, 位置获取单元 402可以通过多种方 式获取终端 40当前所在的位置, 包括但不限于: 通过终端 40中的 GPS模 块通过 GPS卫星 22获取终端当前的 GPS定位信息作为终端 40当前所在的 位置; 也可以通过终端 40当前接入的小区基站 23进行定位, 并将小区基 站 23的定位信息作为终端 40当前所在的位置; 还可以通过终端 40当前接 入的无线局域网的无线接入点 24的位置信息作为终端 40当前所在的位置; 可以理解的, 由于获取终端当前所在位置的方式的不同, 所获取的位 置和所述终端真实位置之间存在一定的误差, 本实施例中, 所述终端真实 位置在获取的位置的误差范围内, 则位置获取单元 402 可以将获取的位置 作为终端 40当前真实所在的位置。 如图 2中所示, 若位置获取单元 402通 过当前接入的小区基站进行定位, 那么终端 40无论在小区基站覆盖范围内 的哪个位置, 位置获取单元 402均以小区基站的定位信息作为终端 40当前 所在的位置; 位置获取单元 402通过其他获取方式得到的终端 40当前所在 位置与此类似, 不再赘述。  For example, in the scenario shown in FIG. 2, the location obtaining unit 402 can obtain the location where the terminal 40 is currently located in multiple manners, including but not limited to: acquiring the current terminal of the terminal through the GPS satellite 22 through the GPS module in the terminal 40. The GPS location information is used as the location where the terminal 40 is currently located. The location information of the cell base station 23 is also used as the location where the terminal 40 is currently located. The location information of the wireless access point 24 of the wireless local area network is the current location of the terminal 40. It can be understood that there is a certain difference between the acquired location and the real location of the terminal due to the different manners of obtaining the current location of the terminal. The error, in this embodiment, the real position of the terminal is within the error range of the acquired location, and the location obtaining unit 402 can use the acquired location as the current location of the terminal 40. As shown in FIG. 2, if the location acquiring unit 402 performs positioning by the currently accessed cell base station, the location acquiring unit 402 uses the positioning information of the cell base station as the terminal 40 regardless of the location within the coverage of the cell base station. The current location of the terminal 40 obtained by the location obtaining unit 402 by other acquisition methods is similar to that of the terminal 40, and will not be described again.
示例性的, 位置获取单元 402获取终端 40当前所在的位置可以在唤醒 终端 40屏幕的时候进行, 例如终端 40开机、 终端 40解锁等, 在此也不做 具体的限定。 Exemplarily, the location obtaining unit 402 acquires the current location of the terminal 40 and can wake up. When the terminal 40 is on the screen, for example, the terminal 40 is powered on, the terminal 40 is unlocked, and the like, and is not specifically limited herein.
示例性的, 所述预设的安全策略具体的可以包括第一位置集, 其中包 括用户预设设置的至少一个位置信息, 第一位置集中的位置信息可以是用 户认为是安全的位置, 例如住所, 公司等地点; 也可以是用户认为是危险 的位置, 例如人多的闹市区, 郊区或者野外等地点, 本发明实施例对此也 不作具体的限定, 可以理解的, 第一位置集的数量可以不止一个, 可以根 据不同情况的需要设置多个第一位置集。  Exemplarily, the preset security policy may specifically include a first location set, where the user includes at least one location information preset by the user, where the location information in the first location set may be a location that the user considers to be secure, such as a residence. The location of the company or the like; may also be a location that the user considers to be dangerous, such as a downtown area, a suburb or a field, etc., which is not specifically limited in the embodiment of the present invention. It can be understood that the number of the first location set is There may be more than one, and multiple first location sets may be set according to different situations.
因此, 根据第一位置集中的位置信息是安全的位置或者危险的位置, 用户数据保护单元 403具体可以在 A或者 B两种情况下对存储单元 401中 保存的用户数据进行保护操作:  Therefore, the user data protection unit 403 can specifically protect the user data stored in the storage unit 401 in either A or B according to the location information in the first location being a secure location or a dangerous location:
