WO2017143715A1 - De-personalization method, booting method, and device for terminal - Google Patents

De-personalization method, booting method, and device for terminal Download PDF

Info

Publication number
WO2017143715A1
WO2017143715A1 PCT/CN2016/088436 CN2016088436W WO2017143715A1 WO 2017143715 A1 WO2017143715 A1 WO 2017143715A1 CN 2016088436 W CN2016088436 W CN 2016088436W WO 2017143715 A1 WO2017143715 A1 WO 2017143715A1
Authority
WO
WIPO (PCT)
Prior art keywords
state information
network state
unlocking
network
code
Prior art date
Application number
PCT/CN2016/088436
Other languages
French (fr)
Chinese (zh)
Inventor
曾中宏
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017143715A1 publication Critical patent/WO2017143715A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/667Preventing unauthorised calls from a telephone set
    • H04M1/67Preventing unauthorised calls from a telephone set by electronic means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/725Cordless telephones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • This document relates to, but is not limited to, the field of communication technology, and relates to a method for unlocking a network by a terminal, a method and device for booting.
  • the lock network lock card scheme is based on the 3GPP TS 22.022 Personalisation of Mobile Equipment (ME) protocol. The agreement is briefly described as follows:
  • 3GPP TS22.022 specifies a total of five levels of lock network lock card definition:
  • the first level Network, lock network, Mobile Country Code (MCC, Mobile Country Code) + Mobile Network Code (MNC, Mobile Network Code);
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • the second level Network subset, lock subnet, International Mobile Subscriber Identification Number (IMSI, International Mobile Subscriber Identification Number) digits (digit) 6 digits and 7 digits + MCC + MNC;
  • IMSI International Mobile Subscriber Identification Number
  • the third level service provider (SP), lock SP, SIM (Subscriber Identity Module) / USIM (Universal Subscriber Identity Module) card identification file 1 (GID ( Group Identifier) 1) + MCC + MNC;
  • SP service provider
  • lock SP Subscriber Identity Module
  • SIM Subscriber Identity Module
  • USIM Universal Subscriber Identity Module
  • Level 4 Corporate, Enterprise Lock, Group Identification File 2 (GID2) + SP on SIM/USIM card (GID1 on SIM/USIM card) + MCC+MNC;
  • Level 5 SIM/USIM, all IMSIs of the lock card (digit8-15 bits of IMSI + digit6 and 7 bits + MCC+MNC of IMSI).
  • Which level of lock network is supported is currently specified by the operator, and generally supports one of the first three levels, and the corresponding lock network parameters are provided by the operator.
  • lock network solutions there are two common types of lock network solutions, one is a hard coded unlockable solution, and the other is based on a communication processor side, that is, an unlockable solution on the CP (Coprocessor) side.
  • Hard coding can not be unlocked Although the cracking is difficult, but the current market in North America has already required legislation to provide users with the ability to unlock under certain conditions, followed by other regional markets. follow the trend, so this plan will not go into details.
  • the most widely used is based on the communication processor side of the unlockable solution.
  • NCK lock network unlock code
  • NSCK lock subnet unlock code
  • MD5 hash algorithm
  • SPCK hash algorithm
  • the unlock code (NCK/NSCK/SPCK) is generated only once and is a 16-digit decimal number; the unlock code (NCK/NSCK/SPCK) and the IMEI number of the mobile phone are saved in the external database at one time.
  • the lock network related parameters that need to be saved in the mobile phone are: a valid MCC, an MNC list, a valid group identification file (GID) list, an NCK/NSCK/SPCK4 calculated by the MD5 algorithm, an unlock flag, and an unlock failure number.
  • a valid MCC an MNC list
  • a valid group identification file GID
  • NCK/NSCK/SPCK4 calculated by the MD5 algorithm
  • an unlock flag an unlock failure number.
  • SFS Secure File System
  • the number of unsuccessful unlockings is set according to needs, and the number of failures is accumulated, which is not affected by version update, mobile phone restart, and factory reset, ie, the mobile phone upgrade version, or restart, or factory reset, the number of failures will not be reset to 0.
  • the current mobile phone lock network architecture is shown in Figure 1.
  • the lock network unlocking related process is completed on the communication processor side, and the application processor side provides a user interface input unlock code, and the read lock network state is displayed correspondingly in the user interface.
  • Step 1 The mobile phone first checks whether it is a lock network version, and if it is not a lock network version, it starts normally;
  • Step 2 If it is a lock network version, check whether the network is permanently locked. If yes, the unlocking fails, the mobile phone permanently locks the network; otherwise, go to step 3;
  • Step 3 Verify that the MCC/MNC of the card is legal and unlocked. If the MCC/MNC of the card is legal or unlocked, it will be powered on normally; otherwise, the phone enters the lock state.
  • Step 1 The lock network unlock code input by the user in the lock network state is displayed in plain text on the interface; after the user enters the lock network unlock code, select the unlock, check whether the unlock code input by the user is correct, and if the security file system (SFS) is correctly unlocked The status is changed to unlocked, and the unlocking is normally turned on;
  • SFS security file system
  • Step 2 If the unlock code is incorrect, determine if the maximum number of errors has been reached, if it is reached Will enter the permanent lock network, otherwise continue the process of step 1; after the phone is permanently locked, only emergency calls can be made.
  • the unlocking process of the currently locked version of the mobile phone is mainly based on the unlockable solution on the modem side, but the unlocking method in the related art is relatively simple, and once the attack is attacked, the mobile phone cannot judge, and the corresponding cannot be made. Defense or remedy, so there are certain security risks.
  • the embodiment of the invention provides a method for unlocking a network of a terminal, a method and a device for booting, and when the lock network is released, the input unlock code is simultaneously verified on the communication processor side and the application processor side, thereby making the lock
  • the network is more secure and more difficult to crack.
  • the embodiment of the invention provides a method for a terminal to unlock a network, which includes:
  • the unlocking succeeds; if the first network state information and the second network state information is not all unlocked, or the third unlock code does not match the second unlock code, and the unlocking fails.
  • the calculating, according to the unlocking code, obtaining the first network state information on the communications processor side including:
  • the first network state information is an unlocked state
  • the first network state information is a lock network state.
  • the acquiring, by the application processor, the second network state information of the application processor side obtained according to the unlocking code, and the second unlocking code stored by the application processor side including:
  • the method further includes:
  • the method further includes:
  • the first network state information and the third unlock code after the encryption process are read from the storage area and written into the secure document system.
  • the method further includes:
  • the embodiment of the invention further provides a method for the terminal to unlock the network, including:
  • the obtaining the second network state information of the application processor side according to the first unlock code calculation comprises:
  • the second network state information is an unlocked state
  • the second network state information is a lock network state.
  • the transmitting the second network state information and the second unlock code stored by the application processor side to the communications processor including:
  • the security key is also shared by the application processor
  • the method further includes:
  • the embodiment of the invention further provides a method for booting a terminal, comprising:
  • the terminal starts to enter the standby interface.
  • the method further includes:
  • the fuse is performed.
  • the method further includes:
  • the terminal If the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state;
  • the terminal starts and enters a standby interface.
  • the reading the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side includes:
  • the embodiment of the invention further provides an apparatus for unlocking a network of a terminal, comprising:
  • a first acquiring module configured to obtain an input first unlocking code
  • the first calculating module is configured to calculate, according to the first unlocking code acquired by the first acquiring module, the first network state information obtained on the communication processor side;
  • a second obtaining module configured to acquire, obtained by the application processor according to the first unlocking code The second network state information on the application processor side and the second unlock code stored on the application processor side;
  • a first determining module configured to determine whether the first network state information is consistent with the second network state information, and whether the third unlocking code and the second unlocking code stored on the communications processor side are both unlocked status
  • a determining module configured to: when the first determining module determines that the first network state information and the second network state information are both unlocked, and the third unlocking code is consistent with the second unlocking code, Determining that the unlocking is successful; when the first determining module determines that the first network state information and the second network state information are not all unlocked states, or the third unlocking code is inconsistent with the second unlocking code, Make sure the unlock failed.
  • the first computing module includes:
  • a first calculating unit configured to obtain a first unlocking hash value by using a hash algorithm according to the unlocking code
  • a first determining unit configured to determine whether the first unlocking hash value is consistent with a first hash value stored on the communication processor side; if the first unlocking hash value is stored on the communication processor side If the first hash value is consistent, the first network state information is an unlocked state; if the first unlocked hash value is inconsistent with the first hash value stored by the communications processor side, the first The network status information is the lock network status.
  • the second obtaining module includes:
  • a receiving unit configured to receive an information read message sent by the application processor
  • a reading unit configured to read, according to the information read message, the second network state information and the second unlocked after being encrypted, from a storage area allocated by the application processor in a memory of the terminal A code, wherein a security key of the storage area is shared by the communication processor.
  • the device further includes:
  • the encryption module is configured to perform encryption processing on the first network state information and the third unlock code stored on the communication processor side, and save the encrypted first state information and the third unlock code in the In the storage area.
  • the device further includes:
  • the first writing module is configured to, after the unlocking succeeds, read the encrypted first processed network state information and the third unlocking code from the storage area, and write the security file system.
  • the device further includes:
  • the second judging module is configured to determine whether the number of unlocking times reaches a predetermined threshold after the unlocking fails, and restarts if the number of unlocking reaches a predetermined threshold, and prompts the user to re-enter the unlocking code if the number of unlocking does not reach the predetermined threshold.
  • the embodiment of the invention further provides an apparatus for unlocking a network of a terminal, comprising:
  • a third obtaining module configured to obtain the input first unlocking code
  • a second calculating module configured to calculate, according to the first unlocking code, second network state information on an application processor side
  • a transmission module configured to transmit the second network state information and the second unlock code stored by the application processor side to the communications processor.
  • the second calculating module includes:
  • a second calculating unit configured to obtain a second unlocking hash value by using a hash algorithm according to the first unlocking code
  • a second determining unit configured to determine whether the second unlocking hash value is consistent with a second hash value stored by the application processor side; if the second unlocking hash value is stored by the application processor side If the second hash value is consistent, the second network state information is an unlocked state; if the second unlocked hash value is inconsistent with the second hash value stored by the application processor side, the second The network status information is the lock network status.
  • the transmission module includes:
  • An allocating unit configured to allocate a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
  • the encryption unit is configured to perform encryption processing on the second network state information and the second unlock code, and store the encrypted second network state information and the second unlock code in the storage area;
  • a sending unit configured to send an information read message to the communication processor, so that the communications processor reads the encrypted second network state information and the second unlock code from the storage area.
  • the device further includes:
  • the second network state information and the second unlock code after the encryption process are read from the storage area, and the encrypted process is performed.
  • the second network status information and the second unlock code are written back to the write memory protection area.
  • the embodiment of the invention further provides a device for booting a terminal, comprising:
  • a third determining module configured to determine whether the terminal is a fuse after receiving a power-on command input by the user
  • a fourth determining module configured to: when the third determining module determines that the terminal is not fused, read first network state information stored on a communication processor side of the terminal and stored on an application processor side And determining, by the network state information, whether the first network state information and the second network state information are both unlocked states;
  • the fifth determining module is configured to: when the fourth determining module determines that the first network state information and the second network state information are both unlocked, determine that the third device is stored on the communication processor side of the terminal Whether the unlocking code is consistent with the second unlocking code on the application processor side, and if the third unlocking code is consistent with the second unlocking code, the terminal starts to enter the standby interface.
  • the device further includes:
  • a fuse module configured to: when the fourth determining module determines that the first network state information is inconsistent with the second network state information, or when the fifth determining module determines the third unlocking code and the When the second unlock code does not match, the fuse is performed.
  • the device further includes:
  • a sixth judging module configured to: when the fourth judging module judges that the first network state information and the second network state information are both locked state, determining a SIM card lock network parameter and pre-storing in the terminal Whether the lock network parameters are consistent; if the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state; If the SIM card lock network parameter and the lock network parameter pre-stored in the terminal, the terminal starts and enters a standby interface.
  • the fourth determining module implements, in the manner of reading, the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side:
  • the embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the terminal on the communication processor side to unlock the network.
  • the embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the application processor side to unlock the network.
  • the embodiment of the invention further provides a computer readable storage medium, wherein the computer readable storage medium stores computer executable instructions, and the method for implementing booting of the terminal when the computer executable instructions are executed.
  • the input first unlock code is simultaneously verified on the information processor side and the application processor side, and the first network state information on the communication processor side and the application processor side are obtained.
  • the second network state information and the second network state information are both in an unlocked state, and the third unlocking code stored on the communication processor side is consistent with the second unlocking code stored on the application processor side, and finally
  • the method of unlocking the network is more difficult, so that the method for unlocking the network is more difficult, and the security of the lock network is stronger and the cracking is more difficult.
  • the terminal when the terminal is powered on, the terminal is not fused, and the first network state information on the communication processor side and the second network state information on the application processor side are consistent, and the third unlock code stored on the communication processor side is When the second unlocking code is consistent, the terminal starts up and enters the standby interface, which prevents the terminal from being maliciously attacked and can still be used, thereby enhancing the security of the terminal.
  • 1 is a lock network architecture diagram of a mobile phone in the related art
  • 3 is a flow chart of unlocking the network of the lock network version of the mobile phone in the related art
  • FIG. 4 is a flowchart of a method for a terminal to unlock a network according to a first embodiment of the present invention
  • FIG. 5 is a flowchart of a method for a terminal to unlock a network according to a second embodiment of the present invention
  • FIG. 6 is a flowchart of a method for booting a terminal according to a third embodiment of the present invention.
  • FIG. 7 is a structural block diagram of an apparatus for unlocking a network of a terminal according to a fourth embodiment of the present invention.
  • FIG. 8 is a structural block diagram of an apparatus for unlocking a network of a terminal according to a fifth embodiment of the present invention.
  • FIG. 9 is a structural block diagram of an apparatus for booting a terminal according to a sixth embodiment of the present invention.
  • FIG. 10 is a structural diagram of a lock network of a terminal according to a seventh embodiment of the present invention.
  • FIG. 11 is a flowchart of booting based on the lock network architecture shown in FIG. 10;
  • FIG. 12 is a flow chart of unlocking the network based on the lock network architecture shown in FIG.
  • a method for unlocking a network of a terminal calculates, according to the input first unlocking code, obtaining first network state information on a communication processor side; Determining, by the unlocking code, the second network state information on the application processor side, and the second unlocking code stored on the application processor side; determining whether the first network state information is consistent with the second network state information And whether the third unlock code stored on the communication processor side is consistent with the second unlock code; if the first network state information and the second network If the status information is in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking succeeds; if the first network state information and the second network state information are not both unlocked, alive If the third unlock code does not match the second unlock code, the unlocking fails.
  • the method for unlocking the network of the terminal in the embodiment of the present invention can simultaneously verify the input unlock code on the communication processor side and the application processor side when the lock network is released, thereby making the lock network more secure. Cracking is more difficult.
  • FIG. 4 it is a flowchart of a method for unlocking a network of a terminal according to an embodiment of the present invention, and the method is mainly applied to a communication processor side of a terminal.
  • the method includes:
  • Step S41 Acquire an input first unlock code.
  • terminals of different lock network versions have different unlock codes. That is to say, a lock network version terminal has a unique one unlock code. Only when the specific unlock code is input in the terminal can the network be successfully unlocked. Otherwise, enter another incorrect unlock code and the lock will not be successfully released.
  • the terminal of the lock network version if the terminal is in the lock network state, the user needs to input the unlock code to unlock, and then the terminal can be used for communication. If the terminal is in the unlocked state, but the user needs to insert another SIM (Subscriber Identity Module) card, the user also needs to unlock the terminal.
  • SIM Subscriber Identity Module
  • Step S43 calculating, according to the first unlock code, obtaining first network state information on the communication processor side;
  • unlocking network algorithm parameters are saved in the terminal, including hash algorithm parameters (HCK), salt value (salt), iteration number (iteration), and unlock network status flag. (lockflag) and so on.
  • HCK hash algorithm parameters
  • salt value salt value
  • iteration iteration number
  • unlock network status flag unlock network status flag.
  • RPMB write-back memory protection area
  • the first unlocking hash value is calculated by using a hash algorithm according to the unlocking code, and then the calculated first unlocking hash value is compared with the communication processor side.
  • the hash algorithm parameters stored in the SFS that is, the first hash value, are consistent. If they are consistent, Then, the first network state information on the communication processor side is an unlocked state, and if not, the first network state information is a locked network state.
  • the algorithm used for determining the first network state information is not limited to the hash algorithm, but the algorithm used needs to belong to the unlock network algorithm parameter that is saved when the lock network version terminal is shipped from the factory. The algorithm is consistent.
  • Step S45 Acquire second network state information of the application processor side obtained by the application processor according to the first unlock code, and a second unlock code stored by the application processor side;
  • the unlocking code when the user inputs the first unlocking code, the unlocking code is verified on both the communication processor side and the application processor side. Therefore, on the application processor side, the second unlocking hash value is calculated by using the hash algorithm according to the unlocking code, and then the calculated second unlocking hash value is compared with the stored in the RPMB of the application processor side.
  • the second network state information of the application processor side is the unlocked state, and if not, the second network state information is the locked network state.
  • the application processor side determines the second network state information according to the obtained unlock code
  • the second network state information and the second unlock code stored by the application processor side need to be transmitted to the communications processor. Therefore, the application processor side sends an information read message to the communication processor, and after receiving the information read message, the communication processor reads the second network state information and the second unlock code.
  • the application processor allocates a storage area from the memory of the terminal, and the security key of the storage area is processed only on the communication processor side and the application. Share on the side of the device. Therefore, the first network state information determined by the communication processor and the third unlock code originally stored in the SFS of the communication processor can be encrypted and stored in the storage area. Similarly, the second network state information determined by the application processor and the second unlock code originally stored in the RPMB of the application processor may also be encrypted and stored in the storage area.
