WO2016192499A1

WO2016192499A1 - Terminal management method and terminal

Info

Publication number: WO2016192499A1
Application number: PCT/CN2016/080595
Authority: WO
Inventors: 刘岩; 王文林; 张娜; 孙巍
Original assignee: 宇龙计算机通信科技(深圳)有限公司
Priority date: 2015-05-29
Filing date: 2016-04-29
Publication date: 2016-12-08
Also published as: CN105577911A

Abstract

Disclosed in the embodiments of the present invention are a terminal management method and terminal. The terminal comprises an operating system, characterized by the terminal being provided with a security system independent of the operating system. The method comprises: acquiring, by the security system, user operation information when operating the terminal; determining, by the security system and according to the user operation information, whether a user identity operating the terminal is abnormal; if so, sending, by the security system, a data backup instruction to the operating system, such that the operating system connects to a network according to the data backup instruction, and the security system uploads data information of the operating system to a data backup platform at a network terminal. The present invention can timely avoid a loss of important information when a mobile phone is lost.

Description

Terminal management method and terminal

The present application claims priority to Chinese Patent Application No. 201510288740.4, entitled "A Terminal Management Method and Terminal", filed on May 29, 2015, the entire contents of .

Technical field

The present invention relates to the field of computer technologies, and in particular, to a terminal management method and a terminal.

Background technique

With the rapid development of communication hardware and software technology, the performance of mobile phones is becoming more and more powerful. It is no longer limited to making calls and sending text messages. Nowadays, a mobile phone is enough to control our lives, shopping, taking pictures, playing games, watching Video and other functions are available, and because of this, mobile phones often store some important or relatively private information.

In real life, people often have lost their mobile phones. The loss of the mobile phone itself may not be so serious, but the loss of information in the mobile phone often leads to serious consequences. The prior art solution is to perform identity verification through the operating system. When the verification fails, the location information is sent to the preset mobile phone number, so that the user can retrieve the mobile phone according to the clue in the short message. The drawback of the prior art is that it takes a long time for the user to receive the short message clue to retrieve the mobile phone, and the important information in the mobile phone still has the risk of being lost.

Summary of the invention

The embodiment of the invention discloses a terminal management method and a terminal, which can timely process information in the terminal to prevent loss of important information in the mobile phone.

In a first aspect, an embodiment of the present invention provides a terminal management method, where the terminal includes an operating system, and the terminal is provided with a security system independent of the operating system, and the method includes:

The security system acquires user operation information when the terminal is operated;

Determining, by the security system, whether the identity of the user operating the terminal is abnormal according to the user operation information;

When it is determined that the abnormality is abnormal, the security system sends a data backup instruction to the operating system, so that the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data of the network end. Backup platform.

With reference to the first aspect, in a first possible implementation manner of the first aspect, the operating system is connected to the network according to the data backup instruction, and uploads the data information in the operating system to a data backup platform of the network. include:

The operating system connects to the network according to the data backup instruction, and does not output prompt information that the network connection is successful;

The operating system uploads the data information contained in the operating system to the data backup platform on the network, and does not output prompt information indicating the upload status.

And the first aspect, in a second possible implementation manner of the first aspect, after the security system determines that the identity of the user operating the terminal is abnormal according to the user operation information, the method further includes:

The security system sends an operation instruction to the current operating system of the terminal, so that the current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, where the operation instruction carries There is the preset phone number.

And a second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the current operating system sends the terminal to a preset phone number according to the operation instruction Status information, including:

The current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, and does not output prompt information indicating a sending status and a record that does not retain the sending.

Optionally, when the terminal determines that the abnormality is abnormal, if the user actively makes a call or sends a message, the terminal automatically connects the phone to the pre-stored number, or sends the short message to the pre-stored number, but displays it to the user. The person is the number that the connected user actually wants to connect or send. For example: For example, the owner of the terminal is Zhang San, and the pre-stored number in the terminal is 13085402915, but the terminal is obtained by Li Si. After replacing the mobile phone card, Li Si uses the mobile phone to dial or send a message to 18612055981. The terminal confirms the abnormality of the terminal according to the biological information such as fingerprints. The terminal connects or sends the information such as the location of the phone or the message carrying terminal to 13085402915, but the reality is given to Li Si. The connected 18612055981 or SMS was successfully sent to 18612055981.

With reference to the first aspect, the first possible implementation of the first aspect, the second possible implementation of the first aspect, and any one of the possible implementations of the third possible implementation of the first aspect, In a fourth possible implementation manner of the first aspect, the security system determines, according to the user operation information, whether the identity of the user that operates the terminal is abnormal, including:

When the biometric verification function of the terminal main program interface is enabled, it is determined whether the acquired user biometrics match the preset user biometrics, and if not, the user identity is determined to be abnormal; or

When the password verification function of the terminal main program interface is enabled, determining whether the first user has input a password that does not match the preset password multiple times, performing an operation of triggering the terminal to replace the operating system, if Then, it is determined that the user identity is abnormal.

In a second aspect, an embodiment of the present invention provides a terminal, where the terminal includes an operating system, where the terminal is provided with a security system independent of the operating system, and the security system includes:

An obtaining unit, configured to acquire user operation information when the terminal is operated;

a determining unit, configured to determine, according to the user operation information, whether an identity of a user operating the terminal is abnormal;

a first sending unit, configured to send a data backup instruction to the operating system when the determining unit determines that the user identity is abnormal, so that the operating system connects to the network according to the data backup instruction, and connects the operating system The data information in the data is uploaded to the data backup platform on the network side.

