WO2016155102A1 - Terminal data protection method, terminal and device - Google Patents

Terminal data protection method, terminal and device Download PDF

Info

Publication number
WO2016155102A1
WO2016155102A1 PCT/CN2015/079834 CN2015079834W WO2016155102A1 WO 2016155102 A1 WO2016155102 A1 WO 2016155102A1 CN 2015079834 W CN2015079834 W CN 2015079834W WO 2016155102 A1 WO2016155102 A1 WO 2016155102A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
rights
configuration file
profile
user
Prior art date
Application number
PCT/CN2015/079834
Other languages
French (fr)
Chinese (zh)
Inventor
王会彩
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016155102A1 publication Critical patent/WO2016155102A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • This document relates to the field of wireless communication technologies, and in particular, to a terminal data protection method, a terminal, and a device.
  • WiFi has become an indispensable means of communication in people's lives. What followed was the emergence of privacy and security issues. For example, when a user accesses an unsecured WiFi hotspot (ie, an AP), the criminal can steal the application account and password that the user is using. Once the information is intercepted, the criminal can smoothly access all applications of the user. It even includes banking applications. In addition to the account password, the data being uploaded by the app will also be intercepted, such as photos, shopping information, chat content, and even the address book. The criminals can completely disguise the user based on the content, and then deceive the user's relatives and friends. Cause a wider range of losses.
  • an AP unsecured WiFi hotspot
  • WiFi security issues cannot be delayed. Therefore, when the terminal accesses the WiFi hotspot (ie, AP) network, how to protect the security of the terminal data becomes a technical problem that needs to be solved.
  • WiFi hotspot ie, AP
  • This document provides a terminal data protection method, terminal and device for solving the above problems.
  • a terminal data protection method includes:
  • the preset permission configuration file corresponding to the AP is invoked
  • the preset permission configuration file corresponding to the AP is invoked, including:
  • the rights configuration file corresponding to the accessed AP is obtained in the pre-configured AP and the rights configuration file correspondence table, and the obtained rights configuration file is invoked.
  • the method further includes:
  • the preset default rights profile or the user's newly configured AP is configured. Configuration file.
  • the security policy includes one or more of the following: setting a specified file, folder, and/or application to a secure mode, automatically terminating a specified application, and disabling The specified terminal system function; wherein the security mode includes: hiding or disabling access.
  • the method further includes: when the terminal disconnects from the accessed AP, stopping the security control and restoring the original state of the terminal.
  • a terminal comprising:
  • the file invoking module is configured to: when the terminal accesses the AP, invoke a preset permission configuration file corresponding to the AP;
  • the security control module is configured to: perform security control on the terminal according to the security policy defined by the rights configuration file.
  • the file invoking module is configured to: when the terminal accesses the AP, obtain the rights configuration file corresponding to the accessed AP in the pre-configured AP and the rights configuration file correspondence table. And call the obtained permission profile.
  • the file invoking module is further configured to: when the rights configuration file corresponding to the accessed AP is not obtained in the pre-configured AP and the rights configuration file correspondence table, obtain the Call the default default rights profile or the user's newly configured rights profile for the AP.
  • the security policy includes one or more of the following: setting a specified file, folder, and/or application to a security mode, automatically terminating the specified application, and disabling the designation.
  • Terminal system function wherein the security mode includes: hiding or disabling access.
  • the terminal further includes:
  • the recovery module is set to: when the terminal disconnects from the accessed AP, stop the security control and resume The original state of the terminal.
  • a terminal data protection device comprising:
  • the controller reads the memory when the terminal accesses the wireless access point AP, invokes the rights configuration file corresponding to the AP, and performs security control on the terminal according to the security policy defined by the rights configuration file.
  • a computer readable storage medium storing computer executable instructions for performing the method of any of the above.
  • the method, the terminal and the device can perform security control on the terminal according to the rights configuration file set by the user, such as automatically hiding files, folders, application icons, etc., and automatically stop running. Applications, disable system features, etc., to protect user privacy and secure user data.
  • FIG. 1 is a flowchart of a terminal data protection method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of adding a hotspot and configuring a corresponding rights configuration file according to an embodiment of the present invention
  • FIG. 3 is a flowchart of editing a rights configuration file in an embodiment of the present invention.
  • FIG. 4 is a flowchart of performing terminal data protection when a terminal accesses a hotspot according to an embodiment of the present invention
  • FIG. 5 is a flowchart of an implementation of the present invention when a terminal is disconnected from a hotspot according to an embodiment of the present invention
  • FIG. 6 is a structural block diagram of a terminal according to an embodiment of the present invention.
  • FIG. 7 is still another structural block diagram of a terminal according to an embodiment of the present invention.
  • FIG. 8 is a structural block diagram of a terminal data protection device according to an embodiment of the present invention.
  • FIG. 9 is still another structural block diagram of a terminal data protection device according to an embodiment of the present invention.
  • An embodiment of the present invention provides a terminal data protection method, as shown in FIG. 1 , including the following steps:
  • Step 101 When the terminal accesses the wireless access point AP, the preset permission configuration file corresponding to the AP is invoked;
  • Step 102 Perform security control on the terminal according to the security policy defined by the rights configuration file.
  • the rights configuration file corresponding to the accessed AP is obtained in the pre-configured AP and the rights configuration file correspondence table, and the obtained rights configuration file is invoked. That is to say, for different APs, the user can pre-configure multiple rights profiles corresponding to each AP to form a correspondence list between the AP and the rights profile, so that the terminal can invoke the rights profile when accessing the AP.
  • the user can set one or more default rights configuration files (that is, not corresponding to the specified AP). If the AP accessed by the terminal is not in the corresponding relationship table, the user can be prompted to use the default rights configuration file. If the user allows, you can directly retrieve the default rights profile. Of course, the user may also configure a corresponding rights configuration file for the AP when the corresponding relationship table does not include the currently accessed AP, and after the configuration, invoke the newly configured rights configuration file.
  • the security policy includes one or more of the following policies: setting a specified file, folder, and/or application to a security mode, automatically terminating a specified application, And disabling the specified terminal system function; wherein the security mode includes: hiding or disabling access, ie hiding the specified file, folder, and/or application map Mark, or, prohibit access to specified files, folders, and/or applications.
  • the security control is stopped, and the original state of the terminal is restored.
  • the embodiment of the present invention provides that when a terminal accesses different hotspots through WiFi, it can automatically hide user-specified files, folders, application desktop icons, and the like, and automatically terminate terminal designation according to user requirements.
  • the application disable some system functions, etc., to protect user privacy and ensure user information security. For example, when the user is configured to access a public hotspot "A", the application such as Alipay and the bank client is automatically terminated to ensure the security of the user information. When the operator's hotspot "B" is accessed, the application such as video playback is automatically terminated.
  • the program prevents the loss of a large amount of traffic and causes economic loss; when it is connected to a public hotspot "C" such as a company, or when accessing a hotspot "D" of another person's home, it automatically hides the specified photo, video, etc., and automatically hides the game. Protect the user's privacy from leaks by waiting for the desktop icon of the app.
  • Step 201 The permission configuration function item is enabled.
  • the opening may be initiated by the user in the terminal setting function, or may be initiated by the terminal when the terminal accesses the hotspot after the user permits.
  • Step 202 The configuration interface is displayed, and the configuration interface includes: adding a hotspot option and a new configuration file option; if the user selects the hotspot option, the user needs to configure a corresponding rights configuration file for the added hotspot, and step 203 is performed; If the user selects the new configuration file option, the user wants to establish a default permission configuration file, and step 204 is performed;
  • Step 203 the name of the hotspot added by the user is obtained, and step 204 is performed;
  • Step 204 Present a list of files, folders, applications, and system functions of the terminal for the user to select;
  • Step 205 save files, folders, applications, and/or system functions selected by the user;
  • Step 206 The saved information is matched with the built-in or user-defined security policy to form a rights configuration file. That is, the information selected by the user is information that needs security control, and when the rights configuration file is mobilized. Implement a corresponding security policy for the saved information.
  • Step 207 If the rights configuration file corresponding to the hot spot is formed, the hotspot and its corresponding rights configuration file are stored in the correspondence table of the hotspot and the rights configuration file; if the default permission configuration file is formed, the default configuration will be configured.
  • the rights profile is stored in the correspondence table.
  • the configured rights configuration file may also be presented for the user to select. That is to say, if the user selects a rights configuration file, indicating that the user wants the same configuration as the rights configuration file, the selected rights configuration file can be directly copied, and the user is not required to select one by one, thereby improving the configuration efficiency.
