WO2016127448A1 - System switching method, system switching apparatus and terminal - Google Patents

System switching method, system switching apparatus and terminal Download PDF

Info

Publication number
WO2016127448A1
WO2016127448A1 PCT/CN2015/073439 CN2015073439W WO2016127448A1 WO 2016127448 A1 WO2016127448 A1 WO 2016127448A1 CN 2015073439 W CN2015073439 W CN 2015073439W WO 2016127448 A1 WO2016127448 A1 WO 2016127448A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
current
identification information
current system
information
Prior art date
Application number
PCT/CN2015/073439
Other languages
French (fr)
Chinese (zh)
Inventor
彭彬
叶瑞权
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2016127448A1 publication Critical patent/WO2016127448A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to the field of terminal technologies, and in particular, to a system switching method, a system switching device, and a terminal.
  • the terminal has a Personal Private Domain system (PPD system) with a lower security level and a Secure Enterprise Domain system (SED system) with a higher security level.
  • PPD system Personal Private Domain system
  • SED system Secure Enterprise Domain system
  • the security domain system is secure.
  • the security domain system of the mechanism because the data of the user such as call, short message, schedule, recording, photography and related document data are all encrypted, the security domain system is highly secure, so the user's related privacy data is leaked. The risk is small, and the standard domain system is relatively low in terms of security performance.
  • it can be used to switch between the security domain system and the standard domain system according to the real-time requirements of the terminal.
  • the security of the system with a higher security level in the terminal is limited.
  • a standard domain system with a lower security level and a security domain system with a higher security level are installed on the terminal, and the user bound to the terminal is in the security domain system.
  • the terminal is used, for some reason, the user bound to the terminal leaves the terminal, and the terminal not only does not go out of the screen but also runs in the security domain system.
  • the data in the security domain system is easy. Leaked, reducing the user experience.
  • the present invention is based on the above problems, and proposes a new technical solution.
  • the terminal can be automatically switched to a system with a lower security level, thereby avoiding a higher security level of other users.
  • Data in a system or a system with a higher security level thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • an aspect of the present invention provides a system switching method for a terminal, where a plurality of systems are installed, the method includes: determining whether a terminal operating in the current system detects the first identity. Information, when the determination result is no, controlling the terminal to be switched by the current system to the target system; otherwise, controlling the terminal to continue to run in the current system; wherein the first identification information is The identification information of the user bound to the terminal, the target system being any other system whose security level is lower than the security level of the current system.
  • a terminal installed with multiple systems runs in a current system with a higher security level.
  • the first identity information pre-stored in the terminal When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected.
  • the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level.
  • Higher system or data in a system with a higher security level thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • users are bound to the terminal. Any user other than .
  • the method before the controlling the terminal to be switched to the target system by the current system, the method further includes: determining, when the terminal does not detect the first identity identification information, determining whether the terminal is The screen is off, and when the judgment result is no, the terminal is controlled to be switched from the current system to the target system; when the determination result is YES, the terminal is controlled to maintain the current running state.
  • the terminal when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using a system with a higher security level or a higher security level.
  • the data in the system if the terminal is off, the control terminal continues to stay in the current system, because the terminal is off, indicating that the user needs to input authentication information (such as verification password, user fingerprint, etc.) to enter the current system. Therefore, the terminal is kept in the current running state to ensure the security of the data in the terminal, and if the terminal is off the screen and then switched to the target system, Before the user enters the current system, the user must manually switch from the target system to the current system. Therefore, the terminal can stay in the current system after the terminal is off, so that the user can manually switch to the current system when the terminal is used again, thereby improving the user experience. .
  • the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity information and the Whether an identity identification information matches, and determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system.
  • the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
  • the determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system specifically, if the determining result is yes, if the terminal receives Switching to the current system by the target system, controlling the terminal to directly switch from the target system to the current system; if the determination result is no, if the terminal receives the target
  • the current user is prompted to input a system switching key, and when the system switching key is correct, the terminal is controlled to be switched by the target system to the current system; otherwise, The terminal is prohibited from being switched by the target system to the current system.
  • the current system with a higher security level specifically includes: if the second identity information matches the first identity information, indicating that the user who uses the terminal again is a user bound to the terminal, the terminal can directly switch from the target system to the current In the system, the user is prevented from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the user who uses the terminal again is another user, and the system switching key needs to be correctly input. The key can enter the current system with a higher security level to prevent unauthorized users from entering the system with higher security level, thus preventing the data in the system with higher security level from being illegally stolen by illegal users, thereby improving the security performance of the terminal. .
  • the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
  • the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands
  • the at least one of the information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the terminal, thereby preventing illegal
  • the user steals information from a system with a higher security level, thereby improving the security performance of the terminal.
  • Another aspect of the present invention provides a system switching apparatus for a terminal, wherein the terminal is installed with a plurality of systems, and the apparatus includes: a determining unit, determining whether the terminal operating in the current system detects the first identity The first control unit, when the determination result is no, the terminal is controlled to be switched by the current system to the target system; otherwise, the terminal is controlled to continue to run in the current system; wherein the first identity is The information is identification information of a user bound to the terminal, and the target system is any other system whose security level is lower than the security level of the current system.
  • a terminal installed with multiple systems runs in a current system with a higher security level.
  • the first identity information pre-stored in the terminal When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected.
  • the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level.
  • Higher system or data in a system with a higher security level thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • users are bound to the terminal. Any user other than .
  • the determining unit is further configured to: if it is determined that the terminal does not detect the first identity identification information, before controlling the terminal to switch to the target system by the current system, Determining whether the terminal is off; the first control unit is further configured to: when the determination result is no, control the terminal to be switched to the target system by the current system; when the determination result is yes, control the terminal Keep the current running state.
  • the terminal when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using the system with higher security level. If the terminal is out of the screen, the control terminal continues to stay in the current system, because the terminal is off, indicating that the user needs to input authentication information (such as verification password, user fingerprint, etc.) when the terminal is used again. In order to enter the current system, the terminal can maintain the current running state to ensure the security of the data in the terminal. In addition, if the terminal switches to the target system after the screen is off, the user must also go from the target system before entering the current system. Manually switch to the current system, so the terminal can stay in the current system after the screen is off, thus avoiding the user manually switching to the current system when the terminal is used again, thereby improving the user experience.
  • authentication information such as verification password, user fingerprint, etc.
  • the determining unit is further configured to: after the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity Whether the information matches the first identification information, and according to the determination result, whether the terminal can be directly switched to the current system by the target system.
  • the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
  • the determining unit includes: a second control unit, when the determining result is yes, if the terminal receives a switching command that is switched by the target system to the current system, then controlling The terminal is directly switched by the target system to the current system; when the determination result is no, if the terminal receives a handover command that is switched by the target system to the current system, the prompting current
  • the user inputs a system switching key; the processing unit controls the terminal to be switched by the target system to the current system when the system switching key is correct, otherwise, prohibiting the terminal from being switched to the target system by the target system The current system.
  • the current system with a higher security level specifically includes: if the second identity information matches the first identity information, indicating that the user who uses the terminal again is a user bound to the terminal, the terminal can directly switch from the target system to the current In the system, the user is prevented from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the user who uses the terminal again is another user, and the system switching key needs to be correctly input. The key can enter the security In the current system with higher level, the illegal users are prevented from entering the system with higher security level, so that the data in the system with higher security level is prevented from being illegally stolen by illegal users, thereby improving the security performance of the terminal.
  • the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
  • the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands
  • the at least one of the information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the terminal, thereby preventing illegal
  • the user steals information from a system with a higher security level, thereby improving the security performance of the terminal.
  • a further aspect of the present invention provides a terminal comprising the system switching device according to any of the above aspects.
  • the terminal with multiple systems is installed in the current system with a higher security level.
  • the control terminal switches from the current system with a higher security level to the security level.
  • illegal users are prevented from using data in a system with a higher security level or a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • other users are any users other than the user bound to the terminal.
  • the terminal when the user bound to the terminal leaves the terminal, the terminal can be automatically switched to a system with a lower security level to prevent the illegal user from using a system with a higher security level or a system with a higher security level.
  • the data prevents the data in the system with higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • FIG. 1 is a flow chart showing a system switching method according to an embodiment of the present invention
  • FIG. 2 is a flow chart showing a system switching method according to another embodiment of the present invention.
  • FIG. 3 is a block diagram showing the structure of a system switching apparatus according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • FIG. 5 is a block diagram showing the structure of a terminal according to another embodiment of the present invention.
  • FIG. 1 is a flow chart showing a system switching method according to an embodiment of the present invention.
  • a system switching method includes:
  • Step 102 It is determined whether the terminal running in the current system detects the first identity identification information, and if the determination result is no, the terminal is controlled to be switched by the current system to the target system; otherwise, the terminal is controlled to continue to run in the terminal.
  • the current system wherein the first identity identification information is identity identification information of a user bound to the terminal, and the target system is any other system whose security level is lower than a security level of the current system.
  • a terminal installed with multiple systems runs in a current system with a higher security level.
  • the first identity information pre-stored in the terminal When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected.
  • the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level.
  • Higher system or data in a system with a higher security level thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • users are bound to the terminal. Any user other than .