With reference to the second aspect, in a first possible implementation manner of the second aspect, the operating system is connected to the network according to the data backup instruction, and uploads the information information in the operating system to the data backup platform of the network. include:

With reference to the second aspect, in a second possible implementation manner of the second aspect, the terminal further includes:

a second sending unit, configured to send an operation instruction to a current operating system of the terminal, so as to The current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, where the operation instruction carries the preset phone number.

With the second possible implementation of the second aspect, in a third possible implementation manner of the second aspect, the current operating system sends the status of the terminal to a preset phone number according to the operation instruction. Information, including:

With reference to the second aspect, the first possible implementation of the second aspect, the second possible implementation of the second aspect, and any one of the possible implementations of the third possible implementation of the second aspect, In a fourth possible implementation manner of the second aspect, the determining unit is specifically configured to:

By implementing the embodiment of the present invention, a security system independent of the operating system is set in the terminal, and the security system identifies the user operation information of the terminal to determine whether the user of the operation terminal is abnormal, and if abnormal, triggers the operating system to preset data. The backup platform sends important data, effectively preventing the loss of important information in the terminal.

Further, when transmitting the important information, the security system triggers the operating system not to output the prompt information of the successful network connection, and does not output the prompt information for the data uploading, so that other users currently holding the terminal cannot detect the important information being performed. Uploading; judging whether the identity of the user using the terminal is abnormal according to the user operation habits pre-summarized, if the abnormality is performed, the operation of uploading the important material information is performed; further, determining whether the identity of the user is abnormal is completed by the security system, due to the security system and The operating system is independent of each other. Even if the terminal is flashed, the terminal can determine whether the user identity is abnormal through the parameter information set by the original user in the security system. Further, the security system can trigger the operating system to use the phone number pre-stored in the security system. Send a text message to the original user to inform the terminal The previous state (such as location, SIM card number, etc.) allows the original user to retrieve the mobile phone as much as possible; further, the security system triggers the operating system to not send the sent status information when sending the short message, and does not retain the short message in the terminal. The record improves the privacy; further, after determining the identity of the user, the security system can also trigger the operating system to open the relevant module to collect the current user information (such as photos, ID cards, etc.) and send it to the preset mobile phone. In order to provide more useful clues for the original user to retrieve the mobile phone; in addition, the authentication method can be iris verification, fingerprint verification, eye pattern verification, face verification, palm print verification, voiceprint verification, etc., due to each person's These biometrics are basically unique and can improve the accuracy of the verification.

DRAWINGS

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.

1 is a schematic flowchart of a terminal management method according to an embodiment of the present invention;

2 is a schematic flowchart of still another terminal management method according to an embodiment of the present invention;

3 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

4 is a schematic structural diagram of still another terminal according to an embodiment of the present invention;

FIG. 5 is a schematic structural diagram of still another terminal according to an embodiment of the present invention.

detailed description

The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

It is to be understood that the terminology used in the embodiments of the present invention is for the purpose of describing the particular embodiments, and is not intended to limit the invention. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and includes a Or any associated combination of any or all of the possible items. In addition, the terms "first", "second", "third", and "fourth" and the like in the specification and claims of the present invention and the above drawings are used to distinguish different objects, and are not intended to describe specific order. Furthermore, the terms "comprises" and "comprising" and "comprising" are intended to cover a non-exclusive inclusion. For example, a process, method, system, product, or device that comprises a series of steps or units is not limited to the listed steps or units, but optionally also includes steps or units not listed, or alternatively Other steps or units inherent to these processes, methods, products or equipment.

The terminal described in the embodiment of the present invention may be a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a mobile internet device (MID), a wearable device (such as a smart watch (such as iWatch, etc.), a smart bracelet, and a meter. Stepper, etc.) or other terminal device that can be installed to deploy the instant messaging application client.

Referring to FIG. 1, FIG. 1 is a schematic flowchart of a method for managing a terminal according to an embodiment of the present invention, where the method includes but is not limited to the following steps.

Step S101: The security system acquires user operation information when the terminal is operated.

Specifically, the terminal includes an operating system and a security system, and data interaction can be performed between the operating system and the security system. For example, the security system can send an instruction to the operating system to cause the operating system to perform corresponding operations according to the instruction. The security system and the operating system are independent of each other. Take a scenario as an example. After the user replaces the operating system of the terminal, the security system in the terminal remains, and the data in the security system is not lost. In addition, the security system can also be connected to the terminal. The replaced operating system performs data interaction.

The security system can directly control the user interface on the terminal to obtain user operation information; and can also obtain user operation information from the operating system. For example, the operating system itself can obtain user operation information in real time, and when receiving the request instruction of the security system, the security system will obtain The user operation information obtained is sent to the security system.

Further, the foregoing operation may be a password unlocking operation, a biometric feature (iris recognition, fingerprint recognition, eye pattern recognition, face recognition, palmprint recognition, voiceprint recognition, etc.) performed by the user on the terminal for entering the terminal main program interface. Unlock operation, slide unlock operation, button unlock operation, brush operation, etc.

Correspondingly, the user operation information is some user information or operation information acquired by the security system when the user performs the above operation. For example, when the user is instructed to perform the password unlocking operation, the obtained user operation information may include whether the password unlocking fails, the number of failures, and whether there is a failure after the failure. The operation information of the operating system is refreshed. When the user uses the fingerprint unlocking operation, the obtained user operation information may include the fingerprint of the user collected by the information collection interface module in the terminal, and the number of times the fingerprint is collected within a preset time. If there is any information about the operation of the operating system, the obtained user operation information may include some biometric information of the user acquired through the information collection interface module in the terminal, where The acquisition rule for acquiring the biometrics may be further set, for example, not acquiring the biometric information every time the sliding unlock is sensed, but acquiring the biometric information when the sliding is unlocked for the first time after the booting, or each day When the user senses the operation of the user to refresh the system, the acquired user operation information may include some biometric information of the user acquired through the information collection interface module in the terminal. Wait.