  • the application processor needs to perform data transmission with the communication processor, it can first be encrypted and stored in the storage area, and then the communication processor can read correspondingly from the access area according to the security key it enjoys.
  • the data can be encrypted and stored in the storage area, and then the communication processor can read correspondingly from the access area according to the security key it enjoys. The data.
  • Step S47 determining whether the first network state information is consistent with the second network state information, and whether the third unlock code and the second unlock code stored on the communication processor side are both unlocked states;
  • the first network state information may be inconsistent with the second network state information, or the third unlock code may be inconsistent with the second unlock code, or the first network.
  • the status information and the second network status information are both locked state. At this point, you can also prompt the user to re-enter the unlock code.
  • Step S49 if the first network state information and the second network state information are both in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking succeeds; if the first network The status information and the second network status information are not all unlocked, or the third unlock code is inconsistent with the second unlock code, and the unlocking fails.
  • the unlocking can be successfully performed. Otherwise, if the first network state information is inconsistent with the second network state information, or the third unlock code is inconsistent with the second unlock code, or the first network state information is consistent with the second network state information, but the network state is locked, The lock network could not be successfully released.
  • the first network state information and the third unlock code after the encryption process may be further read from the storage area, and written into the SFS, so that the terminal is powered on or released again. Used when the lock network is judged. Among them, this is the only place where it is allowed to rewrite the lock network related parameters in the SFS.
  • a method for unlocking a network by a terminal the method acquiring an input first unlock code, and obtaining a second network state of the application processor side according to the first unlock code calculation And transmitting the second network state information and the second unlock code stored by the application processor side to the communications processor.
  • the method for unlocking the network in the embodiment of the present invention not only needs to input the user on the side of the communication processor
  • the unlocking code is verified, and the unlocking code input by the user is also required to be verified on the application processor side. Therefore, the method for unlocking the network in the embodiment of the present invention can make the locking network more secure and more difficult to crack.
  • the method is applied to the application processor side, including:
  • Step S51 Obtain an input first unlock code.
  • terminals of different lock network versions have different unlock codes. That is to say, a lock network version terminal has a unique one unlock code. Only when the specific unlock code is input in the terminal can the network be successfully unlocked. Otherwise, enter another incorrect unlock code and the lock will not be successfully released.
  • the terminal of the lock network version if the terminal is in the lock network state, the user needs to input the unlock code to unlock, and then the terminal can be used for communication. If the terminal is in the unlocked state, but the user needs to insert another SIM card, the user also needs to unlock the terminal. The user can input the unlock code from the user interface on the application processor side.
  • Step S53 Calculate, according to the unlock code, the second network state information on the application processor side.
  • the unlock network algorithm parameters including HCK, salt value, iteration, and lockflag, are stored in the terminal.
  • the parameters of the unlocking network algorithm are stored in two parts, one of which is stored in the SFS and only allowed to be accessed by the communication processor side; the other is stored in the RPMB of the application processor side, and only the application processor side is allowed to access.
  • the second unlock hash value is calculated by using the hash algorithm according to the unlock code, and then the calculated second unlock hash value is compared with the application processor side.
  • the hash algorithm parameters stored in the RPMB that is, the second hash value, are consistent. If they are consistent, the second network state information of the application processor side is the unlocked state. If not, the second network state information is the lock network. status. It can be understood that the specific algorithm used for determining the second network state information is not limited to the hash algorithm, but the algorithm used needs to be locked with the lock network version terminal, and the unlocked network algorithm parameters are saved. The specific algorithm is consistent.
  • Step S55 The second network state information and the second unlock code stored by the application processor side are transmitted to the communications processor.
  • step S55 includes:
  • the application processor allocates a storage area from the memory of the terminal, and the security key of the storage area is only on the communication processor side and the application. Processor side sharing. Therefore, the second network state information determined by the application processor and the second unlock code originally stored in the RPMB of the application processor may also be encrypted and stored in the storage area. Then, the communication processor can read the second network state information and the second unlock code from the access area according to the security key it enjoys, so that the communication processor performs the subsequent steps of unlocking the network.
  • the second network state information and the second unlock code after the encryption process may be further read from the storage area, and written into the RPMB so that the terminal is powered on or released again. Used when the lock network is judged. Among them, this is the only place to allow the rewriting of the lock network related parameters in the RPMB.
  • a method for booting a terminal includes:
  • Step S61 After receiving the power-on command input by the user, determining whether the terminal is a fuse;
  • the terminal when booting, you need to first check whether the SIM LOCK tamper fuse is a fuse. If the fuse is used, the terminal enters the unusable state. The user cannot perform any operation except the shutdown. The security of the use of the terminal.
  • Step S63 if the terminal is not fused, reading first network state information stored on the communication processor side of the terminal and second network state information stored on the application processor side, and determining the first Whether the network status information and the second network status information are both unlocked states;
  • the first network shape can be further read only when it is determined in step S61 that the terminal is not fused. State information and second network state information. Because, during the use of the terminal, there is a place to rewrite the first network state information in the SFS of the communication processor side of the terminal in the process of unlocking the network, and a second in the RPMB on the application processor side. The place where the network status information is rewritten. The stored first network state information needs to be read from the SFS of the terminal, and the stored second network state information is read from the RPMB of the terminal. If the read first network state information and the second network state information are both unlocked, step S65 is performed.
  • the first network state information and the second network state information are both locked state when the terminal is powered on.
  • the terminal has been maliciously attacked, the first state information and the second unlock state information may be inconsistent, and then the terminal performs a fuse and prompts the user to be unavailable.
  • Step S65 If the first network state information and the second network state information are both unlocked, determining a third unlocking code stored on a communication processor side of the terminal and a second unlocking on an application processor side Whether the codes are consistent, if they are consistent, the terminal starts to enter the standby interface.
  • the terminal performs a fuse and prompts the user to be unavailable.
  • the terminal is not fused, and the first network state information on the communication processor side and the second network state information on the application processor side are consistent, and the communication processor side stores When the third unlock code and the second unlock code are consistent, the terminal starts up and enters the standby interface, which prevents the terminal from being maliciously attacked and can still be used, thereby enhancing the security of the terminal.
  • a device for unlocking a network is provided, which is applied to a communication processor side. As shown in FIG. 7, the device 700 includes:
  • the first obtaining module 701 is configured to obtain the input first unlocking code
  • the first calculating module 702 is configured to be configured according to the first acquired by the first acquiring module 701 Unlocking the code, and calculating the first network state information on the communication processor side;
  • the second obtaining module 704 is configured to acquire second network state information of the application processor side obtained by the application processor according to the first unlocking code, and a second unlocking code stored by the application processor side;
  • the first determining module 705 is configured to determine whether the first network state information is consistent with the second network state information, and whether the third unlocking code and the second unlocking code stored on the communications processor side are both Unlocked state;
  • the determining module 706 is configured to: when the first determining module 705 determines that the first network state information and the second network state information are both unlocked, and the third unlocking code is consistent with the second unlocking code Determining that the unlocking succeeds; when the first determining module determines that the first network state information and the second network state information are not all unlocked states, or the third unlocking code is inconsistent with the second unlocking code When it is determined that the unlocking failed.
  • the first calculating module 702 includes:
  • the first calculating unit 7021 is configured to obtain a first unlocking hash value by using a hash algorithm according to the unlocking code
  • the first determining unit 7022 is configured to determine whether the first unlocking hash value is consistent with the first hash value stored by the communications processor side; if the first unlocking hash value is opposite to the communications processor side If the stored first hash value is consistent, the first network state information is an unlocked state; if the first unlocked hash value does not match the first hash value stored by the communications processor side, the first A network status information is a lock network status.
  • the second obtaining module 704 includes:
  • the receiving unit 7041 is configured to receive an information read message sent by the application processor
  • the reading unit 7042 is configured to read, according to the information read message, the second network state information and the second processed after being encrypted, from a storage area allocated by the application processor in a memory of the terminal An unlock code, wherein a security key of the storage area is shared by the communication processor.
  • the device 700 further includes:
  • the encryption module 703 is configured to encrypt the first network state information and the third unlock code stored on the communication processor side, and encrypt the processed first network state information and the third The unlock code is saved in the storage area.
  • the device 700 further includes:
  • the first writing module 707 is configured to read the encrypted first network state information and the third unlocking code from the storage area after the unlocking is successful, and write the third network unlocking code to the secure document system.
  • the device 700 further includes:
  • the second judging module 708 is configured to determine whether the unlocking number reaches a predetermined threshold after the unlocking fails, and if the unlocking number reaches a predetermined threshold, restarting; if the unlocking number does not reach the predetermined threshold, prompting the user to re-enter the unlocking code .
  • a device for unlocking a network is provided, which is applied to an application processor side. As shown in FIG. 8, the device 800 includes:
  • the third obtaining module 801 is configured to obtain the input first unlocking code
  • the second calculating module 802 is configured to obtain second network state information of the application processor side according to the first unlocking code calculation
  • the transmission module 803 is configured to transmit the second network state information and the second unlock code stored by the application processor side to the communications processor.
  • the second calculating module 802 includes:
  • the second calculating unit 8021 is configured to obtain a second unlocking hash value by using a hash algorithm according to the first unlocking code
  • the second determining unit 8022 is configured to determine whether the second unlocking hash value is consistent with the second hash value stored by the application processor side; if the second unlocking hash value is opposite to the application processor side If the stored second hash value is consistent, the second network state information is an unlocked state; if the second unlocked hash value does not match the second hash value stored by the application processor side, the first The second network status information is a lock network status.
  • the transmission module 803 includes:
  • the allocating unit 8031 is configured to allocate a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
  • the encryption unit 8032 is configured to perform encryption processing on the second network state information and the second unlock code, and store the encrypted second network state information and the second unlock code in the storage area. ;
  • the sending unit 8033 is configured to send an information read message to the communications processor, so that the communications processor reads the second network state information and the second unlocking code after the encryption process from the storage area. .
  • the device 800 further includes:
  • the second writing module 804 is configured to read the encrypted second network state information and the second unlocking code from the storage area after the unlocking is successful, and the encrypted processing The second network state information and the second unlock code are written back to the write memory protection area.
  • the device 900 includes:
  • the third determining module 901 is configured to determine, after receiving the power-on command input by the user, whether the terminal is a fuse;
  • the fourth determining module 902 is configured to: when the third determining module 901 determines that the terminal is not fused, read the first network state information stored on the communication processor side of the terminal and stored on the application processor side. Determining, by the second network state information, whether the first network state information and the second network state information are both unlocked states;
  • the fifth judging module 903 is configured to: when the fourth judging module 902 determines that the first network state information and the second network state information are both unlocked, determine that the communication processor side is stored on the terminal Whether the third unlocking code is consistent with the second unlocking code on the application processor side, and if the third unlocking code is consistent with the second unlocking code, the terminal starts to enter the standby interface.
  • the device 900 further includes:
  • the fuse module 904 is configured to: when the fourth determining module 902 determines that the first network state information is inconsistent with the second network state information, or when the fifth determining module 903 determines the third unlocking code When the second unlock code does not coincide with the fuse, the fuse is performed.
  • the device 900 further includes:
  • the sixth judging module 905 is configured to: when the fourth judging module 902 determines that the first network state information and the second network state information are both locked state, determine the SIM card lock network parameters and pre-stored in the Whether the lock network parameters in the terminal are consistent; if the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state; if the SIM The card lock network parameter is consistent with the lock network parameter pre-stored in the terminal, and the terminal starts and enters a standby interface.
  • the fourth determining module 902 implements, in the manner of reading, the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side:
  • FIG. 10 it is a lock network architecture diagram of a terminal according to an embodiment of the present invention.
  • the communication processor side in the figure includes:
  • the SIM LOCK Engine is configured to handle the related unlocking operation on the communication processor side and execute the main process of the lock network unlocking operation;
  • a multi-mode universal card driver interface configured to obtain a SIM card message and provide the lock network engine
  • SIM card driver (UIM/SIM drivers), set to drive the SIM card;
  • SFS Secure File System
  • API application programming
  • the application processor side includes:
  • the system user interface (Android UI) is set to provide an unlock code input interface, displaying the lock network status, prompting an unlock error;
  • RILD Wireless Interface Layer Driver
  • SIM Lock app running in the Trust Zone, executing the application
  • a key verification algorithm on the processor side such as PBKDF2 checks whether the unlock code input by the user is correct, and allocates a storage area (Secure Channel) for data transmission between the communication processor and the application processor in the memory, wherein
  • the Secure Channel can only be accessed by the Trust Zone and the communication processor, accessed by the chip xPU, and the transmitted data is encrypted data, and the key is only shared between the communication processor and the Trust Zone;
  • RPMB memory protection area
  • the main function of the SIM LOCK Service is that after the communication processor writes the encrypted data to the Secure Channel, the SIM LOCK Service receives the notification message, and the SIM LOCK Service sends a notification message to notify the Trust Zone to read the relevant data from the Secure Channel. Similarly, when the Trust Zone writes encrypted data to the Secure Channel, it notifies the SIM LOCK Service to send a notification notification message to the communication processor.
  • the boot process of the terminal is as shown in FIG. 10.
  • Step S1001 determining whether the terminal is tampering with the fuse, if the terminal is tamper with the fuse, then step S1006; if the terminal has not tamper with the fuse, then step S1002;
  • Step S1002 determining whether the state of the application processor side and the communication processor side are the same, and if the state of the application processor side and the communication processor side do not match, step S1005 is performed; if the application processor side is consistent with the state of the communication processor side , step S1003 is performed;
  • Step S1003 determining whether it is an unlocked state or a locked network state; if the application processor side and the communication processor side are both locked state, step S1004 is performed; if the application processor side and the communication processor side are both unlocked, executing Step S1008;
  • Step S1004 determining whether the lock network parameters and SIM card parameters are consistent, if the lock network parameters and SIM card parameters, then step S1008; if the lock network parameters and SIM card parameters are inconsistent, then step S1007;
  • Step S1005 the fuse, and then the terminal enters an unusable state
  • step S1006 the terminal enters an unusable state.
  • Step S1007 the lock network limited service state.
  • Step S1008 starting normally.
  • the unlocking process of the terminal is as shown in FIG. 12.
  • the upper layer system After the user inputs the unlock code in the upper layer system, the upper layer system transmits the unlock code to the application processor side and the communication processor side respectively, and the communication processor side and the application processor side respectively perform hash calculation;
  • the first unlocked hash value (HCK1) is calculated, and then compared with the first hash value stored in the SFS, if the first unlocked hash value and the first hash stored in the SFS If the values are consistent, the first network state information (lockstate1) is (unlocked state) unlocked; if the first unlocked hash value is inconsistent with the first hash value stored in the SFS, the first network state information is (locked network state) Locked; writes the third unlock code (CK3) data in lockstate1 and SFS to the secure channel.
  • CK3 third unlock code
  • the second unlock hash value (HCK2) is calculated and then compared with the second hash value stored in the RPMB if the second unlock hash value is consistent with the second hash value stored in the RPMB.
  • the second network state information (lockstate2) is unlocked; if the second unlocking hash value is inconsistent with the second hash value stored in the RPMB, the second network state information is locked; the second unlock in the lockstate2 and the RPMB
  • the code (CK2) data is written to the secure channel.
  • the communication processor side When the communication processor side receives the application processor side write data notification, it checks whether lockstate1 and lockstate2 and CK3 and CK2 are consistent. If both lockstate1 and lockstate2 are unlocked, and CK3 and CK2 are caused, the unlocking succeeds. Lockstate1 is written to the SFS and secure channel along with the third unlock code (CK3). The Trust Zone is notified by the SIM LOCK Service, and the Trust Zone is written to the RPMB. If lockstate1 and lockstate2 are not unlocked, and the live CK3 and CK2 are inconsistent, the unlock is judged.
  • the terminal Whether the number of times of recognition reaches a predetermined threshold, if the number of times of unlocking recognition does not reach a predetermined threshold, the user is prompted to re-enter; if the number of times of unlocking recognition reaches a predetermined threshold, the terminal restarts.
  • the embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the terminal on the communication processor side to unlock the network.
  • the embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the application processor side to unlock the network.
  • the embodiment of the invention further provides a computer readable storage medium, wherein the computer readable storage medium stores computer executable instructions, and the method for implementing booting of the terminal when the computer executable instructions are executed.
  • the lock network system of the terminal of the embodiment includes two parts, an application processor side and a communication processor side.
  • the input unlock code is simultaneously performed on the communication processor side and the application processor side. Verification, which makes the lock network more secure and more difficult to crack.
  • each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. / instruction to achieve its corresponding function.
  • This application is not limited to any specific combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A de-personalization method for a terminal, comprising: acquiring an inputted first de-personalization code; performing, according to the first de-personalization code, computation to obtain first network state information of a communication processor side; acquiring second network state information of an application processor side obtained by the application processor according to the de-personalization code computation, and acquiring a second de-personalization code stored on the application processor side; determining whether the first network state information is consistent with the second network state information, and whether a third de-personalization code stored on the communication processor side is consistent with the second de-personalization code; if the first network state information and the second network state information both indicate a state of de-personalization, and the third de-personalization code is consistent with the second de-personalization code, then passing de-personalization operation; and if the first network state information is not consistent with the second network state information, or the third de-personalization code is not consistent with the second de-personalization code, then failing the de-personalization operation.