  • the correspondence table between the hotspot and the rights configuration file has editability (such as modification and deletion), and the user can edit the corresponding relationship table, as shown in FIG. 3, which is a flowchart of editing the rights configuration file. Including the following steps:
  • Step 301 Acquire a rights configuration file selected by the user to be edited
  • Step 302 Present a list of files, folders, applications, and system functions of the terminal for the user to select.
  • the items that have been selected by the current rights profile are marked for display for the user to view the previous selection.
  • Step 303 save files, folders, applications, and/or system functions reselected by the user;
  • Step 304 Form a new rights profile based on the saved information.
  • the above process is the process of modifying the rights profile. Similarly, if the user wants to delete the hotspot and its corresponding permission profile, after deleting the deleted item selected by the user, it can be deleted directly.
  • FIG. 4 it is a flowchart for performing terminal data protection when the terminal accesses a hotspot, including, for example, Next steps:
  • Step 401 The terminal accesses the hotspot
  • Step 402 Determine whether the hotspot of the access is a hotspot and a hotspot in the rights configuration list, and if yes, go to step 403; otherwise, go to step 404;
  • Step 403 Obtain a rights configuration file corresponding to the accessed hotspot in the hotspot and permission list, load and execute the rights configuration file, and end;
  • Step 404 If the hotspot is not in the list, determine whether the hotspot is the first hotspot; if yes, go to step 405; otherwise, go to step 406;
  • Step 405 asking the user whether to add to the list; if the user confirms the addition, then add the rights profile according to the process shown in Figure 2 and save the execution, the end; if the user confirms not to add, then step 406;
  • Step 406 Query whether the user sets the default permission configuration file to be loaded, and if so, loads the default permission configuration file and executes, and ends; if not, directly ends.
  • the application When the user has accessed the hotspot and loads the execution permission profile, when the application is enabled, it is determined whether the application is in the permission profile, and if not, it starts normally; if it is, a prompt box is displayed, asking the user to confirm the startup again. If the user confirms, it starts normally; if the user cancels or does not operate, it does not start.
  • FIG. 5 it is a flowchart of an embodiment of the present invention when the terminal is disconnected from the hotspot. Including the following steps:
  • Step 501 The terminal is disconnected from the hotspot
  • Step 502 Determine whether the rights configuration file is loaded and executed.
  • Step 503 If yes, return to the original state, and end; if not, end.
  • An embodiment of the present invention provides a terminal, as shown in FIG. 6, including:
  • the file invoking module 610 is configured to: when the terminal accesses the AP, invoke a preset permission configuration file corresponding to the AP;
  • the security control module 620 is configured to perform security control on the terminal according to the security policy defined by the rights configuration file.
  • the file invoking module 610 obtains the rights configuration file corresponding to the accessed AP in the pre-configured AP and the rights configuration file correspondence table, and invokes the obtained rights configuration file. . That is to say, for different APs, the user can pre-configure multiple rights profiles corresponding to each AP to form a correspondence list between the AP and the rights profile, so that the terminal can invoke the rights profile when accessing the AP.
  • the preset default rights profile or the AP that the user accesses may be obtained and invoked.
  • the newly configured rights profile In the case that the rights profile corresponding to the accessed AP is not obtained in the pre-configured AP and the rights profile correspondence table, the preset default rights profile or the AP that the user accesses may be obtained and invoked. The newly configured rights profile.
  • the security policy includes one or more of the following: setting a specified file, folder, and/or application to a security mode, automatically terminating the specified application, and disabling The specified terminal system function; wherein the security mode includes: hiding or disabling access.
  • the terminal further includes:
  • the recovery module 630 is configured to: when the terminal disconnects from the accessed AP, stop the security control and restore the original state of the terminal.
  • the terminal in the embodiment of the present invention performs security control by using different rights configuration files set by the user when the terminal accesses different WiFi hotspots (ie, APs), so as to protect user privacy and protect user information.
  • APs WiFi hotspots
  • An embodiment of the present invention provides a terminal, as shown in FIG. 7, including:
  • the configuration module 710 is configured to: generate a default rights configuration file, or generate a corresponding rights configuration file for the specified hotspot.
  • the configuration module generates the rights configuration file by scanning all current applications of the terminal, and reading all current files, folders, and system functions of the terminal, and forming a list of scanned and read information for the user. select. When the user chooses After the specified file, folder, application, and/or system function, the user-selected information is matched with the built-in or user-defined security policy to generate a rights profile.
  • the storage module 720 is configured to: store the rights configuration file generated by the record configuration module 710, the correspondence between the rights profile and the hotspot, and the default rights profile. At the same time, the user is provided with an editing interface, so that the user can edit the information therein.
  • the file invoking module 730 is configured to: when the terminal accesses the hotspot, compare and retrieve the current hotspot with the information in the storage module, and determine whether the hotspot is in the storage module, and if it exists in the storage module, directly invoke the corresponding permission. If the user does not exist in the storage module, the user is prompted to select the default permission profile or the new profile configuration file for the hotspot. If the user chooses to invoke the default permission profile, the corresponding default profile is directly invoked. Selecting a new configuration rights profile for the hotspot triggers the configuration module 710 and invokes the newly configured rights profile.
  • the cache module 740 is configured to: record an initial state when the terminal accesses the hotspot, including an application running condition, and the like.
  • the security control module 750 is configured to: perform security control on the terminal according to the invoked rights configuration file.
  • the recovery module 760 is configured to: when the terminal disconnects from the hotspot, determine whether the terminal applies the rights configuration file, and if yes, read the initial state of the terminal from the cache module 740, and invoke the background program to perform state recovery; otherwise, Do anything.
  • An embodiment of the present invention provides a terminal data protection device. As shown in FIG. 8, the device includes:
  • the controller 830 reads the memory 820 when the terminal accesses the AP, invokes the rights configuration file corresponding to the AP, and performs security control on the terminal according to the security policy defined by the rights configuration file.
  • the device in the present embodiment performs security control through different rights configuration files set by the user, thereby protecting user privacy and guaranteeing.
  • the purpose of user information security is not limited to, Facebook, Twitter, Twitter, etc.
  • the terminal data protection device in this embodiment includes a GUI (Graphical User Interface) 910, a pickup component 920, a memory 930, a controller 940, and a buffer 950. among them:
  • GUI Graphic User Interface
  • the GUI 910 provides the user with an operation interface for setting a rights profile.
  • the user can set a default permission profile through the GUI, or set a corresponding rights profile for the specified hotspot.
  • the setting process is: the user selects a default permission profile in the GUI or selects a rights profile corresponding to the specified hotspot, and the GUI scans all current applications of the terminal, and reads all current files, folders, and systems of the terminal. Function, which forms a list of scanned and read information for the user to select.
  • the picking unit 920 is connected to the GUI 910 to collect specified files, folders, applications, and/or system function information selected by the user in the GUI, and matches the information selected by the user with a built-in or user-defined security policy. Relationship, generate a rights configuration file, and store the generated rights configuration file into the memory 930;
  • the memory 930 is connected to the picking unit 920, and stores a rights profile generated by the picking unit 920, a correspondence between the rights profile and the hotspot, and a default rights profile.
  • the user is provided with an editing interface, so that the user can edit the information therein.
  • the controller 940 when the terminal accesses the hotspot, enables the buffer 950, and compares the current hotspot with the information in the memory 930 to determine whether the hotspot is in the memory 930. If it exists in the memory 930, the controller 940 directly calls Corresponding privilege profile; if it does not exist in the memory 930, the user is prompted to select a default privilege profile or a new privilege profile for the hotspot. If the user chooses to invoke the default privilege profile, the corresponding default privilege profile is directly invoked. If the user selects a new profile configuration file for the hotspot, the GUI 910 is triggered, and the newly configured rights profile is invoked, and the terminal is security controlled according to the invoked rights profile.
  • the terminal disconnects from the hotspot, it is judged whether the terminal applies the rights configuration file, and if so, the initial state of the terminal is read from the buffer 950, and the background program is called to perform state recovery; otherwise, no operation is performed.
  • the buffer 950 under the enable control of the controller 940, records the initial when the terminal accesses the hotspot Status, including application health, and more.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • the device/function module/functional unit in the above embodiment When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the method and the terminal of the embodiment of the present invention can perform security control on the terminal according to the rights configuration file set by the user when the terminal accesses the WiFi hotspot, such as automatically hiding files, folders, application icons, etc., and automatically stop running. Applications, disable system features, etc., to protect user privacy and secure user data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A terminal data protection method, a terminal and a device. The method comprises: when a terminal accesses a wireless access point (AP), calling a pre-set permission configuration file corresponding to the AP; and performing, according to a security strategy defined by the permission configuration file, security control on the terminal.