It should be noted that some of the solutions described in the above examples are only some alternatives of the present invention, and it is obvious that other solutions can be deduced by these solutions, and the deduced solutions also fall within the protection scope of the present invention.

Step S102: The security system determines, according to the user operation information, whether the identity of the user operating the terminal is abnormal.

Specifically, after the user operation information is acquired, the user operation information is processed and analyzed, and the result of the processing analysis is used to determine whether the identity of the user operating the terminal is abnormal.

For example, when the user enters the main program interface of the terminal by verifying the fingerprint (which may of course be iris recognition, eye pattern, face, palm print, voice print, etc.), the fingerprint acquired by the security system and the pre-recorded fingerprint. If the user does not match, it may be determined that the user identity is abnormal. (Further, the judgment condition may also be added. For example, when the obtained fingerprint does not match the pre-recorded fingerprint and the user also performs a related operation of refreshing the system, it is determined that the user identity is abnormal. ). For another example, when the user enters the main program interface of the terminal by entering a password on the password unlocking interface, the security system compares the obtained number of user input errors with a preset number of times threshold, when the number of errors reaches a preset threshold. The user identity may be abnormal. (Further, the judgment condition may also be increased. For example, when the number of errors reaches a preset threshold and the user has performed a related operation of refreshing the system, the user identity is determined to be abnormal). Of course, the user can have other verification methods when entering the main program interface. Similarly, the principle of the above analysis and judgment can also be used to determine whether the user identity is abnormal. Further, when the user does not need any verification to enter the main program interface, the biometrics can be verified according to preset rules, and the biometrics are verified as biometrics. If the preset feature does not match, the user identity is determined to be abnormal.

Step S103: When it is determined that the abnormality is abnormal, the security system sends a data backup instruction to the operating system, so that the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data backup platform of the network.

Specifically, the material information may include contact information in the terminal, a photo in the terminal, and the like, and the data information is not limited herein. The data backup platform establishes a binding relationship with the terminal in advance, and the operating system can establish a network connection between the terminal and the data backup platform according to the data backup instruction.

In an optional solution, each terminal may correspond to an account in the data backup system. When the operating system uploads the data information, the operating system only uploads the data information to the account corresponding to the terminal to which the terminal belongs. Further, the data backup instruction may include a username and password for logging in to the account, a data backup platform address lookup subcommand, a login subcommand, an upload subcommand, and the like. For example, the operating system searches for the network address of the data backup platform according to the platform address search sub-instruction, and enters the login interface of the login data backup platform in the background of the terminal through the browser, and then inputs the above-mentioned user name and password into the corresponding text box. Then, according to the login sub-instruction, the login operation is performed, and after the login is successful, the operation of the above-mentioned data information is performed according to the upload sub-command. Further, when there is more data information, the uploading may also be performed according to a preset uploading priority, and the priority parameter may be encapsulated in a data backup instruction.

Optionally, the user name and password may be set by a user who initially uses the terminal, or may be preset in the terminal when the terminal is produced.

Optionally, after the foregoing information information is uploaded, the operating system may also delete the information, and after all the data information is sent, the data may be uniformly deleted, or deleted while being sent; the operating system is specifically deleted according to the security system. Instructions to perform the delete task.

In an optional solution, the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data backup platform of the network, including: the operating system connects to the network according to the data backup instruction, and does not output the network connection. Successful prompt information; the operating system uploads the data information contained in the operating system to the data backup platform on the network side, and does not output prompt information indicating the upload status.

Specifically, the operating system does not output the network when connecting to the network (including the wireless network and the data network). For example, most mobile phones currently have a network connection icon. When the network connection is successful, the network connection icon is brightened by gray. The display effect is specifically implemented by the operating system. In this embodiment, In the scenario, the data backup command sent by the security system to the operating system indicates that the operating system keeps the network connection icon gray when the network connection is successful. Similarly, in the prior art, when the terminal uploads data to the network, the icon of the data upload is displayed, and the icon is also controlled by the operating system. In the scenario of the embodiment, the security system sends the file to the operating system. The data backup instruction instructs the operating system not to display the icon of the data upload when the data is uploaded.

In the terminal management method described in FIG. 1, a security system independent of an operating system is set in the terminal, and the security system identifies user operation information of the terminal to determine whether the user of the operation terminal is abnormal, and if abnormal, triggers the operating system in time. The preset data backup platform sends important data, effectively preventing the loss of important information in the terminal.

Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of still another method for managing a terminal according to an embodiment of the present invention, where the method includes but is not limited to the following steps.

Step S201: The security system acquires user operation information when the terminal is operated.

Further, the foregoing operation may be a password unlocking operation, a biometric feature (iris recognition, fingerprint recognition, eye pattern recognition, face recognition, palm print) performed by the user on the terminal for entering the terminal main program interface. Recognition, voiceprint recognition, etc.) unlocking operation, sliding unlocking operation, button unlocking operation, brushing operation, and the like.

Correspondingly, the user operation information is some user information or operation information acquired by the security system when the user performs the above operation. For example, when the user is instructed to perform the password unlocking operation, the obtained user operation information may include whether the password unlocking fails, the number of failures, whether there is a related operation of refreshing the operating system after the failure, and the like; During the unlocking operation, the obtained user operation information may include information of the user's fingerprint collected by the information collection interface module in the terminal, the number of times the fingerprint is collected within a preset time period, and whether the related operation of the operating system is refreshed; When the user performs the operation of the sliding unlocking, the acquired user operation information may include some biometric information of the user acquired by the information collecting interface module in the terminal, wherein the acquiring rules for acquiring the biometrics may further be set, for example, not The biometric information is acquired every time the sliding is unlocked, but the biometric information is acquired when the sliding is unlocked for the first time after the power is turned on, or the biometric information is acquired when the sliding sensing is first sensed every day; When sensing the user refreshing the system When the acquired number of user operation information may include biometric information of the user acquired by the terminal information collection interface module.