  • the method before the controlling the terminal to be switched to the target system by the current system, the method further includes: determining, when the terminal does not detect the first identity identification information, determining whether the terminal is The screen is off, and when the judgment result is no, the terminal is controlled to be switched from the current system to the target system; when the determination result is YES, the terminal is controlled to maintain the current running state.
  • the terminal when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using a system with a higher security level or a higher security level.
  • the data in the system if the terminal is off, the control terminal continues to stay in the current system, because the terminal is off, indicating that the user needs to input authentication information (such as verification password, user fingerprint, etc.) to enter the current system. Therefore, the terminal maintains the current running state to ensure the security of the data in the terminal.
  • the terminal switches to the target system after the screen is off, the user must manually switch from the target system to the current system before entering the current system. Therefore, after the terminal is off the screen, it can stay in the current system, thereby avoiding the user manually switching to the current system when the terminal is used again, thereby improving the user experience.
  • the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity information and the Whether an identity identification information matches, and determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system.
  • the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
  • the determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system specifically, if the determining result is yes, if the terminal receives Switching to the current system by the target system, controlling the terminal to directly switch from the target system to the current system; if the determination result is no, if the terminal receives the target
  • the current user is prompted to input a system switching key, and when the system switching key is correct, the terminal is controlled to be switched by the target system to the current system; otherwise, The terminal is prohibited from being switched by the target system to the current system.
  • the terminal after the user bound to the terminal leaves the terminal, there are users (including: users bound to the terminal and other users) to use the terminal again, and whether the terminal can be directly switched to the target system with a lower security level to
  • the current system with a higher security level specifically includes: if the second identity information matches the first identity information, the user who uses the terminal again is a user bound to the terminal, The terminal can be directly switched from the target system to the current system, so as to prevent the user from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the terminal user is used again.
  • the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
  • the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands
  • the at least one type of information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the security level.
  • a high system terminal thereby preventing illegal users from stealing information in a system with a higher security level, thereby improving the security performance of the terminal.
  • FIG. 2 is a flow chart showing a system switching method according to another embodiment of the present invention.
  • a system switching method according to another embodiment of the present invention (in this embodiment, the terminal is a mobile phone, and a dual system is installed on the mobile phone, that is, a standard domain system with a lower security level and a higher security level.
  • Security domain system including:
  • Step 202 The mobile phone runs in a secure domain system (current system), so that the user bound to the mobile phone uses the mobile phone in the secure domain system.
  • a secure domain system current system
  • Step 204 The virtual layer virtual machine security monitoring mechanism is used to detect whether the user bound to the mobile phone leaves the mobile phone (determining whether the terminal running the current system detects the first identity identification information). When the determination result is yes, the process proceeds to step 206. When the result of the determination is no, the process proceeds to step 202.
  • step 206 it is detected that the user bound to the mobile phone leaves the mobile phone, and the virtual machine is automatically switched to the standard domain system with a lower security level by the security domain system with higher security level.
  • Step 208 Since the user bound to the mobile phone leaves the mobile phone, the mobile phone runs in a standard domain system with a lower security level, and prevents other users from using the mobile phone running in a security system with a higher security level.
  • Step 210 When a user uses the mobile phone again, it is determined whether the user who uses the mobile phone is a user bound to the mobile phone (determining whether the second identification information matches the first identification information), and when the determination result is yes, the step is entered. 212. When the determination result is no, the process proceeds to step 208.
  • Step 212 After the user bound to the mobile phone leaves the mobile phone, the mobile phone is used again, and the virtual machine automatically switches the mobile phone from the standard domain system to the secure domain system, so that the user bound to the mobile phone continues to use the mobile phone in the secure domain system.
  • FIG. 3 is a block diagram showing the structure of a system switching apparatus according to an embodiment of the present invention.
  • a system switching apparatus 300 is used for a terminal, and a plurality of systems are installed on the terminal.
  • the apparatus includes: a determining unit 302, determining whether a terminal running in the current system is Detecting the first identification information; the first control unit 304, when the determination result is no, controlling the terminal to be switched to the target system by the current system; otherwise, controlling the terminal to continue to run in the current system;
  • the first identity identification information is identity identification information of a user that is bound to the terminal, and the target system is any other system whose security level is lower than a security level of the current system.
  • a terminal installed with multiple systems runs in a current system with a higher security level.
  • the first identity information pre-stored in the terminal When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected.
  • the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level.
  • Higher system or data in a system with a higher security level thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
  • users are bound to the terminal. Any user other than .
  • the determining unit 302 is further configured to: if it is determined that the terminal does not detect the first identity identification information, before controlling the terminal to be switched by the current system to the target system, Determining whether the terminal is off the screen; the first control unit 304 is further configured to: when the determination result is no, control the terminal to be switched to the target system by the current system; when the determination result is yes, the control center The terminal maintains the current running state.
  • the terminal when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using a system with a higher security level or a higher security level.
  • the data in the system if the terminal is off, the control terminal continues to stay in the In the pre-system, because the terminal is off, the user needs to input authentication information (such as verification password, user fingerprint, etc.) to enter the current system. Therefore, the terminal maintains the current running state to ensure the security of the data in the terminal.
  • the terminal if the terminal is switched to the target system after the screen is off, the user must manually switch from the target system to the current system before entering the current system, so the terminal can remain in the current system after the screen is off, thereby avoiding When the user uses the terminal again, he manually switches to the current system, thereby improving the user experience.
  • the determining unit 302 is further configured to: after the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity Whether the identification information matches the first identification information, and according to the determination result, whether the terminal can be directly switched to the current system by the target system.
  • the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
  • the determining unit 302 includes: a second control unit 3022, when the determination result is yes, if the terminal receives a switching command that is switched by the target system to the current system, Controlling the terminal to be directly switched by the target system to the current system; the prompting unit 3024, when the determination result is no, if the terminal receives the switching command that is switched by the target system to the current system, Then prompting the current user to input a system switching key; the processing unit 3026, when the system switching key is correct, controlling the terminal to be switched by the target system to the current system; otherwise, prohibiting the terminal from being targeted by the target The system switches to the current system.
  • the current system with a higher security level specifically includes: if the second identity information matches the first identity information, indicating that the user who uses the terminal again is a user bound to the terminal, the terminal can directly switch from the target system to the current In the system, the user is prevented from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the user who uses the terminal again is another user, and the system switching key needs to be correctly input. The key can enter the current system with higher security level, preventing illegal users from entering the system with higher security level, thus The data in the system with higher security level is prevented from being illegally stolen by illegal users, thereby improving the security performance of the terminal.
  • the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
  • the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands
  • the at least one of the information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the terminal, thereby preventing illegal
  • the user steals information from a system with a higher security level, thereby improving the security performance of the terminal.
  • FIG. 4 shows a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • a terminal 400 includes the system switching apparatus 300 according to any one of the above aspects.
  • the terminal 400 installed with multiple systems operates in the current system with a higher security level.
  • the control terminal 400 switches from the current system with a higher security level.
  • other users are prevented from using the terminal 400 running in the system with higher security level, thereby preventing data in the system with higher security level from being illegally leaked, thereby improving the security performance of the terminal 400.
  • other users are users other than the user bound to the terminal 400.
  • FIG. 5 is a schematic structural diagram of a terminal according to another embodiment of the present invention, where a plurality of systems are installed on the terminal; as shown in FIG. 5, the terminal 5 may include: at least one processor 51, such as a CPU. At least one communication bus 52 and memory 53; the processor 51 can be combined with the system switching device 300 shown in FIG. 3; the communication bus 52 is used to implement connection communication between these components; the memory 53 can be a high-speed RAM memory, or can be non-easy Non-volatile memory, such as at least one disk storage. A set of program codes is stored in the memory 53, and the processor 51 is configured to call the program code stored in the memory 53 for performing the following operations:
  • the terminal running in the current system Determining whether the terminal running in the current system detects the first identification information, and if the determination result is no, controlling the terminal to switch from the current system to the target system; otherwise, controlling the terminal to continue Continuing to run in the current system; wherein the first identification information is identity identification information of a user bound to the terminal, and the target system is other security level lower than a security level of the current system Any system.
  • processor 51 may further perform the following operations before controlling the terminal to switch from the current system to the target system:
  • the terminal When it is determined that the terminal does not detect the first identity identification information, determine whether the terminal is off, and if the determination result is no, control the terminal to switch from the current system to the target system; When yes, the terminal is controlled to maintain the current operating state.
  • the processor 51 may further perform the following operations:
  • Determining whether the second identity identification information matches the first identity identification information and determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system.
  • the processor 51 determines, according to the determination result, whether the terminal can be directly switched to the current system by the target system, and specifically includes:
  • the terminal receives a handover command that is switched by the target system to the current system, the terminal is controlled to be directly switched by the target system to the current system;
  • the terminal receives the handover command that is switched by the target system to the current system, prompting the current user to input the system handover key, and when the system switching key is correct, controlling The terminal is handed over to the current system by the target system, otherwise the terminal is prohibited from being switched by the target system to the current system.
  • the first identity identification information and the second identity identification information include: user voice information, facial feature information, body impedance information, human body infrared information, finger pressure information, and hand binding with the terminal. At least one of the feature information.
  • the terminal can be automatically switched to a system with a lower security level to prevent the illegal user from using a system with higher security level or security.
  • Data in a higher-level system thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)