情况 A、 若第一位置集中的位置信息是危险的位置, 那么用户数据保 护单元 403具体配置为, 当所述位置在所述第一位置集时, 将存储单元 401 中保存的用户数据进行隐藏, 以及当所述位置不在所述第一位置集合时, 将存储单元 401中保存的用户数据进行显示;  Case A: If the location information in the first location set is a dangerous location, the user data protection unit 403 is specifically configured to hide the user data saved in the storage unit 401 when the location is in the first location set. And displaying the user data saved in the storage unit 401 when the location is not in the first location set;
具体的, 终端 40当前所在的位置被用户认为是危险的位置, 用户数据 保护单元 403可以将存储单元 401 中保存的用户数据进行隐藏, 当离开这 个危险的位置的时候, 可以认为是安全的, 因此用户数据保护单元 403 不 需要将用户数据进行隐藏或者可以将隐藏的用户数据进行显示。  Specifically, the location where the terminal 40 is currently located is considered to be a dangerous location by the user, and the user data protection unit 403 can hide the user data saved in the storage unit 401, and when leaving the dangerous location, it can be considered as safe. Therefore, the user data protection unit 403 does not need to hide the user data or can display the hidden user data.
情况 B、 若第一位置集中的位置信息是安全的位置, 那么用户数据保 护单元 403具体配置为, 当所述位置在所述第一位置集时, 将存储单元 401 中保存的用户数据进行显示, 以及当所述位置不在所述第一位置集合时, 将存储单元 401中保存的用户数据进行隐藏;  Case B: If the location information in the first location set is a secure location, the user data protection unit 403 is specifically configured to display the user data saved in the storage unit 401 when the location is in the first location set. And hiding the user data saved in the storage unit 401 when the location is not in the first location set;
具体的, 终端 40当前所在的位置被用户认为是安全的位置, 用户数据 保护单元 403不需要将存储的那样 401 中的用户数据进行隐藏; 当离开这 个安全的位置的时候, 可以认为是危险的, 因此用户数据保护单元 403 需 要将存储单元 401中的用户数据进行隐藏。 Specifically, the location where the terminal 40 is currently located is considered to be a secure location by the user, and the user data protection unit 403 does not need to hide the user data in the stored 401; When a secure location is considered dangerous, the user data protection unit 403 needs to hide the user data in the storage unit 401.
优选的, 存储单元 401 中的用户数据中也并不全都是重要的隐私信息 等数据, 例如, 存储单元 401 中的一些游戏类和新闻类的应用程序通常是 不包括用户的隐私信息的, 所以用户数据保护单元 403 不需要将所有的用 户数据进行保护。 因此, 如图 5所示, 终端 40还可以包括, 生成单元 404, 配置为根据存储单元 401 中的至少一条所述用户数据生成用户数据组; 而 用户数据组中可以通过用户预先将重要的用户数据进行设置来得到;  Preferably, the user data in the storage unit 401 is not all important data such as private information. For example, some game classes and news applications in the storage unit 401 generally do not include the user's private information, so The user data protection unit 403 does not need to protect all user data. Therefore, as shown in FIG. 5, the terminal 40 may further include: a generating unit 404 configured to generate a user data group according to at least one piece of the user data in the storage unit 401; and an important user may be pre-assigned by the user in the user data group Data is set to get;
由于第一位置集的个数可以不止一个, 那么用户数据组的个数也可以 不止一个, 而且, 用户数据组与第一位置集可以是对应的关系; 可选的, 可以将用户数据组的标识设置为与之对应的第一位置集的标识来表示两者 之间的对应的关系, 例如用户数据组 A与第一位置集 A之间是对应的, 用 户数据组 B与第一位置集 B是对应的, 等等。  Since the number of the first location set may be more than one, the number of user data groups may be more than one, and the user data group and the first location set may have corresponding relationships; optionally, the user data group may be The identifier is set to the identifier of the first location set corresponding thereto to represent a corresponding relationship between the two, for example, the user data group A and the first location set A are corresponding, the user data group B and the first location set B is corresponding, and so on.