Step S202: The security system determines, according to the user operation information, whether the identity of the user operating the terminal is abnormal.

For example, when the user enters the main program interface of the terminal by verifying the fingerprint (which may of course be iris recognition, eye pattern, face, palm print, voice print, etc.), the fingerprint acquired by the security system and the pre-recorded fingerprint. If the user does not match, it may be determined that the user identity is abnormal. (Further, the judgment condition may also be added. For example, when the obtained fingerprint does not match the pre-recorded fingerprint and the user also performs a related operation of refreshing the system, it is determined that the user identity is abnormal. ). For another example, when the user enters the main program interface of the terminal by entering a password on the password unlocking interface, the security system compares the obtained number of user input errors with a preset number of times threshold, when the number of errors reaches a preset threshold. , it can be judged that the user identity is abnormal (further, the judgment condition can also be increased, for example, the number of errors reaches a preset threshold and the user also When the related operation of refreshing the system is performed, it is determined that the user identity is abnormal. Of course, the user can have other verification methods when entering the main program interface. Similarly, the principle of the above analysis and judgment can also be used to determine whether the user identity is abnormal. Further, when the user does not need any verification to enter the main program interface, the biometric feature may be obtained according to a preset rule, and the biometric feature is verified. When the biometric feature does not match the preset feature, the user identity is determined to be abnormal.

Step S203: When it is determined that the abnormality is abnormal, the security system sends a data backup instruction to the operating system, so that the operating system connects to the network according to the data backup instruction, and uploads the material information in the operating system to the data backup platform of the network.

In an alternative scenario, the operating system connects to the network based on data backup instructions and will operate The data information in the system is uploaded to the data backup platform of the network, including: the operating system connects to the network according to the data backup instruction, and does not output the prompt information of the successful network connection; the operating system uploads the data information contained in the system to the data backup platform of the network. The prompt information indicating the upload status is not output.

Specifically, when the operating system connects to the network (including the wireless network and the data network), the prompt information of the successful network connection is not output. For example, most mobile phones currently have a network connection icon, and when the network connection is successful, the network connection icon The display effect is implemented by the operating system. In the scenario of this embodiment, the data backup command sent by the security system to the operating system indicates that the operating system keeps the network connection icon gray when the network connection is successful. . Similarly, in the prior art, when the terminal uploads data to the network, the icon of the data upload is displayed, and the icon is also controlled by the operating system. In the scenario of the embodiment, the security system sends the file to the operating system. The data backup instruction instructs the operating system not to display the icon of the data upload when the data is uploaded.

Step S204: The security system sends an operation instruction to the current operating system of the terminal, so that the current operating system sends the status information of the terminal to the preset phone number according to the operation instruction, where the operation instruction carries the preset phone number.

Specifically, the preset phone number may be a phone number set by a user who initially uses the terminal (hereinafter referred to as the original user), and the user setting is stored in the security system. The operation instruction is used to trigger the function of the short message of the operating system, and input the preset phone number into the short message edit box and add the above state information, further triggering the operating system to send the edited short message content. Further, the foregoing status information includes, but is not limited to, current location information of the terminal, a SIM card phone number currently placed in the terminal, and the like.

Further, the preset phone number may be a phone number used by the original user, or may be a phone number of another person (such as a friend, a relative, or the like of the original user), so that when the terminal is not used by the original user, The terminal will send information to the original user (or its friends, relatives) to facilitate the original user to retrieve the terminal.

In an optional solution, the current operating system sends the status information of the terminal to the preset phone number according to the operation instruction, including: the current operating system sends the preset phone number according to the operation instruction. The status information of the terminal is transmitted, and the prompt information indicating the transmission status and the record not being transmitted are not output.

Specifically, most of the terminals currently use the voice, the screen, and the like to prompt the user to send a short message to inform the user that the short message is being sent or the short message has been successfully sent. These are specifically implemented by the operating system, in this embodiment. In the scenario, the security system sends an instruction to the operating system to prevent the operating system from performing the above prompting. Further, in the prior art, after the short message is sent, the record is retained in the terminal. In the scenario of the embodiment, the security system The operating system sends an instruction to prevent the operating system from retaining or deleting the SMS record.

In an optional solution, the operating system opens the positioning system (such as GPS, Beidou positioning system, etc.) in the terminal to obtain the current location information of the terminal before sending the short message to the preset phone number. Of course, the operating system is The positioning system is turned on in response to the relevant instructions sent by the security system.

It should be noted that, when most terminals open the positioning system, the prompt information is outputted in the corresponding part of the terminal to prompt the user to locate the system. In the scenario of the embodiment of the present invention, the instruction sent by the security system to the operating system causes the operating system. The positioning system is turned on, but no prompt message is output.

In an optional solution, when determining that the identity of the user is abnormal, the security system may further send a shooting instruction to the operating system, so that the operating system turns on the current surrounding image of the camera shooting terminal, and uploads the screen to the data backup. The platform or SMS is sent to the above preset phone number.

Further, the sequence of the process of sending the short message and the process of uploading the data information is not limited herein, and no matter which process is before or after, it is a complete implementable solution. .

It should be noted that some of the foregoing descriptions are only some alternatives of the present invention, and it is obvious that other solutions can be deduced by these solutions, and the deduced solutions also fall within the protection scope of the present invention.