Abstract

The present invention provides a system switching method, a system switching apparatus and a terminal. The system switching method comprises: determining whether a terminal running on a current system detects first identity identification information, when a judgment result is NO, controlling the terminal to be switched from the current system to a target system, and otherwise, controlling the terminal to continuously run on the current system, wherein the first identity identification information is identity identification information of a user bound with the terminal, and the target system is any one of other systems of which the security level is lower than that of the current system. By means of the technical solution of the present invention, when a user bound with a terminal leaves the terminal, the terminal is enabled to be automatically switched to a system with a low security level, and other users are prevented from using a system with a high security level or data in the system with a high security level, thereby preventing the data in the system with a high security level from being leaked, and improving the security performance of the terminal.

Description

系统切换方法、系统切换装置和终端System switching method, system switching device and terminal
本申请要求于2015年02月10日提交中国专利局,申请号为CN201510069877.0、发明名称为“系统切换方法、系统切换装置和终端”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. CN201510069877.0, entitled "System Switching Method, System Switching Device and Terminal", which is filed on February 10, 2015, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本发明涉及终端技术领域,具体而言,涉及一种系统切换方法、系统切换装置和一种终端。The present invention relates to the field of terminal technologies, and in particular, to a system switching method, a system switching device, and a terminal.
背景技术Background technique
目前,随着技术的发展,一个终端上可以同时运行两个独立的系统,且这两个系统之间可以互相通信,但是两个系统在功能和安全性等方面有所不同。例如,终端上安装有安全等级较低的标准域(Personal Private Domain)系统(简称PPD系统)和安全等级较高的安全域(Secure Enterprise Domain)系统(简称SED系统),安全域系统是含有安全机制的安全域系统,由于通话、短信、日程、录音、照相和相关文档数据等用户的数据都是经过加密处理的,安全域系统的安全性很高,因此用户的相关隐私的数据遭到泄漏的风险很小,而标准域系统在安全性能方面就比较低,另外,用于可以根据对终端的实时需求在安全域系统和标准域系统之间进行切换。At present, with the development of technology, two independent systems can be operated simultaneously on one terminal, and the two systems can communicate with each other, but the two systems differ in function and security. For example, the terminal has a Personal Private Domain system (PPD system) with a lower security level and a Secure Enterprise Domain system (SED system) with a higher security level. The security domain system is secure. The security domain system of the mechanism, because the data of the user such as call, short message, schedule, recording, photography and related document data are all encrypted, the security domain system is highly secure, so the user's related privacy data is leaked. The risk is small, and the standard domain system is relatively low in terms of security performance. In addition, it can be used to switch between the security domain system and the standard domain system according to the real-time requirements of the terminal.
但是,终端中安全等级较高的系统的安全性有限,例如,终端上安装有安全等级较低的标准域系统和安全等级较高的安全域系统,当与终端绑定的用户在安全域系统中使用终端时,由于某种原因,与终端绑定的用户离开终端,且终端不仅未灭屏还在安全域系统中运行,此时若其他用户使用终端,则安全域系统中的数据很容易遭到泄漏,降低了用户体验。However, the security of the system with a higher security level in the terminal is limited. For example, a standard domain system with a lower security level and a security domain system with a higher security level are installed on the terminal, and the user bound to the terminal is in the security domain system. When the terminal is used, for some reason, the user bound to the terminal leaves the terminal, and the terminal not only does not go out of the screen but also runs in the security domain system. At this time, if other users use the terminal, the data in the security domain system is easy. Leaked, reducing the user experience.
因此,当与终端绑定的用户离开终端时,如何避免终端中安全等级较高的系统中的数据遭到泄漏成为亟待解决的问题。 Therefore, when a user bound to a terminal leaves the terminal, how to avoid leakage of data in a system with a higher security level in the terminal becomes an urgent problem to be solved.
发明内容Summary of the invention
本发明正是基于上述问题,提出了一种新的技术方案,当与终端绑定的用户离开终端时,可以使终端自动切换至安全等级较低的系统中,避免其他用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能。The present invention is based on the above problems, and proposes a new technical solution. When a user bound to a terminal leaves the terminal, the terminal can be automatically switched to a system with a lower security level, thereby avoiding a higher security level of other users. Data in a system or a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
有鉴于此,本发明的一方面提出了一种系统切换方法,用于终端,所述终端上安装有多个系统,所述方法包括:判断运行在当前系统的终端是否检测到第一身份识别信息,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。In view of this, an aspect of the present invention provides a system switching method for a terminal, where a plurality of systems are installed, the method includes: determining whether a terminal operating in the current system detects the first identity. Information, when the determination result is no, controlling the terminal to be switched by the current system to the target system; otherwise, controlling the terminal to continue to run in the current system; wherein the first identification information is The identification information of the user bound to the terminal, the target system being any other system whose security level is lower than the security level of the current system.
在该技术方案中,安装有多系统的终端运行在安全等级较高的当前系统中,当检测到终端中预存的第一身份信息时,说明与终端绑定的用户在使用终端,当未检测到终端中预存的第一身份信息时,说明与终端绑定的用户已经离开终端,则控制终端从安全等级较高的当前系统切换至安全等级较低的目标系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能,其中,其他用户为除与终端绑定的用户以外的任一用户。In this technical solution, a terminal installed with multiple systems runs in a current system with a higher security level. When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected. When the first identity information pre-stored in the terminal indicates that the user bound to the terminal has left the terminal, the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level. Higher system or data in a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal. Among other users, users are bound to the terminal. Any user other than .
在上述技术方案中,优选地,在控制所述终端由所述当前系统切换至目标系统之前,还包括:在判定所述终端未检测到所述第一身份识别信息时,判断所述终端是否灭屏,并在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。In the foregoing technical solution, before the controlling the terminal to be switched to the target system by the current system, the method further includes: determining, when the terminal does not detect the first identity identification information, determining whether the terminal is The screen is off, and when the judgment result is no, the terminal is controlled to be switched from the current system to the target system; when the determination result is YES, the terminal is controlled to maintain the current running state.
在该技术方案中,当终端未检测到第一身份识别信息时,如果终端没有灭屏,则终端由当前系统切换至目标系统,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,如果终端灭屏,则控制终端继续停留在当前系统中,因为终端灭屏说明用户再次使用终端时需要输入验证信息(如验证密码、用户指纹等)才能进入到当前系统中,所以终端保持在当前运行状态可以保证终端中数据的安全,除此之外,如果终端灭屏后切换至目标系统中,则 用户进入当前系统之前,还要从目标系统手动切换至当前系统中,所以终端灭屏后继续停留在当前系统中即可,从而避免用户再次使用终端时手动切换至当前系统中,从而提升用户体验。In this technical solution, when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using a system with a higher security level or a higher security level. The data in the system, if the terminal is off, the control terminal continues to stay in the current system, because the terminal is off, indicating that the user needs to input authentication information (such as verification password, user fingerprint, etc.) to enter the current system. Therefore, the terminal is kept in the current running state to ensure the security of the data in the terminal, and if the terminal is off the screen and then switched to the target system, Before the user enters the current system, the user must manually switch from the target system to the current system. Therefore, the terminal can stay in the current system after the terminal is off, so that the user can manually switch to the current system when the terminal is used again, thereby improving the user experience. .
在上述技术方案中,优选地,还包括:在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统。In the above technical solution, preferably, after the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity information and the Whether an identity identification information matches, and determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system.
在该技术方案中,终端切换至安全等级较低的目标系统后,如果有用户(包括:与终端绑定的用户和其他用户)使用终端,终端可以检测到第二身份识别信息,根据第二身份信息与第一身份识别信息是否匹配,确定终端是否直接由目标系统切换至当前系统中。In this technical solution, after the terminal switches to the target system with a lower security level, if a user (including: a user bound to the terminal and other users) uses the terminal, the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
在上述技术方案中,优选地,所述根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统,具体包括:在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥,并在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。In the above technical solution, preferably, the determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system, specifically, if the determining result is yes, if the terminal receives Switching to the current system by the target system, controlling the terminal to directly switch from the target system to the current system; if the determination result is no, if the terminal receives the target When the system switches to the switching command of the current system, the current user is prompted to input a system switching key, and when the system switching key is correct, the terminal is controlled to be switched by the target system to the current system; otherwise, The terminal is prohibited from being switched by the target system to the current system.
在该技术方案中,当与终端绑定的用户离开终端后,有用户(包括:与终端绑定的用户和其他用户)再次使用终端,终端是否能够直接由安全等级较低的目标系统切换至安全等级较高的当前系统,具体包括:如果第二身份信息与第一身份识别信息之间匹配,说明再次使用终端的用户为与终端绑定的用户,则终端可以直接由目标系统切换至当前系统中,避免用户手动切换至当前系统中,从而使终端更加智能,如果第二身份信息与第一身份识别信息之间不匹配,说明再次使用终端的用户为其他用户,需要正确输入系统切换密钥才能进入安全等级较高的当前系统中,防止非法用户进入到安全等级较高的系统中,从而避免安全等级较高的系统中的数据遭到非法用户的非法窃取,进而提升终端的安全性能。 In this technical solution, after the user bound to the terminal leaves the terminal, there are users (including: users bound to the terminal and other users) to use the terminal again, and whether the terminal can be directly switched to the target system with a lower security level to The current system with a higher security level specifically includes: if the second identity information matches the first identity information, indicating that the user who uses the terminal again is a user bound to the terminal, the terminal can directly switch from the target system to the current In the system, the user is prevented from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the user who uses the terminal again is another user, and the system switching key needs to be correctly input. The key can enter the current system with a higher security level to prevent unauthorized users from entering the system with higher security level, thus preventing the data in the system with higher security level from being illegally stolen by illegal users, thereby improving the security performance of the terminal. .
在上述技术方案中,优选地,所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。In the above technical solution, preferably, the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
在该技术方案中,第一身份识别信息和第二身份识别信息包括但不限于:与终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息,使终端可以根据第一身份识别信息和第二身份识别信息准确地辨认使用终端的用户是否为与终端绑定的用户,避免非法用户使用终端,从而防止非法用户窃取安全等级较高的系统中的信息,进而提升终端的安全性能。In the technical solution, the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands The at least one of the information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the terminal, thereby preventing illegal The user steals information from a system with a higher security level, thereby improving the security performance of the terminal.