在得到用户数据组之后, 用户数据保护单元 403 可以根据前述的第一 位置集中的位置信息是安全的位置或者危险的位置, 在 C或者 D两种情况 下对用户数据组中的用户数据进行保护操作:  After obtaining the user data group, the user data protection unit 403 may protect the user data in the user data group in the C or D case according to the foregoing location information in the first location set being a secure location or a dangerous location. Operation:
情况 C、 若第一位置集中的位置信息是危险的位置, 那么用户数据保 护单元 403 具体配置为, 当所述位置在所述第一位置集时, 将用户数据组 中的用户数据进行隐藏, 以及当所述位置不在所述第一位置集合时, 将所 述用户数据组中的用户数据进行显示;  Case C: If the location information in the first location set is a dangerous location, the user data protection unit 403 is specifically configured to: when the location is in the first location set, hide user data in the user data group, And displaying, when the location is not in the first location set, user data in the user data group;
具体的, 终端 40当前所在的位置被用户认为是危险的位置, 用户数据 保护单元 403 可以将用户数据组中的用户数据进行隐藏, 当离开这个危险 的位置的时候, 可以认为是安全的, 用户数据保护单元 403 不需要将用户 数据组中的用户数据进行隐藏或者可以将隐藏的用户数据组中的用户数据 进行显示。 情况 D、 若第一位置集中的位置信息是安全的位置, 那么用户数据保 护单元 403 具体配置为, 当所述位置在所述第一位置集时, 将所述用户数 据组中的用户数据进行显示, 以及当所述位置不在所述第一位置集合时, 将所述用户数据组中的用户数据进行隐藏。 Specifically, the location where the terminal 40 is currently located is considered to be a dangerous location by the user, and the user data protection unit 403 can hide the user data in the user data group, and when leaving the dangerous location, the user can be considered as a safe user. The data protection unit 403 does not need to hide user data in the user data group or can display user data in the hidden user data group. Case D: If the location information in the first location set is a secure location, the user data protection unit 403 is specifically configured to: when the location is in the first location set, perform user data in the user data group Displaying, and hiding user data in the user data set when the location is not in the first location set.
具体的, 终端 40当前所在的位置被用户认为是安全的位置, 用户数据 保护单元 403 不需要将用户数据组中的用户数据进行隐藏; 当离开这个安 全的位置的时候, 可以认为是危险的, 用户数据保护单元 403 需要将用户 数据组中的用户数据进行隐藏。  Specifically, the location where the terminal 40 is currently located is considered to be a secure location by the user, and the user data protection unit 403 does not need to hide the user data in the user data group; when leaving the secure location, it can be considered dangerous. The user data protection unit 403 needs to hide the user data in the user data group.
示例性的, 当用户数据隐藏之后, 如果需要将隐藏的用户数据进行显 示, 那么终端 40还需要包括能够实施鉴权过程的单元, 可选的, 如图 5所 示, 终端 40还可以包括:  For example, after the user data is hidden, if the hidden user data needs to be displayed, the terminal 40 also needs to include a unit capable of performing an authentication process. Optionally, as shown in FIG. 5, the terminal 40 may further include:
接收单元 405 , 配置为接收用户的鉴权信息;  The receiving unit 405 is configured to receive authentication information of the user;
验证单元 406, 配置为将接收单元 405接收的鉴权信息进行验证; 具体的, 鉴权信息可以是用户输入的密码, 或者是用户的标志性信息, 比如接收单元 405可以将用户的脸型照片或者声音等特征信息进行预保存, 接着接收单元 405通过摄像头拍摄用户头像或者用麦克风采集用户发出的 声音来得到鉴权信息, 然后验证单元 406将接收单元 405接收的鉴权信息 与预保存的特征信息进行比对; 比对一致则说明验证成功, 比对不一致则 说明 3 证不成功。  The verification unit 406 is configured to verify the authentication information received by the receiving unit 405. Specifically, the authentication information may be a password input by the user or an iconic information of the user. For example, the receiving unit 405 may take the user's face photo or The feature information such as sound is pre-saved, and then the receiving unit 405 captures the user's avatar through the camera or collects the voice sent by the user with the microphone to obtain the authentication information, and then the verification unit 406 compares the authentication information received by the receiving unit 405 with the pre-saved feature information. The comparison is performed; if the comparison is consistent, the verification is successful, and if the comparison is inconsistent, the certificate is unsuccessful.