In the terminal management method described in FIG. 2, a security system independent of the operating system is set in the terminal, and the security system identifies user operation information of the terminal to determine whether the user of the operation terminal is abnormal, and if abnormal, triggers the operating system to The preset data backup platform sends important data, effectively preventing the loss of important information in the terminal.

Further, when transmitting these important information, the security system triggers the operating system not to output the network connection. The successful prompt information is not output, and the prompt information for data uploading is not output, so that other users currently holding the terminal cannot detect the uploading of important information; the user identity of the used terminal is judged according to the user operation habits pre-summed. Whether it is abnormal, if an abnormality is performed, the operation of uploading important material information is performed; further, determining whether the user identity is abnormal is completed by the security system, since the security system and the operating system are independent of each other, even if the terminal is brushed, the terminal can still pass through the security system. The parameter information set by the original user is used to determine whether the user identity is abnormal. Further, the security system may trigger the operating system to send a short message to the original user according to the phone number pre-stored in the security system to inform the terminal of the current state (such as location, SIM card number, etc.) ), so that the original user can retrieve the mobile phone as much as possible; further, the security system will trigger the operating system to not send the sent status information when sending the short message, and the record of the short message is not retained in the terminal, thereby improving the privacy; further Ground, in judgment After the identity is abnormal, the security system can also trigger the operating system to open the relevant module to collect the current user information (such as photos, ID cards, etc.) and send it to the preset mobile phone, so as to provide more useful clues for the original user to retrieve the mobile phone; The authentication method can be verified by iris verification, fingerprint verification, eye pattern verification, face verification, palm print verification, voiceprint verification, etc. Since each of these biometric features is basically unique, the accuracy of verification can be improved. .

The foregoing describes the method of the embodiment of the present invention in detail. In order to facilitate the implementation of the foregoing solution of the embodiment of the present invention, the terminal of the embodiment of the present invention is provided below.

Referring to FIG. 3, FIG. 3 is a schematic structural diagram of a terminal 30 according to an embodiment of the present invention. The terminal 30 may include an operating system 301 and a security system 302. The security system 302 may include an obtaining unit 3021, a determining unit 3022, and a first The transmitting unit 3023, wherein the detailed description of each unit is as follows.

The obtaining unit 3021 is configured to acquire user operation information when the terminal 30 is operated.

Specifically, the terminal 30 includes an operating system 301 and a security system 302. Data interaction can be performed between the operating system 301 and the security system 302. For example, the security system 302 can send an instruction to the operating system 301 to cause the operating system 301 to execute according to the instruction. The corresponding operation. The security system 302 and the operating system 301 are independent of each other. Taking a scenario as an example, after the user replaces the operating system 301 of the terminal 30, the security system 302 in the terminal 30 remains, and the data in the security system 302 is not lost. The security system 302 can also perform data interaction with the replaced operating system 301 in the terminal 30.

The obtaining unit 3021 can directly control the user interface on the terminal 30 to obtain the user operation information. The user operation information can also be obtained from the operating system 301. For example, the operating system 301 itself obtains the user operation information in real time, and receives the request of the obtaining unit 3021. When the command is received, the acquired user operation information is sent to the obtaining unit 3021.

Further, the foregoing operation may be a password unlocking operation performed by the user on the terminal 30 for entering the main program interface of the terminal 30, biometrics (iris recognition, fingerprint recognition, eye pattern recognition, face recognition, palmprint recognition, voiceprint recognition). Etc.) Unlock operation, slide unlock operation, button unlock operation, brush operation, etc.

Correspondingly, the user operation information is the acquisition unit 3021 that senses some user information or operation information acquired when the user performs the above operation. For example, when the user is instructed to perform the password unlocking operation, the obtained user operation information may include whether the password unlocking fails, the number of failures, whether there is a related operation of refreshing the operating system 301 after the failure, and the like when the user is sensed. During the fingerprint unlocking operation, the acquired user operation information may include the fingerprint of the user collected by the information collection interface module in the terminal 30, the number of times the fingerprint is collected within a preset time period, and whether the related operation of the operating system 301 is refreshed. When the user performs the operation of performing the sliding unlocking, the obtained user operation information may include some biometric information of the user acquired by the information collecting interface module in the terminal 30, wherein the acquiring rules for acquiring the biometrics may further be set. For example, the biometric information is not acquired every time the sliding unlock is sensed, but the biometric information is acquired when the sliding sensing is first detected after the power is turned on, or the creature is acquired when the sliding sensing is first sensed every day. Feature information, etc.; when the user refresh system is sensed During the operation, the obtained user operation information may include some biometric information of the user acquired through the information collection interface module in the terminal 30.

The determining unit 3022 is configured to determine, according to the user operation information, whether the identity of the user operating the terminal 30 is abnormal.

Specifically, after the acquiring unit 3021 acquires the user operation information, the determining unit 3022 performs processing analysis on the user operation information, and the result of the processing analysis is used to determine whether the user identity of the user operating on the terminal 30 is abnormal.

For example, when the user enters the main program interface of the terminal 30 by verifying the fingerprint (which may of course be iris recognition, eye pattern, face, palm print, voice print, etc.), the determining unit 3022 analyzes and obtains the acquisition unit 3021. When the obtained fingerprint does not match the pre-recorded fingerprint, the user identity may be determined to be abnormal (further, the judgment condition may also be added, for example, the analysis finds that the obtained fingerprint does not match the pre-recorded fingerprint and the user also performs the refresh. When the system is related to the operation, it is determined that the user identity is abnormal). For example, when the user enters the main program interface of the terminal 30 by inputting a password on the password unlocking interface, the determining unit 3022 compares the obtained number of times the user inputs an error with a preset number of times threshold, and when the number of errors reaches the preset When the threshold is used, the user identity may be abnormal. (Further, the judgment condition may also be increased. For example, when the number of errors reaches a preset threshold and the user has performed a related operation of refreshing the system, the user identity is determined to be abnormal). Of course, the user can have other verification methods when entering the main program interface. Similarly, the principle of the above analysis and judgment can also be used to determine whether the user identity is abnormal. Further, when the user does not need any verification to enter the main program interface, the biometric feature may be obtained according to a preset rule, and the biometric feature is verified. When the biometric feature does not match the preset feature, the user identity is determined to be abnormal.

