WO2018099485A1 - 一种保障终端安全的方法和设备 - Google Patents

一种保障终端安全的方法和设备 Download PDF

Info

Publication number
WO2018099485A1
WO2018099485A1 PCT/CN2017/114504 CN2017114504W WO2018099485A1 WO 2018099485 A1 WO2018099485 A1 WO 2018099485A1 CN 2017114504 W CN2017114504 W CN 2017114504W WO 2018099485 A1 WO2018099485 A1 WO 2018099485A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
data
management server
authentication
security management
Prior art date
Application number
PCT/CN2017/114504
Other languages
English (en)
French (fr)
Inventor
郭培振
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201780003581.6A priority Critical patent/CN108307674B/zh
Priority to US16/308,287 priority patent/US20190268155A1/en
Publication of WO2018099485A1 publication Critical patent/WO2018099485A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning

Definitions

  • the present invention relates to the field of terminal security, and in particular, to a method and device for securing a terminal.
  • each terminal integrates the anti-theft module into their own cloud service and terminal, and bind the anti-theft function of the terminal to the account system of the corresponding manufacturer. The user can log in to the cloud service account on the terminal to open the anti-theft function of the terminal.
  • the user can log in to the terminal manufacturer's portal system to remotely initiate a positioning command or erase the data command to the lost terminal. After receiving the remote command, the terminal performs positioning or erasing the individual. The data instruction finally reports the execution result to the server.
  • the anti-theft process of the terminal is mainly divided into two processes of activation and remote control.
  • the activation process of the anti-theft function is as shown in FIG. 1 and is divided into the following steps: S101, after the user inputs the login account and password on the terminal, the terminal
  • the IPS client sends the account and password to the authentication server (User Server, Up Server);
  • S102 the authentication server Up Server verifies the account and password, and after the verification is passed, the IPS client PF
  • the client sends the first authentication credential serviceToken;
  • S103 the anti-theft client PF Client sends the name of the international mobile device identity (IMEI) of the terminal and the installation package (AndroidPackage, APK) of the anti-theft client PF Client to the message.
  • IMEI international mobile device identity
  • APK installation package
  • Push server Push server S104, the message push server Push Server generates a message push voucher pushToken according to the name of the IMEI and the APK, and sends the message push voucher pushToken to the anti-theft client PF Client; S105, the anti-theft client PF Client to the security management server ( PhoneFinderServer, PFServer) Sending an activation request, the activation request carrying the message push voucher pushToken and the first authentication credential serviceToken; S106, the security management server PF Server sends the first authentication credential serviceToken to the authentication server Up Server to determine the validity of the activation request; S107, the authentication server is Up After the server authenticates the first authentication credential serviceToken, the server sends an “authentication pass” response to the security management server PF Server.
  • the security management server PF Server Sends an activation pass” response to the security management server PF Server.
  • S108 After the security management server PF Server completes the activation process on the server side, the server sends “activation success” to the anti-theft client PF client. response.
  • the anti-theft function of the terminal is activated after the account and password are verified. The user can remotely control the terminal when the terminal is lost.
  • the remote control process of the anti-theft function is shown in Figure 2, which is divided into the following steps.
  • the second authentication certificate upToken S203, the portal system Portal obtains the remote control instruction of the user, and sends the remote control request carrying the second authentication certificate upToken and the remote control instruction to the security management server PF Server; S204, the security management server PF Server The authentication certificate upToken is sent to the authentication server Up Server to determine the validity of the remote control request; S205, the authentication server Up Server sends an "authentication pass" response to the security management server PF Server after the second authentication certificate upToken is authenticated; S206, security management Server PF Server Push Server push server sends a message and push Document pushToken remote control instruction; S207, message push The server Push server and the anti-theft client PF Client maintain a socket connection, and send a remote control command to the anti-theft client PF Client; S208, the anti-theft client PF Client performs an operation corresponding to the remote control instruction; S209, the anti-theft client PF Client to the security management The server PF Server sends an execution result of the operation corresponding to the remote
  • the anti-theft function of the prior art is implemented on the operating system of the application processor and has a binding relationship with the cloud service account system of the manufacturer, and the operating system on the terminal (here, the operating system on the application processor, such as the Android system, When the IOS system or the like is removed or replaced, the anti-theft function of the terminal is disabled, and the remote control of the terminal cannot be realized, and the security of the terminal is low.
  • the embodiment of the invention provides a method and a device for securing a terminal, which solves the problem that the anti-theft function of the terminal is invalid when the operating system on the application processor of the terminal is removed or replaced, and improves the security of the terminal.
  • a first aspect of the embodiments of the present invention provides a method for securing a terminal.
  • the baseband chip of the terminal is provided with a secure storage area, and the secure storage area is used for storing data for securing the terminal.
  • the baseband chip performs the following steps:
  • the preset protection policy is activated.
  • the authentication data may be first authentication credential data, where the first authentication credential data is sent by the authentication server, and the authentication data is included before the obtaining the authentication data from the secure storage area.
  • the authentication server may be an account authentication server, and the identity information of the user may be account and password information input by the user on the terminal.
  • the authentication data may be the first encrypted data
  • the method further includes: using the preset key to identify the terminal data. Encrypting the first encrypted data and saving the first encrypted data in the secure storage area.
  • the terminal identification data may be a unique terminal identification data for identifying an identity of the terminal, such as an IMEI, an International Mobile Subscriber Identification Number (IMSI), or a Mobile Equipment Identifier (MEID). .
  • the preset protection policy may include: sending a control instruction query request to the security management server, where the control instruction query request carries the authentication data; Receiving a remote control instruction sent by the security management server; executing a target operation corresponding to the remote control instruction, and returning an execution result obtained by executing the target operation to the security management server.
  • the target operation corresponding to the remote control instruction may be positioning, erasing data, turning off the terminal multimedia application function, sound alarm, short message alarm, etc. operating.
  • the preset protection policy may include: acquiring current location information of the terminal; and encrypting current location information of the terminal to obtain second encrypted data; The second encrypted data is sent to the security management server.
  • the preset protection policy may include: prompting, in an alert manner, that the terminal is currently in a report loss state. Specifically, for example, the security protection client displays a pop-up window that “the terminal is currently in a loss status” on the interface of the terminal.
  • a second aspect of the embodiments of the present invention provides another method for securing a terminal.
  • the baseband chip of the terminal is provided with a secure storage area, where the secure storage area is used for storing data for securing the terminal, and the terminal performs the following steps:
  • the preset protection policy is activated.
  • the authentication data includes the first authentication credential data
  • the obtaining the authentication data from the secure storage area further includes: receiving the first authentication sent by the authentication server Voucher data, wherein the first authentication credential data is sent to the terminal by the authentication server after verifying the identity verification information of the user of the terminal sent by the terminal, and verifying the pass; The first authentication credential data is saved to the secure storage area.
  • the authentication data includes the first encrypted data, and the obtaining, before the obtaining the authentication data from the secure storage area, the method,
  • the key pair terminal identification data is encrypted to obtain the first encrypted data.
  • the preset protection policy includes: sending a control instruction query request to the security management server, where the control instruction query request carries the authentication data; and receiving a remote control instruction sent by the security management server; executing a target operation corresponding to the remote control instruction, and returning an execution result obtained by executing the target operation to the security management server.
  • the preset protection policy includes: acquiring current location information of the terminal, and requesting the baseband chip to encrypt the location information to obtain second encrypted data; Sending the second encrypted data to the security management server.
  • the preset protection policy includes: prompting, in an alert manner, that the terminal is currently in a report loss state.
  • the obtaining the authentication data from the secure storage area includes: obtaining the authentication data from the secure storage area by using a security protection client running on the baseband chip .
  • a third aspect of the embodiments of the present invention provides another method for securing a terminal, including:
  • the method further includes: receiving a loss report request of the user, where the report of the loss carries the terminal identification data, and determining, according to the terminal identification data, the terminal corresponding to the report of the loss report And recording the status of the terminal corresponding to the report of the loss as a report loss status.
  • the state of the terminal corresponding to the report of the loss is recorded as a report of the failure in the case of determining that the report is a legal request.
  • the report of the report may carry the first authentication certificate sent by the authentication server.
  • the server that sends the report of the loss is a server that is in the whitelist range, and the report of the loss sent by the server in the whitelist is a legal request by default.
  • the method may further include: receiving a control instruction query request sent by the terminal, where the control instruction query request carries the The right data is sent to the terminal when the remote control command corresponding to the terminal is detected, and the execution of the target operation corresponding to the remote control command returned by the terminal is received result.
  • the method before the sending the remote control instruction to the terminal, the method further includes: receiving a remote control request of the user And the remote control request carries the terminal identification data of the terminal and a remote control instruction corresponding to the terminal; and the terminal identification data and the remote control instruction are buffered.
  • the method may further include: receiving second encrypted data sent by the terminal; and decrypting the second encrypted data The current location information of the terminal.
  • a fourth aspect of the embodiments of the present invention provides a baseband chip, where the baseband chip is provided with a secure storage area, and the secure storage area is used for storing data for securing the terminal.
  • the baseband chip includes:
  • a processing unit configured to obtain authentication data from the secure storage area
  • a sending unit configured to send a status query request to the security management server, where the status query request carries the authentication data, where the authentication data is used by the security management server to determine an identity of the terminal;
  • a receiving unit configured to receive a status response sent by the security management server according to the identity of the terminal
  • the processing unit is further configured to activate a preset protection policy if the terminal is determined to be in a loss status according to the status response.
  • the structure of the baseband chip includes a processor and a communication interface, and the processor is configured to perform the method for securing the terminal provided by the first aspect of the embodiments of the present invention.
  • a memory may be further included, where the memory includes a secure storage area for storing application code and authentication data that supports the baseband chip to perform the above method, and the processor is configured to execute An application stored in the memory.
  • a fifth aspect of the embodiments of the present invention provides a terminal, where the baseband chip of the terminal is provided with a secure storage area, where the secure storage area is used for storing data for securing the terminal, and the terminal includes:
  • a processing unit configured to obtain authentication data from the secure storage area
  • a sending unit configured to send a status query request to the security management server, where the status query request carries the authentication data, where the authentication data is used by the security management server to determine an identity of the terminal;
  • a receiving unit configured to receive a status response sent by the security management server according to the identity of the terminal
  • the processing unit is further configured to activate a preset protection policy if the terminal is determined to be in a loss status according to the status response.