本发明的另一方面提出了一种系统切换装置,用于终端,所述终端上安装有多个系统,所述装置包括:判断单元,判断运行在当前系统的终端是否检测到第一身份识别信息;第一控制单元,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。Another aspect of the present invention provides a system switching apparatus for a terminal, wherein the terminal is installed with a plurality of systems, and the apparatus includes: a determining unit, determining whether the terminal operating in the current system detects the first identity The first control unit, when the determination result is no, the terminal is controlled to be switched by the current system to the target system; otherwise, the terminal is controlled to continue to run in the current system; wherein the first identity is The information is identification information of a user bound to the terminal, and the target system is any other system whose security level is lower than the security level of the current system.
在该技术方案中,安装有多系统的终端运行在安全等级较高的当前系统中,当检测到终端中预存的第一身份信息时,说明与终端绑定的用户在使用终端,当未检测到终端中预存的第一身份信息时,说明与终端绑定的用户已经离开终端,则控制终端从安全等级较高的当前系统切换至安全等级较低的目标系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能,其中,其他用户为除与终端绑定的用户以外的任一用户。In this technical solution, a terminal installed with multiple systems runs in a current system with a higher security level. When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected. When the first identity information pre-stored in the terminal indicates that the user bound to the terminal has left the terminal, the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level. Higher system or data in a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal. Among other users, users are bound to the terminal. Any user other than .
在上述技术方案中,优选地,所述判断单元还用于:在控制所述终端由所述当前系统切换至目标系统之前,若判定所述终端未检测到所述第一身份识别信息,则判断所述终端是否灭屏;所述第一控制单元还用于:在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。In the above technical solution, preferably, the determining unit is further configured to: if it is determined that the terminal does not detect the first identity identification information, before controlling the terminal to switch to the target system by the current system, Determining whether the terminal is off; the first control unit is further configured to: when the determination result is no, control the terminal to be switched to the target system by the current system; when the determination result is yes, control the terminal Keep the current running state.
在该技术方案中,当终端未检测到第一身份识别信息时,如果终端没有灭屏,则终端由当前系统切换至目标系统,避免非法用户使用安全等级较高的系 统或安全等级较高的系统中的数据,如果终端灭屏,则控制终端继续停留在当前系统中,因为终端灭屏说明用户再次使用终端时需要输入验证信息(如验证密码、用户指纹等)才能进入到当前系统中,所以终端保持在当前运行状态可以保证终端中数据的安全,除此之外,如果终端灭屏后切换至目标系统中,则用户进入当前系统之前,还要从目标系统手动切换至当前系统中,所以终端灭屏后继续停留在当前系统中即可,从而避免用户再次使用终端时手动切换至当前系统中,从而提升用户体验。In the technical solution, when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using the system with higher security level. If the terminal is out of the screen, the control terminal continues to stay in the current system, because the terminal is off, indicating that the user needs to input authentication information (such as verification password, user fingerprint, etc.) when the terminal is used again. In order to enter the current system, the terminal can maintain the current running state to ensure the security of the data in the terminal. In addition, if the terminal switches to the target system after the screen is off, the user must also go from the target system before entering the current system. Manually switch to the current system, so the terminal can stay in the current system after the screen is off, thus avoiding the user manually switching to the current system when the terminal is used again, thereby improving the user experience.
在上述技术方案中,优选地,所述判断单元还用于:在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来控制所述终端是否能够直接由所述目标系统切换至所述当前系统。In the above technical solution, preferably, the determining unit is further configured to: after the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity Whether the information matches the first identification information, and according to the determination result, whether the terminal can be directly switched to the current system by the target system.
在该技术方案中,终端切换至安全等级较低的目标系统后,如果有用户(包括:与终端绑定的用户和其他用户)使用终端,终端可以检测到第二身份识别信息,根据第二身份信息与第一身份识别信息是否匹配,确定终端是否直接由目标系统切换至当前系统中。In this technical solution, after the terminal switches to the target system with a lower security level, if a user (including: a user bound to the terminal and other users) uses the terminal, the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
在上述技术方案中,优选地,所述判断单元包括:第二控制单元,在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;提示单元,在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥;处理单元,在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。In the above technical solution, preferably, the determining unit includes: a second control unit, when the determining result is yes, if the terminal receives a switching command that is switched by the target system to the current system, then controlling The terminal is directly switched by the target system to the current system; when the determination result is no, if the terminal receives a handover command that is switched by the target system to the current system, the prompting current The user inputs a system switching key; the processing unit controls the terminal to be switched by the target system to the current system when the system switching key is correct, otherwise, prohibiting the terminal from being switched to the target system by the target system The current system.
在该技术方案中,当与终端绑定的用户离开终端后,有用户(包括:与终端绑定的用户和其他用户)再次使用终端,终端是否能够直接由安全等级较低的目标系统切换至安全等级较高的当前系统,具体包括:如果第二身份信息与第一身份识别信息之间匹配,说明再次使用终端的用户为与终端绑定的用户,则终端可以直接由目标系统切换至当前系统中,避免用户手动切换至当前系统中,从而使终端更加智能,如果第二身份信息与第一身份识别信息之间不匹配,说明再次使用终端的用户为其他用户,需要正确输入系统切换密钥才能进入安 全等级较高的当前系统中,防止非法用户进入到安全等级较高的系统中,从而避免安全等级较高的系统中的数据遭到非法用户的非法窃取,进而提升终端的安全性能。In this technical solution, after the user bound to the terminal leaves the terminal, there are users (including: users bound to the terminal and other users) to use the terminal again, and whether the terminal can be directly switched to the target system with a lower security level to The current system with a higher security level specifically includes: if the second identity information matches the first identity information, indicating that the user who uses the terminal again is a user bound to the terminal, the terminal can directly switch from the target system to the current In the system, the user is prevented from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the user who uses the terminal again is another user, and the system switching key needs to be correctly input. The key can enter the security In the current system with higher level, the illegal users are prevented from entering the system with higher security level, so that the data in the system with higher security level is prevented from being illegally stolen by illegal users, thereby improving the security performance of the terminal.
在上述技术方案中,优选地,所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。In the above technical solution, preferably, the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
在该技术方案中,第一身份识别信息和第二身份识别信息包括但不限于:与终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息,使终端可以根据第一身份识别信息和第二身份识别信息准确地辨认使用终端的用户是否为与终端绑定的用户,避免非法用户使用终端,从而防止非法用户窃取安全等级较高的系统中的信息,进而提升终端的安全性能。In the technical solution, the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands The at least one of the information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the terminal, thereby preventing illegal The user steals information from a system with a higher security level, thereby improving the security performance of the terminal.
本发明的又一方面提出了一种终端,包括如上述任一项技术方案所述的系统切换装置。A further aspect of the present invention provides a terminal comprising the system switching device according to any of the above aspects.
在该技术方案中,安装有多系统的终端运行在安全等级较高的当前系统中,当与终端绑定的用户已经离开终端,则控制终端从安全等级较高的当前系统切换至安全等级较低的目标系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能,其中,其他用户为除与终端绑定的用户以外的任一用户。In the technical solution, the terminal with multiple systems is installed in the current system with a higher security level. When the user bound to the terminal has left the terminal, the control terminal switches from the current system with a higher security level to the security level. In a low target system, illegal users are prevented from using data in a system with a higher security level or a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal. Among them, other users are any users other than the user bound to the terminal.
通过本发明的技术方案,当与终端绑定的用户离开终端时,可以使终端自动切换至安全等级较低的系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能。With the technical solution of the present invention, when the user bound to the terminal leaves the terminal, the terminal can be automatically switched to a system with a lower security level to prevent the illegal user from using a system with a higher security level or a system with a higher security level. The data prevents the data in the system with higher security level from being illegally leaked, thereby improving the security performance of the terminal.
附图说明DRAWINGS
图1示出了根据本发明的一个实施例的系统切换方法的流程示意图;1 is a flow chart showing a system switching method according to an embodiment of the present invention;
图2示出了根据本发明的另一个实施例的系统切换方法的流程示意图; 2 is a flow chart showing a system switching method according to another embodiment of the present invention;
图3示出了根据本发明的一个实施例的系统切换装置的结构示意图;FIG. 3 is a block diagram showing the structure of a system switching apparatus according to an embodiment of the present invention; FIG.
图4示出了根据本发明的一个实施例的终端的结构示意图;FIG. 4 is a schematic structural diagram of a terminal according to an embodiment of the present invention; FIG.
图5示出了根据本发明的另一个实施例的终端的结构示意图。FIG. 5 is a block diagram showing the structure of a terminal according to another embodiment of the present invention.
具体实施方式detailed description
为了可以更清楚地理解本发明的上述目的、特征和优点,下面结合附图和具体实施方式对本发明进行进一步的详细描述。需要说明的是,在不冲突的情况下,本申请的实施例及实施例中的特征可以相互组合。The above described objects, features and advantages of the present invention will become more apparent from the detailed description of the appended claims. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
在下面的描述中阐述了很多具体细节以便于充分理解本发明,但是,本发明还可以采用其他不同于在此描述的其他方式来实施,因此,本发明的保护范围并不受下面公开的具体实施例的限制。In the following description, numerous specific details are set forth in order to provide a full understanding of the invention, but the invention may be practiced otherwise than as described herein. Limitations of the embodiments.
图1示出了根据本发明的一个实施例的系统切换方法的流程示意图。FIG. 1 is a flow chart showing a system switching method according to an embodiment of the present invention.
如图1所示,根据本发明的一个实施例的系统切换方法,包括:As shown in FIG. 1, a system switching method according to an embodiment of the present invention includes:
步骤102,判断运行在当前系统的终端是否检测到第一身份识别信息,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。Step 102: It is determined whether the terminal running in the current system detects the first identity identification information, and if the determination result is no, the terminal is controlled to be switched by the current system to the target system; otherwise, the terminal is controlled to continue to run in the terminal. The current system; wherein the first identity identification information is identity identification information of a user bound to the terminal, and the target system is any other system whose security level is lower than a security level of the current system.
在该技术方案中,安装有多系统的终端运行在安全等级较高的当前系统中,当检测到终端中预存的第一身份信息时,说明与终端绑定的用户在使用终端,当未检测到终端中预存的第一身份信息时,说明与终端绑定的用户已经离开终端,则控制终端从安全等级较高的当前系统切换至安全等级较低的目标系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能,其中,其他用户为除与终端绑定的用户以外的任一用户。In this technical solution, a terminal installed with multiple systems runs in a current system with a higher security level. When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected. When the first identity information pre-stored in the terminal indicates that the user bound to the terminal has left the terminal, the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level. Higher system or data in a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal. Among other users, users are bound to the terminal. Any user other than .