The first sending unit 3023 is configured to send a data backup instruction to the operating system 301 when the determining unit 3022 determines that the user identity is abnormal, so that the operating system 301 connects to the network according to the data backup instruction, and uploads the material information in the operating system 301 to the A data backup platform on the network side.

Specifically, the material information may include contact information in the terminal 30, photos in the terminal 30, and the like, and the data information is not limited herein. The data backup platform establishes a binding relationship with the terminal 30 in advance, and the operating system 301 can establish a network connection between the terminal 30 and the data backup platform according to the data backup instruction.

In an optional solution, each terminal 30 can correspond to an account in the data backup system. When the data information is uploaded, the operating system 301 uploads the data information only to the account corresponding to the terminal 30 to which the terminal belongs. Further, the data backup instruction may include a username and password for logging in to the account, a data backup platform address lookup subcommand, a login subcommand, an upload subcommand, and the like. For example, the operating system 301 searches for the network address of the data backup platform according to the platform address search sub-instruction, and enters the login interface of the login data backup platform in the background of the terminal 30 through the browser, and then The above user name and password are input into the corresponding text box, and then the login operation is performed according to the login sub-command. After the login is successful, the above-mentioned data information operation is performed according to the upload sub-command. Further, when there is more data information, the uploading may also be performed according to a preset uploading priority, and the priority parameter may be encapsulated in a data backup instruction.

Optionally, the user name and password may be set by a user who initially uses the terminal 30, or may be preset in the terminal 30 when the terminal 30 is produced.

Optionally, after the foregoing information information is uploaded, the operating system 301 may be deleted, and all the data information may be uniformly deleted after being sent, or may be deleted while being sent; the operating system 301 is specifically configured according to the first sending. The delete instruction sent by unit 3023 performs the delete task.

In an optional solution, the operating system 301 connects to the network according to the data backup instruction, and uploads the data information in the operating system 301 to the data backup platform of the network, including: the operating system 301 connects to the network according to the data backup instruction, and does not The prompt information indicating that the network connection is successful is output; the operating system 301 uploads the data information included in the network to the data backup platform of the network, and does not output prompt information indicating the upload status.

Specifically, when the operating system 301 connects to the network (including the wireless network and the data network), the prompt information of the successful network connection is not output. For example, most mobile phones currently have network connection icons. When the network connection is successful, the network connection is The icon is highlighted by the gray color. The display effect is specifically implemented by the operating system 301. In the scenario of the embodiment, the data backup instruction sent by the first sending unit 3023 to the operating system 301 indicates that the operating system 301 is successful when the network connection is successful. Still keep the network connection icon gray. Similarly, in the prior art, when the terminal 30 uploads data to the network, the icon of the data upload is displayed, and the icon is also controlled by the operating system 301. In the scenario of the embodiment, the first sending unit 3023 The data backup instruction sent to the operating system 301 instructs the operating system 301 not to display the icon for data upload when performing data upload.

It should be noted that, in the embodiment of the present invention, the specific implementation of each unit may also correspond to the corresponding description of the method embodiment shown in FIG. 1 .

In the terminal 30 described in FIG. 3, security independent of the operating system 301 is set in the terminal 30. The system 302 identifies the user operation information of the terminal 30 to determine whether the user of the operation terminal 30 is abnormal. If abnormal, the operating system 301 is triggered to send important data to the preset data backup platform in time, thereby effectively preventing the terminal 30. The loss of important information.

Referring to FIG. 4, FIG. 4 is a schematic structural diagram of another terminal 30 according to an embodiment of the present invention. The terminal 30 may include an operating system 301 and a security system 302. The security system 302 may include an obtaining unit 3021 and a determining unit 3022. A transmitting unit 3023 and a second transmitting unit 3024, wherein the detailed description of each unit is as follows.

The obtaining unit 3021 is configured to acquire user operation information when the terminal is operated.

Correspondingly, the user operation information is the acquisition unit 3021 that senses some user information or operation information acquired when the user performs the above operation. For example, when the user is instructed to perform the password unlocking operation, the obtained user operation information may include whether the password unlocking fails, the number of failures, whether there is a related operation of refreshing the operating system 301 after the failure, and the like when the user is sensed. During the fingerprint unlocking operation, the obtained user operation information may include the fingerprint of the user collected by the information collection interface module in the terminal 30, the number of times the fingerprint is collected within the preset time, and whether the phase of the operating system 301 is refreshed. When the operation of the user is performed, the obtained user operation information may include some biometric information of the user acquired through the information collection interface module in the terminal 30, wherein the acquisition of the biometric feature is obtained. The rule can be further set, for example, not acquiring biometric information every time the sliding unlock is sensed, but acquiring biometric information when sensing the sliding unlocking for the first time after powering on, or sensing the sliding for the first time every day. The biometric information and the like are obtained when the user is unlocked. When the operation of the user refreshing the system is sensed, the acquired user operation information may include some biometric information of the user acquired through the information collection interface module in the terminal 30.

The determining unit 3022 is configured to determine, according to the user operation information, whether the identity of the user who operates the terminal is abnormal.

The first sending unit 3023 is configured to send a data backup instruction to the operating system when the determining unit 3022 determines that the user identity is abnormal, so that the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data of the network. Backup platform.