在验证单元 406对鉴权信息进行验证之后, 用户数据保护单元 403还 可以配置为,  After the verification unit 406 verifies the authentication information, the user data protection unit 403 can also be configured to
当验证单元 406对鉴权信息验证成功时, 将所述隐藏的用户数据进行 显示;  When the verification unit 406 successfully verifies the authentication information, the hidden user data is displayed;
优选的, 当验证单元 406对鉴权信息验证不成功时, 将所述终端恢复 出厂设置或者将终端 40的存储单元 401进行格式化; 具体的, 当鉴权信息通过验证单元 406验证成功, 说明当前操作终端 的为用户, 因此用户数据保护单元 403将隐藏的用户数据进行显示。 Preferably, when the verification unit 406 fails to verify the authentication information, the terminal is restored to the factory settings or the storage unit 401 of the terminal 40 is formatted; Specifically, when the authentication information is successfully verified by the verification unit 406, indicating that the current operation terminal is a user, the user data protection unit 403 displays the hidden user data.
当鉴权信息通过验证单元 406验证不成功, 则说明当前终端 40不在用 户身上, 很有可能已经遗失, 因此为了保护用户数据中的用户隐私, 用户 数据保护单元 403可以将终端 40恢复出厂设置或者格式化存储单元, 从而 消除用户数据, 保证了用户隐私不被泄露。  When the authentication information is unsuccessfully verified by the verification unit 406, it indicates that the current terminal 40 is not on the user, and is likely to have been lost. Therefore, in order to protect user privacy in the user data, the user data protection unit 403 may restore the terminal 40 to the factory settings or The storage unit is formatted to eliminate user data, ensuring that user privacy is not compromised.
本发明实施例提供了一种终端 40,通过终端 40所在的位置执行相应的 安全策略, 从而保护存储在终端 40中的用户数据, P争低用户终端泄露用户 数据的概率和风险。  The embodiment of the present invention provides a terminal 40, which performs a corresponding security policy by using the location where the terminal 40 is located, thereby protecting user data stored in the terminal 40, and competing for the probability and risk of the user terminal leaking user data.
本领域内的技术人员应明白, 本发明的实施例可提供为方法、 系统、 或计算机程序产品。 因此, 本发明可采用硬件实施例、 软件实施例、 或结 合软件和硬件方面的实施例的形式。 而且, 本发明可采用在一个或多个其 中包含有计算机可用程序代码的计算机可用存储介质 (包括但不限于磁盘 存储器和光学存储器等)上实施的计算机程序产品的形式。  Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware aspects. Moreover, the invention can take the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、 设备(系统)、 和计算机程序 产品的流程图和 /或方框图来描述的。 应理解可由计算机程序指令实现流程 图和 /或方框图中的每一流程和 /或方框、以及流程图和 /或方框图中的流程和 /或方框的结合。 可提供这些计算机程序指令到通用计算机、 专用计算机、 嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器, 使得 通过计算机或其他可编程数据处理设备的处理器执行的指令产生配置为实 现在流程图一个流程或多个流程和 /或方框图一个方框或多个方框中指定的 功能的装置。  The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart and/or block diagrams, and combinations of flow and / or blocks in the flowcharts and / or block diagrams can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine that causes configuration of instructions executed by a processor of a computer or other programmable data processing device Means for implementing the functions specified in a block or blocks of a flow or a flow and/or a block diagram of a flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理 设备以特定方式工作的计算机可读存储器中, 使得存储在该计算机可读存 储器中的指令产生包括指令装置的制造品, 该指令装置实现在流程图一个 流程或多个流程和 /或方框图一个方框或多个方框中指定的功能。 这些计算机程序指令也可装载到计算机或其他可编程数据处理设备 上, 使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机 实现的处理, 从而在计算机或其他可编程设备上执行的指令提供用于实现 在流程图一个流程或多个流程和 /或方框图一个方框或多个方框中指定的功 能的步骤。 The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The device is implemented in a flow chart A function specified in a block or blocks of a process or multiple processes and/or block diagrams. These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