Description

终端数据保护方法、终端及设备Terminal data protection method, terminal and device 技术领域Technical field
本文涉及无线通信技术领域,尤其涉及一种终端数据保护方法、终端及设备。This document relates to the field of wireless communication technologies, and in particular, to a terminal data protection method, a terminal, and a device.
背景技术Background technique
随着智能终端的广泛应用以及无线网络的普及,WiFi越来越成为人们生活中不可缺少的通信手段。随之而来的是隐私和安全的问题层出不穷。例如,当用户接入不安全的WiFi热点(即AP)时,不法分子可以盗取用户正在使用的应用账号及密码,一旦这些信息被截获,不法分子就可以畅通无阻的登录用户所有的应用,甚至包括银行类应用。除了账号密码外,应用正在上传的数据也会被截获,如照片、购物信息、聊天内容,甚至是通讯录,不法分子根据这些内容完全可以伪装成该用户,然后去骗该用户的亲戚朋友,造成更大范围的损失。With the widespread use of intelligent terminals and the popularity of wireless networks, WiFi has become an indispensable means of communication in people's lives. What followed was the emergence of privacy and security issues. For example, when a user accesses an unsecured WiFi hotspot (ie, an AP), the criminal can steal the application account and password that the user is using. Once the information is intercepted, the criminal can smoothly access all applications of the user. It even includes banking applications. In addition to the account password, the data being uploaded by the app will also be intercepted, such as photos, shopping information, chat content, and even the address book. The criminals can completely disguise the user based on the content, and then deceive the user's relatives and friends. Cause a wider range of losses.
可见,WiFi安全问题刻不容缓。所以,当终端在接入WiFi热点(即AP)网络时,如何能够保护终端数据的安全,成为亟需解决的技术问题。It can be seen that WiFi security issues cannot be delayed. Therefore, when the terminal accesses the WiFi hotspot (ie, AP) network, how to protect the security of the terminal data becomes a technical problem that needs to be solved.
发明内容Summary of the invention
本文提供一种解决上述问题的终端数据保护方法、终端及设备。This document provides a terminal data protection method, terminal and device for solving the above problems.
一种终端数据保护方法,包括:A terminal data protection method includes:
在终端接入无线接入点AP时,调用预设的与所述AP对应的权限配置文件;When the terminal accesses the wireless access point AP, the preset permission configuration file corresponding to the AP is invoked;
按照所述权限配置文件定义的安全策略,对所述终端进行安全控制。Perform security control on the terminal according to the security policy defined by the rights profile.
可选地,所述方法中,所述在终端接入无线接入点AP时,调用预设的与所述AP对应的权限配置文件,包括:Optionally, in the method, when the terminal accesses the wireless access point AP, the preset permission configuration file corresponding to the AP is invoked, including:
当终端接入AP时,在预先配置的AP与权限配置文件对应关系表中获取与接入的AP对应的权限配置文件,并调用获取的权限配置文件。 When the terminal accesses the AP, the rights configuration file corresponding to the accessed AP is obtained in the pre-configured AP and the rights configuration file correspondence table, and the obtained rights configuration file is invoked.
可选地,所述方法还包括:Optionally, the method further includes:
当在预先配置的AP与权限配置文件对应关系表中未获取到与接入的AP对应的权限配置文件时,获取并调用预设的默认权限配置文件或者用户为接入的AP新配置的权限配置文件。When the rights profile corresponding to the accessed AP is not obtained in the pre-configured AP and the rights profile mapping table, the preset default rights profile or the user's newly configured AP is configured. Configuration file.
可选地,所述方法中,所述安全策略包括如下策略中的一个或多个:将指定的文件、文件夹和/或应用程序设置为安全模式、自动终止运行的指定应用程序、以及禁用指定的终端系统功能;其中,所述安全模式包括:隐藏或者禁止访问。Optionally, in the method, the security policy includes one or more of the following: setting a specified file, folder, and/or application to a secure mode, automatically terminating a specified application, and disabling The specified terminal system function; wherein the security mode includes: hiding or disabling access.
可选地,所述方法还包括:当终端从接入的AP断开时,停止安全控制,恢复终端的原始状态。Optionally, the method further includes: when the terminal disconnects from the accessed AP, stopping the security control and restoring the original state of the terminal.
一种终端,包括:A terminal comprising:
文件调用模块,设置为:在终端接入AP时,调用预设的与所述AP对应的权限配置文件;The file invoking module is configured to: when the terminal accesses the AP, invoke a preset permission configuration file corresponding to the AP;
安全控制模块,设置为:按照所述权限配置文件定义的安全策略,对所述终端进行安全控制。The security control module is configured to: perform security control on the terminal according to the security policy defined by the rights configuration file.
可选地,所述终端中,所述文件调用模块,是设置为:当终端接入AP时,在预先配置的AP与权限配置文件对应关系表中获取与接入的AP对应的权限配置文件,并调用获取的权限配置文件。Optionally, in the terminal, the file invoking module is configured to: when the terminal accesses the AP, obtain the rights configuration file corresponding to the accessed AP in the pre-configured AP and the rights configuration file correspondence table. And call the obtained permission profile.
可选地,所述终端中,所述文件调用模块,还设置为:当在预先配置的AP与权限配置文件对应关系表中未获取到与接入的AP对应的权限配置文件时,获取并调用预设的默认权限配置文件或者用户为接入的AP新配置的权限配置文件。Optionally, in the terminal, the file invoking module is further configured to: when the rights configuration file corresponding to the accessed AP is not obtained in the pre-configured AP and the rights configuration file correspondence table, obtain the Call the default default rights profile or the user's newly configured rights profile for the AP.
可选地,所述终端中,所述安全策略包括如下策略中的一个或多个:将指定的文件、文件夹和/或应用程序设置为安全模式、自动终止指定的应用程序、以及禁用指定的终端系统功能;其中,所述安全模式包括:隐藏或者禁止访问。Optionally, in the terminal, the security policy includes one or more of the following: setting a specified file, folder, and/or application to a security mode, automatically terminating the specified application, and disabling the designation. Terminal system function; wherein the security mode includes: hiding or disabling access.
可选地,所述终端,还包括:Optionally, the terminal further includes:
恢复模块,设置为:当终端从接入的AP断开时,停止安全控制,恢复 终端的原始状态。The recovery module is set to: when the terminal disconnects from the accessed AP, stop the security control and resume The original state of the terminal.
一种终端数据保护设备,该设备包括:A terminal data protection device, the device comprising:
拾取部件,将用户设置的权限配置文件写入存储器;Picking up the component and writing the permission profile set by the user to the memory;
控制器,在终端接入无线接入点AP时,读所述存储器,调用与所述AP对应的权限配置文件,并按照该权限配置文件定义的安全策略,对所述终端进行安全控制。The controller reads the memory when the terminal accesses the wireless access point AP, invokes the rights configuration file corresponding to the AP, and performs security control on the terminal according to the security policy defined by the rights configuration file.
一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一项的方法。A computer readable storage medium storing computer executable instructions for performing the method of any of the above.
本文所述方法、终端及设备,在终端接入WiFi热点时,可以根据用户设定的权限配置文件,对终端进行安全控制,如自动隐藏文件、文件夹、应用程序图标等,自动停止运行的应用程序、禁用系统功能等,从而达到保护用户隐私和保障用户数据安全的目的。When the terminal accesses the WiFi hotspot, the method, the terminal and the device can perform security control on the terminal according to the rights configuration file set by the user, such as automatically hiding files, folders, application icons, etc., and automatically stop running. Applications, disable system features, etc., to protect user privacy and secure user data.
附图概述BRIEF abstract
图1为本发明实施例提供的一种终端数据保护方法的流程图;FIG. 1 is a flowchart of a terminal data protection method according to an embodiment of the present invention;
图2为本发明实施例中添加热点及配置对应的权限配置文件的流程图;2 is a flowchart of adding a hotspot and configuring a corresponding rights configuration file according to an embodiment of the present invention;
图3为本发明实施例中编辑权限配置文件的流程图;3 is a flowchart of editing a rights configuration file in an embodiment of the present invention;
图4为本发明实施例中当终端接入热点时进行终端数据保护的流程图;4 is a flowchart of performing terminal data protection when a terminal accesses a hotspot according to an embodiment of the present invention;
图5为本发明实施例中当终端从热点断开时本发明的实施流程图;FIG. 5 is a flowchart of an implementation of the present invention when a terminal is disconnected from a hotspot according to an embodiment of the present invention; FIG.
图6为本发明实施例提供的一种终端的结构框图;FIG. 6 is a structural block diagram of a terminal according to an embodiment of the present invention;
图7为本发明实施例提供的一种终端的又一结构框图;FIG. 7 is still another structural block diagram of a terminal according to an embodiment of the present invention;