Description

一种终端解除锁网的方法、开机的方法及装置Method for unlocking network by terminal, method and device for booting 技术领域Technical field
本文涉及但不限于通信技术领域,涉及一种终端解除锁网的方法、开机的方法及装置。This document relates to, but is not limited to, the field of communication technology, and relates to a method for unlocking a network by a terminal, a method and device for booting.
背景技术Background technique
锁网锁卡方案是基于3GPP TS22.022Personalisation of Mobile Equipment(ME)协议。该协议简要描述如下:The lock network lock card scheme is based on the 3GPP TS 22.022 Personalisation of Mobile Equipment (ME) protocol. The agreement is briefly described as follows:
3GPP TS22.022一共规定了5种级别的锁网锁卡定义:3GPP TS22.022 specifies a total of five levels of lock network lock card definition:
第一级:网络(Network),锁网,移动国家号(MCC,Mobile Country Code)+移动网络号码(MNC,Mobile Network Code);The first level: Network, lock network, Mobile Country Code (MCC, Mobile Country Code) + Mobile Network Code (MNC, Mobile Network Code);
第二级:网络子集(Network subset),锁子网,国际移动用户识别码(IMSI,International Mobile Subscriber Identification Number)的数字(digit)6位和7位+MCC+MNC;The second level: Network subset, lock subnet, International Mobile Subscriber Identification Number (IMSI, International Mobile Subscriber Identification Number) digits (digit) 6 digits and 7 digits + MCC + MNC;
第三级:服务提供商(service provider,SP),锁SP,SIM(Subscriber Identity Module,客户识别模块)/USIM(Universal Subscriber Identity Module,全球用户识别卡)卡上的分组识别文件1(GID(Group Identifier)1)+MCC+MNC;The third level: service provider (SP), lock SP, SIM (Subscriber Identity Module) / USIM (Universal Subscriber Identity Module) card identification file 1 (GID ( Group Identifier) 1) + MCC + MNC;
第四级:企业(Corporate),企业锁,SIM/USIM卡上的分组识别文件2(GID2)+SP(SIM/USIM卡上的GID1)+MCC+MNC;Level 4: Corporate, Enterprise Lock, Group Identification File 2 (GID2) + SP on SIM/USIM card (GID1 on SIM/USIM card) + MCC+MNC;
第五级:SIM/USIM,锁卡的全部IMSI(IMSI的digit8-15位+IMSI的digit6和7位+MCC+MNC)。Level 5: SIM/USIM, all IMSIs of the lock card (digit8-15 bits of IMSI + digit6 and 7 bits + MCC+MNC of IMSI).
支持哪一级锁网目前都是由运营商指定,一般都是支持前三级中的一种,对应的锁网参数由运营商提供。Which level of lock network is supported is currently specified by the operator, and generally supports one of the first three levels, and the corresponding lock network parameters are provided by the operator.
目前的锁网方案常见的有两种,一种是硬编码(hard code)的不可解锁的方案,一种是基于通信处理器(modem)侧,即CP(Coprocessor)侧的可解锁的方案。硬编码不可解锁虽然破解难度高,但是目前北美等市场已经立法要求运营商必须为用户提供在一定条件下的解锁,后续其它区域市场也有 跟进趋势,所以这种方案不再赘述。目前应用最为广泛的是基于通信处理器侧的可解锁方案。手机进行锁网时,在CP侧随机生成一串数字,经过通用的安全算法如散列算法(MD5)计算后表示的锁网解锁码(NCK)/锁子网解锁码(NSCK)/锁卡解锁码(SPCK),这是强加密的安全算法。其中,解锁码(NCK/NSCK/SPCK)只生成一次,且为16位的十进制数字;解锁码(NCK/NSCK/SPCK)和手机的IMEI号一次保存在外部数据库中。Currently, there are two common types of lock network solutions, one is a hard coded unlockable solution, and the other is based on a communication processor side, that is, an unlockable solution on the CP (Coprocessor) side. Hard coding can not be unlocked Although the cracking is difficult, but the current market in North America has already required legislation to provide users with the ability to unlock under certain conditions, followed by other regional markets. Follow the trend, so this plan will not go into details. Currently the most widely used is based on the communication processor side of the unlockable solution. When the mobile phone locks the network, a string of numbers is randomly generated on the CP side, and the lock network unlock code (NCK)/lock subnet unlock code (NSCK)/lock card represented by the general security algorithm such as the hash algorithm (MD5) is calculated. Unlock code (SPCK), which is a strong encryption security algorithm. The unlock code (NCK/NSCK/SPCK) is generated only once and is a 16-digit decimal number; the unlock code (NCK/NSCK/SPCK) and the IMEI number of the mobile phone are saved in the external database at one time.
其中,手机中需要保存的锁网相关参数有:有效的MCC、MNC列表,有效分组识别文件(GID)列表,经过MD5算法计算后的NCK/NSCK/SPCK4,解锁标志位,以及解锁失败次数。这5项参数出厂时全部在安全文件系统(SFS)中完成保存。其中,解锁失败次数根据需要进行设定,且失败次数累计,不受版本更新、手机重启、恢复出厂设置影响,即手机升级版本,或重启,或恢复出厂设置,失败次数也不会重置为0。Among them, the lock network related parameters that need to be saved in the mobile phone are: a valid MCC, an MNC list, a valid group identification file (GID) list, an NCK/NSCK/SPCK4 calculated by the MD5 algorithm, an unlock flag, and an unlock failure number. These five parameters are all stored in the Secure File System (SFS) when they are shipped. Among them, the number of unsuccessful unlockings is set according to needs, and the number of failures is accumulated, which is not affected by version update, mobile phone restart, and factory reset, ie, the mobile phone upgrade version, or restart, or factory reset, the number of failures will not be reset to 0.
目前的手机锁网架构如图1所示,锁网解锁相关流程均在通信处理器侧完成,应用处理器侧提供用户界面输入解锁码,读取锁网状态在用户界面进行相应的显示。The current mobile phone lock network architecture is shown in Figure 1. The lock network unlocking related process is completed on the communication processor side, and the application processor side provides a user interface input unlock code, and the read lock network state is displayed correspondingly in the user interface.
其中,基于图1所示的手机锁网架构图,开机流程如图2所示。具体如下:Among them, based on the mobile phone lock network architecture diagram shown in Figure 1, the boot process is shown in Figure 2. details as follows:
步骤1:手机首先检查是否是锁网版本,如果非锁网版本,则正常开机;Step 1: The mobile phone first checks whether it is a lock network version, and if it is not a lock network version, it starts normally;
步骤2:如果是锁网版本,则:检查是否永久锁网,若是,解锁失败,手机永久锁网;否则,转到步骤3;Step 2: If it is a lock network version, check whether the network is permanently locked. If yes, the unlocking fails, the mobile phone permanently locks the network; otherwise, go to step 3;
步骤3:验证卡的MCC/MNC是否合法及解锁状态标志,如果卡的MCC/MNC合法或解锁状态为已解锁则正常开机;否则手机进入锁网状态。Step 3: Verify that the MCC/MNC of the card is legal and unlocked. If the MCC/MNC of the card is legal or unlocked, it will be powered on normally; otherwise, the phone enters the lock state.
另外,基于图1所示的手机锁网架构图,解锁流程,如图3所示。具体如下:In addition, based on the mobile phone lock network architecture diagram shown in FIG. 1, the unlocking process is as shown in FIG. 3. details as follows:
步骤1:锁网状态下用户输入的锁网解锁码在界面上明文显示;用户输入锁网解锁码后选择解锁,检查用户输入的解锁码是否正确,如果正确将安全文件系统(SFS)中解锁状态修改为已解锁,解锁正常开机;Step 1: The lock network unlock code input by the user in the lock network state is displayed in plain text on the interface; after the user enters the lock network unlock code, select the unlock, check whether the unlock code input by the user is correct, and if the security file system (SFS) is correctly unlocked The status is changed to unlocked, and the unlocking is normally turned on;
步骤2:如果解锁码不正确,判断是否达到最大错误次数,如果达到则 会进入永久锁网,否则继续步骤1的流程;手机永久锁网后,仅可拨打紧急电话。Step 2: If the unlock code is incorrect, determine if the maximum number of errors has been reached, if it is reached Will enter the permanent lock network, otherwise continue the process of step 1; after the phone is permanently locked, only emergency calls can be made.
综上所述,目前锁网版本的手机的解锁流程主要是基于modem侧的可解锁方案,但是相关技术中的这种解锁方法比较简单,一旦遭受破解攻击,手机无法判断,更无法做出相应的防御或者补救措施,因此存在一定的安全隐患。In summary, the unlocking process of the currently locked version of the mobile phone is mainly based on the unlockable solution on the modem side, but the unlocking method in the related art is relatively simple, and once the attack is attacked, the mobile phone cannot judge, and the corresponding cannot be made. Defence or remedy, so there are certain security risks.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供了一种终端解除锁网的方法、开机的方法及装置,能够进行锁网解除时,在通信处理器侧和应用处理器侧同时对输入的解锁码进行验证,从而使得锁网安全性更强,破解难度更大。The embodiment of the invention provides a method for unlocking a network of a terminal, a method and a device for booting, and when the lock network is released, the input unlock code is simultaneously verified on the communication processor side and the application processor side, thereby making the lock The network is more secure and more difficult to crack.
本发明实施例提供一种终端解除锁网的方法,包括:The embodiment of the invention provides a method for a terminal to unlock a network, which includes:
获取输入的第一解锁码;Obtain the first unlock code entered;
根据所述第一解锁码,计算获得通信处理器侧的第一网络状态信息;Calculating, according to the first unlocking code, first network state information on the communication processor side;
获取应用处理器根据所述第一解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;Obtaining second network state information of the application processor side obtained by the application processor according to the first unlock code, and a second unlock code stored by the application processor side;
判断所述第一网络状态信息与所述第二网络状态信息是否一致,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否均为解锁状态;Determining whether the first network state information is consistent with the second network state information, and whether the third unlock code and the second unlock code stored on the communication processor side are both unlocked states;
若所述第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致,则解锁成功;若所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,或者所述第三解锁码与所述第二解锁码不一致,则解锁失败。If the first network state information and the second network state information are both in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking succeeds; if the first network state information and The second network state information is not all unlocked, or the third unlock code does not match the second unlock code, and the unlocking fails.
可选地,所述根据所述解锁码,计算获得所述通信处理器侧的第一网络状态信息,包括:Optionally, the calculating, according to the unlocking code, obtaining the first network state information on the communications processor side, including:
根据所述解锁码,利用哈希算法获得第一解锁哈希值; Obtaining a first unlocking hash value by using a hash algorithm according to the unlocking code;
判断所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值是否一致;Determining whether the first unlock hash value is consistent with the first hash value stored on the communication processor side;
若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值一致,则所述第一网络状态信息为解锁状态;If the first unlocking hash value is consistent with the first hash value stored by the communications processor side, the first network state information is an unlocked state;
若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值不一致,则所述第一网络状态信息为锁网状态。If the first unlock hash value does not match the first hash value stored on the communication processor side, the first network state information is a lock network state.
可选地,所述获取应用处理器根据所述解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码,包括:Optionally, the acquiring, by the application processor, the second network state information of the application processor side obtained according to the unlocking code, and the second unlocking code stored by the application processor side, including:
接收所述应用处理器发送的信息读取消息;Receiving an information read message sent by the application processor;
根据所述信息读取消息,从所述应用处理器在终端的内存中分配的存储区中读取经过加密处理后的所述第二网络状态信息和所述第二解锁码,其中,所述存储区的安全密钥被所述通信处理器共享。And reading, according to the information read message, the second network state information and the second unlock code after being encrypted, from the storage area allocated by the application processor in a memory of the terminal, where The security key of the storage area is shared by the communication processor.
可选地,所述根据所述解锁码,计算获得所述通信处理器侧的第一网络状态信息之后,所述方法还包括:Optionally, after the obtaining the first network state information on the communication processor side according to the unlocking code, the method further includes:
将所述第一网络状态信息和所述通信处理器侧存储的第三解锁码进行加密处理,并将加密处理后的所述第一网络状态信息和第三解锁码保存在所述存储区中。Encrypting the first network state information and the third unlock code stored on the communication processor side, and storing the encrypted first network state information and the third unlock code in the storage area .
可选地,所述解锁成功之后,所述方法还包括:Optionally, after the unlocking is successful, the method further includes:
从所述存储区中读取加密处理后的所述第一网络状态信息和所述第三解锁码,并写入安全文档系统。The first network state information and the third unlock code after the encryption process are read from the storage area and written into the secure document system.
可选地,所述解锁失败之后,所述方法还包括:Optionally, after the unlocking fails, the method further includes:
判断解锁次数是否达到预定阈值,若所述解锁次数达到预定阈值,则重新启动,若所述解锁次数未达到预定阈值,则提示用户重新输入解锁码。It is determined whether the number of unlocking times reaches a predetermined threshold. If the number of unlocking times reaches a predetermined threshold, the system restarts. If the number of unlocking times does not reach the predetermined threshold, the user is prompted to re-enter the unlocking code.
本发明实施例还提供一种终端解除锁网的方法,包括:The embodiment of the invention further provides a method for the terminal to unlock the network, including:
获取输入的第一解锁码;Obtain the first unlock code entered;
根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息; Obtaining second network state information of the application processor side according to the first unlock code calculation;
将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器。Transmitting the second network state information and the second unlock code stored on the application processor side to the communications processor.
可选地,所述根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息,包括:Optionally, the obtaining the second network state information of the application processor side according to the first unlock code calculation comprises:
根据所述第一解锁码,利用哈希算法获得第二解锁哈希值;Obtaining a second unlocking hash value by using a hash algorithm according to the first unlocking code;
判断所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值是否一致;Determining whether the second unlock hash value is consistent with the second hash value stored by the application processor side;
若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值一致,则所述第二网络状态信息为解锁状态;If the second unlocking hash value is consistent with the second hash value stored by the application processor side, the second network state information is an unlocked state;
若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值不一致,则所述第二网络状态信息为锁网状态。And if the second unlock hash value does not match the second hash value stored by the application processor side, the second network state information is a lock network state.
可选地,所述将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器,包括:Optionally, the transmitting the second network state information and the second unlock code stored by the application processor side to the communications processor, including:
在终端的内存中分配存储区,其中,所述存储区设置有安全密钥,且所述安全密钥被所述通信处理器共享;Allocating a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
将所述第二网络状态信息和所述第二解锁码进行加密处理,并将加密处理后的所述第二网络状态信息和第二解锁码存储在所述存储区中;Encrypting the second network state information and the second unlock code, and storing the encrypted second network state information and the second unlock code in the storage area;
向所述通信处理器发送信息读取消息,使得所述通信处理器从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码。Sending an information read message to the communication processor, so that the communication processor reads the encrypted network state information and the second unlock code from the storage area.
可选地,所述安全密钥还被所述应用处理器共享;Optionally, the security key is also shared by the application processor;
所述解锁成功后,所述方法还包括:After the unlocking is successful, the method further includes:
从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码,并将所述加密处理后的所述第二网络状态信息和第二解锁码写入回写内存保护区。Reading the second network state information and the second unlock code after the encryption process from the storage area, and writing the second network state information and the second unlock code after the encryption process Write a memory protection area.
本发明实施例还提供一种终端开机的方法,包括:The embodiment of the invention further provides a method for booting a terminal, comprising:
在接收到输入的开机指令后,判断终端是否熔丝; After receiving the input power-on command, determining whether the terminal is a fuse;
若未熔丝,则读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息,并判断所述第一网络状态信息与所述第二网络状态信息是否均为解锁状态;If not, reading the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side, and determining the first network state information and the Whether the second network status information is in an unlocked state;
若所述第一网络状态信息与所述第二网络状态信息均为解锁状态,则判断存储在所述终端的通信处理器侧的第三解锁码与应用处理器侧的第二解锁码是否一致,若所述第三解锁码与所述第二解锁码一致,则所述终端启动进入待机界面。If the first network state information and the second network state information are both in an unlocked state, determining whether the third unlocking code stored on the communication processor side of the terminal is consistent with the second unlocking code on the application processor side If the third unlock code is consistent with the second unlock code, the terminal starts to enter the standby interface.
可选地,所述方法还包括:Optionally, the method further includes:
若所述第一网络状态信息与所述第二网络状态信息不是均为解锁状态,或者若所述第三解锁码与所述第二解锁码不一致,则进行熔丝。If the first network state information and the second network state information are not both unlocked states, or if the third unlocking code does not match the second unlocking code, the fuse is performed.
可选地,所述方法还包括:Optionally, the method further includes:
若所述第一网络状态信息与所述第二网络状态信息均为锁网状态,则判断客户识别模块SIM卡锁网参数与预先存储在所述终端中的锁网参数是否一致;If the first network state information and the second network state information are both locked state, determining whether the customer identification module SIM card lock network parameter is consistent with the lock network parameter pre-stored in the terminal;
若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数不一致,所述终端启动并进入锁网有限服务状态;If the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state;
若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数一致,所述终端启动并进入待机界面。If the SIM card lock network parameter is consistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a standby interface.
可选地,所述读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息包括:Optionally, the reading the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side includes:
读取所述终端的安全文档系统中存储的所述第一网络状态信息,以及所述终端的回写内存保护区中存储的所述第二网络状态信息。And reading the first network state information stored in the security file system of the terminal, and the second network state information stored in the write-back memory protection zone of the terminal.
本发明实施例还提供一种终端解除锁网的装置,包括:The embodiment of the invention further provides an apparatus for unlocking a network of a terminal, comprising:
第一获取模块,设置为获取输入的第一解锁码;a first acquiring module, configured to obtain an input first unlocking code;
第一计算模块,设置为根据所述第一获取模块获取的所述第一解锁码,计算获得通信处理器侧的第一网络状态信息;The first calculating module is configured to calculate, according to the first unlocking code acquired by the first acquiring module, the first network state information obtained on the communication processor side;
第二获取模块,设置为获取应用处理器根据所述第一解锁码计算获得的 所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;a second obtaining module, configured to acquire, obtained by the application processor according to the first unlocking code The second network state information on the application processor side and the second unlock code stored on the application processor side;
第一判断模块,设置为判断所述第一网络状态信息与所述第二网络状态信息是否一致,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否均为解锁状态;a first determining module, configured to determine whether the first network state information is consistent with the second network state information, and whether the third unlocking code and the second unlocking code stored on the communications processor side are both unlocked status;
确定模块,设置为当所述第一判断模块判断所述第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致时,确定解锁成功;当所述第一判断模块判断所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,或所述第三解锁码与所述第二解锁码不一致时,确定解锁失败。a determining module, configured to: when the first determining module determines that the first network state information and the second network state information are both unlocked, and the third unlocking code is consistent with the second unlocking code, Determining that the unlocking is successful; when the first determining module determines that the first network state information and the second network state information are not all unlocked states, or the third unlocking code is inconsistent with the second unlocking code, Make sure the unlock failed.
可选地,所述第一计算模块包括:Optionally, the first computing module includes:
第一计算单元,设置为根据所述解锁码,利用哈希算法获得第一解锁哈希值;a first calculating unit, configured to obtain a first unlocking hash value by using a hash algorithm according to the unlocking code;