在上述技术方案中,优选地,在控制所述终端由所述当前系统切换至目标系统之前,还包括:在判定所述终端未检测到所述第一身份识别信息时,判断所述终端是否灭屏,并在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。 In the foregoing technical solution, before the controlling the terminal to be switched to the target system by the current system, the method further includes: determining, when the terminal does not detect the first identity identification information, determining whether the terminal is The screen is off, and when the judgment result is no, the terminal is controlled to be switched from the current system to the target system; when the determination result is YES, the terminal is controlled to maintain the current running state.
在该技术方案中,当终端未检测到第一身份识别信息时,如果终端没有灭屏,则终端由当前系统切换至目标系统,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,如果终端灭屏,则控制终端继续停留在当前系统中,因为终端灭屏说明用户再次使用终端时需要输入验证信息(如验证密码、用户指纹等)才能进入到当前系统中,所以终端保持在当前运行状态可以保证终端中数据的安全,除此之外,如果终端灭屏后切换至目标系统中,则用户进入当前系统之前,还要从目标系统手动切换至当前系统中,所以终端灭屏后继续停留在当前系统中即可,从而避免用户再次使用终端时手动切换至当前系统中,从而提升用户体验。In this technical solution, when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using a system with a higher security level or a higher security level. The data in the system, if the terminal is off, the control terminal continues to stay in the current system, because the terminal is off, indicating that the user needs to input authentication information (such as verification password, user fingerprint, etc.) to enter the current system. Therefore, the terminal maintains the current running state to ensure the security of the data in the terminal. In addition, if the terminal switches to the target system after the screen is off, the user must manually switch from the target system to the current system before entering the current system. Therefore, after the terminal is off the screen, it can stay in the current system, thereby avoiding the user manually switching to the current system when the terminal is used again, thereby improving the user experience.
在上述技术方案中,优选地,还包括:在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统。In the above technical solution, preferably, after the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity information and the Whether an identity identification information matches, and determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system.
在该技术方案中,终端切换至安全等级较低的目标系统后,如果有用户(包括:与终端绑定的用户和其他用户)使用终端,终端可以检测到第二身份识别信息,根据第二身份信息与第一身份识别信息是否匹配,确定终端是否直接由目标系统切换至当前系统中。In this technical solution, after the terminal switches to the target system with a lower security level, if a user (including: a user bound to the terminal and other users) uses the terminal, the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
在上述技术方案中,优选地,所述根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统,具体包括:在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥,并在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。In the above technical solution, preferably, the determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system, specifically, if the determining result is yes, if the terminal receives Switching to the current system by the target system, controlling the terminal to directly switch from the target system to the current system; if the determination result is no, if the terminal receives the target When the system switches to the switching command of the current system, the current user is prompted to input a system switching key, and when the system switching key is correct, the terminal is controlled to be switched by the target system to the current system; otherwise, The terminal is prohibited from being switched by the target system to the current system.
在该技术方案中,当与终端绑定的用户离开终端后,有用户(包括:与终端绑定的用户和其他用户)再次使用终端,终端是否能够直接由安全等级较低的目标系统切换至安全等级较高的当前系统,具体包括:如果第二身份信息与第一身份识别信息之间匹配,说明再次使用终端的用户为与终端绑定的用户, 则终端可以直接由目标系统切换至当前系统中,避免用户手动切换至当前系统中,从而使终端更加智能,如果第二身份信息与第一身份识别信息之间不匹配,说明再次使用终端的用户为其他用户,需要正确输入系统切换密钥才能进入安全等级较高的当前系统中,防止非法用户进入到安全等级较高的系统中,从而避免安全等级较高的系统中的数据遭到非法用户的非法窃取,进而提升终端的安全性能。In this technical solution, after the user bound to the terminal leaves the terminal, there are users (including: users bound to the terminal and other users) to use the terminal again, and whether the terminal can be directly switched to the target system with a lower security level to The current system with a higher security level specifically includes: if the second identity information matches the first identity information, the user who uses the terminal again is a user bound to the terminal, The terminal can be directly switched from the target system to the current system, so as to prevent the user from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the terminal user is used again. For other users, you need to enter the system switching key correctly to enter the current system with higher security level to prevent illegal users from entering the system with higher security level, thus preventing data in the system with higher security level from being illegal. Illegal stealing, which in turn improves the security of the terminal.
在上述技术方案中,优选地,所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。In the above technical solution, preferably, the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
在该技术方案中,第一身份识别信息和第二身份识别信息包括但不限于:与终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息,使终端可以根据第一身份识别信息和第二身份识别信息准确地辨认使用终端的用户是否为与终端绑定的用户,避免非法用户使用运行在安全等级较高的系统的终端,从而防止非法用户窃取安全等级较高的系统中的信息,进而提升终端的安全性能。In the technical solution, the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands The at least one type of information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the security level. A high system terminal, thereby preventing illegal users from stealing information in a system with a higher security level, thereby improving the security performance of the terminal.
图2示出了根据本发明的另一个实施例的系统切换方法的流程示意图。FIG. 2 is a flow chart showing a system switching method according to another embodiment of the present invention.
如图2所示,根据本发明的另一个实施例的系统切换方法(在该实施例中,终端为手机,手机上安装有双系统,即安全等级较低的标准域系统和安全等级较高的安全域系统),包括:As shown in FIG. 2, a system switching method according to another embodiment of the present invention (in this embodiment, the terminal is a mobile phone, and a dual system is installed on the mobile phone, that is, a standard domain system with a lower security level and a higher security level. Security domain system), including:
步骤202,手机运行在安全域系统(当前系统)中,以供与手机绑定的用户在安全域系统中使用手机。Step 202: The mobile phone runs in a secure domain system (current system), so that the user bound to the mobile phone uses the mobile phone in the secure domain system.
步骤204,使用虚拟层虚拟机安全监测机制检测与手机绑定的用户是否离开手机(判断运行在当前系统的终端是否检测到第一身份识别信息),当判断结果为是时,进入步骤206,当判断结果为否时,进入步骤202。Step 204: The virtual layer virtual machine security monitoring mechanism is used to detect whether the user bound to the mobile phone leaves the mobile phone (determining whether the terminal running the current system detects the first identity identification information). When the determination result is yes, the process proceeds to step 206. When the result of the determination is no, the process proceeds to step 202.
步骤206,检测到与手机绑定的用户离开手机,则虚拟机由安全等级较高的安全域系统自动切换到安全等级较低的标准域系统。In step 206, it is detected that the user bound to the mobile phone leaves the mobile phone, and the virtual machine is automatically switched to the standard domain system with a lower security level by the security domain system with higher security level.
步骤208,由于与手机绑定的用户离开手机,则手机运行在安全等级较低的标准域系统中,避免其他用户使用运行在安全等级较高的安全系统中的手机。 Step 208: Since the user bound to the mobile phone leaves the mobile phone, the mobile phone runs in a standard domain system with a lower security level, and prevents other users from using the mobile phone running in a security system with a higher security level.
步骤210,当有用户再次使用手机时,判断使用手机的用户是否为与手机绑定的用户(判断第二身份识别信息与第一身份识别信息是否匹配),当判断结果为是时,进入步骤212,当判断结果为否时,进入步骤208。Step 210: When a user uses the mobile phone again, it is determined whether the user who uses the mobile phone is a user bound to the mobile phone (determining whether the second identification information matches the first identification information), and when the determination result is yes, the step is entered. 212. When the determination result is no, the process proceeds to step 208.
步骤212,与手机绑定的用户离开手机后,再次使用手机,虚拟机将手机从标准域系统自动切换到安全域系统,以供与手机绑定的用户继续在安全域系统中使用手机。Step 212: After the user bound to the mobile phone leaves the mobile phone, the mobile phone is used again, and the virtual machine automatically switches the mobile phone from the standard domain system to the secure domain system, so that the user bound to the mobile phone continues to use the mobile phone in the secure domain system.
图3示出了根据本发明的一个实施例的系统切换装置的结构示意图。FIG. 3 is a block diagram showing the structure of a system switching apparatus according to an embodiment of the present invention.
如图3所示,根据本发明的一个实施例的系统切换装置300,用于终端,所述终端上安装有多个系统,所述装置包括:判断单元302,判断运行在当前系统的终端是否检测到第一身份识别信息;第一控制单元304,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。As shown in FIG. 3, a system switching apparatus 300 according to an embodiment of the present invention is used for a terminal, and a plurality of systems are installed on the terminal. The apparatus includes: a determining unit 302, determining whether a terminal running in the current system is Detecting the first identification information; the first control unit 304, when the determination result is no, controlling the terminal to be switched to the target system by the current system; otherwise, controlling the terminal to continue to run in the current system; The first identity identification information is identity identification information of a user that is bound to the terminal, and the target system is any other system whose security level is lower than a security level of the current system.
在该技术方案中,安装有多系统的终端运行在安全等级较高的当前系统中,当检测到终端中预存的第一身份信息时,说明与终端绑定的用户在使用终端,当未检测到终端中预存的第一身份信息时,说明与终端绑定的用户已经离开终端,则控制终端从安全等级较高的当前系统切换至安全等级较低的目标系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能,其中,其他用户为除与终端绑定的用户以外的任一用户。In this technical solution, a terminal installed with multiple systems runs in a current system with a higher security level. When the first identity information pre-stored in the terminal is detected, it indicates that the user bound to the terminal is using the terminal when not detected. When the first identity information pre-stored in the terminal indicates that the user bound to the terminal has left the terminal, the control terminal switches from the current system with a higher security level to the target system with a lower security level, thereby preventing the illegal user from using the security level. Higher system or data in a system with a higher security level, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal. Among other users, users are bound to the terminal. Any user other than .
在上述技术方案中,优选地,所述判断单元302还用于:在控制所述终端由所述当前系统切换至目标系统之前,若判定所述终端未检测到所述第一身份识别信息,则判断所述终端是否灭屏;所述第一控制单元304还用于:在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。In the foregoing technical solution, preferably, the determining unit 302 is further configured to: if it is determined that the terminal does not detect the first identity identification information, before controlling the terminal to be switched by the current system to the target system, Determining whether the terminal is off the screen; the first control unit 304 is further configured to: when the determination result is no, control the terminal to be switched to the target system by the current system; when the determination result is yes, the control center The terminal maintains the current running state.
在该技术方案中,当终端未检测到第一身份识别信息时,如果终端没有灭屏,则终端由当前系统切换至目标系统,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,如果终端灭屏,则控制终端继续停留在当 前系统中,因为终端灭屏说明用户再次使用终端时需要输入验证信息(如验证密码、用户指纹等)才能进入到当前系统中,所以终端保持在当前运行状态可以保证终端中数据的安全,除此之外,如果终端灭屏后切换至目标系统中,则用户进入当前系统之前,还要从目标系统手动切换至当前系统中,所以终端灭屏后继续停留在当前系统中即可,从而避免用户再次使用终端时手动切换至当前系统中,从而提升用户体验。In this technical solution, when the terminal does not detect the first identity information, if the terminal does not go out, the terminal is switched from the current system to the target system, and the illegal user is prevented from using a system with a higher security level or a higher security level. The data in the system, if the terminal is off, the control terminal continues to stay in the In the pre-system, because the terminal is off, the user needs to input authentication information (such as verification password, user fingerprint, etc.) to enter the current system. Therefore, the terminal maintains the current running state to ensure the security of the data in the terminal. In addition, if the terminal is switched to the target system after the screen is off, the user must manually switch from the target system to the current system before entering the current system, so the terminal can remain in the current system after the screen is off, thereby avoiding When the user uses the terminal again, he manually switches to the current system, thereby improving the user experience.