  • the structure of the terminal includes a processor and a communication interface, and the processor is configured to perform the method for securing the terminal provided by the second aspect of the embodiments of the present invention.
  • a memory may be further included, where the memory includes a secure storage area, where the secure storage area is used to store application code and authentication data that supports the terminal to execute the above method, and the processor is configured to execute the The application stored in the memory.
  • a sixth aspect of the embodiments of the present invention provides a security management server, including:
  • a receiving unit configured to receive a status query request sent by the terminal, where the status query request carries authentication data, where the authentication data is stored in a secure storage area of the baseband chip of the terminal;
  • a processing unit configured to determine an identity of the terminal according to the authentication data
  • a sending unit configured to send a status response to the terminal, where the status response is used by the terminal to determine a status of the terminal, and in a case where the terminal is determined to be in a loss status, the terminal activates a preset Protection strategy.
  • the security management server includes a processor and a communication interface, and the processor is configured to perform the method for securing the terminal provided by the third aspect of the embodiments of the present invention.
  • a memory may be further included, where the memory is used to store application code that supports a security management server to execute the above method, and the processor is configured to execute an application stored in the memory.
  • a seventh aspect of the embodiments of the present invention provides a computer storage medium for storing computer software instructions for the baseband chip, which includes a program for performing the above-described first aspect of the baseband chip.
  • An eighth aspect of the embodiments of the present invention provides a computer storage medium for storing computer software instructions for use in the terminal, which includes a program designed to execute the second aspect described above for the terminal.
  • a ninth aspect of the embodiments of the present invention provides a computer storage medium for storing computer software instructions for use in the security management server, including a program designed to execute the security management server in the third aspect.
  • the baseband chip of the terminal is provided with a secure storage area, which can be used to store data for securing the terminal.
  • the terminal activates a preset protection policy, and the data is saved in the In the secure storage area, the protection policy of the terminal cannot be invalidated by means of flashing, etc., and the anti-theft function of the terminal can be realized normally, thereby improving the security of the terminal.
  • FIG. 1 is a schematic diagram of an activation process of an anti-theft function of a terminal provided by a prior art solution
  • FIG. 2 is a schematic diagram of a remote control flow of an anti-theft function of a terminal provided in the prior art solution
  • 3A is a structural block diagram of an implementation manner of a terminal provided by an implementation of the present invention.
  • FIG. 3B is a structural block diagram of an implementation manner of a terminal provided by an implementation of the present invention.
  • 3C is a structural block diagram of an implementation manner of a terminal provided by the implementation of the present invention.
  • 3D is a structural block diagram of an implementation manner of a terminal provided by an implementation of the present invention.
  • 3E is a structural block diagram of an implementation manner of a terminal provided by an implementation of the present invention.
  • FIG. 4 is a schematic flowchart of a method for securing a terminal according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a portal system Portal displaying a report loss result to a user according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of a method for activating a preset protection policy according to an embodiment of the present invention
  • FIG. 7 is a schematic diagram of a portal system page for obtaining a user-entered account and password by a portal system according to an embodiment of the present invention
  • FIG. 8 is a schematic flowchart of a method for executing a preset protection policy according to an embodiment of the present invention.
  • FIG. 9 is a schematic flowchart diagram of another method for activating a preset protection policy according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic flowchart diagram of another method for executing a preset protection policy according to an embodiment of the present disclosure.
  • FIG. 11A is a schematic diagram of a page after a user successfully logs in to the portal system according to an embodiment of the present invention.
  • 11B is a schematic diagram of a remote management page of a portal system according to an embodiment of the present invention.
  • 11C is a schematic diagram of a page showing a result of remote control displayed to a user by a portal system according to an embodiment of the present invention
  • 11D is a schematic diagram of a page in which a portal system according to an embodiment of the present invention displays a geographic location movement trajectory of a mobile phone to a user;
  • FIG. 12 is a schematic structural diagram of a baseband chip according to an embodiment of the present invention.
  • FIG. 13 is a schematic structural diagram of a terminal and a security management server according to an embodiment of the present invention.
  • FIG. 14 is a schematic structural diagram of another baseband chip according to an embodiment of the present invention.
  • FIG. 15 is a schematic structural diagram of another security management server according to an embodiment of the present invention.
  • 16 is an interface for transmitting a remote control command according to an embodiment of the present invention.
  • FIG. 17 is a block diagram of a system for operating a mobile phone anti-theft according to an embodiment of the present invention.
  • the terminal device is provided with at least two processor units, wherein one processor is used to run Advanced Mobile Subscriber Software (AMSS), the AMSS is a basic communication operating system, and a modem (Chinese: modem) for starting the terminal and To provide basic communication functions for the terminal, at least one processor is a Multimedia Application Processor (MAP) for running an application operating system (such as an Android system, an IOS system).
  • MAP Multimedia Application Processor
  • the at least two processors may be integrated on one hardware chip (for example, integrated on a baseband chip), or may be implemented on two different hardware chips (such as a baseband chip and an application processor chip respectively).
  • the terminal device also has a secure storage area that is isolated from other storage areas of the terminal and that is denied access by non-secure things or applications.
  • the secure storage area can be isolated from other storage areas by TrustZone technology.
  • the data for securing the terminal may be stored in the security area.
  • the data for securing the terminal may be the authentication data and the account data of the terminal (for example, the user is registered by the terminal to secure the terminal.
  • the account information and password information that is, the cloud service account
  • the application corresponding to the security protection client that protects the terminal running on the AMSS and the like.
  • FIG. 3A is a structural block diagram of an implementation manner of the terminal device 300.
  • terminal 300 can include a baseband chip 310, a memory 315 (one or more computer readable storage media), a radio frequency (RF) module 316, and a peripheral system 317. These components can communicate over one or more communication buses 314.
  • RF radio frequency
  • the peripheral system 317 is mainly used to implement the interaction function between the terminal 300 and the user/external environment, mainly including the terminal. Input and output device of terminal 300.
  • the peripheral system 317 can include a touch screen controller 318, a camera controller 319, an audio controller 320, and a sensor management module 321 .
  • Each controller may be coupled to a respective peripheral device such as touch screen 323, camera 324, audio circuit 325, and sensor 326.
  • the touch screen 323 may be configured with a touch screen of a self-capacitive floating touch panel or a touch screen configured with an infrared floating touch panel.
  • camera 324 can be a 3D camera. It should be noted that the peripheral system 317 may also include other I/O peripherals.
  • the processor 311 can be an application processor for running applications and processing user data.
  • the clock module 312 is primarily used to generate the clocks required for data transfer and timing control for the processor 311.
  • the power management module 313 is mainly used to provide a stable, high-precision voltage for the processor 311, the radio frequency module 316, and the peripheral system.
  • the baseband chip 310 can include a baseband processor, a channel encoder, a digital signal processor, a modem, and an interface module.
  • the secure storage area 3101 integrated on the baseband chip 310 is used to store data for securing the terminal. In some embodiments, the secure storage area 3101 can also store a security protection application that secures the terminal.
  • a radio frequency (RF) module 316 is used to receive and transmit radio frequency signals, primarily integrating the receiver and transmitter of terminal 300.
  • a radio frequency (RF) module 316 communicates with the communication network and other communication devices via radio frequency signals.
  • the radio frequency (RF) module 316 can include, but is not limited to: an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a digital signal processor, a CODEC chip, a SIM card, and Storage media, etc.
  • a radio frequency (RF) module 316 can be implemented on a separate chip.
  • the radio frequency (RF) module 316 performs radio frequency signal reception and transmission under the control of the baseband chip.
  • Memory 315 is coupled to processor 311 for storing various software programs and/or sets of instructions.
  • memory 315 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices.
  • the memory 315 can store an operating system (hereinafter referred to as a system) such as an embedded operating system such as Android, IOS, Windows or Linux.
  • the operating system may include an application operating system (such as Android or IOS running various multimedia applications) and a basic communication operating system (such as AMSS OS).
  • the memory 315 can also store a network communication program that can be used to communicate with one or more additional devices, one or more terminal devices, one or more network devices.
  • the memory 315 can also store a user interface program, which can realistically display the content image of the application through a graphical operation interface, and receive user control operations on the application through input controls such as menus, dialog boxes, and keys. .
  • the memory 315 can also store one or more applications. As shown in FIG. 3A, these applications may include: social applications (such as Facebook), image management applications (such as photo albums), map applications (such as Google Maps), browsers (such as Safari, Google Chrome), etc. .
  • social applications such as Facebook
  • image management applications such as photo albums
  • map applications such as Google Maps
  • browsers such as Safari, Google Chrome
  • the data for securing the terminal is stored in the secure storage area of the baseband chip, and the independent call and independent operation of the data are implemented on the baseband chip, even if the application operating system or the account information is cleared.
  • the preset protection policy can still be activated to ensure the security of the terminal.
  • FIG. 3B is a structural block diagram of an implementation manner of the terminal device 300.
  • the terminal device hardware layer includes a baseband chip for a basic communication operating system (such as the AMSS OS in FIG. 3B); and an application processor for running an embedded operating system (such as the Android system in FIG.
  • AMSS is the operating system running on the baseband chip, responsible for Handling communication protocols, radio frequency, GPIO, etc.
  • Modem stack can be modem protocol stack for communication with hardware baseband chip
  • Modem API can be modem interface layer, package modem network, signal processing capability, package for android operating system Callable call, Internet, SMS capabilities
  • anti-theft module can be run on the AMSS system, through the socket (also known as "socket") communication can achieve cloud interaction
  • Linux core layer can be customized for Android lightweight Linux
  • the operating system kernel provides services such as security, memory management, process management, network protocol stack and driver model
  • the system runtime library (Libraries) can include a library and an Android runtime library, including some C/C++ libraries, which can be Different components are used in the Android system.
  • the application framework layer (Java) is the Java language layer, and the Libraries layer is further encapsulated into Java code callable application programming.
  • Interface API the application layer can provide a series of core applications, such as email, SMS, calendar, map, browser and contact management, developers can use the Java language to design and write their own applications, or Used to run APK (AndroidPackage); the anti-theft client is located at the application layer and is used to interact with the user.