图8为本发明实施例提供的一种终端数据保护设备的结构框图;FIG. 8 is a structural block diagram of a terminal data protection device according to an embodiment of the present invention;
图9为本发明实施例提供的一种终端数据保护设备的又一结构框图。FIG. 9 is still another structural block diagram of a terminal data protection device according to an embodiment of the present invention.
本发明的实施方式 Embodiments of the invention
下面将结合附图对本发明的实施方式进行描述。Embodiments of the present invention will be described below with reference to the accompanying drawings.
实施例一Embodiment 1
本发明实施例提供一种终端数据保护方法,如图1所示,包括如下步骤:An embodiment of the present invention provides a terminal data protection method, as shown in FIG. 1 , including the following steps:
步骤101,在终端接入无线接入点AP时,调用预设的与所述AP对应的权限配置文件;Step 101: When the terminal accesses the wireless access point AP, the preset permission configuration file corresponding to the AP is invoked;
步骤102,按照所述权限配置文件定义的安全策略,对所述终端进行安全控制。Step 102: Perform security control on the terminal according to the security policy defined by the rights configuration file.
也就是说,所述方法,在终端接入不同的WiFi热点(即AP)时,通过用户设定的不同权限配置文件进行安全控制,以达到保护用户隐私、保障用户信息安全的目的。That is to say, in the method, when the terminal accesses different WiFi hotspots (ie, APs), security control is performed by using different rights configuration files set by the user, so as to protect user privacy and ensure user information security.
下面给出几个可选的实施方式,需要说明的是,在不冲突的情况下,如下特征可以互相任意组合。Several alternative embodiments are given below. It should be noted that the following features can be arbitrarily combined with each other without conflict.
本发明实施例中,当终端接入AP时,在预先配置的AP与权限配置文件对应关系表中获取与接入的AP对应的权限配置文件,并调用获取的权限配置文件。也就是说,针对不同的AP,用户可以预先配置与每个AP对应的多个权限配置文件,形成AP与权限配置文件对应关系列表,供终端在接入AP时进行权限配置文件调用。In the embodiment of the present invention, when the terminal accesses the AP, the rights configuration file corresponding to the accessed AP is obtained in the pre-configured AP and the rights configuration file correspondence table, and the obtained rights configuration file is invoked. That is to say, for different APs, the user can pre-configure multiple rights profiles corresponding to each AP to form a correspondence list between the AP and the rights profile, so that the terminal can invoke the rights profile when accessing the AP.
当然,由于AP分布很广,用户不可能预知所有的AP并为其配置权限配置文件。所以,用户可以设置一个或多个默认的权限配置文件(即不与指定AP对应),若终端接入到的AP未在对应关系表中,就可以提示用户是否使用默认的权限配置文件,若用户允许,则可以直接调取默认的权限配置文件。当然,用户也可以在对应关系表中未包含当前接入的AP时,为该AP新配置对应的权限配置文件,并在配置后,调用新配置的权限配置文件。Of course, due to the wide distribution of APs, it is impossible for a user to predict all APs and configure a rights profile for them. Therefore, the user can set one or more default rights configuration files (that is, not corresponding to the specified AP). If the AP accessed by the terminal is not in the corresponding relationship table, the user can be prompted to use the default rights configuration file. If the user allows, you can directly retrieve the default rights profile. Of course, the user may also configure a corresponding rights configuration file for the AP when the corresponding relationship table does not include the currently accessed AP, and after the configuration, invoke the newly configured rights configuration file.
可选地,本发明实施例中,所述的安全策略包括如下策略中的一个或多个:将指定的文件、文件夹和/或应用程序设置为安全模式、自动终止运行的指定应用程序、以及禁用指定的终端系统功能;其中,所述安全模式包括:隐藏或者禁止访问,即:隐藏指定的文件、文件夹和/或应用程序图 标,或者,禁止访问指定的文件、文件夹和/或应用程序。Optionally, in the embodiment of the present invention, the security policy includes one or more of the following policies: setting a specified file, folder, and/or application to a security mode, automatically terminating a specified application, And disabling the specified terminal system function; wherein the security mode includes: hiding or disabling access, ie hiding the specified file, folder, and/or application map Mark, or, prohibit access to specified files, folders, and/or applications.
需要说明的是,上述安全策略只是列举并非穷举,本领域技术人员可以根据自身需求灵活的设定安全策略。It should be noted that the foregoing security policies are merely exhaustive, and those skilled in the art can flexibly set security policies according to their own needs.
可选地,本发明实施例中,当终端从接入的AP断开时,停止安全控制,恢复终端的原始状态。Optionally, in the embodiment of the present invention, when the terminal disconnects from the accessed AP, the security control is stopped, and the original state of the terminal is restored.
综上可知,本发明实施例提出一种当终端通过WiFi接入不同的热点时,能够根据用户的需求,自动隐藏用户指定的文件、文件夹、应用程序桌面图标等,以及自动终止终端的指定应用程序,禁用部分系统功能等,保护用户隐私,保障用户信息安全。例如用户配置当接入一公共热点“A”时,自动终止如支付宝、银行客户端等应用程序,保障用户信息安全;配置当接入运营商热点“B”时,自动终止如视频播放等应用程序,防止消耗大量流量带来经济损失;配置当接入如公司等公共热点“C”,或当接入他人家的热点“D”时,自动隐藏指定的照片、video等,自动隐藏如游戏等应用程序的桌面图标,保护用户隐私不被泄露。In summary, the embodiment of the present invention provides that when a terminal accesses different hotspots through WiFi, it can automatically hide user-specified files, folders, application desktop icons, and the like, and automatically terminate terminal designation according to user requirements. The application, disable some system functions, etc., to protect user privacy and ensure user information security. For example, when the user is configured to access a public hotspot "A", the application such as Alipay and the bank client is automatically terminated to ensure the security of the user information. When the operator's hotspot "B" is accessed, the application such as video playback is automatically terminated. The program prevents the loss of a large amount of traffic and causes economic loss; when it is connected to a public hotspot "C" such as a company, or when accessing a hotspot "D" of another person's home, it automatically hides the specified photo, video, etc., and automatically hides the game. Protect the user's privacy from leaks by waiting for the desktop icon of the app.
下面根据图2~图5说明本发明实施例提供的方法的实现过程。The implementation process of the method provided by the embodiment of the present invention is described below with reference to FIG. 2 to FIG.
如图2所示,为添加热点及配置对应的权限配置文件的流程图,配置过程如下:As shown in Figure 2, the flow chart for adding a hotspot and configuring the corresponding rights profile is as follows:
步骤201:权限配置功能项开启;Step 201: The permission configuration function item is enabled.
其中,开启可以是用户在终端设置功能中主动点击开启的,也可以是终端在接入热点时,在用户允许后,由后台开启的。The opening may be initiated by the user in the terminal setting function, or may be initiated by the terminal when the terminal accesses the hotspot after the user permits.
步骤202:呈现配置界面,该配置界面上包含:添加热点选项和新建配置文件选项;若用户选择了添加热点选项,则说明用户要为添加的热点配置对应的权限配置文件,执行步骤203;若用户选择了新建配置文件选项,则说明用户要建立默认权限配置文件,执行步骤204;Step 202: The configuration interface is displayed, and the configuration interface includes: adding a hotspot option and a new configuration file option; if the user selects the hotspot option, the user needs to configure a corresponding rights configuration file for the added hotspot, and step 203 is performed; If the user selects the new configuration file option, the user wants to establish a default permission configuration file, and step 204 is performed;
步骤203,获取用户添加的热点名称,执行步骤204; Step 203, the name of the hotspot added by the user is obtained, and step 204 is performed;
步骤204:呈现终端的文件、文件夹、应用程序及系统功能列表,供用户选择; Step 204: Present a list of files, folders, applications, and system functions of the terminal for the user to select;
步骤205:保存用户选择的文件、文件夹、应用程序和/或系统功能;Step 205: save files, folders, applications, and/or system functions selected by the user;
步骤206:将保存的信息与系统内置的或者用户自定义的安全策略建立匹配关系,形成权限配置文件;也就是说,用户选择保存的信息为需要安全控制的信息,当权限配置文件被调动时,对保存的信息实施对应的安全策略。Step 206: The saved information is matched with the built-in or user-defined security policy to form a rights configuration file. That is, the information selected by the user is information that needs security control, and when the rights configuration file is mobilized. Implement a corresponding security policy for the saved information.
步骤207:若形成的是热点对应的权限配置文件,则将热点及其对应的权限配置文件存入热点与权限配置文件对应关系表内;若形成的为默认权限配置文件,则将配置的默认权限配置文件存储到对应关系表内。Step 207: If the rights configuration file corresponding to the hot spot is formed, the hotspot and its corresponding rights configuration file are stored in the correspondence table of the hotspot and the rights configuration file; if the default permission configuration file is formed, the default configuration will be configured. The rights profile is stored in the correspondence table.