在上述技术方案中,优选地,所述判断单元302还用于:在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来控制所述终端是否能够直接由所述目标系统切换至所述当前系统。In the above technical solution, preferably, the determining unit 302 is further configured to: after the terminal switches to the target system, if the terminal re-detects the second identity information, determining the second identity Whether the identification information matches the first identification information, and according to the determination result, whether the terminal can be directly switched to the current system by the target system.
在该技术方案中,终端切换至安全等级较低的目标系统后,如果有用户(包括:与终端绑定的用户和其他用户)使用终端,终端可以检测到第二身份识别信息,根据第二身份信息与第一身份识别信息是否匹配,确定终端是否直接由目标系统切换至当前系统中。In this technical solution, after the terminal switches to the target system with a lower security level, if a user (including: a user bound to the terminal and other users) uses the terminal, the terminal may detect the second identification information, according to the second Whether the identity information matches the first identity information determines whether the terminal is directly switched by the target system to the current system.
在上述技术方案中,优选地,所述判断单元302包括:第二控制单元3022,在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;提示单元3024,在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥;处理单元3026,在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。In the above technical solution, preferably, the determining unit 302 includes: a second control unit 3022, when the determination result is yes, if the terminal receives a switching command that is switched by the target system to the current system, Controlling the terminal to be directly switched by the target system to the current system; the prompting unit 3024, when the determination result is no, if the terminal receives the switching command that is switched by the target system to the current system, Then prompting the current user to input a system switching key; the processing unit 3026, when the system switching key is correct, controlling the terminal to be switched by the target system to the current system; otherwise, prohibiting the terminal from being targeted by the target The system switches to the current system.
在该技术方案中,当与终端绑定的用户离开终端后,有用户(包括:与终端绑定的用户和其他用户)再次使用终端,终端是否能够直接由安全等级较低的目标系统切换至安全等级较高的当前系统,具体包括:如果第二身份信息与第一身份识别信息之间匹配,说明再次使用终端的用户为与终端绑定的用户,则终端可以直接由目标系统切换至当前系统中,避免用户手动切换至当前系统中,从而使终端更加智能,如果第二身份信息与第一身份识别信息之间不匹配,说明再次使用终端的用户为其他用户,需要正确输入系统切换密钥才能进入安全等级较高的当前系统中,防止非法用户进入到安全等级较高的系统中,从而 避免安全等级较高的系统中的数据遭到非法用户的非法窃取,进而提升终端的安全性能。In this technical solution, after the user bound to the terminal leaves the terminal, there are users (including: users bound to the terminal and other users) to use the terminal again, and whether the terminal can be directly switched to the target system with a lower security level to The current system with a higher security level specifically includes: if the second identity information matches the first identity information, indicating that the user who uses the terminal again is a user bound to the terminal, the terminal can directly switch from the target system to the current In the system, the user is prevented from manually switching to the current system, so that the terminal is more intelligent. If the second identity information does not match the first identity information, the user who uses the terminal again is another user, and the system switching key needs to be correctly input. The key can enter the current system with higher security level, preventing illegal users from entering the system with higher security level, thus The data in the system with higher security level is prevented from being illegally stolen by illegal users, thereby improving the security performance of the terminal.
在上述技术方案中,优选地,所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。In the above technical solution, preferably, the first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, and human body infrared information bound to the terminal. At least one of finger pressure information and hand feature information.
在该技术方案中,第一身份识别信息和第二身份识别信息包括但不限于:与终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息,使终端可以根据第一身份识别信息和第二身份识别信息准确地辨认使用终端的用户是否为与终端绑定的用户,避免非法用户使用终端,从而防止非法用户窃取安全等级较高的系统中的信息,进而提升终端的安全性能。In the technical solution, the first identity information and the second identity information include, but are not limited to, voice information of the user bound to the terminal, facial feature information, body impedance information, human body infrared information, finger pressure information, hands The at least one of the information of the part information enables the terminal to accurately identify, according to the first identity identification information and the second identity identification information, whether the user who uses the terminal is a user bound to the terminal, and prevents the illegal user from using the terminal, thereby preventing illegal The user steals information from a system with a higher security level, thereby improving the security performance of the terminal.
图4示出了根据本发明的一个实施例的终端的结构示意图。FIG. 4 shows a schematic structural diagram of a terminal according to an embodiment of the present invention.
如图4所示,根据本发明的一个实施例的终端400,包括如上述任一项技术方案所述的系统切换装置300。As shown in FIG. 4, a terminal 400 according to an embodiment of the present invention includes the system switching apparatus 300 according to any one of the above aspects.
在该技术方案中,安装有多系统的终端400运行在安全等级较高的当前系统中,当与终端400绑定的用户已经离开终端400,则控制终端400从安全等级较高的当前系统切换至安全等级较低的目标系统中,避免其他用户使用运行在安全等级较高的系统中的终端400,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端400的安全性能,其中,其他用户为除与终端400绑定的用户以外的用户。In this technical solution, the terminal 400 installed with multiple systems operates in the current system with a higher security level. When the user bound to the terminal 400 has left the terminal 400, the control terminal 400 switches from the current system with a higher security level. In the target system with lower security level, other users are prevented from using the terminal 400 running in the system with higher security level, thereby preventing data in the system with higher security level from being illegally leaked, thereby improving the security performance of the terminal 400. Where other users are users other than the user bound to the terminal 400.
图5示出了根据本发明的另一个实施例的终端的结构示意图,所述终端上安装有多个系统;如图5所示,该终端5可以包括:至少一个处理器51,例如CPU,至少一个通信总线52以及存储器53;处理器51可以结合图3所示的系统切换装置300;通信总线52用于实现这些组件之间的连接通信;存储器53可以是高速RAM存储器,也可以是非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。存储器53中存储一组程序代码,且处理器51用于调用存储器53中存储的程序代码,用于执行以下操作:FIG. 5 is a schematic structural diagram of a terminal according to another embodiment of the present invention, where a plurality of systems are installed on the terminal; as shown in FIG. 5, the terminal 5 may include: at least one processor 51, such as a CPU. At least one communication bus 52 and memory 53; the processor 51 can be combined with the system switching device 300 shown in FIG. 3; the communication bus 52 is used to implement connection communication between these components; the memory 53 can be a high-speed RAM memory, or can be non-easy Non-volatile memory, such as at least one disk storage. A set of program codes is stored in the memory 53, and the processor 51 is configured to call the program code stored in the memory 53 for performing the following operations:
判断运行在当前系统的终端是否检测到第一身份识别信息,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继 续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。Determining whether the terminal running in the current system detects the first identification information, and if the determination result is no, controlling the terminal to switch from the current system to the target system; otherwise, controlling the terminal to continue Continuing to run in the current system; wherein the first identification information is identity identification information of a user bound to the terminal, and the target system is other security level lower than a security level of the current system Any system.
进一步的,所述处理器51在控制所述终端由所述当前系统切换至目标系统之前,还可以执行以下操作:Further, the processor 51 may further perform the following operations before controlling the terminal to switch from the current system to the target system:
在判定所述终端未检测到所述第一身份识别信息时,判断所述终端是否灭屏,并在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。When it is determined that the terminal does not detect the first identity identification information, determine whether the terminal is off, and if the determination result is no, control the terminal to switch from the current system to the target system; When yes, the terminal is controlled to maintain the current operating state.
再进一步的,所述处理器51在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,还可以执行以下操作:Further, after the terminal switches to the target system, if the terminal re-detects the second identification information, the processor 51 may further perform the following operations:
判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统。Determining whether the second identity identification information matches the first identity identification information, and determining, according to the determination result, whether the terminal can be directly switched by the target system to the current system.
在一种可选的实施方式中,所述处理器51根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统,具体可以包括:In an optional implementation manner, the processor 51 determines, according to the determination result, whether the terminal can be directly switched to the current system by the target system, and specifically includes:
在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;When the determination result is yes, if the terminal receives a handover command that is switched by the target system to the current system, the terminal is controlled to be directly switched by the target system to the current system;
在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥,并在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。When the determination result is no, if the terminal receives the handover command that is switched by the target system to the current system, prompting the current user to input the system handover key, and when the system switching key is correct, controlling The terminal is handed over to the current system by the target system, otherwise the terminal is prohibited from being switched by the target system to the current system.
其中,所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。The first identity identification information and the second identity identification information include: user voice information, facial feature information, body impedance information, human body infrared information, finger pressure information, and hand binding with the terminal. At least one of the feature information.
以上结合附图详细说明了本发明的技术方案,当与终端绑定的用户离开终端时,可以使终端自动切换至安全等级较低的系统中,避免非法用户使用安全等级较高的系统或安全等级较高的系统中的数据,从而防止安全等级较高的系统中的数据遭到非法泄露,进而提升终端的安全性能。The technical solution of the present invention is described in detail above with reference to the accompanying drawings. When a user bound to a terminal leaves the terminal, the terminal can be automatically switched to a system with a lower security level to prevent the illegal user from using a system with higher security level or security. Data in a higher-level system, thereby preventing data in a system with a higher security level from being illegally leaked, thereby improving the security performance of the terminal.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领 域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention. Various modifications and variations of the present invention are possible in the art. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims (15)