  • the anti-theft client user accepts user input information, for example, an account number or a password, and enters the anti-theft module through an AT command, and the anti-theft module transmits the information input by the user to the secure storage area in the baseband chip.
  • user input information for example, an account number or a password
  • the anti-theft module transmits the information input by the user to the secure storage area in the baseband chip.
  • the user when the user is in the application operating system or the account information is cleared, for example, when the terminal device is reinstalled, the information of the secure storage area stored in the baseband chip is not lost.
  • the data for securing the terminal is stored in the secure storage area of the baseband chip, and the independent call and independent operation of the data are implemented on the baseband chip, even if the application operating system or the account information is cleared.
  • the preset protection policy can still be activated to ensure the security of the terminal.
  • FIG. 3C is a structural block diagram of an implementation manner of the terminal device 300.
  • the terminal device 300 includes a software part and a hardware part.
  • the anti-theft client is located at an application layer of the system and provides an interface for interacting with the user.
  • the Modem API may be an interface layer of the modem.
  • the network and signal processing capability of the modem are encapsulated, and the call, internet, and short message capabilities of the android operating system are encapsulated; the anti-theft module can be run on the AMSS system, and the cloud can be realized through the socket (also called "socket") communication.
  • Interaction; application processor, running application and processing user data; baseband chip is provided with independent security storage area for mobile phone anti-theft module;
  • the data for securing the terminal is stored in the secure storage area of the baseband chip, and the independent call and independent operation of the data are implemented on the baseband chip, even if the application operating system or the account information is cleared.
  • the preset protection policy can still be activated to ensure the security of the terminal.
  • FIG. 3D is a structural block diagram of an implementation manner of the terminal device 300.
  • the Trusted Execution Environment (TEE) is a stand-alone operating environment running outside a general operating system (for example, Android), and the TEE provides a general operating system. Security services are isolated from the general operating system, and the general operating system and applications on it cannot access its hardware and software security resources.
  • TEE provides a secure executable environment for security software called trusted applications. It also enhances the protection of the confidentiality, integrity, and access rights of data and resources in these trusted applications. To ensure the trustworthiness of the TEE, the TEE is authenticated during the secure boot process and is separate from the operating system. Within the TEE, each trusted application is independent. A trusted application cannot gain unauthorized access to the secure resources of another trusted application.
  • Trusted applications can be provided by different application service providers.
  • TEE trusted application access to secure resources and services is controlled through the TEE internal API. This These resources and services include key injection and management, encryption, secure storage, secure clocking, a trusted user interface (UI), and a trusted keyboard.
  • UI trusted user interface
  • the terminal device includes a general operating system application environment, which may be a general operating system (for example, Android, etc.) and a client application, etc.; a trusted execution environment (TEE), which is independent of the general operating system.
  • TEE provides security services to the general operating system and is isolated from the general operating system.
  • an anti-theft client is provided for interacting with a user.
  • it can be a third-party application or a system interface.
  • an anti-theft module is provided, for example, which can be a trusted anti-theft application.
  • the security information of the user is stored in the hardware security resource.
  • it can be various security data such as an account and a password.
  • the TEE internal API can be used to control the trusted application's access to the security resources and services.
  • the security information can also be stored in the anti-theft module.
  • data for securing the terminal is stored in the hardware security resource, and the operating system and the application thereon cannot access its hardware and software security resources, and within the TEE, each trusted application is independent. A trusted application cannot gain unauthorized access to the secure resources of another trusted application. Even if the application operating system or account information is cleared, the terminal can still activate the preset protection policy to ensure the security of the terminal.
  • the memory 315 may also include a secure storage area 3151 for storing data for securing the terminal, such as a security protection program for securing the terminal security, specifically, a specific security application.
  • the form can be a security client running on AMSS.
  • FIG. 4 is a schematic flowchart of a method for securing a terminal according to a first embodiment of the present invention. As shown in the figure, the method in the embodiment of the present invention may include:
  • Step S401 The portal system Portal obtains the user's loss report request and sends the loss report request to the security management server PF Server.
  • the portal system Portal needs to verify the identity of the user, and sends the loss report to the security management server PF Server after determining the identity of the user.
  • the portal system Portal can verify the identity of the user by means of an account system, preset rule settings (such as setting a whitelist for accessing the portal system). For example, the user input account and password are obtained before accepting the user's loss report, and the user's identity is determined if the account and password are correct, and then the user's report is obtained.
  • preset rule settings such as setting a whitelist for accessing the portal system.
  • the user input account and password are obtained before accepting the user's loss report, and the user's identity is determined if the account and password are correct, and then the user's report is obtained.
  • the specific implementation can be obtained through the loss report button on the portal system.
  • the user's loss request can be obtained through the loss report button on the portal system.
  • the loss reporting request may carry terminal identification data, where the terminal identification data is used by the security management server PF Server to determine the identity of the terminal and store the terminal identification data.
  • the terminal identification data may be data that determines the identity of the terminal, such as an IMEI, an IMSI, a MEID, or a Universal Unique Identifier (UUID).
  • IMEI an IMEI
  • IMSI an IMSI
  • MEID a Universal Unique Identifier
  • UUID Universal Unique Identifier
  • the portal system Portal may be a front end interface of the security management server PF Server, and the security management server PF Server is a background management server of the portal system portal, and the portal system portal may use a form plug-in (eg, (Table) and the like to send the report to the security management server; in another specific implementation manner, if the background management server of the portal system Portal is not the security management server PF Server, the portal system Portal first transmits the loss report to the portal. The background management server of the system Portal sends the loss report request to the security management server PF Server by the background management server.
  • a form plug-in eg, (Table)
  • Step S402 The security management server PF Server records the status of the terminal corresponding to the loss report as a report loss status.
  • the security management server PF Server records the status of the terminal corresponding to the loss report and the terminal identification data in the same data table.
  • the terminal identification data is IMEI and the IMEI of the terminal corresponding to the loss report is 123456789012345
  • the data in Table 1 is added to the database of the security management server:
  • the Key is used to uniquely identify the record in the table. If the State is 0, the terminal with the IMEI of 123456789012345 is in the loss status.
  • Step S403 The security management server PF Server sends a "returned" response to the portal system Portal.
  • the portal system portal can display the result of the report loss to the user by using a pop-up window, etc., as shown in FIG. 5, which is a schematic diagram of the portal system Portal displaying the report loss result to the user according to the embodiment of the present invention;
  • FIG. 5 is a schematic diagram of the portal system Portal displaying the report loss result to the user according to the embodiment of the present invention.
  • the security management server PF Server stores the loss status of the terminal, and waits for the terminal to perform a status inquiry when the network is turned on.
  • Step S404 The terminal acquires authentication data from the secure storage area.
  • the authentication data may be the first authentication credential data or the first encrypted data.
  • the secure storage area is disposed on the baseband chip 310, and the secure storage area may correspond to 3101 in the terminal shown in FIG. 3A.
  • the secure storage area 3101 can save a security protection application, which can be a security protection client running on the baseband chip 310, and the terminal can access the secure storage area 3101 through the security protection client. Obtain authentication data.
  • the security protection client can obtain the authentication data from the secure storage area of the baseband chip when the terminal is powered on and connected to the network.
  • the "Trustzone” security technology can be used to isolate and protect the secure storage area.
  • Step S405 The terminal sends a status query request to the security management server PF Server, where the query request carries the authentication data.
  • Step S406 The security management server PF Server determines the identity of the terminal according to the authentication data.
  • the authentication data carries the IMEI of the terminal
  • the security management server PF Server determines the identity of the terminal according to the IMEI, and uses the IMEI to query the database of the security management server PF Server for the loss report of the terminal.
  • Step S407 The security management server PF Server sends a status response to the terminal.
  • the status response sent by the security management server PF Server to the terminal is two cases: one is that the loss management record of the terminal exists in the database of the security management server PF Server, and the status response is “returned”; If the loss reporting record of the terminal does not exist in the database of the security management server PF Server, the status response is “not reported”.
  • the security management server records the report loss status of the terminal in step S402, and the status response is “returned”, and the status response received by the terminal is “failed”, and then step S408 is performed.
  • Step S408 The terminal activates the preset protection policy.
  • a flag flag may be set as an activation parameter for activating the preset protection policy. If the value of Flag is 0, the terminal maintains the status quo, and the value of Flag is 1, the preset protection policy is activated, and the status of the terminal is determined. In the case of "returned”, set the value of Flag to 1.
  • the preset protection policy of the terminal is enabled, and the terminal can execute the preset protection policy, that is, the terminal performs step S409.
  • Step S409 The terminal executes a preset protection policy.
  • the terminal prompts the terminal to be in a lost state in a warning manner. For example, the terminal displays a message prompting that the terminal has reported loss and is currently inoperable on the user interaction interface.
  • the terminal may lock the application operating system of the terminal (referred to herein as an operating system on the application processor) to make each application function on the application operating system unavailable.
  • the terminal sends an AT command to the application operating system of the terminal through the baseband chip, and notifies the application operating system to lock each application function located on the application operating system, for example, the application operation of the terminal runs application A, application B, application C, and the like.
  • the operating system locks the application A, the application B, and the application C, and the locked terminal can only implement the call and networking functions.
  • the terminal may collect various information of the terminal, and send the information to the security management server PF Server when the terminal is in the network connection.
  • the terminal can periodically acquire the location of the terminal, and send all the obtained location information to the security management server PF Server when the terminal is powered on; or, if the terminal can detect the terminal's telecom smart card (such as user identification (Subscriber) When the Identification Module (SIM) card, the Universal Subscriber Identity Module (USIM) card, etc. are replaced, the information of the replaced telecommunication smart card is recorded, and the information of the replaced telecommunication smart card is changed when the terminal is powered on. Send to the security management server PF Server.
  • telecom smart card such as user identification (Subscriber)
  • SIM Identification Module
  • USB Universal Subscriber Identity Module
  • the terminal may obtain a remote control instruction of the security management server PF Server and execute a target operation corresponding to the remote control instruction when the terminal is connected to the network, and return an execution result of the target operation to the security management server PF Server.