相应的, 本发明实施例还提供一种计算机存储介质, 其中存储有计算 综上所述, 本发明实施例提供的保护用户数据的方法, 能够根据终端 所在位置的不同执行相应的安全策略, 从而保护存储在终端中的用户数据, Correspondingly, the embodiment of the present invention further provides a computer storage medium, wherein the method for protecting user data provided by the embodiment of the present invention is stored, and the corresponding security policy can be executed according to the location of the terminal, thereby Protect user data stored in the terminal,
P争低用户终端泄露用户数据的概率和风险。 P strives for the probability and risk of leaking user data by user terminals.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 claims
1、 一种保护用户数据的方法, 所述方法包括: 1. A method for protecting user data, the method includes:
获取终端当前所在的位置; 保护操作。 Get the current location of the terminal; protect operations.
2、 根据权利要求 1所述的方法, 其中, 所述预设的安全策略包括第一 位置集; 2. The method according to claim 1, wherein the preset security policy includes a first location set;
相应的, 所述根据所述位置以及预设的安全策略对所述终端中保存的 用户数据进行保护操作, 包括: Correspondingly, performing protection operations on the user data stored in the terminal according to the location and the preset security policy includes:
当所述位置在所述第一位置集时 , 将所述终端中保存的用户数据进行 隐藏; 当所述位置不在所述第一位置集合时, 将所述终端中保存的用户数 据进行显示; When the location is in the first location set, hide the user data saved in the terminal; when the location is not in the first location set, display the user data saved in the terminal;
或者, 当所述位置在所述第一位置集时, 将所述终端中保存的用户数 据进行显示; 当所述位置不在所述第一位置集合时, 将所述终端中保存的 用户数据进行隐藏。 Or, when the location is in the first location set, display the user data saved in the terminal; when the location is not in the first location set, display the user data saved in the terminal. hide.
3、 根据权利要求 2所述的方法, 其中, 所述方法还包括: 3. The method according to claim 2, wherein the method further includes:
根据至少一条所述用户数据生成用户数据组; 其中, 所述用户数据组 与所述第一位置集相对应; Generate a user data group according to at least one piece of user data; wherein, the user data group corresponds to the first location set;
相应的, 所述根据所述位置以及预设的安全策略对所述终端中保存的 用户数据进行保护操作, 包括: Correspondingly, performing protection operations on the user data stored in the terminal according to the location and the preset security policy includes:
当所述位置在所述第一位置集时, 将用户数据组中的用户数据进行隐 藏; 当所述位置不在所述第一位置集合时, 将所述用户数据组中的用户数 据进行显示; When the location is in the first location set, hide the user data in the user data group; when the location is not in the first location set, display the user data in the user data group;
或者, 当所述位置在所述第一位置集时, 将所述用户数据组中的用户 数据进行显示; 当所述位置不在所述第一位置集合时, 将所述用户数据组 中的用户数据进行隐藏。 Or, when the location is in the first location set, display the user data in the user data group; when the location is not in the first location set, display the user data group User data in is hidden.
4、 根据权利要求 2或 3所述的方法, 其中, 所述方法还包括: 接收用户的鉴权信息并进行验证; 4. The method according to claim 2 or 3, wherein the method further includes: receiving the user's authentication information and verifying it;
当所述鉴权信息验证成功时, 将所述隐藏的用户数据进行显示。 When the authentication information is verified successfully, the hidden user data is displayed.
5、根据权利要求 4所述的方法, 其中, 当所述鉴权信息验证不成功时, 将所述终端恢复出厂设置或者将所述终端的存储单元进行格式化。 5. The method according to claim 4, wherein when the verification of the authentication information is unsuccessful, the terminal is restored to factory settings or the storage unit of the terminal is formatted.
6、 一种终端, 包括保存用户数据的存储单元, 其中, 所述终端还包括: 位置获取单元, 配置为获取所述终端当前所在的位置; 6. A terminal, including a storage unit for storing user data, wherein the terminal further includes: a location acquisition unit configured to acquire the current location of the terminal;