第一判断单元,设置为判断所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值是否一致;若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值一致,则所述第一网络状态信息为解锁状态;若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值不一致,则所述第一网络状态信息为锁网状态。a first determining unit, configured to determine whether the first unlocking hash value is consistent with a first hash value stored on the communication processor side; if the first unlocking hash value is stored on the communication processor side If the first hash value is consistent, the first network state information is an unlocked state; if the first unlocked hash value is inconsistent with the first hash value stored by the communications processor side, the first The network status information is the lock network status.
可选地,所述第二获取模块包括:Optionally, the second obtaining module includes:
接收单元,设置为接收所述应用处理器发送的信息读取消息;a receiving unit, configured to receive an information read message sent by the application processor;
读取单元,设置为根据所述信息读取消息,从所述应用处理器在终端的内存中分配的存储区中读取经过加密处理后的所述第二网络状态信息和所述第二解锁码,其中,所述存储区的安全密钥被所述通信处理器共享。a reading unit configured to read, according to the information read message, the second network state information and the second unlocked after being encrypted, from a storage area allocated by the application processor in a memory of the terminal A code, wherein a security key of the storage area is shared by the communication processor.
可选地,所述装置还包括:Optionally, the device further includes:
加密模块,设置为将所述第一网络状态信息和所述通信处理器侧存储的第三解锁码进行加密处理,并将加密处理后的所述第一网络状态信息和第三解锁码保存在所述存储区中。The encryption module is configured to perform encryption processing on the first network state information and the third unlock code stored on the communication processor side, and save the encrypted first state information and the third unlock code in the In the storage area.
可选地,所述装置还包括: Optionally, the device further includes:
第一写入模块,设置为在解锁成功后,从所述存储区中读取加密处理后的所述第一网络状态信息和所述第三解锁码,并写入安全文档系统。The first writing module is configured to, after the unlocking succeeds, read the encrypted first processed network state information and the third unlocking code from the storage area, and write the security file system.
可选地,所述装置还包括:Optionally, the device further includes:
第二判断模块,设置为在解锁失败后,判断解锁次数是否达到预定阈值,所述解锁次数达到预定阈值,则重新启动,若所述解锁次数未达到预定阈值,则提示用户重新输入解锁码。The second judging module is configured to determine whether the number of unlocking times reaches a predetermined threshold after the unlocking fails, and restarts if the number of unlocking reaches a predetermined threshold, and prompts the user to re-enter the unlocking code if the number of unlocking does not reach the predetermined threshold.
本发明实施例还提供一种终端解除锁网的装置,包括:The embodiment of the invention further provides an apparatus for unlocking a network of a terminal, comprising:
第三获取模块,设置为获取输入的第一解锁码;a third obtaining module, configured to obtain the input first unlocking code;
第二计算模块,设置为根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息;a second calculating module, configured to calculate, according to the first unlocking code, second network state information on an application processor side;
传输模块,设置为将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器。And a transmission module, configured to transmit the second network state information and the second unlock code stored by the application processor side to the communications processor.
可选地,所述第二计算模块包括:Optionally, the second calculating module includes:
第二计算单元,设置为根据所述第一解锁码,利用哈希算法获得第二解锁哈希值;a second calculating unit, configured to obtain a second unlocking hash value by using a hash algorithm according to the first unlocking code;
第二判断单元,设置为判断所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值是否一致;若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值一致,则所述第二网络状态信息为解锁状态;若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值不一致,则所述第二网络状态信息为锁网状态。a second determining unit, configured to determine whether the second unlocking hash value is consistent with a second hash value stored by the application processor side; if the second unlocking hash value is stored by the application processor side If the second hash value is consistent, the second network state information is an unlocked state; if the second unlocked hash value is inconsistent with the second hash value stored by the application processor side, the second The network status information is the lock network status.
可选地,所述传输模块包括:Optionally, the transmission module includes:
分配单元,设置为在终端的内存中分配存储区,其中,所述存储区设置有安全密钥,且所述安全密钥被所述通信处理器共享;An allocating unit configured to allocate a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
加密单元,设置为将所述第二网络状态信息和所述第二解锁码进行加密处理,并将加密处理后的所述第二网络状态信息和第二解锁码存储在所述存储区中; The encryption unit is configured to perform encryption processing on the second network state information and the second unlock code, and store the encrypted second network state information and the second unlock code in the storage area;
发送单元,设置为向所述通信处理器发送信息读取消息,使得所述通信处理器从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码。And a sending unit, configured to send an information read message to the communication processor, so that the communications processor reads the encrypted second network state information and the second unlock code from the storage area.
可选地,所述装置还包括:Optionally, the device further includes:
第二写入模块,设置为解锁成功后,从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码,并将所述加密处理后的所述第二网络状态信息和第二解锁码写入回写内存保护区。After the second write module is set to be unlocked successfully, the second network state information and the second unlock code after the encryption process are read from the storage area, and the encrypted process is performed. The second network status information and the second unlock code are written back to the write memory protection area.
本发明实施例还提供一种终端开机的装置,包括:The embodiment of the invention further provides a device for booting a terminal, comprising:
第三判断模块,设置为在接收到用户输入的开机指令后,判断所述终端是否熔丝;a third determining module, configured to determine whether the terminal is a fuse after receiving a power-on command input by the user;
第四判断模块,设置为当所述第三判断模块判断所述终端未熔丝时,读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息,并判断所述第一网络状态信息与所述第二网络状态信息是否均为解锁状态;a fourth determining module, configured to: when the third determining module determines that the terminal is not fused, read first network state information stored on a communication processor side of the terminal and stored on an application processor side And determining, by the network state information, whether the first network state information and the second network state information are both unlocked states;
第五判断模块,设置为当所述第四判断模块判断所述第一网络状态信息与所述第二网络状态信息均为解锁状态,则判断存储在所述终端的通信处理器侧的第三解锁码与应用处理器侧的第二解锁码是否一致,若所述第三解锁码与所述第二解锁码一致,所述终端启动进入待机界面。The fifth determining module is configured to: when the fourth determining module determines that the first network state information and the second network state information are both unlocked, determine that the third device is stored on the communication processor side of the terminal Whether the unlocking code is consistent with the second unlocking code on the application processor side, and if the third unlocking code is consistent with the second unlocking code, the terminal starts to enter the standby interface.
可选地,所述装置还包括:Optionally, the device further includes:
熔丝模块,设置为当所述第四判断模块判断所述第一网络状态信息与所述第二网络状态信息不一致时,或者当所述第五判断模块判断所述第三解锁码与所述第二解锁码不一致时,进行熔丝。a fuse module, configured to: when the fourth determining module determines that the first network state information is inconsistent with the second network state information, or when the fifth determining module determines the third unlocking code and the When the second unlock code does not match, the fuse is performed.
可选地,所述装置还包括:Optionally, the device further includes:
第六判断模块,设置为当所述第四判断模块判断所述第一网络状态信息与所述第二网络状态信息均为锁网状态时,判断SIM卡锁网参数与预先存储在所述终端中的锁网参数是否一致;若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数不一致,所述终端启动并进入锁网有限服务状态; 若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数,所述终端启动并进入待机界面。a sixth judging module, configured to: when the fourth judging module judges that the first network state information and the second network state information are both locked state, determining a SIM card lock network parameter and pre-storing in the terminal Whether the lock network parameters are consistent; if the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state; If the SIM card lock network parameter and the lock network parameter pre-stored in the terminal, the terminal starts and enters a standby interface.
可选地,所述第四判断模块通过如下方式实现在所述读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息:Optionally, the fourth determining module implements, in the manner of reading, the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side:
读取所述终端的安全文档系统中存储的所述第一网络状态信息,以及所述终端的回写内存保护区中存储的所述第二网络状态信息。And reading the first network state information stored in the security file system of the terminal, and the second network state information stored in the write-back memory protection zone of the terminal.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,所述计算机可执行指令被执行时实现应用于通信处理器侧的终端解除锁网的方法。The embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the terminal on the communication processor side to unlock the network. Methods.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,所述计算机可执行指令被执行时实现应用于应用处理器侧的终端解除锁网的方法。The embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the application processor side to unlock the network. Methods.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,所述计算机可执行指令被执行时实现终端开机的方法。The embodiment of the invention further provides a computer readable storage medium, wherein the computer readable storage medium stores computer executable instructions, and the method for implementing booting of the terminal when the computer executable instructions are executed.
本发明实施例的有益效果是:The beneficial effects of the embodiments of the present invention are:
上述方案中,在解除锁网时,在通信息处理器侧和应用处理器侧同时对输入的第一解锁码进行验证,获得通信处理器侧的第一网络状态信息和应用处理器侧的第二网络状态信息,并且在第一网络状态信息和第二网络状态信息均为解锁状态,且通信处理器侧存储的第三解锁码和应用处理器侧存储的第二解锁码一致时,才能最终解锁成功,从而使得本发明实施例的终端解除锁网的方法难度更大,进而使得锁网安全性更强,破解难度更大。In the above solution, when the lock network is released, the input first unlock code is simultaneously verified on the information processor side and the application processor side, and the first network state information on the communication processor side and the application processor side are obtained. And the second network state information and the second network state information are both in an unlocked state, and the third unlocking code stored on the communication processor side is consistent with the second unlocking code stored on the application processor side, and finally The method of unlocking the network is more difficult, so that the method for unlocking the network is more difficult, and the security of the lock network is stronger and the cracking is more difficult.
另外,在终端开机时,在该终端未熔丝,且通信处理器侧的第一网络状态信息和应用处理器侧的第二网络状态信息一致,且通信处理器侧存储的第三解锁码和第二解锁码一致时,终端启动并进入待机界面,避免了该终端被恶意攻击后,仍然可以使用,增强了终端的使用安全性。在阅读并理解了附图和详细描述后,可以明白其它方面。 In addition, when the terminal is powered on, the terminal is not fused, and the first network state information on the communication processor side and the second network state information on the application processor side are consistent, and the third unlock code stored on the communication processor side is When the second unlocking code is consistent, the terminal starts up and enters the standby interface, which prevents the terminal from being maliciously attacked and can still be used, thereby enhancing the security of the terminal. Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图说明DRAWINGS
图1为相关技术中的手机的锁网架构图;1 is a lock network architecture diagram of a mobile phone in the related art;
图2为相关技术中锁网版本手机的开机流程图;2 is a startup flowchart of a lock network version mobile phone in the related art;
图3为相关技术中锁网版本手机的解除锁网流程图;3 is a flow chart of unlocking the network of the lock network version of the mobile phone in the related art;
图4为本发明第一实施例的终端解除锁网的方法流程图;4 is a flowchart of a method for a terminal to unlock a network according to a first embodiment of the present invention;
图5为本发明第二实施例的终端解除锁网的方法流程图;FIG. 5 is a flowchart of a method for a terminal to unlock a network according to a second embodiment of the present invention; FIG.
图6为本发明第三实施例的终端开机的方法流程图;6 is a flowchart of a method for booting a terminal according to a third embodiment of the present invention;
图7为本发明第四实施例的终端解除锁网的装置的结构框图;7 is a structural block diagram of an apparatus for unlocking a network of a terminal according to a fourth embodiment of the present invention;
图8为本发明第五实施例的终端解除锁网的装置的结构框图;FIG. 8 is a structural block diagram of an apparatus for unlocking a network of a terminal according to a fifth embodiment of the present invention; FIG.
图9为本发明第六实施例的终端开机的装置的结构框图;FIG. 9 is a structural block diagram of an apparatus for booting a terminal according to a sixth embodiment of the present invention; FIG.
图10为本发明第七实施例的终端的锁网架构图;FIG. 10 is a structural diagram of a lock network of a terminal according to a seventh embodiment of the present invention; FIG.
图11为基于图10所示的锁网架构的开机流程图;FIG. 11 is a flowchart of booting based on the lock network architecture shown in FIG. 10;
图12为基于图10所示的锁网架构的解除锁网的流程图。FIG. 12 is a flow chart of unlocking the network based on the lock network architecture shown in FIG.
具体实施方式detailed description
下面将参照附图描述本申请的示例性实施例。虽然附图中显示了本申请的示例性实施例,然而应当理解,可以以多种形式实现本申请而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本申请,并且能够将本申请的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present application will be described below with reference to the drawings. While the exemplary embodiments of the present invention are shown in the drawings, it is understood that the invention may be embodied in a variety of forms and is not limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be more fully understood, and the scope of the application can be fully conveyed to those skilled in the art.
第一实施例First embodiment
依据本发明实施例的一个方面,提供了一种终端解除锁网的方法,该方法根据输入的第一解锁码,计算获得通信处理器侧的第一网络状态信息;获取应用处理器根据所述解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;判断所述第一网络状态信息与所述第二网络状态信息是否一致,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否一致;若所述第一网络状态信息和所述第二网络 状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致,则解锁成功;若所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,活着所述第三解锁码与所述第二解锁码不一致,则解锁失败。According to an aspect of an embodiment of the present invention, a method for unlocking a network of a terminal is provided, the method calculating, according to the input first unlocking code, obtaining first network state information on a communication processor side; Determining, by the unlocking code, the second network state information on the application processor side, and the second unlocking code stored on the application processor side; determining whether the first network state information is consistent with the second network state information And whether the third unlock code stored on the communication processor side is consistent with the second unlock code; if the first network state information and the second network If the status information is in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking succeeds; if the first network state information and the second network state information are not both unlocked, alive If the third unlock code does not match the second unlock code, the unlocking fails.
因此,本发明实施例的终端解除锁网的方法,在进行锁网解除时,能够在通信处理器侧和应用处理器侧同时对输入的解锁码进行验证,从而使得锁网安全性更强,破解难度更大。Therefore, the method for unlocking the network of the terminal in the embodiment of the present invention can simultaneously verify the input unlock code on the communication processor side and the application processor side when the lock network is released, thereby making the lock network more secure. Cracking is more difficult.
如图4所示,为发明实施例的终端解除锁网的方法流程图,该方法主要应用于终端的通信处理器侧。该方法包括:As shown in FIG. 4, it is a flowchart of a method for unlocking a network of a terminal according to an embodiment of the present invention, and the method is mainly applied to a communication processor side of a terminal. The method includes:
步骤S41、获取输入的第一解锁码;Step S41: Acquire an input first unlock code.
其中,不同锁网版本的终端,具有不同的解锁码。也就是说,一个锁网版本终端具有唯一一个特定的解锁码。只有在该终端中输入该特定的解锁码,才能成功对该终端解除锁网。否则,输入其他不正确的解锁码,无法成功解除锁网。Among them, terminals of different lock network versions have different unlock codes. That is to say, a lock network version terminal has a unique one unlock code. Only when the specific unlock code is input in the terminal can the network be successfully unlocked. Otherwise, enter another incorrect unlock code and the lock will not be successfully released.
对于锁网版本的终端,若该终端处于锁网状态,则用户需要输入解锁码进行解锁,才可使用该终端进行通信。若该终端处于解锁状态,但是用户需要插入另外一张SIM(Subscriber Identity Module,客户识别模块)卡,此时,用户同样需要解除该终端的锁网。For the terminal of the lock network version, if the terminal is in the lock network state, the user needs to input the unlock code to unlock, and then the terminal can be used for communication. If the terminal is in the unlocked state, but the user needs to insert another SIM (Subscriber Identity Module) card, the user also needs to unlock the terminal.
步骤S43、根据所述第一解锁码,计算获得通信处理器侧的第一网络状态信息;Step S43, calculating, according to the first unlock code, obtaining first network state information on the communication processor side;
对于锁网版本的终端,在该终端出厂时,该终端中就保存着解锁网算法参数,包括哈希算法参数(HCK)、加盐值(salt)、迭代次数(iteration)以及解锁网状态标志(lockflag)等。其中,这些解锁网算法参数分成两份存放,其中一份存放在安全文档系统(SFS)中,只允许通信处理器侧访问;另一份存放在应用处理器侧的回写内存保护区(RPMB)中,只允许应用处理器侧访问。For the lock version of the terminal, when the terminal is shipped from the factory, the unlocking network algorithm parameters are saved in the terminal, including hash algorithm parameters (HCK), salt value (salt), iteration number (iteration), and unlock network status flag. (lockflag) and so on. Among them, these unlocking network algorithm parameters are stored in two parts, one of which is stored in the Secure Document System (SFS) and only allows access by the communication processor side; the other is written back to the application processor side of the write-back memory protection area (RPMB). In the case, only application processor side access is allowed.
其中,当用户输入解锁码后,在通信处理器侧,会根据该解锁码,利用哈希算法计算获得第一解锁哈希值,然后比较计算的第一解锁哈希值与通信处理器侧的SFS中存储的哈希算法参数,即第一哈希值,是否一致,若一致, 则该通信处理器侧的第一网络状态信息为解锁状态,若不一致,则第一网络状态信息为锁网状态。可以理解的是,对于确定第一网络状态信息时所采用的算法,并不局限于哈希算法,但是采用的算法需要与锁网版本终端出厂时,保存在内的解锁网算法参数所属于的算法相一致。After the user inputs the unlocking code, on the communication processor side, the first unlocking hash value is calculated by using a hash algorithm according to the unlocking code, and then the calculated first unlocking hash value is compared with the communication processor side. The hash algorithm parameters stored in the SFS, that is, the first hash value, are consistent. If they are consistent, Then, the first network state information on the communication processor side is an unlocked state, and if not, the first network state information is a locked network state. It can be understood that the algorithm used for determining the first network state information is not limited to the hash algorithm, but the algorithm used needs to belong to the unlock network algorithm parameter that is saved when the lock network version terminal is shipped from the factory. The algorithm is consistent.
步骤S45、获取应用处理器根据所述第一解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;Step S45: Acquire second network state information of the application processor side obtained by the application processor according to the first unlock code, and a second unlock code stored by the application processor side;
在本发明实施例的终端解除锁网的方法中,当用户输入第一解锁码后,会同时在通信处理器侧和应用处理器侧对该解锁码进行校验。因此,在应用处理器侧,同样会根据该解锁码,利用哈希算法,计算获得第二解锁哈希值,然后比较计算的第二解锁哈希值与应用处理器侧的RPMB中存储的哈希算法参数,即第二哈希值,是否一致,若一致,则该应用处理器侧的第二网络状态信息为解锁状态,若不一致,则第二网络状态信息为锁网状态。In the method for unlocking the network in the terminal of the embodiment of the present invention, when the user inputs the first unlocking code, the unlocking code is verified on both the communication processor side and the application processor side. Therefore, on the application processor side, the second unlocking hash value is calculated by using the hash algorithm according to the unlocking code, and then the calculated second unlocking hash value is compared with the stored in the RPMB of the application processor side. The second network state information of the application processor side is the unlocked state, and if not, the second network state information is the locked network state.