  • the terminal sends a status query request to the security management server PF Server when the terminal is connected to the network, and after receiving the status response sent by the security management server PF Server, determining that the terminal is in the loss status according to the status response Activating a preset protection policy, wherein the data for securing the terminal (authentication data, data related to the preset protection policy) is stored in a secure storage area of the baseband chip, and the method of flashing the device cannot invalidate the protection policy of the terminal.
  • the anti-theft function can be implemented normally and enhance the security of the terminal.
  • the terminal may perform various steps (steps S404-S405, S408-S409) performed by the terminal in the embodiment corresponding to FIG. 4 through the security protection client running on the baseband chip, where the security protection client The corresponding application is saved in the secure storage area.
  • the terminal and the security management server use the account system for authentication (that is, the authentication data is the first authentication credential data) or the key pair is used for authentication (that is, the authentication data is the first encrypted data).
  • the specific implementation process when activating and executing a preset protection policy is different,
  • the security protection client is used as an example to describe the implementation process of activating and executing the protection policy of the terminal in the case of using the account system for authentication and the authentication by using the key pair method. In the case of activation and implementation of the implementation of the terminal's protection strategy.
  • FIG. 6 is a schematic flowchart of a method for activating a preset protection policy according to a second embodiment of the present invention. As shown in the figure, the method includes:
  • Step S501 The anti-theft client PF Client obtains the account and password input by the user, and sends the account and password to the authentication server Up Server.
  • the anti-theft client PF Client runs on the application operating system of the application processor of the terminal, that is, the anti-theft client in FIG. 1 or FIG. 2, and the anti-theft client corresponds to one of the applications in FIG. 3A, and the anti-theft client The application on the side is saved outside the secure storage area.
  • the anti-theft client PF Client obtains the account and password input by the user through the user interaction interface, for example, calling the user interface program in FIG. 3A to present a graphical operation interface to the user, and receiving the user operation through an input control such as a dialog or a button. Thereby obtaining the account and password input by the user.
  • Step S502 The authentication server Up Server sends the first authentication credential serviceToken to the anti-theft client PF Client when the verification of the account and the password is passed.
  • the authentication server Up Server matches the account and password with the account and password set when the user is registered in the database. If the account is consistent with the account set by the user and the password is consistent with the password set by the user, the account and password are verified. .
  • the first authentication credential serviceToken is a key between the terminal and the authentication server Up Server.
  • the authentication server Up Server can determine the terminal according to the first authentication credential serviceToken sent by the terminal.
  • the request is a legitimate request.
  • Step S503 The anti-theft client PF Client sends the first authentication credential serviceToken to the security protection client.
  • the anti-theft client PF Client sends the first authentication credential serviceToken to the security protection client by using an AT command.
  • the first authentication credential serviceToken corresponds to the authentication data in the first embodiment, that is, the authentication data is the first authentication credential serviceToken.
  • Step S504 The security protection client saves the first authentication credential serviceToken to the secure storage area.
  • Step S505 The security protection client responds to the anti-theft client PF Client to write the result.
  • the authentication data ie, the first authentication credential serviceToken
  • the security protection client can utilize the authentication data and the security management server PF. Server interacts.
  • the user logs in the account and the password on the portal system portal to complete the loss reporting to the terminal.
  • the following describes the loss reporting process of the terminal through steps S506 to S512.
  • Step S506 The portal system Portal obtains the account and password input by the user, and sends the account and password to the authentication server Up Server.
  • the portal system Portal can obtain the account and password input by the user through the portal system page as shown in FIG. 7.
  • Step S507 The authentication server Up Server sends the second authentication credential upToken to the portal system Portal in the case that the verification of the account and the password is passed.
  • step S502 the manner in which the authentication server Up Server authenticates the account and the password has been described in step S502, and details are not described herein.
  • the second authentication credential upToken is a key between the portal system Portal and the authentication server Up Server.
  • the authentication server Up Server may send the second according to the portal system Portal.
  • the authentication certificate upToken determines that the request of the portal system is a legitimate request.
  • Step S508 The portal system Portal obtains the loss report request of the user and sends a report of the loss of the second authentication certificate upToken to the security management server PF Server.
  • the portal system Portal obtains the user's loss request by acquiring the operation of the user on the user interaction interface, for example, obtaining the “loss report” button on the portal system.
  • step S401 the relationship between the portal system Portal and the security management server has been described in step S401 in the above-described first embodiment, and details are not described herein.
  • Step S509 The security management server PF Server sends the second authentication credential upToken to the authentication server Up Server to determine the legality of the report loss request.
  • Step S510 The authentication server Up Server responds to the security management server PF Server by "authentication pass”.
  • the second authentication credential upToken is sent by the authentication server to the portal system Portal in step S507.
  • the authentication server determines that the request of the portal system Portal is legal, that is, the authentication passes.
  • Step S511 The security management server PF Server records the loss status of the terminal.
  • Step S512 The security management server PF Server sends a response to the Portal that has been reported as lost.
  • steps S511 to S512 are described in steps S402 to S403 in the foregoing first embodiment, and details are not described herein.
  • the security management server PF Server has saved the loss status of the terminal, waiting for the terminal to perform status inquiry when the network is turned on.
  • Step S513 The security protection client obtains the first authentication credential serviceToken from the secure storage area.
  • Step S514 The security protection client sends a status query request to the security management server PF Server, where the status query request carries the first authentication credential serviceToken.
  • the status query request further carries terminal identification data of the terminal.
  • Step S515 The security management server PF Server determines the identity of the terminal and the loss status according to the first authentication credential serviceToken.
  • the security management server PF Server sends the first authentication credential serviceToken to the authentication server Up Server, and the authentication server Up Server authenticates the terminal identity, wherein the first authentication credential serviceToken is sent by the authentication server Up Server in step S502.
  • the anti-theft client PF Client of the terminal determines that the request of the terminal is legal when receiving the first authentication credential serviceToken sent by the security protection client, and sends an "authentication pass" response to the security management server PF Server, and the security management server PF Server Thus determining the end The identity of the end.
  • the security management server PF Server may determine the loss status of the terminal according to the terminal identification data of the terminal. For example, if the security management server PF Server stores the status record of the terminal as shown in Table 1, if the IMEI of the terminal is 123456789012345, the security management server PF Server determines that the terminal is in the loss status.
  • step S515 is the same terminal as the terminal described in step S511, and the terminal is in the "loss reporting" state, and the security management server PF Server performs step S516.
  • Step S516 The security management server PF Server sends a status response of “returned loss” to the security protection client.
  • Step S517 The security protection client activates the preset protection policy.
  • the security process is enhanced for the activation process of the authentication by using the account system in the prior art, and the security protection client receives the first authentication credential serviceToken sent by the anti-theft client PF Client, and the first authentication credential.
  • the serviceToken is permanently stored in the secure storage area of the baseband chip.
  • the security management server PF Server can save the loss report of the terminal, and the security protection client of the terminal can The security management server PF Server sends a serviceToken query to the terminal's report loss status, and then activates the preset protection policy to implement the terminal's anti-theft function.
  • the terminal's anti-theft function is activated by the security protection client.
  • the serviceToken and the security protection client application are saved in the The secure storage area of the baseband chip can activate the preset protection policy even when the PF client is removed, thereby improving the security of the terminal.
  • FIG. 8 is a third embodiment of the present invention.
  • a schematic diagram of a method for executing a preset protection policy as shown in the figure, the method includes:
  • Step S601 The portal system Portal obtains the account and password input by the user, and sends the account and password to the authentication server Up Server.
  • Step S602 The authentication server Up Server sends the second authentication credential upToken to the portal system Portal in the case that the verification of the account and the password is passed.
  • Step S603 The portal system Portal acquires a remote control instruction of the user, and sends a remote control request carrying the second authentication certificate upToken and the remote control instruction to the security management server PF Server.
  • the remote control instruction includes, but is not limited to, an instruction for controlling the terminal, such as a geographical location reporting instruction, an erasing data instruction, and a contact reporting instruction.
  • Step S604 The security management server PF Server sends the second authentication credential upToken to the authentication server Up Server to determine the validity of the remote control request.
  • Step S605 The authentication server Up Server responds to the security management server PF Server "authentication pass”.
  • step S605 is the same as step S510 in the foregoing second embodiment, and details are not described herein again.
  • Step S606 The security management server PF Server caches the remote control instruction.
  • the security management server PF Server caches remote control commands.
  • the security protection client activates the preset protection policy, it can obtain remote control commands when the network is turned on.
  • Step S607 The security protection client obtains the first authentication credential serviceToken from the secure storage area.
  • the first authentication credential serviceToken is a key between a terminal and a server generated by using the account system for authentication, and is saved by the security protection client in the secure storage area of the baseband chip before the preset protection policy is activated (see Step S504) in the second embodiment may be used to determine the identity of the terminal, and the security management server PF Server may determine that the request of the terminal is a legitimate request when receiving the first authentication by serviceToken.
  • Step S608 The security protection client sends a control instruction query request to the security management server PF Server, where the control instruction query request carries the first authentication certificate serviceToken.
  • Step S609 The security management server PF Server determines the identity of the terminal according to the first authentication credential serviceToken and acquires a remote control instruction.
  • the security management server PF Server After receiving the first authentication credential serviceToken, the security management server PF Server sends the first authentication credential serviceToken to the authentication server Up Server, and the authentication server Up Server authenticates the identity of the terminal, and when the authentication passes, the security management service PF is sent.
  • the server sends an "authentication pass" response, the security management server PF Server determines the identity of the terminal, and then queries the remote control command corresponding to the terminal, wherein the security management server PF Server has cached the remote control command of the terminal in step S606.
  • Step S610 The security management server PF Server sends a remote control instruction to the security protection client.
  • Step S611 The security protection client executes the target operation corresponding to the remote control instruction.
  • the security protection client can acquire the location of the terminal.
  • the security protection client can erase the data of the terminal, such as the contact information saved in the terminal, the short message information saved in the terminal, the picture information saved in the terminal, and the account information of various applications saved in the terminal.
  • the security protection client can make each application on the terminal in a forbidden state.
  • the security protection client can prompt the terminal to be in a loss status when the terminal is powered on.
  • Step S612 The security protection client sends an execution result of the execution target operation to the security management server PF Server.