本实施例中,在呈现终端的文件、文件夹、应用程序及系统功能列表时,还可以对已经配置的权限配置文件进行呈现,供用户选择。也就是说,若用户选择了一权限配置文件,说明用户想要与该权限配置文件相同的配置,则直接复制选择的权限配置文件即可,无需用户逐一选择,提高配置效率。In this embodiment, when the file, folder, application, and system function list of the terminal are presented, the configured rights configuration file may also be presented for the user to select. That is to say, if the user selects a rights configuration file, indicating that the user wants the same configuration as the rights configuration file, the selected rights configuration file can be directly copied, and the user is not required to select one by one, thereby improving the configuration efficiency.
本实施例中,热点与权限配置文件对应关系表具有可编辑性(如修改、删除),用户可以对所述对应关系表进行编辑,如图3所示,为编辑权限配置文件的流程图,包括如下步骤:In this embodiment, the correspondence table between the hotspot and the rights configuration file has editability (such as modification and deletion), and the user can edit the corresponding relationship table, as shown in FIG. 3, which is a flowchart of editing the rights configuration file. Including the following steps:
步骤301:获取用户选择的要编辑的权限配置文件;Step 301: Acquire a rights configuration file selected by the user to be edited;
步骤302:呈现终端的文件、文件夹、应用程序及系统功能列表,供用户进行选择。Step 302: Present a list of files, folders, applications, and system functions of the terminal for the user to select.
可选地,呈现列表时,对于当前权限配置文件已经选中的项进行标记显示,以供用户查看在前的选择情况。Optionally, when the list is presented, the items that have been selected by the current rights profile are marked for display for the user to view the previous selection.
步骤303:保存用户重新选择的文件、文件夹、应用程序和/或系统功能;Step 303: save files, folders, applications, and/or system functions reselected by the user;
步骤304:基于保存的信息,形成新的权限配置文件。Step 304: Form a new rights profile based on the saved information.
上述过程为修改权限配置文件的过程。同理,若用户要对热点及其对应的权限配置文件进行删除,则在获取到用户选择的删除项后,直接删除即可。The above process is the process of modifying the rights profile. Similarly, if the user wants to delete the hotspot and its corresponding permission profile, after deleting the deleted item selected by the user, it can be deleted directly.
如图4所示,为当终端接入热点时进行终端数据保护的流程图,包括如 下步骤:As shown in FIG. 4, it is a flowchart for performing terminal data protection when the terminal accesses a hotspot, including, for example, Next steps:
步骤401:终端接入热点;Step 401: The terminal accesses the hotspot;
步骤402:判断接入的热点是否为热点与权限配置列表内的热点,若是,则执行步骤403;否则,执行步骤404;Step 402: Determine whether the hotspot of the access is a hotspot and a hotspot in the rights configuration list, and if yes, go to step 403; otherwise, go to step 404;
步骤403:在热点与权限列表内获取与接入的热点对应的权限配置文件,加载并执行权限配置文件,结束;Step 403: Obtain a rights configuration file corresponding to the accessed hotspot in the hotspot and permission list, load and execute the rights configuration file, and end;
步骤404:若热点不在列表中,判断该热点是否为首次接入的热点;若是,执行步骤405;否则,执行步骤406;Step 404: If the hotspot is not in the list, determine whether the hotspot is the first hotspot; if yes, go to step 405; otherwise, go to step 406;
步骤405,询问用户是否添加到列表;若用户确认添加,则按照图2所示的流程添加权限配置文件并保存执行,结束;若用户确认不添加,则执行步骤406; Step 405, asking the user whether to add to the list; if the user confirms the addition, then add the rights profile according to the process shown in Figure 2 and save the execution, the end; if the user confirms not to add, then step 406;
步骤406,查询用户是否设定加载默认权限配置文件,若是,加载默认权限配置文件并执行,结束;若否,直接结束。Step 406: Query whether the user sets the default permission configuration file to be loaded, and if so, loads the default permission configuration file and executes, and ends; if not, directly ends.
当用户已接入热点并加载执行权限配置文件的情况下,启用应用程序时,判断应用程序是否在权限配置文件中,若不在,正常启动;若在,弹出提示框,要求用户再次确认启动。若用户确认,正常启动;若用户取消或未操作,不启动。When the user has accessed the hotspot and loads the execution permission profile, when the application is enabled, it is determined whether the application is in the permission profile, and if not, it starts normally; if it is, a prompt box is displayed, asking the user to confirm the startup again. If the user confirms, it starts normally; if the user cancels or does not operate, it does not start.
如图5所示,为当终端从热点断开时本发明实施例的流程图。包括如下步骤:As shown in FIG. 5, it is a flowchart of an embodiment of the present invention when the terminal is disconnected from the hotspot. Including the following steps:
步骤501:终端从热点断开;Step 501: The terminal is disconnected from the hotspot;
步骤502:判断是否加载并执行了权限配置文件;Step 502: Determine whether the rights configuration file is loaded and executed.
步骤503:若是,恢复到原始状态,结束;若否,结束。Step 503: If yes, return to the original state, and end; if not, end.
实施例二Embodiment 2
本发明实施例提供一种终端,如图6所示,包括:An embodiment of the present invention provides a terminal, as shown in FIG. 6, including:
文件调用模块610,设置为:在终端接入AP时,调用预设的与所述AP对应的权限配置文件; The file invoking module 610 is configured to: when the terminal accesses the AP, invoke a preset permission configuration file corresponding to the AP;
安全控制模块620,设置为:按照所述权限配置文件定义的安全策略,对所述终端进行安全控制。The security control module 620 is configured to perform security control on the terminal according to the security policy defined by the rights configuration file.
本发明实施例中,文件调用模块610,在终端接入AP时,在预先配置的AP与权限配置文件对应关系表中获取与接入的AP对应的权限配置文件,并调用获取的权限配置文件。也就是说,针对不同的AP,用户可以预先配置与每个AP对应的多个权限配置文件,形成AP与权限配置文件对应关系列表,供终端在接入AP时进行权限配置文件调用。In the embodiment of the present invention, the file invoking module 610 obtains the rights configuration file corresponding to the accessed AP in the pre-configured AP and the rights configuration file correspondence table, and invokes the obtained rights configuration file. . That is to say, for different APs, the user can pre-configure multiple rights profiles corresponding to each AP to form a correspondence list between the AP and the rights profile, so that the terminal can invoke the rights profile when accessing the AP.
而针对于在预先配置的AP与权限配置文件对应关系表中未获取到与接入的AP对应的权限配置文件的情况,可以获取并调用预设的默认权限配置文件或者用户为接入的AP新配置的权限配置文件。In the case that the rights profile corresponding to the accessed AP is not obtained in the pre-configured AP and the rights profile correspondence table, the preset default rights profile or the AP that the user accesses may be obtained and invoked. The newly configured rights profile.
可选地,本发明实施例中,所述安全策略包括如下策略中的一个或多个:将指定的文件、文件夹和/或应用程序设置为安全模式、自动终止指定的应用程序、以及禁用指定的终端系统功能;其中,所述安全模式包括:隐藏或者禁止访问。需要说明的是,上述安全策略只是列举并非穷举,本领域技术人员可以根据自身需求灵活设定安全策略。Optionally, in the embodiment of the present invention, the security policy includes one or more of the following: setting a specified file, folder, and/or application to a security mode, automatically terminating the specified application, and disabling The specified terminal system function; wherein the security mode includes: hiding or disabling access. It should be noted that the above security policies are merely exhaustive, and those skilled in the art can flexibly set security policies according to their own needs.
可选地,本发明实施例中,所述终端,还包括:Optionally, in the embodiment of the present invention, the terminal further includes:
恢复模块630,设置为:当终端从接入的AP断开时,停止安全控制,恢复终端的原始状态。The recovery module 630 is configured to: when the terminal disconnects from the accessed AP, stop the security control and restore the original state of the terminal.
综上所述,可知本发明实施例所述终端,在终端接入不同的WiFi热点(即AP)时,通过用户设定的不同权限配置文件进行安全控制,以达到保护用户隐私、保障用户信息安全的目的。In summary, it can be seen that the terminal in the embodiment of the present invention performs security control by using different rights configuration files set by the user when the terminal accesses different WiFi hotspots (ie, APs), so as to protect user privacy and protect user information. The purpose of security.
下面根据图7说明本发明实施例提供的终端的结构及功能。The structure and function of the terminal provided by the embodiment of the present invention are described below with reference to FIG.
本发明实施例提供一种终端,如图7所示,包括:An embodiment of the present invention provides a terminal, as shown in FIG. 7, including:
配置模块710,设置为:生成默认的权限配置文件,或者,为指定的热点生成对应的权限配置文件。可选的,配置模块生成权限配置文件的方式为:扫描终端当前的所有应用程序、以及读取终端当前的所有文件、文件夹和系统功能,将扫描和读取到的信息形成列表,供用户选择。当用户选择了 指定的文件、文件夹、应用程序和/或系统功能后,将用户选择的信息与系统内置的或者用户自定义的安全策略建立匹配关系,生成权限配置文件。The configuration module 710 is configured to: generate a default rights configuration file, or generate a corresponding rights configuration file for the specified hotspot. Optionally, the configuration module generates the rights configuration file by scanning all current applications of the terminal, and reading all current files, folders, and system functions of the terminal, and forming a list of scanned and read information for the user. select. When the user chooses After the specified file, folder, application, and/or system function, the user-selected information is matched with the built-in or user-defined security policy to generate a rights profile.
存储模块720,设置为:存储记录配置模块710生成的权限配置文件,权限配置文件与热点间的对应关系,以及默认权限配置文件。同时为用户提供编辑接口,使得用户可对其中的信息进行编辑操作。The storage module 720 is configured to: store the rights configuration file generated by the record configuration module 710, the correspondence between the rights profile and the hotspot, and the default rights profile. At the same time, the user is provided with an editing interface, so that the user can edit the information therein.
文件调用模块730,设置为:当终端接入热点时,将当前热点与存储模块中的信息进行检索对比,判断该热点是否在存储模块中,若存在于存储模块中,则直接调用对应的权限配置文件;若不存在于存储模块中,则提示用户选择默认权限配置文件还是为该热点新配置权限配置文件,若用户选择调用默认权限配置文件,则直接调用对应的默认权限配置文件,若用户选择为热点新配置权限配置文件,则触发配置模块710,并调用新配置的权限配置文件。The file invoking module 730 is configured to: when the terminal accesses the hotspot, compare and retrieve the current hotspot with the information in the storage module, and determine whether the hotspot is in the storage module, and if it exists in the storage module, directly invoke the corresponding permission. If the user does not exist in the storage module, the user is prompted to select the default permission profile or the new profile configuration file for the hotspot. If the user chooses to invoke the default permission profile, the corresponding default profile is directly invoked. Selecting a new configuration rights profile for the hotspot triggers the configuration module 710 and invokes the newly configured rights profile.
缓存模块740,设置为:记录终端接入热点时的初始状态,包括应用程序运行情况等等。The cache module 740 is configured to: record an initial state when the terminal accesses the hotspot, including an application running condition, and the like.
安全控制模块750,设置为:根据调用的权限配置文件,对终端进行安全控制。The security control module 750 is configured to: perform security control on the terminal according to the invoked rights configuration file.
恢复模块760,设置为:当终端从热点断开时,判断终端是否应用了权限配置文件,若是,则从缓存模块740中读取终端的初始状态,并调用后台程序进行状态恢复;否则,不做任何操作。The recovery module 760 is configured to: when the terminal disconnects from the hotspot, determine whether the terminal applies the rights configuration file, and if yes, read the initial state of the terminal from the cache module 740, and invoke the background program to perform state recovery; otherwise, Do anything.
实施例三Embodiment 3
本发明实施例提供一种终端数据保护设备,如图8所示,该设备包括:An embodiment of the present invention provides a terminal data protection device. As shown in FIG. 8, the device includes:
拾取部件810,将用户设置的权限配置文件写入存储器820;Picking component 810, the user-set rights profile is written to the memory 820;
控制器830,在终端接入AP时,读存储器820,调用与该AP对应的权限配置文件,并按照该权限配置文件定义的安全策略,对终端进行安全控制。The controller 830 reads the memory 820 when the terminal accesses the AP, invokes the rights configuration file corresponding to the AP, and performs security control on the terminal according to the security policy defined by the rights configuration file.
可见,本实施例所述设备,在终端接入不同的WiFi热点(即AP)时,通过用户设定的不同权限配置文件进行安全控制,达到保护用户隐私、保障 用户信息安全的目的。It can be seen that, when the terminal accesses different WiFi hotspots (ie, APs), the device in the present embodiment performs security control through different rights configuration files set by the user, thereby protecting user privacy and guaranteeing. The purpose of user information security.
下面结合附图9说明本发明实施例提供的设备的结构及功能。The structure and function of the device provided by the embodiment of the present invention are described below with reference to FIG.
如图9所示,本实施例所述终端数据保护设备,包括:GUI(图形用户界面)910、拾取部件920、存储器930、控制器940和缓存器950。其中:As shown in FIG. 9, the terminal data protection device in this embodiment includes a GUI (Graphical User Interface) 910, a pickup component 920, a memory 930, a controller 940, and a buffer 950. among them:
GUI 910,为用户提供设置权限配置文件的操作界面。用户可以通过GUI设置默认的权限配置文件,或者,为指定的热点设置对应的权限配置文件。设置过程为:用户在GUI内选择设置默认的权限配置文件或者选择为指定的热点设置对应的权限配置文件,GUI扫描终端当前的所有应用程序、以及读取终端当前的所有文件、文件夹和系统功能,将扫描和读取到的信息形成列表,供用户选择。The GUI 910 provides the user with an operation interface for setting a rights profile. The user can set a default permission profile through the GUI, or set a corresponding rights profile for the specified hotspot. The setting process is: the user selects a default permission profile in the GUI or selects a rights profile corresponding to the specified hotspot, and the GUI scans all current applications of the terminal, and reads all current files, folders, and systems of the terminal. Function, which forms a list of scanned and read information for the user to select.
拾取部件920,与GUI 910相连,采集用户在GUI内选择的指定的文件、文件夹、应用程序和/或系统功能信息,将用户选择的信息与系统内置的或者用户自定义的安全策略建立匹配关系,生成权限配置文件,并将生成的权限配置文件存入存储器930;The picking unit 920 is connected to the GUI 910 to collect specified files, folders, applications, and/or system function information selected by the user in the GUI, and matches the information selected by the user with a built-in or user-defined security policy. Relationship, generate a rights configuration file, and store the generated rights configuration file into the memory 930;
存储器930,与拾取部件920相连,存储拾取部件920生成的权限配置文件,权限配置文件与热点间的对应关系,以及默认权限配置文件。同时为用户提供编辑接口,使得用户可对其中的信息进行编辑操作。The memory 930 is connected to the picking unit 920, and stores a rights profile generated by the picking unit 920, a correspondence between the rights profile and the hotspot, and a default rights profile. At the same time, the user is provided with an editing interface, so that the user can edit the information therein.
控制器940,在终端接入热点时,使能缓存器950,同时将当前热点与存储器930中的信息进行检索对比,判断该热点是否在存储器930中,若存在于存储器930中,则直接调用对应的权限配置文件;若不存在于存储器930中,则提示用户选择默认权限配置文件还是为该热点新配置权限配置文件,若用户选择调用默认权限配置文件,则直接调用对应的默认权限配置文件,若用户选择为热点新配置权限配置文件,则触发GUI 910,并调用新配置的权限配置文件,以及根据调用的权限配置文件,对终端进行安全控制。并且,在终端从热点断开时,判断终端是否应用了权限配置文件,若是,则从缓存器950中读取终端的初始状态,并调用后台程序进行状态恢复;否则,不做任何操作。The controller 940, when the terminal accesses the hotspot, enables the buffer 950, and compares the current hotspot with the information in the memory 930 to determine whether the hotspot is in the memory 930. If it exists in the memory 930, the controller 940 directly calls Corresponding privilege profile; if it does not exist in the memory 930, the user is prompted to select a default privilege profile or a new privilege profile for the hotspot. If the user chooses to invoke the default privilege profile, the corresponding default privilege profile is directly invoked. If the user selects a new profile configuration file for the hotspot, the GUI 910 is triggered, and the newly configured rights profile is invoked, and the terminal is security controlled according to the invoked rights profile. Moreover, when the terminal disconnects from the hotspot, it is judged whether the terminal applies the rights configuration file, and if so, the initial state of the terminal is read from the buffer 950, and the background program is called to perform state recovery; otherwise, no operation is performed.
缓存器950,在控制器940的使能控制下,记录终端接入热点时的初始 状态,包括应用程序运行情况等等。The buffer 950, under the enable control of the controller 940, records the initial when the terminal accesses the hotspot Status, including application health, and more.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
本发明实施例的方法和终端,在终端接入WiFi热点时,可以根据用户设定的权限配置文件,对终端进行安全控制,如自动隐藏文件、文件夹、应用程序图标等,自动停止运行的应用程序、禁用系统功能等,从而达到保护用户隐私和保障用户数据安全的目的。 The method and the terminal of the embodiment of the present invention can perform security control on the terminal according to the rights configuration file set by the user when the terminal accesses the WiFi hotspot, such as automatically hiding files, folders, application icons, etc., and automatically stop running. Applications, disable system features, etc., to protect user privacy and secure user data.