其中,由于在通信处理器侧和在应用处理器侧进行哈希算法过程中的salt值和iteration不相同,所以可以获得不相同的第一解锁哈希值和第二解锁哈希值。Wherein, since the salt value and the iteration in the process of performing the hash algorithm on the communication processor side and the application processor side are different, different first unlocked hash values and second unlocked hash values can be obtained.
当应用处理器侧根据获取到的解锁码,确定了第二网络状态信息后,需要将第二网络状态信息及应用处理器侧存储的第二解锁码传输给通信处理器。所以,应用处理器侧会向通信处理器发送一个信息读取消息,通信处理器在接收到该信息读取消息后,则会读取第二网络状态信息和第二解锁码。After the application processor side determines the second network state information according to the obtained unlock code, the second network state information and the second unlock code stored by the application processor side need to be transmitted to the communications processor. Therefore, the application processor side sends an information read message to the communication processor, and after receiving the information read message, the communication processor reads the second network state information and the second unlock code.
另外,为了使得通信处理器侧和应用处理器侧的信息传输更加安全,应用处理器会从终端的内存中分配一个存储区,而且该存储区的安全密钥只在通信处理器侧和应用处理器侧共享。所以,通信处理器确定的第一网络状态信息和原来在通信处理器的SFS中存储的第三解锁码可以加密处理后,保存在该存储区中。同样,应用处理器确定的第二网络状态信息和原来在应用处理器的RPMB中存储的第二解锁码也可以加密处理后,保存在该存储区中。In addition, in order to make the information transmission on the communication processor side and the application processor side more secure, the application processor allocates a storage area from the memory of the terminal, and the security key of the storage area is processed only on the communication processor side and the application. Share on the side of the device. Therefore, the first network state information determined by the communication processor and the third unlock code originally stored in the SFS of the communication processor can be encrypted and stored in the storage area. Similarly, the second network state information determined by the application processor and the second unlock code originally stored in the RPMB of the application processor may also be encrypted and stored in the storage area.
所以,当应用处理器需要与通信处理器进行数据传输时,可首先将其加密保存在该存储区中,然后通信处理器则可根据其享有的安全密钥从该存取区中读取相应的数据。 Therefore, when the application processor needs to perform data transmission with the communication processor, it can first be encrypted and stored in the storage area, and then the communication processor can read correspondingly from the access area according to the security key it enjoys. The data.
步骤S47、判断所述第一网络状态信息与所述第二网络状态信息是否一致,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否均为解锁状态;Step S47: determining whether the first network state information is consistent with the second network state information, and whether the third unlock code and the second unlock code stored on the communication processor side are both unlocked states;
对于锁网版本的终端,若用户输入的解锁码是错误的,那么就可能使得第一网络状态信息与第二网络状态信息不一致,或者第三解锁码与第二解锁码不一致,或者第一网络状态信息与第二网络状态信息均为锁网状态。此时,还可提示用户重新输入解锁码。另外,还可进一步判断解锁次数是否达到预定阈值,若达到预定阈值,则可以提示用户重新启动该终端,若未达到预定阈值,则提示用户重新输入解锁码。For the lock version of the terminal, if the unlock code input by the user is wrong, the first network state information may be inconsistent with the second network state information, or the third unlock code may be inconsistent with the second unlock code, or the first network. The status information and the second network status information are both locked state. At this point, you can also prompt the user to re-enter the unlock code. In addition, it may be further determined whether the number of unlocking times reaches a predetermined threshold. If the predetermined threshold is reached, the user may be prompted to restart the terminal. If the predetermined threshold is not reached, the user is prompted to re-enter the unlocking code.
步骤S49、若所述第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致,则解锁成功;若所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,或者所述第三解锁码与所述第二解锁码不一致,解锁失败。Step S49, if the first network state information and the second network state information are both in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking succeeds; if the first network The status information and the second network status information are not all unlocked, or the third unlock code is inconsistent with the second unlock code, and the unlocking fails.
也就是说,只有第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致时,才可成功解锁。否则,若第一网络状态信息与第二网络状态信息不一致,或者第三解锁码与第二解锁码不一致,或者第一网络状态信息与第二网络状态信息一致,但均为锁网状态,也不能成功解除锁网。That is to say, only when the first network state information and the second network state information are in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking can be successfully performed. Otherwise, if the first network state information is inconsistent with the second network state information, or the third unlock code is inconsistent with the second unlock code, or the first network state information is consistent with the second network state information, but the network state is locked, The lock network could not be successfully released.
另外,在解锁成功后,可进一步从所述存储区中读取加密处理后的所述第一网络状态信息和所述第三解锁码,并写入SFS中以便于该终端开机时或者再次解除锁网进行判断时使用。其中,这是唯一处允许对SFS中的锁网相关参数进行改写的地方。In addition, after the unlocking is successful, the first network state information and the third unlock code after the encryption process may be further read from the storage area, and written into the SFS, so that the terminal is powered on or released again. Used when the lock network is judged. Among them, this is the only place where it is allowed to rewrite the lock network related parameters in the SFS.
第二实施例Second embodiment
依据本发明实施例的另一个方面,还提供了一种终端解除锁网的方法,该方法获取输入的第一解锁码;根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息;将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器。According to another aspect of the embodiments of the present invention, a method for unlocking a network by a terminal is provided, the method acquiring an input first unlock code, and obtaining a second network state of the application processor side according to the first unlock code calculation And transmitting the second network state information and the second unlock code stored by the application processor side to the communications processor.
本发明实施例的解除锁网的方法,不仅需要在通信处理器侧对用户输入 的解锁码进行验证,在应用处理器侧同样需要对用户输入的解锁码进行验证,所以本发明实施例的解除锁网的方法能够使得锁网安全性更强,破解难度更大。The method for unlocking the network in the embodiment of the present invention not only needs to input the user on the side of the communication processor The unlocking code is verified, and the unlocking code input by the user is also required to be verified on the application processor side. Therefore, the method for unlocking the network in the embodiment of the present invention can make the locking network more secure and more difficult to crack.
如图5所示,该方法应用于应用处理器侧,包括:As shown in FIG. 5, the method is applied to the application processor side, including:
步骤S51、获取输入的第一解锁码;Step S51: Obtain an input first unlock code.
其中,不同锁网版本的终端,具有不同的解锁码。也就是说,一个锁网版本终端具有唯一一个特定的解锁码。只有在该终端中输入该特定的解锁码,才能成功对该终端解除锁网。否则,输入其他不正确的解锁码,无法成功解除锁网。Among them, terminals of different lock network versions have different unlock codes. That is to say, a lock network version terminal has a unique one unlock code. Only when the specific unlock code is input in the terminal can the network be successfully unlocked. Otherwise, enter another incorrect unlock code and the lock will not be successfully released.
对于锁网版本的终端,若该终端处于锁网状态,则用户需要输入解锁码进行解锁,才可使用该终端进行通信。若该终端处于解锁状态,但是用户需要插入另外一张SIM卡,此时,用户同样需要解除该终端的锁网。其中,用户从应用处理器侧的用户界面输入解锁码即可。For the terminal of the lock network version, if the terminal is in the lock network state, the user needs to input the unlock code to unlock, and then the terminal can be used for communication. If the terminal is in the unlocked state, but the user needs to insert another SIM card, the user also needs to unlock the terminal. The user can input the unlock code from the user interface on the application processor side.
步骤S53、根据所述解锁码计算获得应用处理器侧的第二网络状态信息;Step S53: Calculate, according to the unlock code, the second network state information on the application processor side.
对于锁网版本的终端,在该终端出厂时,该终端中就保存着解锁网算法参数,包括HCK、salt值、iteration以及lockflag等。其中,这些解锁网算法参数分成两份存放,其中一份存放在SFS中,只允许通信处理器侧访问;另一份存放在应用处理器侧的RPMB中,只允许应用处理器侧访问。For the lock version of the terminal, when the terminal is shipped from the factory, the unlock network algorithm parameters, including HCK, salt value, iteration, and lockflag, are stored in the terminal. Among them, the parameters of the unlocking network algorithm are stored in two parts, one of which is stored in the SFS and only allowed to be accessed by the communication processor side; the other is stored in the RPMB of the application processor side, and only the application processor side is allowed to access.
其中,当用户输入解锁码后,在应用处理器侧,会根据该解锁码,利用哈希算法计算获得第二解锁哈希值,然后比较计算的第二解锁哈希值与应用处理器侧的RPMB中存储的哈希算法参数,即第二哈希值,是否一致,若一致,则该应用处理器侧的第二网络状态信息为解锁状态,若不一致,则第二网络状态信息为锁网状态。可以理解的是,对于确定第二网络状态信息时所采用的具体算法,并不局限于哈希算法,但是采用的算法需要与锁网版本终端出厂时,保存在内的解锁网算法参数所属于的具体算法相一致。After the user inputs the unlock code, on the application processor side, the second unlock hash value is calculated by using the hash algorithm according to the unlock code, and then the calculated second unlock hash value is compared with the application processor side. The hash algorithm parameters stored in the RPMB, that is, the second hash value, are consistent. If they are consistent, the second network state information of the application processor side is the unlocked state. If not, the second network state information is the lock network. status. It can be understood that the specific algorithm used for determining the second network state information is not limited to the hash algorithm, but the algorithm used needs to be locked with the lock network version terminal, and the unlocked network algorithm parameters are saved. The specific algorithm is consistent.
步骤S55、将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器。Step S55: The second network state information and the second unlock code stored by the application processor side are transmitted to the communications processor.
其中,步骤S55包括: Wherein, step S55 includes:
在终端的内存中分配存储区,其中,所述存储区设置有安全密钥,且所述安全密钥被所述通信处理器共享;Allocating a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
将所述第二网络状态信息和所述第二解锁码加密处理,并将加密处理后的所述第二网络状态信息和第二解锁码存储在所述存储区中;Encrypting the second network state information and the second unlock code, and storing the encrypted second network state information and the second unlock code in the storage area;
向所述通信处理器发送信息读取消息,使得所述通信处理器从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码。Sending an information read message to the communication processor, so that the communication processor reads the encrypted network state information and the second unlock code from the storage area.
也就是,为了使得通信处理器侧和应用处理器侧的信息传输更加安全,应用处理器会从终端的内存中分配一个存储区,而且该存储区的安全密钥只在通信处理器侧和应用处理器侧共享。所以,应用处理器确定的第二网络状态信息和原来在应用处理器的RPMB中存储的第二解锁码也可以加密处理后,保存在该存储区中。然后,通信处理器则可根据其享有的安全密钥从该存取区中读取第二网络状态信息以及第二解锁码,以便于通信处理器执行解除锁网的后续步骤。That is, in order to make the information transmission on the communication processor side and the application processor side more secure, the application processor allocates a storage area from the memory of the terminal, and the security key of the storage area is only on the communication processor side and the application. Processor side sharing. Therefore, the second network state information determined by the application processor and the second unlock code originally stored in the RPMB of the application processor may also be encrypted and stored in the storage area. Then, the communication processor can read the second network state information and the second unlock code from the access area according to the security key it enjoys, so that the communication processor performs the subsequent steps of unlocking the network.
另外,在解锁成功后,可进一步从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码,并写入RPMB中以便于该终端开机时或者再次解除锁网进行判断时使用。其中,这是唯一一处允许对RPMB中的锁网相关参数进行改写的地方。In addition, after the unlocking is successful, the second network state information and the second unlock code after the encryption process may be further read from the storage area, and written into the RPMB so that the terminal is powered on or released again. Used when the lock network is judged. Among them, this is the only place to allow the rewriting of the lock network related parameters in the RPMB.
第三实施例Third embodiment
依据本发明实施例的另一个方面,还提供了一种终端开机的方法,如图6所示,该方法包括:According to another aspect of the embodiments of the present invention, a method for booting a terminal is also provided. As shown in FIG. 6, the method includes:
步骤S61、在接收到用户输入的开机指令后,判断所述终端是否熔丝;Step S61: After receiving the power-on command input by the user, determining whether the terminal is a fuse;
对于锁网版本的终端,在开机时,需要首先检查锁网篡改熔丝(SIM LOCK tamper fuse)是否熔丝,如果熔丝,则终端进入不可使用状态,用户除关机外不能进行任何操作,增加了该终端的使用安全性。For the lock version of the terminal, when booting, you need to first check whether the SIM LOCK tamper fuse is a fuse. If the fuse is used, the terminal enters the unusable state. The user cannot perform any operation except the shutdown. The security of the use of the terminal.
步骤S63、若所述终端未熔丝,则读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息,并判断所述第一网络状态信息与所述第二网络状态信息是否均为解锁状态;Step S63, if the terminal is not fused, reading first network state information stored on the communication processor side of the terminal and second network state information stored on the application processor side, and determining the first Whether the network status information and the second network status information are both unlocked states;
只有在步骤S61中判断该终端并未熔丝时,才可进一步读取第一网络状 态信息和第二网络状态信息。因为,在终端的使用过程中,其解除锁网的过程中存在对终端的通信处理器侧的SFS中的第一网络状态信息进行改写的地方,以及对应用处理器侧的RPMB中的第二网络状态信息进行改写的地方。需要从所述终端的SFS中读取存储的所述第一网络状态信息,并从所述终端的RPMB中读取存储的所述第二网络状态信息。其中,若读取的第一网络状态信息和第二网络状态信息均为解锁状态,则执行步骤S65。The first network shape can be further read only when it is determined in step S61 that the terminal is not fused. State information and second network state information. Because, during the use of the terminal, there is a place to rewrite the first network state information in the SFS of the communication processor side of the terminal in the process of unlocking the network, and a second in the RPMB on the application processor side. The place where the network status information is rewritten. The stored first network state information needs to be read from the SFS of the terminal, and the stored second network state information is read from the RPMB of the terminal. If the read first network state information and the second network state information are both unlocked, step S65 is performed.
但是,若任一次用户输入了错误的解锁码而未成功解除锁网,则该终端在开机启动时,第一网络状态信息与第二网络状态信息均为锁网状态。此时,则需要进一步判断该终端中的SIM卡锁网参数与预先存储在终端中的锁网参数是否一致,并该终端中的SIM卡锁网参数与预先存储在终端中的锁网参数在一致时,启动并进入待机界面,若该终端中的SIM卡锁网参数与预先存储在终端中的锁网参数不一致,则该终端启动,但只能进入锁网有限服务状态。However, if the user does not successfully cancel the lock network once the user inputs the wrong unlock code, the first network state information and the second network state information are both locked state when the terminal is powered on. At this time, it is necessary to further determine whether the SIM card lock network parameter in the terminal is consistent with the lock network parameter pre-stored in the terminal, and the SIM card lock network parameter in the terminal and the lock network parameter pre-stored in the terminal are When they are consistent, they start and enter the standby interface. If the SIM card lock network parameters in the terminal are inconsistent with the lock network parameters pre-stored in the terminal, the terminal starts, but only enters the lock network limited service state.
另外,若该终端若曾被恶意攻击过,则第一状态信息和第二解锁状态信息会不一致,那么该终端则进行熔丝,并提示用户不可使用。In addition, if the terminal has been maliciously attacked, the first state information and the second unlock state information may be inconsistent, and then the terminal performs a fuse and prompts the user to be unavailable.
步骤S65、若所述第一网络状态信息与所述第二网络状态信息均为解锁状态,则判断存储在所述终端的通信处理器侧的第三解锁码与应用处理器侧的第二解锁码是否一致,若一致,所述终端启动进入待机界面。Step S65: If the first network state information and the second network state information are both unlocked, determining a third unlocking code stored on a communication processor side of the terminal and a second unlocking on an application processor side Whether the codes are consistent, if they are consistent, the terminal starts to enter the standby interface.
其中,若该终端若曾被恶意攻击过,则第三解锁码和第二解锁码会不一致,那么该终端则进行熔丝,并提示用户不可使用。If the third unlock code and the second unlock code are inconsistent if the terminal has been maliciously attacked, the terminal performs a fuse and prompts the user to be unavailable.
因此,本发明实施例的终端开机的方法中,在该终端未熔丝,且通信处理器侧的第一网络状态信息和应用处理器侧的第二网络状态信息一致,且通信处理器侧存储的第三解锁码和第二解锁码一致时,终端启动并进入待机界面,避免了该终端被恶意攻击后,仍然可以使用,增强了终端的使用安全性。Therefore, in the method for starting the terminal of the embodiment of the present invention, the terminal is not fused, and the first network state information on the communication processor side and the second network state information on the application processor side are consistent, and the communication processor side stores When the third unlock code and the second unlock code are consistent, the terminal starts up and enters the standby interface, which prevents the terminal from being maliciously attacked and can still be used, thereby enhancing the security of the terminal.
第四实施例Fourth embodiment
依据本发明实施例的另一个方面,提供了一种终端解除锁网的装置,应用于通信处理器侧,如图7所示,该装置700包括:According to another aspect of the present invention, a device for unlocking a network is provided, which is applied to a communication processor side. As shown in FIG. 7, the device 700 includes:
第一获取模块701,设置为获取输入的第一解锁码;The first obtaining module 701 is configured to obtain the input first unlocking code;
第一计算模块702,设置为根据所述第一获取模块701获取的所述第一 解锁码,计算获得通信处理器侧的第一网络状态信息;The first calculating module 702 is configured to be configured according to the first acquired by the first acquiring module 701 Unlocking the code, and calculating the first network state information on the communication processor side;
第二获取模块704,设置为获取应用处理器根据所述第一解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;The second obtaining module 704 is configured to acquire second network state information of the application processor side obtained by the application processor according to the first unlocking code, and a second unlocking code stored by the application processor side;
第一判断模块705,设置为判断所述第一网络状态信息与所述第二网络状态信息是否一致,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否均为解锁状态;The first determining module 705 is configured to determine whether the first network state information is consistent with the second network state information, and whether the third unlocking code and the second unlocking code stored on the communications processor side are both Unlocked state;
确定模块706,设置为当所述第一判断模块705判断所述第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致时,确定解锁成功;当所述第一判断模块判断所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,或所述第三解锁码与所述第二解锁码不一致时,确定解锁失败。The determining module 706 is configured to: when the first determining module 705 determines that the first network state information and the second network state information are both unlocked, and the third unlocking code is consistent with the second unlocking code Determining that the unlocking succeeds; when the first determining module determines that the first network state information and the second network state information are not all unlocked states, or the third unlocking code is inconsistent with the second unlocking code When it is determined that the unlocking failed.
可选地,所述第一计算模块702包括:Optionally, the first calculating module 702 includes:
第一计算单元7021,设置为根据所述解锁码,利用哈希算法获得第一解锁哈希值;The first calculating unit 7021 is configured to obtain a first unlocking hash value by using a hash algorithm according to the unlocking code;