  • the remote control command is to acquire the geographic location of the terminal
  • the security protection client sends the acquired geographic location of the terminal to the security management server PF Server; for example, if the remote control command is to erase the data of the terminal, the security is safe.
  • the protection client sends a "successful erase" response to the security management server.
  • Step S613 The security management server PF Server sends the execution result to the portal.
  • the security management server may also send the execution result to the server of the public security bureau.
  • the security protection client actively queries the security management server PF Server for the presence of a remote control command when the network is connected.
  • the remote control command exists, the target operation corresponding to the remote control instruction is executed and the execution result is reported.
  • the security protection client runs on the baseband chip, and the security protection client cannot be removed by brushing, etc., thereby improving the security of the terminal.
  • FIG. 9 is a schematic flowchart of a method for activating a preset protection policy according to a fourth embodiment of the present invention. As shown in the figure, the method includes:
  • Step S701 The security management server PF Server acquires the user's loss report from the portal system Portal.
  • the portal system obtains the user's loss request by receiving information sent by the administrator of the portal system.
  • the administrator of the portal system opens the portal system Portal to register the loss status of the terminal.
  • the portal system can also obtain the user's loss request by verifying the identity certificate provided by the user.
  • the user opens the portal system, uploads a picture of the invoice of the purchase terminal and the terminal identification data on the portal system, and the background management server of the portal system identifies the information on the invoice through optical character recognition (OCR) technology, thereby determining the user.
  • OCR optical character recognition
  • Step S702 The security management server PF Server records the loss status of the terminal corresponding to the loss report.
  • Step S703 The security management server PF Server sends a response to the Portal that has been reported as lost.
  • steps S702 to S703 have been introduced in steps S402 to S403 in the foregoing first embodiment, and details are not described herein again.
  • the security management server PF Server has saved the loss status of the terminal, waiting for the terminal to query the status of the terminal when the network is turned on.
  • Step S704 The security protection client requests the baseband chip to encrypt the terminal identification data by using a preset key to obtain the first encrypted data.
  • the preset key may be a public key, a private key, or a symmetric key.
  • the preset key may be stored in a secure storage area of the baseband chip or automatically generated by the baseband chip of the terminal.
  • Step S705 The security protection client sends the first encrypted data to the security management server PF Server.
  • Step S706 The security management server PF Server decrypts the first encrypted data to obtain terminal identification data, and determines the identity of the terminal and the loss status according to the terminal identification data.
  • the security management server PF Server decrypts the first encrypted data by using a decryption key corresponding to the preset key.
  • the decryption key is a private key corresponding to the public key; and if the preset key is a private key, the decryption key is a public key corresponding to the private key.
  • Step S707 The security management server PF Server sends a status response of “returned loss” to the security protection client.
  • Step S708 The security protection client activates the preset protection policy.
  • the authentication is performed by using the account system in the prior art, and the terminal and the security management server PF Server are authenticated by using a predetermined key pair, the security protection client and the security management server.
  • the PF Server activates the preset protection policy by transmitting encrypted data.
  • the security protection client runs on the baseband chip and cannot be removed by brushing to improve the security of the terminal.
  • the user needs to register the account in advance, and the user only needs to report the loss when the terminal is lost, which saves the user's operation and is simple and effective.
  • FIG. 10 is a schematic flowchart of a method for executing a preset protection policy according to a fifth embodiment of the present invention. As shown in the figure, the method includes:
  • Step S801 The security protection client acquires location information of the terminal.
  • the security protection client obtains the location information of the terminal through GPS positioning when the terminal is powered on.
  • Step S802 The security protection client requests the baseband chip to encrypt the location information to obtain the second encrypted data.
  • the baseband chip encrypts the location information using the preset key mentioned in step S704 of the fourth embodiment described above.
  • Step S803 The security protection client sends the second encrypted data to the security management server PF Server.
  • Step S804 The security management server PF Server decrypts the second encrypted data to obtain location information of the terminal.
  • the security management server PF Server decrypts the second encrypted data by using a decryption key corresponding to the preset key to obtain location information of the terminal.
  • Step S805 The security management server PF Server sends the location information to the user.
  • the security management server PF Server may send the location information to a social account such as a mobile phone number and a mailbox reserved by the user.
  • the security management server PF Server may also transmit the location information to the portal system Portal mentioned in step S401 in the fourth embodiment described above.
  • the security protection client obtains the geographic location of the terminal when the terminal is connected to the network, encrypts the geographic location, and sends the encrypted data to the security management server PF Server, and the PF Server receives the geographic location and then geography. The location is sent to the user, so that the user can determine the location of the terminal.
  • the security protection client runs on the baseband chip and cannot be removed by brushing to improve the security of the terminal.
  • the security protection operation performed by the security protection client may be the step S611 of the foregoing third embodiment, in addition to the location information of the acquisition terminal mentioned in the fifth embodiment, and reported to the security management server PF Server.
  • the target operation corresponding to the remote control instruction will not be described here.
  • the terminal may also pass other applications on the baseband chip or other The functional unit/module performs the above method, wherein the data securing the terminal is stored in a secure storage area.
  • Case 1 The security protection client and the security management server PF Server use the account system for authentication.
  • User A registers the cloud service account of the manufacturer of mobile phone a on the mobile phone or portal system (assuming the account number is XYY, the password is 123).
  • the account number is XYY, the password is 123.
  • user A wants to enable the anti-theft function of mobile phone a, user A is applying the operating system.
  • the anti-theft client On the anti-theft client (such as retrieving the mobile phone) login account and password, the anti-theft client will send the account XYY and password 123 to the manufacturer's authentication server; the authentication server finds that the account system has the account name XYY Account number, And the password of the account name is XYY is 123, it is determined that the identity of user A is legal, and a first authentication credential serviceToke is returned to the anti-theft client (serviceToken is the session credential between the terminal and the authentication server, that is, the agreement between the terminal and the authentication server An interaction key, the subsequent terminal only needs to bring the serviceToken when requesting data from the authentication server, and no need to send the account and password.
  • serviceToken is the session credential between the terminal and the authentication server, that is, the agreement between the terminal and the authentication server An interaction key, the subsequent terminal only needs to bring the serviceToken when requesting data from the authentication server, and no need to send the account and password.
  • user A When user A finds that mobile phone a is lost, user A enters the cloud service portal system of the manufacturer of mobile phone a.
  • the portal system can be as shown in FIG. 7.
  • User A inputs account IDY and password 123 on the portal system, and the portal system will account for XYY. And the password 123 is transmitted to the authentication server.
  • the authentication server finds that the account system has an account named XYY, and the password of the account name is XYY is 123. Then, the identity of the user A is determined to be legal and the second authentication certificate upToken is returned to the portal system.
  • upToken is the session credential between the portal system and the authentication server, that is, an interaction key agreed between the portal system and the authentication server.
  • FIG. 11A is a schematic diagram of the page after the user successfully logs in to the portal system according to the embodiment of the present invention, and user A clicks on the portal system.
  • FIG. 11B is a schematic diagram of the remote management page of the portal system provided by the embodiment of the present invention.
  • User A can select a remote control option on the portal system, and assume When the user selects "positioning” and "erasing data”, the portal system sends a remote control command (positioning command and erasing data command) for the mobile phone a to the security management server, and the security management server caches the remote control command about the mobile phone a. .
  • the security protection client When the mobile phone a is connected to the network, the security protection client initiates a status query request to the security management server, and the request carries the serviceToken.
  • the security management server sends the serviceToken to the authentication server to determine the identity of the mobile phone a, and then queries the status of the mobile phone a to the security.
  • the protection client sends a "returned" status response, the security protection client opens the protection policy of the mobile phone a; the security protection client queries the portal system for a control command query, and the security management server queries the remote control command related to the mobile phone a.
  • the positioning instruction and the erase data instruction the positioning instruction and the erasing data instruction are sent to the security protection client.
  • the security protection client erases the data in the mobile phone and obtains the geographical location of the mobile phone a. If the acquired geographical location is the location Y, the location Y and the "successful erase" response are returned to the security management server, and the security management server goes to the portal. The system returns the response of the location Y and the "successful erasure", and the portal system displays the result of the remote control to the user, as shown in FIG. 11C.
  • FIG. 11C is a page of the portal system providing the result of the remote control to the user according to the embodiment of the present invention. schematic diagram.
  • the security protection client can periodically acquire the geographical location of the mobile phone a, and The geographic location is sent to the security management server, and the security management server sends the geographic location to the portal system.
  • the geographic location movement trajectory of the mobile phone a can be queried.
  • FIG. 11D is an implementation of the present invention.
  • the portal system provided by the example displays a page diagram of the geographic location movement track of the mobile phone to the user.
  • the webpage of the portal system displays the location information reported by the mobile phone a at different times.
  • Case 2 The anti-theft client PF Client and the security management server PF Server use the default key for authentication.
  • the user A can provide the purchase invoice and the hand to the customer service personnel of the manufacturer of the mobile phone a.
  • the IMEI serial number of the machine a, the customer service personnel perform the loss reporting and remote control on the portal system, wherein the interaction process between the portal system and the security management server is similar to that described in the first case, except that the portal system sends a report loss to the security management server.
  • the request and remote control commands no longer carry the upToken, and the security management server defaults to the request, and the detailed process is not described again.
  • the security protection client When the mobile phone is powered on, the security protection client encrypts the serial number of the IMEI of the mobile phone a and sends it to the security management server.
  • the security management server queries the status of the mobile phone a, and sends a status response of the lost report to the security protection client.
  • the security protection client starts the protection policy of the mobile phone. The process after the protection policy is enabled is similar to that described in the previous situation, and will not be described again.
  • FIG. 12 is a schematic structural diagram of a baseband chip according to an embodiment of the present invention.
  • the baseband chip 90 is provided with a secure storage area for storing data for securing the terminal, the baseband.
  • the chip includes a processing unit 901, a transmitting unit 902, and a receiving unit 903, wherein the detailed description of each unit is as follows:
  • the processing unit 901 is configured to obtain authentication data from the secure storage area
  • the sending unit 902 is configured to send a status query request to the security management server, where the status query request carries the authentication data, where the authentication data is used by the security management server to determine the identity of the terminal;
  • the receiving unit 903 is configured to receive a status response that is sent by the security management server according to the identity of the terminal.