Claims (12)

  1. 一种终端数据保护方法,包括:A terminal data protection method includes:
    在终端接入无线接入点AP时,调用预设的与所述AP对应的权限配置文件;When the terminal accesses the wireless access point AP, the preset permission configuration file corresponding to the AP is invoked;
    按照所述权限配置文件定义的安全策略,对所述终端进行安全控制。Perform security control on the terminal according to the security policy defined by the rights profile.
  2. 如权利要求1所述的方法,其中,所述在终端接入无线接入点AP时,调用预设的与所述AP对应的权限配置文件,包括:The method of claim 1, wherein when the terminal accesses the wireless access point AP, the preset permission profile corresponding to the AP is invoked, including:
    当终端接入AP时,在预先配置的AP与权限配置文件对应关系表中获取与接入的AP对应的权限配置文件,并调用获取的权限配置文件。When the terminal accesses the AP, the rights configuration file corresponding to the accessed AP is obtained in the pre-configured AP and the rights configuration file correspondence table, and the obtained rights configuration file is invoked.
  3. 如权利要求2所述的方法,还包括:The method of claim 2 further comprising:
    当在预先配置的AP与权限配置文件对应关系表中未获取到与接入的AP对应的权限配置文件时,获取并调用预设的默认权限配置文件或者用户为接入的AP新配置的权限配置文件。When the rights profile corresponding to the accessed AP is not obtained in the pre-configured AP and the rights profile mapping table, the preset default rights profile or the user's newly configured AP is configured. Configuration file.
  4. 如权利要求1所述的方法,其中,所述安全策略包括如下策略中的一个或多个:将指定的文件、文件夹和/或应用程序设置为安全模式、自动终止运行的指定应用程序、以及禁用指定的终端系统功能;其中,所述安全模式包括:隐藏或者禁止访问。The method of claim 1, wherein the security policy comprises one or more of the following: setting a specified file, folder, and/or application to a secure mode, automatically terminating a specified application, And disabling the specified terminal system function; wherein the security mode includes: hiding or disabling access.
  5. 如权利要求1至4任意一项所述的方法,还包括:当终端从接入的AP断开时,停止安全控制,恢复终端的原始状态。The method according to any one of claims 1 to 4, further comprising: when the terminal disconnects from the accessed AP, stopping the security control and restoring the original state of the terminal.
  6. 一种终端,包括:A terminal comprising:
    文件调用模块,设置为:在终端接入AP时,调用预设的与所述AP对应的权限配置文件;The file invoking module is configured to: when the terminal accesses the AP, invoke a preset permission configuration file corresponding to the AP;
    安全控制模块,设置为:按照所述权限配置文件定义的安全策略,对所述终端进行安全控制。The security control module is configured to: perform security control on the terminal according to the security policy defined by the rights configuration file.
  7. 如权利要求6所述的终端,其中,所述文件调用模块,是设置为:当终端接入AP时,在预先配置的AP与权限配置文件对应关系表中获取与接入的AP对应的权限配置文件,并调用获取的权限配置文件。 The terminal according to claim 6, wherein the file invoking module is configured to: when the terminal accesses the AP, obtain the permission corresponding to the accessed AP in the pre-configured AP and the rights configuration file correspondence table. Profile and call the obtained permission profile.
  8. 如权利要求7所述的终端,其中,所述文件调用模块,还设置为:当在预先配置的AP与权限配置文件对应关系表中未获取到与接入的AP对应的权限配置文件时,获取并调用预设的默认权限配置文件或者用户为接入的AP新配置的权限配置文件。The terminal according to claim 7, wherein the file invoking module is further configured to: when a rights profile corresponding to the accessed AP is not obtained in the pre-configured AP and the rights profile correspondence table, Obtain and call the default default rights profile or the newly configured rights profile for the AP that the user accesses.
  9. 如权利要求6所述的终端,其中,所述安全策略包括如下策略中的一个或多个:将指定的文件、文件夹和/或应用程序设置为安全模式、自动终止指定的应用程序、以及禁用指定的终端系统功能;其中,所述安全模式包括:隐藏或者禁止访问。The terminal of claim 6, wherein the security policy comprises one or more of the following: setting a specified file, folder, and/or application to a secure mode, automatically terminating the specified application, and The specified terminal system function is disabled; wherein the security mode includes: hiding or disabling access.
  10. 如权利要求6至9任意一项所述的终端,还包括:The terminal according to any one of claims 6 to 9, further comprising:
    恢复模块,设置为:当终端从接入的AP断开时,停止安全控制,恢复终端的原始状态。The recovery module is configured to: when the terminal disconnects from the accessed AP, stop the security control and restore the original state of the terminal.
  11. 一种终端数据保护设备,包括:A terminal data protection device, comprising:
    拾取部件,将用户设置的权限配置文件写入存储器;Picking up the component and writing the permission profile set by the user to the memory;
    控制器,在终端接入无线接入点AP时,读所述存储器,调用与所述AP对应的权限配置文件,并按照该权限配置文件定义的安全策略,对所述终端进行安全控制。The controller reads the memory when the terminal accesses the wireless access point AP, invokes the rights configuration file corresponding to the AP, and performs security control on the terminal according to the security policy defined by the rights configuration file.
  12. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-5任一项的方法。 A computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-5.
PCT/CN2015/079834 2015-03-30 2015-05-26 Terminal data protection method, terminal and device WO2016155102A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510143804.1 2015-03-30
CN201510143804.1A CN106156645A (en) 2015-03-30 2015-03-30 Terminal data protection method, terminal and equipment