  1. 一种系统切换方法,用于终端,其特征在于,所述终端上安装有多个系统,所述方法包括:A system switching method is provided for a terminal, wherein a plurality of systems are installed on the terminal, and the method includes:
    判断运行在当前系统的终端是否检测到第一身份识别信息,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。Determining whether the terminal running in the current system detects the first identification information, and when the determination result is no, controlling the terminal to switch from the current system to the target system; otherwise, controlling the terminal to continue to run in the current system The first identification information is identity identification information of a user bound to the terminal, and the target system is any other system whose security level is lower than the security level of the current system.
  2. 根据权利要求1所述的系统切换方法,其特征在于,The system switching method according to claim 1, wherein
    在控制所述终端由所述当前系统切换至目标系统之前,还包括:Before controlling the terminal to switch from the current system to the target system, the method further includes:
    在判定所述终端未检测到所述第一身份识别信息时,判断所述终端是否灭屏,并在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。When it is determined that the terminal does not detect the first identity identification information, determine whether the terminal is off, and if the determination result is no, control the terminal to switch from the current system to the target system; When yes, the terminal is controlled to maintain the current operating state.
  3. 根据权利要求1所述的系统切换方法,其特征在于,还包括:The system switching method according to claim 1, further comprising:
    在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统。After the terminal switches to the target system, if the terminal re-detects the second identity identification information, it is determined whether the second identity identification information matches the first identity identification information, and according to the determination result Determining whether the terminal is directly switchable to the current system by the target system.
  4. 根据权利要求3所述的系统切换方法,其特征在于,The system switching method according to claim 3, characterized in that
    所述根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统,具体包括:The determining, according to the determination result, whether the terminal can be directly switched to the current system by the target system, specifically includes:
    在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;When the determination result is yes, if the terminal receives a handover command that is switched by the target system to the current system, the terminal is controlled to be directly switched by the target system to the current system;
    在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥,并在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。When the determination result is no, if the terminal receives the handover command that is switched by the target system to the current system, prompting the current user to input the system handover key, and when the system switching key is correct, controlling The terminal is handed over to the current system by the target system, otherwise the terminal is prohibited from being switched by the target system to the current system.
  5. 根据权利要求1至4中任一项所述的系统切换方法,其特征在于, The system switching method according to any one of claims 1 to 4, characterized in that
    所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。The first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, human body infrared information, finger pressure information, and hand feature information bound to the terminal. At least one of the information.
  6. 一种系统切换装置,用于终端,其特征在于,所述终端上安装有多个系统,所述装置包括:A system switching device is provided for a terminal, wherein a plurality of systems are installed on the terminal, and the device includes:
    判断单元,判断运行在当前系统的终端是否检测到第一身份识别信息;a determining unit, determining whether the first identity identification information is detected by the terminal running in the current system;
    第一控制单元,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。a first control unit, when the determination result is no, controlling the terminal to be switched by the current system to the target system; otherwise, controlling the terminal to continue to run in the current system; wherein the first identity identification information is The identification information of the user bound to the terminal, the target system being any other system whose security level is lower than the security level of the current system.
  7. 根据权利要求6所述的系统切换装置,其特征在于,The system switching device according to claim 6, wherein
    所述判断单元还用于:The determining unit is further configured to:
    在控制所述终端由所述当前系统切换至目标系统之前,若判定所述终端未检测到所述第一身份识别信息,则判断所述终端是否灭屏;Before controlling the terminal to switch to the target system by the current system, if it is determined that the terminal does not detect the first identity identification information, determining whether the terminal is off;
    所述第一控制单元还用于:The first control unit is further configured to:
    在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。When the determination result is no, the terminal is controlled to be switched to the target system by the current system; when the determination result is YES, the terminal is controlled to maintain the current running state.
  8. 根据权利要求6所述的系统切换装置,其特征在于,The system switching device according to claim 6, wherein
    所述判断单元还用于:The determining unit is further configured to:
    在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来控制所述终端是否能够直接由所述目标系统切换至所述当前系统。After the terminal switches to the target system, if the terminal re-detects the second identity identification information, it is determined whether the second identity identification information matches the first identity identification information, and according to the determination result Controlling whether the terminal is capable of switching directly to the current system by the target system.
  9. 根据权利要求8所述的系统切换装置,其特征在于,The system switching device according to claim 8, wherein
    所述判断单元包括:The determining unit includes:
    第二控制单元,在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;a second control unit, when the determination result is yes, if the terminal receives a handover command that is switched by the target system to the current system, controlling the terminal to directly switch from the target system to the current system ;
    提示单元,在判断结果为否时,若所述终端接收到由所述目标系统切换至 所述当前系统的切换命令,则提示当前用户输入系统切换密钥;a prompting unit, if the determination result is no, if the terminal receives the switching from the target system to The switching command of the current system prompts the current user to input a system switching key;
    处理单元,在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。And the processing unit, when the system switching key is correct, controlling the terminal to be switched by the target system to the current system; otherwise, prohibiting the terminal from being switched by the target system to the current system.
  10. 根据权利要求6至9中任一项所述的系统切换装置,其特征在于,A system switching device according to any one of claims 6 to 9, wherein
    所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。The first identity identification information and the second identity identification information comprise: user voice information, facial feature information, body impedance information, human body infrared information, finger pressure information, and hand feature information bound to the terminal. At least one of the information.
  11. 一种终端,所述终端上安装有多个系统,其特征在于,所述终端包括:处理器和存储器,其中,所述存储器中存储一组程序代码,且所述处理器用于调用所述存储器中存储的程序代码,用于执行以下操作:A terminal having a plurality of systems installed thereon, wherein the terminal comprises: a processor and a memory, wherein the memory stores a set of program codes, and the processor is configured to call the memory The program code stored in it to do the following:
    判断运行在当前系统的终端是否检测到第一身份识别信息,在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;否则,控制所述终端继续运行在所述当前系统;其中,所述第一身份识别信息为与所述终端相绑定的用户的身份识别信息,所述目标系统为安全等级低于所述当前系统的安全等级的其他任一系统。Determining whether the terminal running in the current system detects the first identification information, and when the determination result is no, controlling the terminal to switch from the current system to the target system; otherwise, controlling the terminal to continue to run in the current system The first identification information is identity identification information of a user bound to the terminal, and the target system is any other system whose security level is lower than the security level of the current system.
  12. 根据权利要求11所述的终端,其特征在于,所述处理器在控制所述终端由所述当前系统切换至目标系统之前,还执行以下操作:The terminal according to claim 11, wherein the processor further performs the following operations before controlling the terminal to switch from the current system to the target system:
    在判定所述终端未检测到所述第一身份识别信息时,判断所述终端是否灭屏,并在判断结果为否时,控制所述终端由所述当前系统切换至目标系统;在判断结果为是时,控制所述终端保持当前运行状态。When it is determined that the terminal does not detect the first identity identification information, determine whether the terminal is off, and if the determination result is no, control the terminal to switch from the current system to the target system; When yes, the terminal is controlled to maintain the current operating state.
  13. 根据权利要求11所述的终端,其特征在于,所述处理器还执行以下操作:The terminal according to claim 11, wherein the processor further performs the following operations:
    在所述终端切换至所述目标系统后,若所述终端重新检测到第二身份识别信息,则判断所述第二身份识别信息与所述第一身份识别信息是否匹配,并根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统。After the terminal switches to the target system, if the terminal re-detects the second identity identification information, it is determined whether the second identity identification information matches the first identity identification information, and according to the determination result Determining whether the terminal is directly switchable to the current system by the target system.
  14. 根据权利要求13所述的终端,其特征在于,所述处理器根据判断结果来判断所述终端是否能够直接由所述目标系统切换至所述当前系统,具体包括: The terminal according to claim 13, wherein the processor determines, according to the determination result, whether the terminal can be directly switched to the current system by the target system, and specifically includes:
    在判断结果为是时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则控制所述终端直接由所述目标系统切换至所述当前系统;When the determination result is yes, if the terminal receives a handover command that is switched by the target system to the current system, the terminal is controlled to be directly switched by the target system to the current system;
    在判断结果为否时,若所述终端接收到由所述目标系统切换至所述当前系统的切换命令,则提示当前用户输入系统切换密钥,并在所述系统切换密钥正确时,控制所述终端由所述目标系统切换至所述当前系统,否则,禁止所述终端由所述目标系统切换至所述当前系统。When the determination result is no, if the terminal receives the handover command that is switched by the target system to the current system, prompting the current user to input the system handover key, and when the system switching key is correct, controlling The terminal is handed over to the current system by the target system, otherwise the terminal is prohibited from being switched by the target system to the current system.
  15. 根据权利要求11至14中任一项所述的终端,其特征在于,所述第一身份识别信息和所述第二身份识别信息包括:与所述终端相绑定的用户的声音信息、面部特征信息、人体阻抗信息、人体红外线信息、手指压力信息、手部特征信息中的至少一种信息。 The terminal according to any one of claims 11 to 14, wherein the first identity identification information and the second identity identification information comprise: voice information of a user and a face bound to the terminal At least one of feature information, body impedance information, human body infrared information, finger pressure information, and hand feature information.
PCT/CN2015/073439 2015-02-10 2015-02-28 System switching method, system switching apparatus and terminal WO2016127448A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510069877.0A CN104573463B (en) 2015-02-10 2015-02-10 system switching method, system switching device and terminal
CN201510069877.0 2015-02-10