第一判断单元7022,设置为判断所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值是否一致;若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值一致,则所述第一网络状态信息为解锁状态;若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值不一致,则所述第一网络状态信息为锁网状态。The first determining unit 7022 is configured to determine whether the first unlocking hash value is consistent with the first hash value stored by the communications processor side; if the first unlocking hash value is opposite to the communications processor side If the stored first hash value is consistent, the first network state information is an unlocked state; if the first unlocked hash value does not match the first hash value stored by the communications processor side, the first A network status information is a lock network status.
可选地,所述第二获取模块704包括:Optionally, the second obtaining module 704 includes:
接收单元7041,设置为接收所述应用处理器发送的信息读取消息;The receiving unit 7041 is configured to receive an information read message sent by the application processor;
读取单元7042,设置为根据所述信息读取消息,从所述应用处理器在终端的内存中分配的存储区中读取经过加密处理后的所述第二网络状态信息和所述第二解锁码,其中,所述存储区的安全密钥被所述通信处理器共享。The reading unit 7042 is configured to read, according to the information read message, the second network state information and the second processed after being encrypted, from a storage area allocated by the application processor in a memory of the terminal An unlock code, wherein a security key of the storage area is shared by the communication processor.
可选地,所述装置700还包括:Optionally, the device 700 further includes:
加密模块703,设置为将所述第一网络状态信息和所述通信处理器侧存储的第三解锁码加密处理,并将加密处理后的所述第一网络状态信息和第三 解锁码保存在所述存储区中。The encryption module 703 is configured to encrypt the first network state information and the third unlock code stored on the communication processor side, and encrypt the processed first network state information and the third The unlock code is saved in the storage area.
可选地,所述装置700还包括:Optionally, the device 700 further includes:
第一写入模块707,设置为在解锁成功后,从所述存储区中读取加密处理后的所述第一网络状态信息和所述第三解锁码,并写入安全文档系统。The first writing module 707 is configured to read the encrypted first network state information and the third unlocking code from the storage area after the unlocking is successful, and write the third network unlocking code to the secure document system.
可选地,所述装置700还包括:Optionally, the device 700 further includes:
第二判断模块708,设置为在解锁失败后,判断解锁次数是否达到预定阈值,若所述解锁次数达到预定阈值,则重新启动;若所述解锁次数未达到预定阈值,提示用户重新输入解锁码。The second judging module 708 is configured to determine whether the unlocking number reaches a predetermined threshold after the unlocking fails, and if the unlocking number reaches a predetermined threshold, restarting; if the unlocking number does not reach the predetermined threshold, prompting the user to re-enter the unlocking code .
第五实施例Fifth embodiment
依据本发明实施例的另一个方面,提供了一种终端解除锁网的装置,应用于应用处理器侧,如图8所示,该装置800包括:According to another aspect of the present invention, a device for unlocking a network is provided, which is applied to an application processor side. As shown in FIG. 8, the device 800 includes:
第三获取模块801,设置为获取输入的第一解锁码;The third obtaining module 801 is configured to obtain the input first unlocking code;
第二计算模块802,设置为根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息;The second calculating module 802 is configured to obtain second network state information of the application processor side according to the first unlocking code calculation;
传输模块803,设置为将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器。The transmission module 803 is configured to transmit the second network state information and the second unlock code stored by the application processor side to the communications processor.
可选地,所述第二计算模块802包括:Optionally, the second calculating module 802 includes:
第二计算单元8021,设置为根据所述第一解锁码,利用哈希算法获得第二解锁哈希值;The second calculating unit 8021 is configured to obtain a second unlocking hash value by using a hash algorithm according to the first unlocking code;
第二判断单元8022,设置为判断所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值是否一致;若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值一致,则所述第二网络状态信息为解锁状态;若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值不一致,则所述第二网络状态信息为锁网状态。The second determining unit 8022 is configured to determine whether the second unlocking hash value is consistent with the second hash value stored by the application processor side; if the second unlocking hash value is opposite to the application processor side If the stored second hash value is consistent, the second network state information is an unlocked state; if the second unlocked hash value does not match the second hash value stored by the application processor side, the first The second network status information is a lock network status.
可选地,所述传输模块803包括:Optionally, the transmission module 803 includes:
分配单元8031,设置为在终端的内存中分配存储区,其中,所述存储区设置有安全密钥,且所述安全密钥被所述通信处理器共享; The allocating unit 8031 is configured to allocate a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
加密单元8032,设置为将所述第二网络状态信息和所述第二解锁码进行加密处理,并将加密处理后的所述第二网络状态信息和第二解锁码存储在所述存储区中;The encryption unit 8032 is configured to perform encryption processing on the second network state information and the second unlock code, and store the encrypted second network state information and the second unlock code in the storage area. ;
发送单元8033,设置为向所述通信处理器发送信息读取消息,使得所述通信处理器从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码。The sending unit 8033 is configured to send an information read message to the communications processor, so that the communications processor reads the second network state information and the second unlocking code after the encryption process from the storage area. .
可选地,所述装置800还包括:Optionally, the device 800 further includes:
第二写入模块804,设置为解锁成功后,从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码,并将所述加密处理后的所述第二网络状态信息和第二解锁码写入回写内存保护区。The second writing module 804 is configured to read the encrypted second network state information and the second unlocking code from the storage area after the unlocking is successful, and the encrypted processing The second network state information and the second unlock code are written back to the write memory protection area.
第六实施例Sixth embodiment
依据本发明实施例的另一个方面,还提供了一种终端开机的装置,如图9所示,该装置900包括:According to another aspect of the embodiments of the present invention, there is also provided a device for booting a terminal. As shown in FIG. 9, the device 900 includes:
第三判断模块901,设置为在接收到用户输入的开机指令后,判断终端是否熔丝;The third determining module 901 is configured to determine, after receiving the power-on command input by the user, whether the terminal is a fuse;
第四判断模块902,设置为当所述第三判断模块901判断所述终端未熔丝,读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息,并判断所述第一网络状态信息与所述第二网络状态信息是否均为解锁状态;The fourth determining module 902 is configured to: when the third determining module 901 determines that the terminal is not fused, read the first network state information stored on the communication processor side of the terminal and stored on the application processor side. Determining, by the second network state information, whether the first network state information and the second network state information are both unlocked states;
第五判断模块903,设置为当所述第四判断模块902判断所述第一网络状态信息与所述第二网络状态信息均为解锁状态,则判断存储在所述终端的通信处理器侧的第三解锁码与应用处理器侧的第二解锁码是否一致,若所述第三解锁码与所述第二解锁码一致,所述终端启动进入待机界面。The fifth judging module 903 is configured to: when the fourth judging module 902 determines that the first network state information and the second network state information are both unlocked, determine that the communication processor side is stored on the terminal Whether the third unlocking code is consistent with the second unlocking code on the application processor side, and if the third unlocking code is consistent with the second unlocking code, the terminal starts to enter the standby interface.
可选地,所述装置900还包括:Optionally, the device 900 further includes:
熔丝模块904,设置为当所述第四判断模块902判断所述第一网络状态信息与所述第二网络状态信息不一致时,或者当所述第五判断模块903判断所述第三解锁码与所述第二解锁码不一致时,进行熔丝。The fuse module 904 is configured to: when the fourth determining module 902 determines that the first network state information is inconsistent with the second network state information, or when the fifth determining module 903 determines the third unlocking code When the second unlock code does not coincide with the fuse, the fuse is performed.
可选地,所述装置900还包括: Optionally, the device 900 further includes:
第六判断模块905,设置为当所述第四判断模块902判断所述第一网络状态信息与所述第二网络状态信息均为锁网状态时,判断SIM卡锁网参数与预先存储在所述终端中的锁网参数是否一致;若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数不一致,所述终端启动并进入锁网有限服务状态;若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数一致,所述终端启动并进入待机界面。The sixth judging module 905 is configured to: when the fourth judging module 902 determines that the first network state information and the second network state information are both locked state, determine the SIM card lock network parameters and pre-stored in the Whether the lock network parameters in the terminal are consistent; if the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state; if the SIM The card lock network parameter is consistent with the lock network parameter pre-stored in the terminal, and the terminal starts and enters a standby interface.
可选地,所述第四判断模块902通过如下方式实现在所述读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息:Optionally, the fourth determining module 902 implements, in the manner of reading, the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side:
读取所述终端的安全文档系统中存储的所述第一网络状态信息,以及所述终端的回写内存保护区中存储的所述第二网络状态信息。And reading the first network state information stored in the security file system of the terminal, and the second network state information stored in the write-back memory protection zone of the terminal.
第七实施例Seventh embodiment
如图10所示,为本发明实施例的终端的锁网架构图。As shown in FIG. 10, it is a lock network architecture diagram of a terminal according to an embodiment of the present invention.
其中,图中通信处理器侧包括:Wherein, the communication processor side in the figure includes:
锁网引擎(SIM LOCK Engine),设置为处理通信处理器侧的相关解锁操作,执行锁网解锁操作的主流程;The SIM LOCK Engine is configured to handle the related unlocking operation on the communication processor side and execute the main process of the lock network unlocking operation;
多模通用卡驱动接口(MMGSDI task),设置为获取SIM卡消息,并提供给锁网引擎;A multi-mode universal card driver interface (MMGSDI task), configured to obtain a SIM card message and provide the lock network engine;
SIM卡驱动(UIM/SIM drivers),设置为驱动SIM卡;SIM card driver (UIM/SIM drivers), set to drive the SIM card;
安全文件系统(SFS),设置为存储锁网相关参数,并提供应用程序编程(API)接口,其中,存储在SFS中的数据均是加密存储。Secure File System (SFS), set to store lock network related parameters, and provides an application programming (API) interface, where the data stored in the SFS is encrypted storage.
应用处理器侧包括:The application processor side includes:
系统用户界面(Android UI),设置为提供解锁码输入界面,显示锁网状态,提示解锁出错;The system user interface (Android UI) is set to provide an unlock code input interface, displaying the lock network status, prompting an unlock error;
无线接口层驱动(RILD),作为系统用户界面与通信处理器之间的无线协议接口;Wireless Interface Layer Driver (RILD) as a wireless protocol interface between the system user interface and the communication processor;
锁网应用(SIM Lock app),运行在信任区(Trust Zone),执行应用处 理器侧的密钥验证算法,例如PBKDF2,检查用户输入的解锁码是否正确,并在内存中分配用于通信处理器与应用处理器之间进行数据传输的存储区(Secure Channel),其中,Secure Channel仅能被Trust Zone和通信处理器访问,由芯片xPU进行访问控制,传输数据为加密数据,且密钥只在通信处理器和Trust Zone之间共享;SIM Lock app, running in the Trust Zone, executing the application A key verification algorithm on the processor side, such as PBKDF2, checks whether the unlock code input by the user is correct, and allocates a storage area (Secure Channel) for data transmission between the communication processor and the application processor in the memory, wherein The Secure Channel can only be accessed by the Trust Zone and the communication processor, accessed by the chip xPU, and the transmitted data is encrypted data, and the key is only shared between the communication processor and the Trust Zone;
回写内存保护区(RPMB),设置为存储锁网相关参数;Write back the memory protection area (RPMB), set to store the lock network related parameters;
锁网服务(SIM LOCK Service),主要功能为通信处理器向Secure Channel写入加密数据以后,SIM LOCK Service收到相关通知消息,SIM LOCK Service发送通知消息通知Trust Zone从Secure Channel读取相关数据,同样的,当Trust Zone向Secure Channel写入加密数据以后,通知SIM LOCK Service向通信处理器发送相关通知消息通知。The main function of the SIM LOCK Service is that after the communication processor writes the encrypted data to the Secure Channel, the SIM LOCK Service receives the notification message, and the SIM LOCK Service sends a notification message to notify the Trust Zone to read the relevant data from the Secure Channel. Similarly, when the Trust Zone writes encrypted data to the Secure Channel, it notifies the SIM LOCK Service to send a notification notification message to the communication processor.
基于图10所述的终端的锁网架构图,其终端的开机流程如图11所示。包括:Based on the lock network architecture diagram of the terminal shown in FIG. 10, the boot process of the terminal is as shown in FIG. include:
步骤S1001、判断终端是否被篡改熔丝,若终端被篡改熔丝,则转步骤S1006,;若终端未被篡改熔丝,则转步骤S1002;Step S1001, determining whether the terminal is tampering with the fuse, if the terminal is tamper with the fuse, then step S1006; if the terminal has not tamper with the fuse, then step S1002;
步骤S1002、判断应用处理器侧与通信处理器侧的状态是否一致,若应用处理器侧与通信处理器侧的状态不一致,则执行步骤S1005;若应用处理器侧与通信处理器侧的状态一致,则执行步骤S1003;Step S1002: determining whether the state of the application processor side and the communication processor side are the same, and if the state of the application processor side and the communication processor side do not match, step S1005 is performed; if the application processor side is consistent with the state of the communication processor side , step S1003 is performed;
步骤S1003、判断是解锁状态还是锁网状态;若应用处理器侧与通信处理器侧均为锁网状态,则执行步骤S1004;若应用处理器侧与通信处理器侧均为解锁状态,则执行步骤S1008;Step S1003, determining whether it is an unlocked state or a locked network state; if the application processor side and the communication processor side are both locked state, step S1004 is performed; if the application processor side and the communication processor side are both unlocked, executing Step S1008;
步骤S1004、判断锁网参数与SIM卡参数是否一致,若锁网参数与SIM卡参数致,则执行步骤S1008;若锁网参数与SIM卡参数不一致,则执行步骤S1007;Step S1004, determining whether the lock network parameters and SIM card parameters are consistent, if the lock network parameters and SIM card parameters, then step S1008; if the lock network parameters and SIM card parameters are inconsistent, then step S1007;
步骤S1005、熔丝,进而终端进入不可使用状态;Step S1005, the fuse, and then the terminal enters an unusable state;
步骤S1006、终端进入不可使用状态。In step S1006, the terminal enters an unusable state.
步骤S1007、锁网有限服务状态。Step S1007, the lock network limited service state.
步骤S1008、正常开机。 Step S1008, starting normally.
基于图10所述的终端的锁网架构图,其终端的解锁流程如图12所示。包括:Based on the lock network architecture diagram of the terminal shown in FIG. 10, the unlocking process of the terminal is as shown in FIG. 12. include:
当用户在上层系统输入解锁码后,上层系统会将该解锁码分别传给应用处理器侧和通信处理器侧,通信处理器侧和应用处理器侧分别进行哈希计算;After the user inputs the unlock code in the upper layer system, the upper layer system transmits the unlock code to the application processor side and the communication processor side respectively, and the communication processor side and the application processor side respectively perform hash calculation;
其中,在通信处理器侧,计算出第一解锁哈希值(HCK1),然后与SFS中存储的第一哈希值进行比较,如果第一解锁哈希值与SFS中存储的第一哈希值一致,则第一网络状态信息(lockstate1)为(解锁状态)unlocked;如果第一解锁哈希值与SFS中存储的第一哈希值不一致,则第一网络状态信息为(锁网状态)locked;将lockstate1及SFS中的第三解锁码(CK3)数据写入secure channel。Wherein, on the communication processor side, the first unlocked hash value (HCK1) is calculated, and then compared with the first hash value stored in the SFS, if the first unlocked hash value and the first hash stored in the SFS If the values are consistent, the first network state information (lockstate1) is (unlocked state) unlocked; if the first unlocked hash value is inconsistent with the first hash value stored in the SFS, the first network state information is (locked network state) Locked; writes the third unlock code (CK3) data in lockstate1 and SFS to the secure channel.
在应用处理器侧,计算出第二解锁哈希值(HCK2),然后与RPMB中存储的第二哈希值进行比较,如果第二解锁哈希值与RPMB中存储的第二哈希值一致,则第二网络状态信息(lockstate2)为unlocked;如果第二解锁哈希值与RPMB中存储的第二哈希值不一致,则第二网络状态信息为locked;将lockstate2及RPMB中的第二解锁码(CK2)数据写入secure channel。On the application processor side, the second unlock hash value (HCK2) is calculated and then compared with the second hash value stored in the RPMB if the second unlock hash value is consistent with the second hash value stored in the RPMB. The second network state information (lockstate2) is unlocked; if the second unlocking hash value is inconsistent with the second hash value stored in the RPMB, the second network state information is locked; the second unlock in the lockstate2 and the RPMB The code (CK2) data is written to the secure channel.
其中,当通信处理器侧收到应用处理器侧写入数据通知后会检查lockstate1与lockstate2以及CK3与CK2是否一致,如果lockstate1与lockstate2均为解锁状态,且CK3与CK2致,则解锁成功,将lockstate1与第三解锁码(CK3)一起写入SFS及secure channel,由SIM LOCK Service通知Trust Zone,Trust Zone写入RPMB;如果lockstate1与lockstate2不是均为解锁状态,活着CK3与CK2不一致,则判断解锁识别次数是否达到预定阈值,若解锁识别次数未达到预定阈值,则提示用户重新输入;若解锁识别次数达到预定阈值,则终端重启。When the communication processor side receives the application processor side write data notification, it checks whether lockstate1 and lockstate2 and CK3 and CK2 are consistent. If both lockstate1 and lockstate2 are unlocked, and CK3 and CK2 are caused, the unlocking succeeds. Lockstate1 is written to the SFS and secure channel along with the third unlock code (CK3). The Trust Zone is notified by the SIM LOCK Service, and the Trust Zone is written to the RPMB. If lockstate1 and lockstate2 are not unlocked, and the live CK3 and CK2 are inconsistent, the unlock is judged. Whether the number of times of recognition reaches a predetermined threshold, if the number of times of unlocking recognition does not reach a predetermined threshold, the user is prompted to re-enter; if the number of times of unlocking recognition reaches a predetermined threshold, the terminal restarts.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,所述计算机可执行指令被执行时实现应用于通信处理器侧的终端解除锁网的方法。The embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the terminal on the communication processor side to unlock the network. Methods.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,所述计算机可执行指令被执行时实现应用于应用处理器侧的终端解除锁网的方法。 The embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores computer executable instructions, and when the computer executable instructions are executed, the terminal is applied to the application processor side to unlock the network. Methods.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,所述计算机可执行指令被执行时实现终端开机的方法。The embodiment of the invention further provides a computer readable storage medium, wherein the computer readable storage medium stores computer executable instructions, and the method for implementing booting of the terminal when the computer executable instructions are executed.
综上所述,本实施例的终端的锁网系统包括应用处理器侧和通信处理器侧两部分,进行锁网解除时,在通信处理器侧和应用处理器侧同时对输入的解锁码进行验证,从而使得锁网安全性更强,破解难度更大。In summary, the lock network system of the terminal of the embodiment includes two parts, an application processor side and a communication processor side. When the lock network is released, the input unlock code is simultaneously performed on the communication processor side and the application processor side. Verification, which makes the lock network more secure and more difficult to crack.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件(例如处理器)完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,例如通过集成电路来实现其相应功能,也可以采用软件功能模块的形式实现,例如通过处理器执行存储于存储器中的程序/指令来实现其相应功能。本申请不限制于任何特定形式的硬件和软件的结合。本领域的普通技术人员应当理解,可以对本申请的技术方案进行修改或者等同替换,而不脱离本申请技术方案的精神和范围,均应涵盖在本申请的权利要求范围当中。One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct related hardware, such as a processor, which may be stored in a computer readable storage medium, such as a read only memory, disk or optical disk. Wait. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. / instruction to achieve its corresponding function. This application is not limited to any specific combination of hardware and software. A person skilled in the art should understand that the technical solutions of the present application can be modified or equivalent, without departing from the spirit and scope of the technical solutions of the present application, and should be included in the scope of the claims of the present application.
工业实用性Industrial applicability
上述技术方案使得锁网安全性更强,破解难度更大。 The above technical solution makes the lock network more secure and more difficult to crack.