用户数据保护单元, 配置为根据所述位置获取单元获取的位置以及预 设的安全策略对所述存储单元中的用户数据进行保护操作。 The user data protection unit is configured to perform a protection operation on the user data in the storage unit according to the location obtained by the location acquisition unit and the preset security policy.
7、 根据权利要求 6所述的终端, 其中, 所述预设的安全策略包括第一 位置集; 7. The terminal according to claim 6, wherein the preset security policy includes a first location set;
相应的, 所述用户数据保护单元配置为, 当所述位置在所述第一位置 集时, 将所述存储单元中的用户数据进行隐藏; 当所述位置不在所述第一 位置集合时, 将所述存储单元中的用户数据进行显示; Correspondingly, the user data protection unit is configured to hide the user data in the storage unit when the location is in the first location set; when the location is not in the first location set, Display the user data in the storage unit;
或者, 所述用户数据保护单元配置为, 当所述位置在所述第一位置集 时, 将所述存储单元中的用户数据进行显示; 当所述位置不在所述第一位 置集合时, 将所述存储单元中的用户数据进行隐藏。 Alternatively, the user data protection unit is configured to: when the location is in the first location set, display the user data in the storage unit; when the location is not in the first location set, display The user data in the storage unit is hidden.
8、 根据权利要求 7所述的终端, 其中, 所述终端还包括生成单元, 配 置为根据所述存储单元中的至少一条所述用户数据生成用户数据组; 其中, 所述用户数据组与所述第一位置集相对应; 8. The terminal according to claim 7, wherein the terminal further includes a generating unit configured to generate a user data group according to at least one piece of user data in the storage unit; wherein the user data group is identical to the user data group. Corresponds to the first position set;
相应的, 所述用户数据保护单元配置为, 当所述位置在所述第一位置 集时, 将所述用户数据组中的用户数据进行隐藏; 当所述位置不在所述第 一位置集合时, 将所述用户数据组中的用户数据进行显示; Correspondingly, the user data protection unit is configured to hide the user data in the user data group when the location is in the first location set; when the location is not in the first location set , display the user data in the user data group;
或者, 所述用户数据保护单元配置为, 当所述位置在所述第一位置集 时, 将所述用户数据组中的用户数据进行显示; 当所述位置不在所述第一 位置集合时, 将所述用户数据组中的用户数据进行隐藏。 Alternatively, the user data protection unit is configured to: when the location is in the first location set When , the user data in the user data group is displayed; when the position is not in the first position set, the user data in the user data group is hidden.
9、 根据权利要求 7或 8所述的终端, 其中, 所述终端还包括接收单元 和验证单元, 其中, 9. The terminal according to claim 7 or 8, wherein the terminal further includes a receiving unit and a verification unit, wherein,
所述接收单元, 配置为接收用户的鉴权信息; The receiving unit is configured to receive the user's authentication information;
所述验证单元, 配置为将所述接收单元接收的鉴权信息进行验证; 所述用户数据保护单元还配置为, 当所述鉴权信息验证成功时, 将所 述隐藏的用户数据进行显示。 The verification unit is configured to verify the authentication information received by the receiving unit; the user data protection unit is also configured to display the hidden user data when the authentication information is successfully verified.
10、 根据权利要求 9所述的终端, 其中, 所述用户数据保护单元还配 置为, 当所述鉴权信息验证不成功时, 将所述终端恢复出厂设置或者将所 述终端的存储单元进行格式化。 10. The terminal according to claim 9, wherein the user data protection unit is further configured to, when the verification of the authentication information fails, restore the terminal to factory settings or restore the storage unit of the terminal. format.
11、 一种计算机存储介质, 其中存储有计算机程序, 该计算机程序用 于执行权利要求 1至 5任一项所述的保护用户数据的方法。 11. A computer storage medium in which a computer program is stored, the computer program being used to execute the method of protecting user data according to any one of claims 1 to 5.
PCT/CN2014/077826 2014-01-15 2014-05-19 Method for protecting user data, terminal and computer storage medium WO2015106513A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410018977.6 2014-01-15
CN201410018977.6A CN104780530A (en) 2014-01-15 2014-01-15 A method and a terminal for protecting user data