Publications (1)

Publication Number Publication Date
WO2016127448A1 true WO2016127448A1 (en) 2016-08-18

Family

ID=53089504

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073439 WO2016127448A1 (en) 2015-02-10 2015-02-28 System switching method, system switching apparatus and terminal

Country Status (2)

Country Link
CN (1) CN104573463B (en)
WO (1) WO2016127448A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106407770A (en) * 2015-07-31 2017-02-15 中兴通讯股份有限公司 Method and device for switching users
WO2017035758A1 (en) * 2015-08-31 2017-03-09 华为技术有限公司 Sms processing method, apparatus and terminal
CN105549786A (en) * 2015-12-30 2016-05-04 宇龙计算机通信科技(深圳)有限公司 System switching method and device based on pressure touch control and terminal
CN106055222A (en) * 2016-01-12 2016-10-26 上海斐讯数据通信技术有限公司 System and method for terminal multi-user switching
CN105843681B (en) * 2016-03-24 2020-11-13 捷开通讯(深圳)有限公司 Mobile terminal and operating system switching method thereof
CN106227456A (en) * 2016-07-28 2016-12-14 广东小天才科技有限公司 A kind of login account management method based on touch-control and device, user terminal
CN109948377B (en) * 2019-03-28 2021-12-24 联想(北京)有限公司 Display control method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340281A (en) * 2007-07-02 2009-01-07 联想(北京)有限公司 Method and system for safe login input on network
CN101795312A (en) * 2009-12-18 2010-08-04 宇龙计算机通信科技(深圳)有限公司 Security management method, security management system and security management mobile terminal for mail data
CN102004881A (en) * 2010-11-24 2011-04-06 东莞宇龙通信科技有限公司 Mobile terminal and switching device and method of working modes thereof

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6643783B2 (en) * 1999-10-27 2003-11-04 Terence T. Flyntz Multi-level secure computer with token-based access control
CN101364187A (en) * 2007-08-08 2009-02-11 黄金富 Double operating system computer against worms
CN101938558B (en) * 2010-08-30 2014-11-19 宇龙计算机通信科技(深圳)有限公司 Mode switching method and system for mobile terminal and mobile terminal
CN103294970B (en) * 2012-02-23 2015-12-09 纬创资通股份有限公司 Method for sharing encryption setting by dual operating systems and electronic device
CN103092503B (en) * 2012-10-11 2016-08-31 百度在线网络技术(北京)有限公司 The unblock of mobile terminal and verification method and unblock and checking device
CN104199791A (en) * 2014-08-15 2014-12-10 深圳市中兴移动通信有限公司 Mobile terminal and dual-system file transfer method and device thereof
CN104239142A (en) * 2014-09-17 2014-12-24 宇龙计算机通信科技(深圳)有限公司 Method and device for quickly switching between double systems and terminal
CN104270525B (en) * 2014-09-28 2017-12-22 酷派软件技术(深圳)有限公司 Information processing method and information processor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340281A (en) * 2007-07-02 2009-01-07 联想(北京)有限公司 Method and system for safe login input on network
CN101795312A (en) * 2009-12-18 2010-08-04 宇龙计算机通信科技(深圳)有限公司 Security management method, security management system and security management mobile terminal for mail data
CN102004881A (en) * 2010-11-24 2011-04-06 东莞宇龙通信科技有限公司 Mobile terminal and switching device and method of working modes thereof

Also Published As

Publication number Publication date
CN104573463B (en) 2018-09-14
CN104573463A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
WO2016127448A1 (en) System switching method, system switching apparatus and terminal
WO2016106989A1 (en) Multi-system security authentication method, multi-system security authentication apparatus and terminal
CN111835689B (en) Identity authentication method of digital key, terminal device and medium
US20210357488A1 (en) Fingerprint Recognition Method and Apparatus, and Touchscreen Terminal
US10447839B2 (en) Device locator disable authentication
WO2016015448A1 (en) Multi-system entering method, apparatus and terminal
WO2016169430A1 (en) Mobile payment device and mobile payment system
WO2017185926A1 (en) Mobile payment method and apparatus
CN106664521A (en) Enforcing service policies in embedded uiccs
WO2015117332A1 (en) Method and device for enabling interface in usb debugging mode, and terminal
CN109657448B (en) Method and device for acquiring Root authority, electronic equipment and storage medium
CN103886239A (en) User authentication method and device of mobile terminal application program
US9560527B2 (en) Version protection method and apparatus for mobile terminal
EP2836957A1 (en) Location-based access control for portable electronic device
WO2017166689A1 (en) Privacy protection method and device
CN105069333A (en) User domain access method, access system and terminal
US20130332727A1 (en) Access token event virtualization
WO2017016032A1 (en) Fingerprint verification method, fingerprint verification device and terminal
CN104156657A (en) Information input method and information input device of terminal and terminal
US20220075867A1 (en) Temporary removal of software programs to secure mobile device
CN106650373A (en) SIM card information protection method and device
CN101964978A (en) Reinforcement method for strengthening safety of mobile terminal system on basis of safe TF card
CN105404802A (en) Authority configuration method and apparatus
CN105825149A (en) Switching method for multi-operation system and terminal equipment
WO2017092228A1 (en) Method and device for performing security operation on file, and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15881610

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/01/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15881610

Country of ref document: EP

Kind code of ref document: A1