In an optional solution, each terminal 30 can correspond to an account in the data backup system. When the data information is uploaded, the operating system 301 uploads the data information only to the account corresponding to the terminal 30 to which the terminal belongs. Further, the data backup instruction may include a username and password for logging in to the account, a data backup platform address lookup subcommand, a login subcommand, an upload subcommand, and the like. For example, the operating system 301 searches for the network address of the data backup platform according to the platform address search sub-instruction, and enters the login interface of the login data backup platform in the background of the terminal 30 through the browser, and then inputs the above-mentioned username and password into the corresponding text box. In the middle, the login operation is performed according to the login sub-instruction, and after the login is successful, the operation of the above-mentioned data information is performed according to the upload sub-command. Further, when there is more data information, the uploading may also be performed according to a preset uploading priority, and the priority parameter may be encapsulated in a data backup instruction.

The second sending unit 3024 is configured to send an operation instruction to the current operating system 301 of the terminal 30, so that the current operating system 301 sends the status information of the terminal 30 to the preset phone number according to the operation instruction, where the operation instruction carries a preset. Phone number.

Specifically, the preset phone number may be a phone number set by the user who initially uses the terminal 30 (hereinafter referred to as the original user), and is stored in the security system after the original user is set. The operation instruction is used to trigger the function of the short message of the operating system 301, and input the preset phone number into the short message edit box and add the above state information, further triggering the operating system 301 to send the edited short message content. Further, the foregoing status information includes, but is not limited to, current location information of the terminal 30, a SIM card telephone number currently placed in the terminal 30, and the like.

Further, the preset phone number may be a phone number used by the original user, or may be a phone number of another person (such as a friend, a relative, or the like of the original user), so that when the terminal 30 is not used by the original user, The second sending unit 3024 triggers the operating system 301 to send information to the original user (or a friend or a relative) to facilitate the original user to retrieve the terminal 30.

In an optional solution, the current operating system 301 sends the status information of the terminal 30 to the preset phone number according to the operation instruction, including: the current operating system 301 sends the terminal 30 to the preset phone number according to the operation instruction. Status information, and does not output prompt information characterizing the transmission status and records that do not retain the transmission.

Specifically, most terminals 30 currently use a voice, a screen, etc. to prompt the user to send a short message to notify that the user is currently sending a short message or that the short message has been successfully sent. These are all implemented by the operating system 301. In the scenario of the example, the second sending unit 3024 sends an instruction to the operating system 301 to prevent the operating system 301 from performing the above prompting. Further, in the prior art, after the short message is sent, the recording is retained in the terminal 30. In the scenario of the example, the second sending unit 3024 sends an instruction to the operating system 301 to prevent the operating system 301 from retaining or deleting the short message record.

In an optional solution, the operating system 301 opens the positioning system (such as GPS, Beidou positioning system, etc.) in the terminal 30 to obtain the current location information of the terminal 30 before sending the short message to the preset phone number. The operating system 301 is to open the positioning system in response to the relevant instructions sent by the second transmitting unit 3024.

It should be noted that, after the terminal 30 turns on the positioning system, the prompting information is outputted in the corresponding part of the terminal 30 to prompt the user that the positioning system is turned on. In the scenario of the embodiment of the present invention, the second sending unit 3024 is directed to the operating system 301. The sent command causes the operating system 301 to turn on the positioning system, but does not output any prompt information.

In an optional solution, when determining that the identity of the user is abnormal, the second sending unit 3024 may further send a shooting instruction to the operating system 301, so that the operating system 301 turns on the current surrounding image of the camera shooting terminal 30, and the The screen is uploaded to the above data backup platform or sent to the above preset phone number by SMS.

It should be noted that, in the embodiment of the present invention, the specific implementation of each unit may also correspond to the corresponding description of the method embodiment shown in FIG. 2 .

In the terminal 30 described in FIG. 4, a security system 302 independent of the operating system 301 is provided in the terminal 30, and the security system 302 identifies user operation information for the terminal 30 to determine the operation terminal 30. Whether the user is abnormal or not, if the abnormality is triggered, the operating system 301 is triggered to send important data to the preset data backup platform, thereby effectively preventing the loss of important information in the terminal 30.

Referring to FIG. 5, FIG. 5 is a schematic structural diagram of still another terminal 50 according to an embodiment of the present invention. The apparatus 50 may include: at least one processor 501, such as a CPU, at least one network interface 504, a user interface 503, and a memory 505. A security system 507, at least one communication bus 502, and a display screen 506. Among them, the communication bus 502 is used to implement connection communication between these components. The user interface 503 can include a display screen (Displ5y) 506, and the optional user interface 503 can also include a standard wired interface and a wireless interface. The communication interface 504 can optionally include a standard wired interface (such as a data line interface, a network line interface, etc.), and a wireless interface (such as a WI-FI interface, a Bluetooth interface, and a near field communication interface). The memory 505 may be a high speed R5M memory or a non-vol5 tile memory such as at least one disk memory. The memory 505 can also optionally be at least one storage device located remotely from the aforementioned processor 501. As shown in FIG. 5, a memory 505 as a computer storage medium may include an operating system, a network communication module, a user interface module, and an operating system program, and the security system 507 may include a security program.

In the terminal 50 shown in FIG. 5, the communication interface 504 is mainly used to connect other terminals to perform data communication with other terminals; and the processor 501 can be used to invoke the security program in the security system 507 and perform the following operations:

Optionally, the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data backup platform of the network, including:

The operating system uploads the data information contained in the operating system to the data backup platform on the network side, and The prompt information indicating the upload status is not output.