Claims (28)

  1. 一种终端解除锁网的方法,包括:A method for a terminal to unlock a network includes:
    获取输入的第一解锁码;Obtain the first unlock code entered;
    根据所述第一解锁码,计算获得通信处理器侧的第一网络状态信息;Calculating, according to the first unlocking code, first network state information on the communication processor side;
    获取应用处理器根据所述第一解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;Obtaining second network state information of the application processor side obtained by the application processor according to the first unlock code, and a second unlock code stored by the application processor side;
    判断所述第一网络状态信息与所述第二网络状态信息是否均为解锁状态,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否一致;Determining whether the first network state information and the second network state information are both in an unlocked state, and whether the third unlocking code stored on the communications processor side is consistent with the second unlocking code;
    若所述第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致,则解锁成功;若所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,或者所述第三解锁码与所述第二解锁码不一致,则解锁失败。If the first network state information and the second network state information are both in an unlocked state, and the third unlocking code is consistent with the second unlocking code, the unlocking succeeds; if the first network state information and The second network state information is not all unlocked, or the third unlock code does not match the second unlock code, and the unlocking fails.
  2. 如权利要求1所述的方法,其中,所述根据所述第一解锁码,计算获得所述通信处理器侧的第一网络状态信息,包括:The method of claim 1, wherein the calculating the first network state information on the communication processor side according to the first unlock code comprises:
    根据所述解锁码,利用哈希算法获得第一解锁哈希值;Obtaining a first unlocking hash value by using a hash algorithm according to the unlocking code;
    判断所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值是否一致;Determining whether the first unlock hash value is consistent with the first hash value stored on the communication processor side;
    若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值一致,则所述第一网络状态信息为解锁状态;If the first unlocking hash value is consistent with the first hash value stored by the communications processor side, the first network state information is an unlocked state;
    若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值不一致,则所述第一网络状态信息为锁网状态。If the first unlock hash value does not match the first hash value stored on the communication processor side, the first network state information is a lock network state.
  3. 如权利要求1所述的方法,其中,所述获取应用处理器根据所述解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码,包括:The method of claim 1, wherein the acquisition application processor calculates the obtained second network state information of the application processor side according to the unlock code, and the second unlocking stored by the application processor side. Code, including:
    接收所述应用处理器发送的信息读取消息;Receiving an information read message sent by the application processor;
    根据所述信息读取消息,从所述应用处理器在终端的内存中分配的存储区中读取经过加密处理后的所述第二网络状态信息和所述第二解锁码,其中, 所述存储区的安全密钥被所述通信处理器共享。The second network state information and the second unlock code after the encryption process are read from the storage area allocated by the application processor in the memory of the terminal, according to the information read message, where The security key of the storage area is shared by the communication processor.
  4. 如权利要求3所述的方法,所述根据所述解锁码,计算获得所述通信处理器侧的第一网络状态信息之后,所述方法还包括:The method of claim 3, after the obtaining the first network state information on the communication processor side according to the unlocking code, the method further comprises:
    将所述第一网络状态信息和所述通信处理器侧存储的第三解锁码进行加密处理,并将加密处理后的所述第一网络状态信息和第三解锁码保存在所述存储区中。Encrypting the first network state information and the third unlock code stored on the communication processor side, and storing the encrypted first network state information and the third unlock code in the storage area .
  5. 如权利要求4所述的方法,所述解锁成功之后,所述方法还包括:The method of claim 4, after the unlocking is successful, the method further comprises:
    从所述存储区中读取加密处理后的所述第一网络状态信息和所述第三解锁码,并写入安全文档系统。The first network state information and the third unlock code after the encryption process are read from the storage area and written into the secure document system.
  6. 如权利要求1所述的方法,所述解锁失败之后,所述方法还包括:The method of claim 1, after the unlocking fails, the method further comprises:
    判断解锁次数是否达到预定阈值,若所述解锁次数达到预定阈值,则重新启动,若所述解锁次数未达到预定阈值,则提示用户重新输入解锁码。It is determined whether the number of unlocking times reaches a predetermined threshold. If the number of unlocking times reaches a predetermined threshold, the system restarts. If the number of unlocking times does not reach the predetermined threshold, the user is prompted to re-enter the unlocking code.
  7. 一种终端解除锁网的方法,包括:A method for a terminal to unlock a network includes:
    获取输入的第一解锁码;Obtain the first unlock code entered;
    根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息;Obtaining second network state information of the application processor side according to the first unlock code calculation;
    将所述第二网络状态信息以及所述应用处理器侧存储的第二解锁码传输给通信处理器。Transmitting the second network state information and the second unlock code stored on the application processor side to the communications processor.
  8. 如权利要求7所述的方法,所述根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息,包括:The method of claim 7, the calculating the second network state information of the application processor side according to the first unlock code, comprising:
    根据所述第一解锁码,利用哈希算法获得第二解锁哈希值;Obtaining a second unlocking hash value by using a hash algorithm according to the first unlocking code;
    判断所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值是否一致;Determining whether the second unlock hash value is consistent with the second hash value stored by the application processor side;
    若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值一致,则所述第二网络状态信息为解锁状态;If the second unlocking hash value is consistent with the second hash value stored by the application processor side, the second network state information is an unlocked state;
    若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值不一致,则所述第二网络状态信息为锁网状态。And if the second unlock hash value does not match the second hash value stored by the application processor side, the second network state information is a lock network state.
  9. 如权利要求8所述的方法,其中,所述将所述第二网络状态信息以及 所述应用处理器侧存储的第二解锁码传输给通信处理器,包括:The method of claim 8 wherein said said second network status information and The second unlock code stored on the application processor side is transmitted to the communications processor, and includes:
    在终端的内存中分配存储区,其中,所述存储区设置有安全密钥,且所述安全密钥被所述通信处理器共享;Allocating a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
    将所述第二网络状态信息和所述第二解锁码进行加密处理,并将加密处理后的所述第二网络状态信息和第二解锁码存储在所述存储区中;Encrypting the second network state information and the second unlock code, and storing the encrypted second network state information and the second unlock code in the storage area;
    向所述通信处理器发送信息读取消息,使得所述通信处理器从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码。Sending an information read message to the communication processor, so that the communication processor reads the encrypted network state information and the second unlock code from the storage area.
  10. 如权利要求9所述的方法,其中,所述安全密钥还被所述应用处理器共享;The method of claim 9 wherein said security key is further shared by said application processor;
    所述解锁成功后,所述方法还包括:After the unlocking is successful, the method further includes:
    从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码,并将所述加密处理后的所述第二网络状态信息和第二解锁码写入回写内存保护区。Reading the second network state information and the second unlock code after the encryption process from the storage area, and writing the second network state information and the second unlock code after the encryption process Write a memory protection area.
  11. 一种终端开机的方法,包括:A method for booting a terminal, comprising:
    在接收到输入的开机指令后,判断终端是否熔丝;After receiving the input power-on command, determining whether the terminal is a fuse;
    若未熔丝,则读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息,并判断所述第一网络状态信息与所述第二网络状态信息是否均为解锁状态;If not, reading the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side, and determining the first network state information and the Whether the second network status information is in an unlocked state;
    若所述第一网络状态信息与所述第二网络状态信息均为解锁状态,则判断存储在所述终端的通信处理器侧的第三解锁码与应用处理器侧的第二解锁码是否一致,若所述第三解锁码与所述第二解锁码一致,则所述终端启动进入待机界面。If the first network state information and the second network state information are both in an unlocked state, determining whether the third unlocking code stored on the communication processor side of the terminal is consistent with the second unlocking code on the application processor side If the third unlock code is consistent with the second unlock code, the terminal starts to enter the standby interface.
  12. 如权利要求11所述的方法,所述方法还包括:The method of claim 11 further comprising:
    若所述第一网络状态信息与所述第二网络状态信息不是均为解锁状态,或者若所述第三解锁码与所述第二解锁码不一致,则进行熔丝。If the first network state information and the second network state information are not both unlocked states, or if the third unlocking code does not match the second unlocking code, the fuse is performed.
  13. 如权利要求11所述的方法,所述方法还包括:The method of claim 11 further comprising:
    若所述第一网络状态信息与所述第二网络状态信息均为锁网状态,则判 断客户识别模块SIM卡锁网参数与预先存储在所述终端中的锁网参数是否一致;If the first network state information and the second network state information are both locked state, then Whether the SIM card lock network parameter of the customer identification module is consistent with the lock network parameter pre-stored in the terminal;
    若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数不一致,所述终端启动并进入锁网有限服务状态;If the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state;
    若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数一致,所述终端启动并进入待机界面。If the SIM card lock network parameter is consistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a standby interface.
  14. 如权利要求11所述的方法,其中,所述读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息包括:The method of claim 11, wherein the reading the first network state information stored on the communication processor side of the terminal and the second network state information stored on the application processor side comprises:
    读取所述终端的安全文档系统中存储的所述第一网络状态信息,以及所述终端的回写内存保护区中存储的所述第二网络状态信息。And reading the first network state information stored in the security file system of the terminal, and the second network state information stored in the write-back memory protection zone of the terminal.
  15. 一种终端解除锁网的装置,包括:A device for unlocking a network of a terminal, comprising:
    第一获取模块,设置为获取输入的第一解锁码;a first acquiring module, configured to obtain an input first unlocking code;
    第一计算模块,设置为根据所述第一获取模块获取的所述第一解锁码,计算获得通信处理器侧的第一网络状态信息;The first calculating module is configured to calculate, according to the first unlocking code acquired by the first acquiring module, the first network state information obtained on the communication processor side;
    第二获取模块,设置为获取应用处理器根据所述第一解锁码计算获得的所述应用处理器侧的第二网络状态信息,以及所述应用处理器侧存储的第二解锁码;a second acquiring module, configured to acquire second network state information of the application processor side obtained by the application processor according to the first unlocking code, and a second unlocking code stored by the application processor side;
    第一判断模块,设置为判断所述第一网络状态信息与所述第二网络状态信息是否一致,以及所述通信处理器侧存储的第三解锁码与所述第二解锁码是否均为解锁状态;a first determining module, configured to determine whether the first network state information is consistent with the second network state information, and whether the third unlocking code and the second unlocking code stored on the communications processor side are both unlocked status;
    确定模块,设置为当所述第一判断模块判断所述第一网络状态信息和所述第二网络状态信息均为解锁状态,且所述第三解锁码与所述第二解锁码一致时,确定解锁成功;当所述第一判断模块判断所述第一网络状态信息和所述第二网络状态信息不是均为解锁状态,或所述第三解锁码与所述第二解锁码不一致时,确定解锁失败。a determining module, configured to: when the first determining module determines that the first network state information and the second network state information are both unlocked, and the third unlocking code is consistent with the second unlocking code, Determining that the unlocking is successful; when the first determining module determines that the first network state information and the second network state information are not all unlocked states, or the third unlocking code is inconsistent with the second unlocking code, Make sure the unlock failed.
  16. 如权利要求15所述的装置,其中,所述第一计算模块包括:The apparatus of claim 15 wherein said first computing module comprises:
    第一计算单元,设置为根据所述解锁码,利用哈希算法获得第一解锁哈 希值;a first calculating unit, configured to obtain a first unlocking by using a hash algorithm according to the unlocking code Greek value
    第一判断单元,设置为判断所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值是否一致;若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值一致,则所述第一网络状态信息为解锁状态;若所述第一解锁哈希值与所述通信处理器侧存储的第一哈希值不一致,则所述第一网络状态信息为锁网状态。a first determining unit, configured to determine whether the first unlocking hash value is consistent with a first hash value stored on the communication processor side; if the first unlocking hash value is stored on the communication processor side If the first hash value is consistent, the first network state information is an unlocked state; if the first unlocked hash value is inconsistent with the first hash value stored by the communications processor side, the first The network status information is the lock network status.
  17. 如权利要求15所述的装置,其中,所述第二获取模块包括:The apparatus of claim 15, wherein the second acquisition module comprises:
    接收单元,设置为接收所述应用处理器发送的信息读取消息;a receiving unit, configured to receive an information read message sent by the application processor;
    读取单元,设置为根据所述信息读取消息,从所述应用处理器在终端的内存中分配的存储区中读取经过加密处理后的所述第二网络状态信息和所述第二解锁码,其中,所述存储区的安全密钥被所述通信处理器共享。a reading unit configured to read, according to the information read message, the second network state information and the second unlocked after being encrypted, from a storage area allocated by the application processor in a memory of the terminal A code, wherein a security key of the storage area is shared by the communication processor.
  18. 如权利要求17所述的装置,所述装置还包括:The apparatus of claim 17 further comprising:
    加密模块,设置为将所述第一网络状态信息和所述通信处理器侧存储的第三解锁码进行加密处理,并将加密处理后的所述第一网络状态信息和第三解锁码保存在所述存储区中。The encryption module is configured to perform encryption processing on the first network state information and the third unlock code stored on the communication processor side, and save the encrypted first state information and the third unlock code in the In the storage area.
  19. 如权利要求18所述的装置,所述装置还包括:The device of claim 18, the device further comprising:
    第一写入模块,设置为在解锁成功后,从所述存储区中读取加密处理后的所述第一网络状态信息和所述第三解锁码,并写入安全文档系统。The first writing module is configured to, after the unlocking succeeds, read the encrypted first processed network state information and the third unlocking code from the storage area, and write the security file system.
  20. 如权利要求15所述的装置,所述装置还包括:The device of claim 15 further comprising:
    第二判断模块,设置为在解锁失败后,判断解锁次数是否达到预定阈值,所述解锁次数达到预定阈值,则重新启动,若所述解锁次数未达到预定阈值,则提示用户重新输入解锁码。The second judging module is configured to determine whether the number of unlocking times reaches a predetermined threshold after the unlocking fails, and restarts if the number of unlocking reaches a predetermined threshold, and prompts the user to re-enter the unlocking code if the number of unlocking does not reach the predetermined threshold.
  21. 一种终端解除锁网的装置,包括:A device for unlocking a network of a terminal, comprising:
    第三获取模块,设置为获取输入的第一解锁码;a third obtaining module, configured to obtain the input first unlocking code;
    第二计算模块,设置为根据所述第一解锁码计算获得应用处理器侧的第二网络状态信息;a second calculating module, configured to calculate, according to the first unlocking code, second network state information on an application processor side;
    传输模块,设置为将所述第二网络状态信息以及所述应用处理器侧存储 的第二解锁码传输给通信处理器。a transmission module configured to store the second network state information and the application processor side The second unlock code is transmitted to the communication processor.
  22. 如权利要求21所述的装置,其中,所述第二计算模块包括:The apparatus of claim 21 wherein said second computing module comprises:
    第二计算单元,设置为根据所述第一解锁码,利用哈希算法获得第二解锁哈希值;a second calculating unit, configured to obtain a second unlocking hash value by using a hash algorithm according to the first unlocking code;
    第二判断单元,设置为判断所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值是否一致;若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值一致,则所述第二网络状态信息为解锁状态;若所述第二解锁哈希值与所述应用处理器侧存储的第二哈希值不一致,则所述第二网络状态信息为锁网状态。a second determining unit, configured to determine whether the second unlocking hash value is consistent with a second hash value stored by the application processor side; if the second unlocking hash value is stored by the application processor side If the second hash value is consistent, the second network state information is an unlocked state; if the second unlocked hash value is inconsistent with the second hash value stored by the application processor side, the second The network status information is the lock network status.
  23. 如权利要求22所述的装置,其中,所述传输模块包括:The apparatus of claim 22 wherein said transmission module comprises:
    分配单元,设置为在终端的内存中分配存储区,其中,所述存储区设置有安全密钥,且所述安全密钥被所述通信处理器共享;An allocating unit configured to allocate a storage area in a memory of the terminal, wherein the storage area is provided with a security key, and the security key is shared by the communication processor;
    加密单元,设置为将所述第二网络状态信息和所述第二解锁码进行加密处理,并将加密处理后的所述第二网络状态信息和第二解锁码存储在所述存储区中;The encryption unit is configured to perform encryption processing on the second network state information and the second unlock code, and store the encrypted second network state information and the second unlock code in the storage area;
    发送单元,设置为向所述通信处理器发送信息读取消息,使得所述通信处理器从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码。And a sending unit, configured to send an information read message to the communication processor, so that the communications processor reads the encrypted second network state information and the second unlock code from the storage area.
  24. 如权利要求23所述的装置,所述装置还包括:The device of claim 23, the device further comprising:
    第二写入模块,设置为解锁成功后,从所述存储区中读取加密处理后的所述第二网络状态信息和所述第二解锁码,并将所述加密处理后的所述第二网络状态信息和第二解锁码写入回写内存保护区。After the second write module is set to be unlocked successfully, the second network state information and the second unlock code after the encryption process are read from the storage area, and the encrypted process is performed. The second network status information and the second unlock code are written back to the write memory protection area.
  25. 一种终端开机的装置,包括:A device for booting a terminal, comprising:
    第三判断模块,设置为在接收到用户输入的开机指令后,判断所述终端是否熔丝;a third determining module, configured to determine whether the terminal is a fuse after receiving a power-on command input by the user;
    第四判断模块,设置为当所述第三判断模块判断所述终端未熔丝时,读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息,并判断所述第一网络状态信息与所述第二网络状态 信息是否均为解锁状态;a fourth determining module, configured to: when the third determining module determines that the terminal is not fused, read first network state information stored on a communication processor side of the terminal and stored on an application processor side Two network status information, and determining the first network status information and the second network status Whether the information is unlocked;
    第五判断模块,设置为当所述第四判断模块判断所述第一网络状态信息与所述第二网络状态信息均为解锁状态,则判断存储在所述终端的通信处理器侧的第三解锁码与应用处理器侧的第二解锁码是否一致,若所述第三解锁码与所述第二解锁码一致,所述终端启动进入待机界面。The fifth determining module is configured to: when the fourth determining module determines that the first network state information and the second network state information are both unlocked, determine that the third device is stored on the communication processor side of the terminal Whether the unlocking code is consistent with the second unlocking code on the application processor side, and if the third unlocking code is consistent with the second unlocking code, the terminal starts to enter the standby interface.
  26. 如权利要求25所述的装置,所述装置还包括:The apparatus of claim 25, the apparatus further comprising:
    熔丝模块,设置为当所述第四判断模块判断所述第一网络状态信息与所述第二网络状态信息不一致时,或者当所述第五判断模块判断所述第三解锁码与所述第二解锁码不一致时,进行熔丝。a fuse module, configured to: when the fourth determining module determines that the first network state information is inconsistent with the second network state information, or when the fifth determining module determines the third unlocking code and the When the second unlock code does not match, the fuse is performed.
  27. 如权利要求25所述的装置,所述装置还包括:The apparatus of claim 25, the apparatus further comprising:
    第六判断模块,设置为当所述第四判断模块判断所述第一网络状态信息与所述第二网络状态信息均为锁网状态时,判断客户识别模块SIM卡锁网参数与预先存储在所述终端中的锁网参数是否一致;若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数不一致,所述终端启动并进入锁网有限服务状态;若所述SIM卡锁网参数与所述预先存储在所述终端中的锁网参数,所述终端启动并进入待机界面。The sixth judging module is configured to: when the fourth judging module judges that the first network state information and the second network state information are both locked state, determining that the customer identification module SIM card lock network parameter is pre-stored in Whether the lock network parameters in the terminal are consistent; if the SIM card lock network parameter is inconsistent with the lock network parameter pre-stored in the terminal, the terminal starts and enters a lock network limited service state; The SIM card lock network parameter and the lock network parameter pre-stored in the terminal, the terminal starts and enters a standby interface.
  28. 如权利要求25所述的装置,其中,所述第四判断模块通过如下方式实现在所述读取存储在所述终端的通信处理器侧的第一网络状态信息和存储在应用处理器侧的第二网络状态信息:The apparatus according to claim 25, wherein said fourth judging module realizes, in said manner, said reading of first network state information stored on a communication processor side of said terminal and stored on an application processor side Second network status information:
    读取所述终端的安全文档系统中存储的所述第一网络状态信息,以及所述终端的回写内存保护区中存储的所述第二网络状态信息。 And reading the first network state information stored in the security file system of the terminal, and the second network state information stored in the write-back memory protection zone of the terminal.
PCT/CN2016/088436 2016-02-23 2016-07-04 De-personalization method, booting method, and device for terminal WO2017143715A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610099823.3 2016-02-23
CN201610099823.3A CN107105082B (en) 2016-02-23 2016-02-23 Method for unlocking network of terminal, method and device for starting terminal