  • the processing unit 901 is further configured to activate a preset protection policy if the terminal is determined to be in a loss status according to the status response.
  • each unit may also correspond to the corresponding description of the method embodiment shown in FIG. 4, FIG. 6, FIG. 8, FIG. 9, or FIG.
  • the data for ensuring the security of the terminal is stored in the secure storage area of the baseband chip, and the method of brushing and the like cannot invalidate the protection policy of the terminal, ensuring that the antitheft function of the terminal can be normally implemented, and improving the security of the terminal. Sex.
  • FIG. 13 is a schematic structural diagram of a terminal and a security management server according to an embodiment of the present invention.
  • a communication connection exists between the terminal 100 and the security management server 110, for example, a wifi connection, which can be implemented. Data communication between the two.
  • the functional blocks of the terminal and the security management server may implement the inventive solution by hardware, software or a combination of hardware and software. Those skilled in the art will appreciate that the functional blocks depicted in Figure 13 can be combined or separated into several sub-blocks to implement the inventive arrangements. Accordingly, the above description of the invention may support any possible combination or separation or further definition of the functional modules described below.
  • the baseband chip of the terminal is provided with a secure storage area, and the secure storage area is used for storing data for securing the terminal.
  • the terminal 100 may include:
  • the processing unit 1001 is configured to obtain authentication data from the secure storage area
  • the sending unit 1002 is configured to send a status query request to the security management server, where the status query request carries the authentication data, where the authentication data is used by the security management server to determine the identity of the terminal;
  • the receiving unit 1003 is configured to receive a status response that is sent by the security management server according to the identity of the terminal.
  • the processing unit 1001 is further configured to: if it is determined that the terminal is in a report loss state according to the status response, Live preset protection strategy.
  • the security management server 110 can include:
  • the receiving unit 1101 is configured to receive a status query request sent by the terminal, where the status query request carries authentication data, where the authentication data is stored in a secure storage area of the baseband chip of the terminal;
  • the processing unit 1102 is configured to determine an identity of the terminal according to the authentication data
  • the sending unit 1103 is configured to send a status response to the terminal, where the status response is used by the terminal to determine a status of the terminal, and in a case where the terminal is determined to be in a loss status, the terminal activates a preset. Protection strategy.
  • the data for securing the terminal is stored in the secure storage area of the baseband chip, and the method of flashing the device cannot invalidate the protection policy of the terminal, ensuring that the anti-theft function of the terminal can be implemented normally, and improving the security of the terminal. .
  • FIG. 14 is a schematic structural diagram of another baseband chip according to an embodiment of the present invention.
  • the baseband chip 120 includes a processor 1201, a memory 1202, a communication interface 1203, and the processor 1201 and the memory 1202.
  • the communication interface 1203 is connected by one or more communication buses 1204.
  • the communication interface 1203 is connected to a communication module at the periphery of the baseband chip.
  • the memory 1202 includes an instruction buffer memory 12021 for storing program instructions, a data buffer memory 12022 for storing data, and a secure memory area for both the instruction buffer memory and the data buffer memory.
  • the memory 1202 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read only Memory (English: Erasable Programmable Read Only Memory, EPROM for short) or portable read-only memory (English: Compact Disc Read-Only Memory, CD-ROM for short).
  • a random access memory English: Random Access Memory, RAM for short
  • ROM Read-Only Memory
  • EPROM Erasable Programmable Read Only Memory
  • portable read-only memory English: Compact Disc Read-Only Memory, CD-ROM for short.
  • the processor 1201 includes an instruction processor core 12011, an instruction storage management unit 12012, and a data storage management unit 12013.
  • the instruction storage management unit 12012 is configured to manage program instructions stored in the instruction buffer memory 12021, and the data storage management unit 12013 uses To manage the data stored in the data buffer memory 12022, the processor core 12011 can cooperate with the storage management unit 12012 and the data storage management unit 12013 to perform the following operations:
  • the preset protection policy is activated.
  • the processor core 12011 calls an application stored in the secure storage area of the instruction buffer memory 12021 by the instruction storage management unit 12012, and the processor core 12011 performs a corresponding operation according to the application program: first, the processor core 12011 indicates data.
  • Storage management unit 12023 from data buffer memory 12022 The entire storage area obtains the authentication data, and then the processor core 12011 first sends the authentication data to the security management server through the communication interface 1203, and then the processor core 12011 receives the status response sent by the security management server through the communication interface 1203, and finally the processor core 12011 activates a preset protection policy in a case where it is determined that the terminal is in a loss status according to the status response.
  • the processor core 12011 can communicate with the security management server (send a status inquiry request or receive a status response) through a communication module (such as a radio frequency module) of the terminal at the periphery of the baseband chip.
  • a communication module such as a radio frequency module
  • processor core 12011 may also cooperate with the instruction storage management unit 12012 and the data storage management unit 12013 to execute the security protection client in the method shown in FIG. 6, FIG. 8, FIG. 9, or FIG. Operation.
  • FIG. 15 is a schematic structural diagram of another security management server according to an embodiment of the present invention.
  • the security management server 130 may include a processor 1301, a memory 1302, and a transceiver 1303.
  • the processor 1301 and the memory 1302 are provided.
  • the transceiver 1303 are connected to each other through a bus.
  • the memory 1302 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM), or Portable Read-Only Memory (CD-ROM), which is used for related commands and data.
  • the transceiver 1303 is configured to receive and transmit data.
  • the processor 1301 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 1301 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 1301 in the security management server 130 is configured to read the program code stored in the memory 1302 and perform the following operations:
  • the terminal Transmitting, by the transceiver 1303, a status response to the terminal, the status response is used by the terminal to determine a status of the terminal, and in a case where the terminal is determined to be in a loss status, the terminal activates a preset protection. Strategy.
  • processor 1301 may also perform operations performed by the security management server in the method illustrated in FIG. 4, FIG. 6, FIG. 8, FIG. 9, or FIG.
  • An embodiment of the present invention provides a method for securing a terminal (such as a mobile phone), which solves the problem that the anti-theft function of the terminal is invalid when the operating system on the application processor of the terminal is removed or replaced.
  • the terminal device as shown in FIG. 3A-3D may be configured to store user security information in a secure storage area on a baseband chip, or to operate an anti-theft module in a TEE trusted execution environment and store security information in a hardware security resource.
  • the security information can be an account number, a password, various applications and data. In some embodiments, the security information can be used to establish a connection with the server for data transfer.
  • the user can log into the server or portal system, such as through a cloud account.
  • the server can be provided by a handset manufacturer.
  • the user can also send a mobile phone remote control to the server.
  • the command, the remote control command may be one or more of deleting data, GPS positioning, data backup, remote locking, sending a message, and the like.
  • a remote control instruction interface is provided in accordance with one possible embodiment, for example, the interface can be provided by a terminal device having a display.
  • the interface includes, but is not limited to, "send information to device”, “remote lock device”, “backup data”, “clear data” controls.
  • the user can also view the contact information, the short message, the network disk, the album, and the like of the mobile phone to the server.
  • the interface can also provide a map service to view the location of the current handset.
  • the user logs into the interface of FIG. 16 and sends a remote control command, for example, by clicking on the "Backup Data” button.
  • a method for securing a mobile phone is provided, and the operation process is as follows:
  • Step 1 The baseband chip of the mobile phone detects whether the mobile phone is in a connected state
  • Step 2 When detecting that the mobile phone is in a networked state, the baseband chip reports the request to the anti-theft module in the AMSS system;
  • Step 3 After receiving the request of the baseband chip, the anti-theft module reads the user security information of the baseband chip security storage area;
  • Step 4 After reading the user security information of the baseband chip security storage area, the anti-theft module sends an instruction to the server through the baseband chip, wherein the instruction includes user security information;
  • Step 5 The server authenticates the received user information. After the authentication succeeds, the mobile phone can receive the instruction sent by the server.
  • Step 6 The server sends an instruction to the mobile phone, where the instruction includes deleting data, positioning, remote locking, data backup, sending a short message, an alarm, and the like.
  • the instruction is a mobile phone remote control command sent by the user. It is worth mentioning that when the mobile phone does not access the server, the server may receive a remote control command. At this time, the server stores the remote control command and sends it to the mobile phone when the mobile phone accesses the server.
  • the trigger condition for the baseband chip to report the request to the anti-theft module in the AMSS system may be that the baseband chip detects connection to the network, for example, it may be detected whether the mobile phone is connected to WIFI, 2G/3G/ 4G, Bluetooth, GPRS, ZigBee and other signals.
  • the mobile phone may send the user security information to the server periodically, for example, every 5 minutes.
  • the mobile phone may send the user security information to the server at a time, such as 8 am every day.
  • the trigger condition for the baseband chip to report the request to the anti-theft module in the AMSS system may also be detecting that the mobile phone is synchronizing data to the server, for example, the mobile phone synchronizing the album to the server. In some embodiments, detecting mobile phone synchronization data to the server may also be periodic or timed, such as 8 o'clock per day or 5 minutes per interval. In some embodiments, the trigger condition for the baseband chip to report a request to the anti-theft module in the AMSS system may also be that the mobile phone is running an application, for example, opening the camera application.
  • the trigger condition for the baseband chip to report the request to the anti-theft module in the AMSS system may also be that the mobile phone receives some operations related to user security, for example, may be a password input error, exiting the cloud account of the mobile phone, and deleting the data. , switch machine, etc.
  • the baseband chip may also upload the security information to the anti-theft module.
  • the baseband chip establishes a data connection with the server by sending user security information.
  • the handset can access the server or data transmission via cloud account information in the security information.
  • the mobile phone may delete the data and determine Bit, remote lock, data backup, send SMS, alarm, etc.
  • the method for securing the mobile phone provided by the implementation is applicable to the case that the mobile phone is lost, especially when the mobile phone is logged off or deleted, the mobile phone system is reset or "brushed", and the network connection is disconnected.
  • the user security information is stored by using a secure storage area on the baseband chip, or the security information is stored in the TEE trusted execution environment and the security information is stored in the hardware security resource, so that the mobile phone system can be reset even if the mobile phone system is reset. Receive remote control commands from the server to secure the phone.
  • the mobile phone may also automatically report information to the server, such as location information.
  • the automatically reporting location information may also be periodic or timed, such as 8 o'clock per day or 5 minutes per interval.