Optionally, after the security system determines that the identity of the user operating the terminal is abnormal according to the user operation information, the method further includes:

Optionally, the current operating system sends the status information of the terminal to the preset phone number according to the operation instruction, including:

Optionally, the security system determines, according to the user operation information, whether the identity of the user operating the terminal is abnormal, including:

In summary, by implementing an embodiment of the present invention, by implementing an embodiment of the present invention, a security system independent of an operating system is set in a terminal, and the security system identifies user operation information of the terminal to determine whether the user of the operation terminal is abnormal. If abnormal, the operating system is triggered to send important data to the preset data backup platform in time, effectively preventing the loss of important information in the terminal.

Further, when transmitting the important information, the security system triggers the operating system not to output the prompt information of the successful network connection, and does not output the prompt information for the data uploading, so that other users currently holding the terminal cannot detect the important information being performed. Uploading; judging whether the identity of the user using the terminal is abnormal according to the user operation habits pre-summarized, if the abnormality is performed, the operation of uploading the important material information is performed; further, determining whether the identity of the user is abnormal is completed by the security system, due to the security system and The operating systems are independent of each other. Even if the terminal is flashed, the terminal can still be used in the security system. The parameter information set by the user determines whether the user identity is abnormal; further, the security system may trigger the operating system to send a short message to the original user according to the phone number pre-stored in the security system to inform the terminal of the current state (such as location, SIM card number, etc.) Therefore, the original user can retrieve the mobile phone as much as possible; further, the security system triggers the operating system to not send the sent status information when sending the short message, and does not retain the record of the short message in the terminal, thereby improving the privacy; further After determining the identity of the user, the security system can also trigger the operating system to open the relevant module to collect the current user information (such as photos, ID cards, etc.) and send it to the preset mobile phone, so that the original user can find more useful information. In addition, the authentication method can be iris verification, fingerprint verification, eye pattern verification, face verification, palm print verification, voiceprint verification, etc. Since each of these biometric features is basically unique, it can be improved. The accuracy of the verification.

One of ordinary skill in the art can understand that all or part of the process of implementing the above embodiments can be completed by a computer program to instruct related hardware, and when executed, the program can include the flow of the embodiments of the above methods.

The above disclosure is only a preferred embodiment of the present invention, and of course, the scope of the present invention is not limited thereto, and those skilled in the art can understand all or part of the process of implementing the above embodiments, and according to the present invention. The equivalent changes required are still within the scope of the invention.

Claims

A terminal management method, the terminal includes an operating system, wherein the terminal is provided with a security system independent of the operating system, and the method includes:

The security system acquires user operation information when the terminal is operated;

Determining, by the security system, whether the identity of the user operating the terminal is abnormal according to the user operation information;

When it is determined that the abnormality is abnormal, the security system sends a data backup instruction to the operating system, so that the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data of the network end. Backup platform.
The method according to claim 1, wherein the operating system connects to the network according to the data backup instruction, and uploads the data information in the operating system to the data backup platform of the network, including:

The operating system connects to the network according to the data backup instruction, and does not output prompt information that the network connection is successful;

The operating system uploads the data information contained in the operating system to the data backup platform on the network, and does not output prompt information indicating the upload status.
The method according to claim 1, wherein the method further comprises: after the security system determines that the identity of the user operating the terminal is abnormal according to the user operation information, the method further includes:

The security system sends an operation instruction to the current operating system of the terminal, so that the current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, where the operation instruction carries There is the preset phone number.
The method according to claim 3, wherein the current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, including:

The current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, and does not output prompt information indicating a sending status and a record that does not retain the sending.
The method according to any one of claims 1 to 4, wherein the security system determines whether the identity of the user operating the terminal is abnormal according to the user operation information, including:

When the biometric verification function of the terminal main program interface is enabled, it is determined whether the acquired user biometrics match the preset user biometrics, and if not, the user identity is determined to be abnormal; or

When the password verification function of the terminal main program interface is enabled, determining whether the first user has input a password that does not match the preset password multiple times, performing an operation of triggering the terminal to replace the operating system, if Then, it is determined that the user identity is abnormal.
A terminal, the terminal includes an operating system, wherein the terminal is provided with a security system independent of the operating system, and the security system includes:

An obtaining unit, configured to acquire user operation information when the terminal is operated;

a determining unit, configured to determine, according to the user operation information, whether an identity of a user operating the terminal is abnormal;

a first sending unit, configured to send a data backup instruction to the operating system when the determining unit determines that the user identity is abnormal, so that the operating system connects to the network according to the data backup instruction, and connects the operating system The data information in the data is uploaded to the data backup platform on the network side.
The terminal according to claim 6, wherein the operating system connects to the network according to the data backup instruction, and uploads the material information in the operating system to the data backup platform of the network, including:

The operating system connects to the network according to the data backup instruction, and does not output prompt information that the network connection is successful;

The operating system uploads the data information contained in the operating system to the data backup platform on the network, and does not output prompt information indicating the upload status.
The terminal according to claim 6, wherein the terminal further comprises:

a second sending unit, configured to send an operation instruction to a current operating system of the terminal, so as to The current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, where the operation instruction carries the preset phone number.
The terminal according to claim 8, wherein the current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, including:

The current operating system sends the status information of the terminal to a preset phone number according to the operation instruction, and does not output prompt information indicating a sending status and a record that does not retain the sending.
The terminal according to any one of claims 6 to 9, wherein the determining unit is specifically configured to:

When the biometric verification function of the terminal main program interface is enabled, it is determined whether the acquired user biometrics match the preset user biometrics, and if not, the user identity is determined to be abnormal; or

When the password verification function of the terminal main program interface is enabled, determining whether the first user has input a password that does not match the preset password multiple times, performing an operation of triggering the terminal to replace the operating system, if Then, it is determined that the user identity is abnormal.