Publications (1)

Publication Number Publication Date
WO2016155102A1 true WO2016155102A1 (en) 2016-10-06

Family

ID=57003925

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/079834 WO2016155102A1 (en) 2015-03-30 2015-05-26 Terminal data protection method, terminal and device

Country Status (2)

Country Link
CN (1) CN106156645A (en)
WO (1) WO2016155102A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529341A (en) * 2016-12-14 2017-03-22 北京小米移动软件有限公司 Application program hiding method and apparatus
CN109863772B (en) * 2017-04-12 2021-06-01 华为技术有限公司 Security policy processing method and related equipment
CN107391543B (en) * 2017-05-24 2020-08-14 阿里巴巴集团控股有限公司 Wireless hotspot type identification method and device
CN107343279A (en) * 2017-07-07 2017-11-10 广东欧珀移动通信有限公司 Method for connecting network, device, terminal device and storage medium
CN111310161B (en) * 2020-01-20 2022-11-25 Oppo(重庆)智能科技有限公司 Application management method and device and computer readable storage medium
CN116193018B (en) * 2022-12-08 2024-10-18 中国联合网络通信集团有限公司 Method, device, equipment and storage medium for executing security policy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572931A (en) * 2008-04-29 2009-11-04 中兴通讯股份有限公司 User access control method based on Iu framework and system
CN103632073A (en) * 2013-12-05 2014-03-12 北京网秦天下科技有限公司 Method and device used for controlling terminal application permission
CN104125335A (en) * 2014-06-24 2014-10-29 小米科技有限责任公司 Method, device and system for managing authority
CN104239764A (en) * 2014-10-15 2014-12-24 北京奇虎科技有限公司 Terminal device and system function management and control method and device of terminal device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101668293A (en) * 2009-10-21 2010-03-10 杭州华三通信技术有限公司 Control method and system of network access authority in WLAN
CN102413220B (en) * 2011-11-24 2014-08-20 中兴通讯股份有限公司 Method for controlling right of using connection function and mobile terminal
US9160729B2 (en) * 2013-08-20 2015-10-13 Paypal, Inc. Systems and methods for location-based device security
CN103796278A (en) * 2014-02-27 2014-05-14 成都悟空科技有限公司 Mobile terminal wireless network access control method
CN104066088A (en) * 2014-06-06 2014-09-24 Tcl通讯(宁波)有限公司 Wireless internet access strategy method, system and definition method for mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572931A (en) * 2008-04-29 2009-11-04 中兴通讯股份有限公司 User access control method based on Iu framework and system
CN103632073A (en) * 2013-12-05 2014-03-12 北京网秦天下科技有限公司 Method and device used for controlling terminal application permission
CN104125335A (en) * 2014-06-24 2014-10-29 小米科技有限责任公司 Method, device and system for managing authority
CN104239764A (en) * 2014-10-15 2014-12-24 北京奇虎科技有限公司 Terminal device and system function management and control method and device of terminal device

Also Published As

Publication number Publication date
CN106156645A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
WO2016155102A1 (en) Terminal data protection method, terminal and device
US10257207B2 (en) Managed clone applications
AU2013209946B2 (en) File system access for one or more sandboxed applications
CA2814852C (en) Method for establishing a plurality of modes of operation on a mobile device
US8880034B2 (en) Data segmentation profiles
KR102203399B1 (en) Security control method for user in social network, social application device and terminal
US8190636B2 (en) Method, apparatus and computer program product for providing object privilege modification
US9378344B2 (en) Method and apparatus for protecting information based on data card
JP2003099400A (en) Security-managing device, security-managing method and security-managing program
KR20160137940A (en) Method and apparatus of managing authority
CA2805960C (en) Method and apparatus for management of multiple grouped resources on device
WO2017045417A1 (en) Remote control method and apparatus and mobile terminal
CN104902479A (en) Network security management equipment and method and mobile terminal
US9501638B2 (en) Techniques for managing security modes applied to application program execution
US20150067876A1 (en) Method and device for managing security of information in mobile terminal, and mobile terminal
WO2016023378A1 (en) Method and device for storing information about contact person
EP2950561B1 (en) Method and system for domain creation and bootstrapping
WO2016054912A1 (en) Terminal device and file management method thereof
WO2020103564A1 (en) Method, system and apparatus for enabling biological feature application function, and device
JP2015114837A (en) Access control device, program and access control system
US8229400B1 (en) Granular control over access to data by a device
CN105354461A (en) Authentication method and terminal
CN114021107A (en) Privacy protection method, system, terminal device, storage medium and product
KR102090151B1 (en) Data protection system and method thereof
CN112632518A (en) Data access method, device, terminal and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15887070

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15887070

Country of ref document: EP

Kind code of ref document: A1