Publications (1)

Publication Number Publication Date
WO2017143715A1 true WO2017143715A1 (en) 2017-08-31

Family

ID=59658761

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/088436 WO2017143715A1 (en) 2016-02-23 2016-07-04 De-personalization method, booting method, and device for terminal

Country Status (2)

Country Link
CN (1) CN107105082B (en)
WO (1) WO2017143715A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474924A (en) * 2017-09-07 2019-03-15 中兴通讯股份有限公司 A kind of restoration methods, device, computer equipment and the storage medium of lock network file
CN110737476B (en) * 2018-07-18 2021-08-20 华为技术有限公司 Terminal restarting method and device
CN112383913B (en) * 2020-11-12 2024-05-14 深圳市锐尔觅移动通信有限公司 Terminal card locking control method and device, terminal equipment and storage medium
CN114692127B (en) * 2020-12-31 2024-07-16 Oppo广东移动通信有限公司 Unlocking method, wearable device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101605326A (en) * 2008-06-12 2009-12-16 中兴通讯股份有限公司 The method of a kind of encryption and decrypting mobile terminal network locking/card locking unlock code
US20120171996A1 (en) * 2010-12-30 2012-07-05 Sierra Wireless, Inc. Method for enabling operation of a wireless modem
CN103596164A (en) * 2013-11-15 2014-02-19 华为终端有限公司 Terminal network locking control method and mobile terminal
CN104519479A (en) * 2013-09-27 2015-04-15 中兴通讯股份有限公司 Methods for terminal to lock net and unlock net

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359321A (en) * 2008-09-02 2009-02-04 北京中星微电子有限公司 Method and apparatus for implementing intercommunication of processors
US9170957B2 (en) * 2013-08-29 2015-10-27 Qualcomm Incorporated Distributed dynamic memory management unit (MMU)-based secure inter-processor communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101605326A (en) * 2008-06-12 2009-12-16 中兴通讯股份有限公司 The method of a kind of encryption and decrypting mobile terminal network locking/card locking unlock code
US20120171996A1 (en) * 2010-12-30 2012-07-05 Sierra Wireless, Inc. Method for enabling operation of a wireless modem
CN104519479A (en) * 2013-09-27 2015-04-15 中兴通讯股份有限公司 Methods for terminal to lock net and unlock net
CN103596164A (en) * 2013-11-15 2014-02-19 华为终端有限公司 Terminal network locking control method and mobile terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Personalisation of Mobile Equipment (ME); Mobile Functionality Specification (Release 13)", 3GPP TS 122.022 V13.0.0, 31 January 2016 (2016-01-31), XP055412908 *

Also Published As

Publication number Publication date
CN107105082B (en) 2020-11-03
CN107105082A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
US11704134B2 (en) Device locator disable authentication
CN108093392B (en) Method for unlocking SIM card, mobile terminal and storage medium
WO2017143715A1 (en) De-personalization method, booting method, and device for terminal
US9853960B2 (en) Peer applications trust center
US9578019B2 (en) Method and system for managing an embedded secure element eSE
CN111092899B (en) Information acquisition method, device, equipment and medium
US11269655B2 (en) Bare metal device management
KR102036411B1 (en) Securing of the loading of data into a nonvolatile memory of a secure element
CN113038451B (en) Machine-card binding method and device, communication module and storage medium
CN109496443B (en) Mobile authentication method and system therefor
CN111800262A (en) Digital asset processing method and device and electronic equipment
CN110392012B (en) Method and apparatus for rebooting in lightweight machine-to-machine systems
US10251064B1 (en) Unlock of a mobile communication device in a locked state using a 2-dimensional barcode
US20190297504A1 (en) Terminal device, registration-processing method, and non-transitory computer-readable recording medium storing program
US10841797B2 (en) Method for generating and injecting SIMLOCK password and device for the same
US11698994B2 (en) Method for a first start-up operation of a secure element which is not fully customized
JP6930620B1 (en) Electronic information storage medium, information writing method, and program
WO2017197689A1 (en) Sim card processing method and apparatus, terminal, and esam chip
JP2012074975A (en) Subscriber identity module, portable terminal, information processing method and program
US10715527B2 (en) Method of managing profiles in a secure element
CN114040044B (en) Method, system and storage medium for dynamic switching and locking of SIM card by high-pass platform
CN107888541B (en) Method and device for permanently remotely closing SIM card
WO2018133585A1 (en) Unlocking method utilizing sim card of mobile terminal, and device
JP6140837B2 (en) Computer system and method for safely booting a computer system
CN117592055A (en) Code security updating method, device, equipment and medium based on BMC (baseboard management controller) start

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16891167

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16891167

Country of ref document: EP

Kind code of ref document: A1