Publications (1)

Publication Number Publication Date
WO2015106513A1 true WO2015106513A1 (en) 2015-07-23

Family

ID=53542341

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/077826 WO2015106513A1 (en) 2014-01-15 2014-05-19 Method for protecting user data, terminal and computer storage medium

Country Status (2)

Country Link
CN (1) CN104780530A (en)
WO (1) WO2015106513A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110650467B (en) * 2018-06-26 2022-03-29 华为技术有限公司 Method and device for managing user data
CN109889507B (en) * 2019-01-24 2021-08-06 印象(山东)大数据有限公司 Monitoring method and system for monitoring mailbox operation safety
CN112579107A (en) * 2020-12-24 2021-03-30 深圳须弥云图空间科技有限公司 Data hiding and calling method and device, electronic equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101004718A (en) * 2006-01-18 2007-07-25 国际商业机器公司 Method and system for eliminating content of data storage apparatus based on RFID data
CN101627396A (en) * 2007-03-09 2010-01-13 索尼爱立信移动通讯有限公司 System and method for protecting data based on geographic presence of a restricted device
CN102084372A (en) * 2008-04-01 2011-06-01 优盖提特拜克有限公司 System for monitoring the unauthorized use of a device
US20120159156A1 (en) * 2010-12-20 2012-06-21 Microsoft Corporation Tamper proof location services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101004718A (en) * 2006-01-18 2007-07-25 国际商业机器公司 Method and system for eliminating content of data storage apparatus based on RFID data
CN101627396A (en) * 2007-03-09 2010-01-13 索尼爱立信移动通讯有限公司 System and method for protecting data based on geographic presence of a restricted device
CN102084372A (en) * 2008-04-01 2011-06-01 优盖提特拜克有限公司 System for monitoring the unauthorized use of a device
US20120159156A1 (en) * 2010-12-20 2012-06-21 Microsoft Corporation Tamper proof location services

Also Published As

Publication number Publication date
CN104780530A (en) 2015-07-15

Similar Documents

Publication Publication Date Title
US11934505B2 (en) Information content viewing method and terminal
US9369441B2 (en) End-to-end secure communication system
CN104852911B (en) Safe verification method, apparatus and system
US20170208045A1 (en) Method, apparatus and system for secure data communication
US9344882B2 (en) Apparatus and methods for preventing information disclosure
US20190334721A1 (en) Mobile Terminal Privacy Protection Method and Protection Apparatus, and Mobile Terminal
US9007174B2 (en) Service identification authentication
US10659226B2 (en) Data encryption method, decryption method, apparatus, and system
US9569607B2 (en) Security verification method and apparatus
US10192060B2 (en) Display control method and apparatus and display device comprising same
US10887343B2 (en) Processing method for preventing copy attack, and server and client
CN105634737B (en) Data transmission method, terminal and system
WO2016045548A1 (en) Data synchronization method and device
JP2019503137A (en) Apparatus and method for detecting false advertiser in wireless communication system
WO2017063517A1 (en) Near field communication establishing method and device
CN105281907B (en) Encrypted data processing method and device
US11652640B2 (en) Systems and methods for out-of-band authenticity verification of mobile applications
CN106060098B (en) Processing method, processing unit and the processing system of identifying code
WO2016209370A1 (en) Handling risk events for a mobile device
CN104065648A (en) Data processing method of voice communication
WO2015106513A1 (en) Method for protecting user data, terminal and computer storage medium
US20150223053A1 (en) Enabling Learning Access on a Mobile Device
CN103916471A (en) Information display method and device
WO2024041261A1 (en) User identity mutual verification method and system for very high frequency data exchange system
WO2016026333A1 (en) Data protection method, device and storage medium in connection between terminal and pc

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14878592

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14878592

Country of ref document: EP

Kind code of ref document: A1