  • the condition that the mobile phone automatically reports information may be a low battery, for example, the power is less than 10%.
  • the data for securing the terminal is saved in the secure storage area of the baseband chip, and the data cannot be processed by means of flashing, etc., so that the anti-theft function of the terminal can be normally operated, and the security of the terminal is improved.
  • the program can be stored in a computer readable storage medium, when the program is executed
  • the flow of the method embodiments as described above may be included.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

本发明实施例公开一种保障终端安全的方法和设备。一种保障终端安全的方法,终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述基带芯片执行以下步骤:从所述安全存储区获取鉴权数据;向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;接收所述安全管理服务器根据所述终端的身份发送的状态响应;在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。采用本发明实施例的技术方案,可解决终端的应用处理器上的操作系统被移除或替换时导致终端的防盗功能失效的问题,提高终端的安全性。

Description

一种保障终端安全的方法和设备 技术领域
本发明涉及终端安全领域,尤其涉及一种保障终端安全的方法和设备。
背景技术
随着智能终端的普及,用户在获得方便、快捷、灵活的用户体验的同时,也面临着因终端丢失造成个人数据泄露的安全隐患。当终端丢失后,用户希望通过远程方式对丢失的终端进行定位,进而找回丢失的终端;或者在终端无法找回的情况下,远程擦除个人数据,防止个人数据泄露。目前各个终端的生产厂商将防盗模块集成在自己的云服务和终端,将终端的防盗功能和对应厂商的账号系统进行绑定,用户在终端上登录云服务账号便可开启终端的防盗功能,在终端丢失后且联网(wifi或数据网络)状态下,用户可以登录终端厂商的门户系统,远程对丢失的终端发起定位指令或擦除数据指令,终端接收到远程指令后,执行定位或擦除个人数据指令,最终把执行结果上报给服务器。
目前终端的防盗流程主要分为激活和远程控制两个流程,其中,防盗功能的激活流程如图1所示,分为以下步骤:S101,用户在终端上输入登录的账号和密码后,终端的防盗客户端(PhoneFinder Client,PF Client)将账号和密码发送给认证服务器(User profile Server,Up Server);S102,认证服务器Up Server对账号和密码进行验证,并在验证通过后向防盗客户端PF Client发送第一认证凭证serviceToken;S103,防盗客户端PF Client将终端的国际移动设备身份码(International Mobile Equipment Identity,IMEI)以及防盗客户端PF Client的安装包(AndroidPackage,APK)的名称发送给消息推送服务器Push Server;S104,消息推送服务器Push Server根据IMEI和APK的名称生成消息推送凭证pushToken,并把消息推送凭证pushToken发送给防盗客户端PF Client;S105,防盗客户端PF Client向安全管理服务器(PhoneFinderServer,PFServer)发送激活请求,激活请求中携带消息推送凭证pushToken和第一认证凭证serviceToken;S106,安全管理服务器PF Server将第一认证凭证serviceToken发送给认证服务器Up Server判断激活请求的合法性;S107,认证服务器Up Server对第一认证凭证serviceToken认证通过后向安全管理服务器PF Server发送“认证通过”响应;S108,安全管理服务器PF Server完成服务器侧的激活流程后,向防盗客户端PF Client发送“激活成功”的响应。通过图1的激活流程,终端的防盗功能在账号和密码验证通过后即被激活,用户在终端丢失时可以对终端进行远程控制,防盗功能的远程控制流程如图2所示,分为以下步骤:S201,用户在门户系统上输入账号和密码后,门户系统Portal将账号和密码给认证服务器Up Server;S202,认证服务器Up Server对账号和密码进行验证,并在验证通过后向门户系统Portal发送第二认证凭证upToken;S203,门户系统Portal获取用户的远程控制指令,将携带第二认证凭证upToken和远程控制指令的远程控制请求发送给安全管理服务器PF Server;S204,安全管理服务器PF Server将第二认证凭证upToken发送给认证服务器Up Server判断远程控制请求的合法性;S205,认证服务器Up Server对第二认证凭证upToken认证通过后向安全管理服务器PF Server发送“认证通过”响应;S206,安全管理服务器PF Server向消息推送服务器Push Server发送消息推送凭证pushToken和远程控制指令;S207,消息推送 服务器Push Server和防盗客户端PF Client保持socket连接,将远程控制指令发送给防盗客户端PF Client;S208,防盗客户端PF Client执行远程控制指令对应的操作;S209,防盗客户端PF Client向安全管理服务器PF Server发送执行远程操作指令对应的操作的执行结果;S210,安全管理服务器PF Server将执行结果发送给门户系统Portal;S211,门户系统Portal向用户显示执行结果。通过对终端的远程控制,用户可以使终端执行定位、擦除数据等操作,从而找回终端或防止个人数据泄露。
现有技术的防盗功能在应用处理器的操作系统上实现且和与厂商的云服务账号系统具有绑定关系,当终端上的操作系统(这里指应用处理器上的操作系统,如Android系统、IOS系统等)被移除或替换时,则会导致终端的防盗功能失效,无法实现对终端的远程控制,终端的安全性较低。
发明内容
本发明实施例提供一种保障终端安全的方法和设备,解决终端的应用处理器上的操作系统被移除或替换时导致终端的防盗功能失效的问题,提高终端的安全性。
本发明实施例第一方面提供一种保障终端安全的方法,终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述基带芯片执行以下步骤:
从所述安全存储区获取鉴权数据;
向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
接收所述安全管理服务器根据所述终端的身份发送的状态响应;
在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
在第一方面的第一种可能的实现方式中,所述鉴权数据可以为第一认证凭证数据,第一认证凭证数据由认证服务器发送,从所述安全存储区获取鉴权数据之前还包括:接收所述终端的应用处理器发送的第一认证凭证数据;将所述第一认证凭证数据保存至所述安全存储区。
具体地,所述认证服务器可以为账号认证服务器,所述用户的身份信息可以为用户在所述终端上输入的账号和密码信息。
在第一方面的第二种可能的实现方式中,所述鉴权数据可以为第一加密数据,则从所述安全存储区获取鉴权数据之前还包括:采用预设密钥对终端标识数据加密得到所述第一加密数据,并将所述第一加密数据保存在所述安全存储区。具体地,所述终端标识数据可以为IMEI、移动设备识别码(International Mobile Subscriber Identification Number,IMSI)、移动终端标识号(Mobile Equipment Identifier,MEID)等用于识别终端的身份的唯一的终端标识数据。
在第一方面的第三种可能的实现方式中,所述预设的防护策略可以包括:向所述安全管理服务器发送控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;接收所述安全管理服务器发送的远程控制指令;执行所述远程控制指令对应的目标操作,并向所述安全管理服务器返回执行所述目标操作得到的执行结果。具体地,所述远程控制指令对应的目标操作可以为定位、擦除数据、关闭终端多媒体应用功能、声音告警、短信告警等 操作。
在第一方面的第四种可能的实现方式中,所述预设的防护策略可以包括:获取所述终端当前的位置信息;对所述终端当前的位置信息进行加密得到第二加密数据;将所述第二加密数据发送给所述安全管理服务器。
在第一方面的第五种可能的实现方式中,所述预设的防护策略可以包括:以示警的方式提示所述终端当前处于挂失状态。具体地,例如所述安全防护客户端在所述终端的界面上显示“终端当前处于挂失状态”的弹窗。
本发明实施例第二方面提供另一种保障终端安全的方法,终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述终端执行以下步骤:
从所述安全存储区获取鉴权数据;
向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定终端的身份;
接收所述安全管理服务器根据所述终端的身份发送的状态响应;
在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
在第二方面的第一种可能的实现方式中,所述鉴权数据包括第一认证凭证数据;所述从所述安全存储区获取鉴权数据之前还包括:接收认证服务器发送的第一认证凭证数据,其中,所述第一认证凭证数据为所述认证服务器在对所述终端发送的所述终端的用户的身份验证信息进行验证,并验证通过的情况下发送至所述终端的;将所述第一认证凭证数据保存至所述安全存储区。
在第二方面的第二种可能的实现方式中,所述鉴权数据包括第一加密数据;所述从所述安全存储区获取鉴权数据之前还包括:请求所述基带芯片采用预设密钥对终端标识数据加密得到所述第一加密数据。
在第二方面的第三种可能的实现方式中,所述预设的防护策略包括:向所述安全管理服务器发送控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;接收所述安全管理服务器发送的远程控制指令;执行所述远程控制指令对应的目标操作,并向所述安全管理服务器返回执行所述目标操作得到的执行结果。
在第二方面的第四种可能的实现方式中,所述预设的防护策略包括:获取所述终端当前的位置信息;请求所述基带芯片对所述位置信息进行加密得到第二加密数据;将所述第二加密数据发送给所述安全管理服务器。
在第二方面的第五种可能的实现方式中,所述预设的防护策略包括:以示警的方式提示所述终端当前处于挂失状态。
在第二方面的第六种可能的实现方式中,所述从所述安全存储区获取鉴权数据包括:通过所述基带芯片上运行的安全防护客户端从所述安全存储区获取鉴权数据。
本发明实施例第三方面提供又一种保障终端安全的方法,包括:
接收终端发送的状态查询请求,所述状态查询请求携带鉴权数据,所述鉴权数据存储于所述终端的基带芯片的安全存储区;
根据所述鉴权数据确定所述终端的身份;
根据所述终端的身份向所述终端发送状态响应,所述状态响应被所述终端用于确定所 述终端的状态,并在确定所述终端处于挂失状态的情况下,所述终端激活预设的防护策略。
在第三方面的第一种可能的实现方式中,所述方法还包括:接收用户的挂失请求,所述挂失请求中携带终端标识数据;根据所述终端标识数据确定所述挂失请求对应的终端;将所述挂失请求对应的终端的状态记录为挂失状态。具体地,可在确定所述挂失请求为合法请求的情况下将所述挂失请求对应的终端的状态记录为挂失状态,例如,所述挂失请求中可携带认证服务器发送的第一认证凭证,又如,发送所述挂失请求的服务器为处于白名单范围内的服务器,处于白名单范围内的服务器发送的挂失请求默认为合法请求。
在第三方面的第二种可能实现的方式中,所述向所述终端发送状态响应之后还可以包括:接收所述终端发送的控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;在检测到存在与所述终端对应的远程控制指令的情况下,向所述终端发送所述远程控制指令;接收所述终端返回的执行所述远程控制指令对应的目标操作得到的执行结果。
结合第三方面的第二种可能实现的方式,在第三方面的第三种可能实现的方式中,所述向所述终端发送所述远程控制指令之前还可以包括:接收用户的远程控制请求,所述远程控制请求中携带所述终端的终端标识数据及与所述终端对应的远程控制指令;缓存所述终端标识数据及所述远程控制指令。
在第三方面的第四种可能实现的方式中,所述向所述终端发送状态响应之后还可以包括:接收所述终端发送的第二加密数据;对所述第二加密数据进行解密得到所述终端当前的位置信息。
本发明实施例第四方面提供一种基带芯片,所述基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述基带芯片包括:
处理单元,用于从所述安全存储区获取鉴权数据;
发送单元,用于向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定终端的身份;
接收单元,用于接收所述安全管理服务器根据所述终端的身份发送的状态响应;
所述处理单元还用于在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
在一个可能的设计中,基带芯片的结构中包括处理器和通信接口,所述处理器用于执行本发明实施例第一方面提供的保障终端安全的方法。可选的,还可以包括存储器,所述存储器包含安全存储区,所述安全存储区用于存储支持基带芯片执行上述方法的应用程序代码和鉴权数据,所述处理器被配置为用于执行所述存储器中存储的应用程序。
本发明实施例第五方面提供一种终端,所述终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述终端包括:
处理单元,用于从所述安全存储区获取鉴权数据;
发送单元,用于向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
接收单元,用于接收所述安全管理服务器根据所述终端的身份发送的状态响应;
所述处理单元还用于在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
在一个可能的设计中,终端的结构中包括处理器和通信接口,所述处理器用于执行本发明实施例第二方面提供的保障终端安全的方法。可选的,还可以包括存储器,所述存储器包含安全存储区,所述安全存储区用于存储支持终端执行上述方法的应用程序代码和鉴权数据,所述处理器被配置为用于执行所述存储器中存储的应用程序。
本发明实施例第六方面提供一种安全管理服务器,包括:
接收单元,用于接收终端发送的状态查询请求,所述状态查询请求携带鉴权数据,所述鉴权数据存储于所述终端的基带芯片的安全存储区;
处理单元,用于根据所述鉴权数据确定所述终端的身份;
发送单元,用于向所述终端发送状态响应,所述状态响应被所述终端用于确定所述终端的状态,并在确定所述终端处于挂失状态的情况下,所述终端激活预设的防护策略。
在一个可能的设计中,安全管理服务器的结构中包括处理器和通信接口,所述处理器用于执行本发明实施例第三方面提供的保障终端安全的方法。可选的,还可以包括存储器,所述存储器用于存储支持安全管理服务器执行上述方法的应用程序代码,所述处理器被配置为用于执行所述存储器中存储的应用程序。
本发明实施例第七方面提供一种计算机存储介质,用于储存为上述基带芯片所用的计算机软件指令,其包含用于执行上述第一方面为所述基带芯片所设计的程序。
本发明实施例第八方面提供一种计算机存储介质,用于储存为上述终端所用的计算机软件指令,其包含用于执行上述第二方面为所述终端所设计的程序。
本发明实施例第九方面提供一种计算机存储介质,用于储存为上述安全管理服务器所用的计算机软件指令,其包含用于执行上述第三方面为所述安全管理服务器所设计的程序。
本发明实施例中终端的基带芯片上设置有安全存储区,可以用于存储保障终端安全的数据,在确定所述终端处于挂失状态的情况下,终端激活预设的防护策略,数据均保存在安全存储区内,通过刷机等方式无法使终端的防护策略失效,终端的防盗功能得以正常实现,提高终端的安全性。
附图说明
为了更清楚地说明本发明实施例或背景技术中的技术方案,下面将对本发明实施例或背景技术中所需要使用的附图进行说明。
图1是现有技术方案提供的终端的防盗功能的激活流程示意图;
图2是现有技术方案中提供的终端的防盗功能的远程控制流程示意图;
图3A是本发明实施提供的终端的一种实现方式的结构框图;
图3B是本发明实施提供的终端的一种实现方式的结构框图;
图3C是本发明实施提供的终端的一种实现方式的结构框图;
图3D是本发明实施提供的终端的一种实现方式的结构框图;
图3E是本发明实施提供的终端的一种实现方式的结构框图;
图4是本发明实施例提供的一种保障终端安全的方法的流程示意图;
图5是本发明实施例提供的门户系统Portal向用户显示挂失结果的示意图;
图6本发明实施例提供的一种激活预设的防护策略的方法的流程示意图;
图7是本发明实施例提供的门户系统获取用户输入的账号和密码的门户系统页面示意图;
图8是本发明实施例提供的一种执行预设的防护策略的方法流程示意图;
图9是本发明实施例提供的另一种激活预设的防护策略的方法的流程示意图;
图10是本发明实施例提供的另一种执行预设的防护策略的方法的流程示意图;
图11A是本发明实施例提供的用户在门户系统登录成功后的页面示意图;
图11B是本发明实施例提供的门户系统的远程管理页面示意图;
图11C是本发明实施例提供的门户系统向用户展示远程控制的结果的页面示意图;
提11D是本发明实施例提供的门户系统向用户显示手机的地理位置移动轨迹的页面示意图;
图12是本发明实施例提供的一种基带芯片的结构示意图;
图13是本发明实施例提供的一种终端和安全管理服务器的的结构示意图;
图14是本发明实施例提供的另一种基带芯片的结构示意图;
图15是本发明实施例提供的另一种安全管理服务器的结构示意图;
图16是本发明实施提供的一种的发送远程控制指令的界面;
图17是本发明实施提供的一种的手机防盗的系统运行框图。
具体实施方式
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行描述。
首先介绍本发明实施例涉及的终端设备的一种实现方式。该终端设备具备至少两个处理器单元,其中,一个处理器用于运行高级移动用户软件(Advanced Mobile Subscriber Software,AMSS),AMSS为基础通信操作系统,用于启动终端的modem(中文:调制解调器)以及为终端提供基础的通信功能,至少一个处理器为多媒体应用处理器(Multimedia Application Processor,MAP)用于运行应用操作系统(如Android系统、IOS系统)。具体实现中,所述至少两个处理器可以集成在一个硬件芯片上(如均集成在基带芯片上),也可以在两个不同的硬件芯片(如分别为基带芯片和应用处理器芯片),两个不同的硬件芯片(基带芯片和应用处理器芯片)也可以集成在同一块芯片上,例如集成在SoC(System on Chip)芯片上。该终端设备还具备安全存储区,其中,所述安全存储区与终端的其他存储区隔离并且拒绝非安全的事物或应用程序访问。在一种实施例中,可通过TrustZone技术实现安全存储区与其他存储区的隔离。
本发明实施例中,可以将保障终端安全的数据存储在安全区域,具体地,所述保障终端安全的数据可以为鉴权数据、终端的账号数据(如用户通过终端注册的用于保障终端安全的账号信息和密码信息,即云服务账号)、AMSS上运行的保障终端安全的安全防护客户端对应的应用程序等等。
图3A是终端设备300的一种实现方式的结构框图。如图3A所示,终端300可包括:基带芯片310、存储器315(一个或多个计算机可读存储介质)、射频(RF)模块316、外围系统317。这些部件可在一个或多个通信总线314上通信。
外围系统317主要用于实现终端300和用户/外部环境之间的交互功能,主要包括终 端300的输入输出装置。具体实现中,外围系统317可包括:触摸屏控制器318、摄像头控制器319、音频控制器320以及传感器管理模块321。其中,各个控制器可与各自对应的外围设备(如触摸屏323、摄像头324、音频电路325以及传感器326)耦合。在一些实施例中,触摸屏323可以配置有自电容式的悬浮触控面板的触摸屏,也可以是配置有红外线式的悬浮触控面板的触摸屏。在一些实施例中,摄像头324可以是3D摄像头。需要说明的,外围系统317还可以包括其他I/O外设。
处理器311可以是应用处理器(Application processor),用于运行应用程序和处理用户数据。时钟模块312主要用于为处理器311产生数据传输和时序控制所需要的时钟。电源管理模块313主要用于为处理器311、射频模块316以及外围系统提供稳定的、高精确度的电压。基带芯片310可以包括基带处理器、信道编码器、数字信号处理器、调制解调器和接口模块。集成于基带芯片310上的安全存储区3101,用于存储保障终端安全的数据。在一些实施例中,安全存储区3101也可以存储保障终端安全的安全防护应用程序。
射频(RF)模块316用于接收和发送射频信号,主要集成了终端300的接收器和发射器。射频(RF)模块316通过射频信号与通信网络和其他通信设备通信。具体实现中,射频(RF)模块316可包括但不限于:天线系统、RF收发器、一个或多个放大器、调谐器、一个或多个振荡器、数字信号处理器、CODEC芯片、SIM卡和存储介质等。在一些实施例中,可在单独的芯片上实现射频(RF)模块316。具体实现中,射频(RF)模块316在基带芯片的控制下进行射频信号的接收和发送。
存储器315与处理器311耦合,用于存储各种软件程序和/或多组指令。具体实现中,存储器315可包括高速随机存取的存储器,并且也可包括非易失性存储器,例如一个或多个磁盘存储设备、闪存设备或其他非易失性固态存储设备。存储器315可以存储操作系统(下述简称系统),例如Android,IOS,Windows或者Linux等嵌入式操作系统。具体地,操作系统可以包括应用操作系统(如运行各种多媒体应用程序的Android或IOS)、基础通信操作系统(如AMSS OS)。存储器315还可以存储网络通信程序,该网络通信程序可用于与一个或多个附加设备,一个或多个终端设备,一个或多个网络设备进行通信。存储器315还可以存储用户接口程序,该用户接口程序可以通过图形化的操作界面将应用程序的内容形象逼真的显示出来,并通过菜单、对话框以及按键等输入控件接收用户对应用程序的控制操作。
存储器315还可以存储一个或多个应用程序。如图3A所示,这些应用程序可包括:社交应用程序(例如Facebook),图像管理应用程序(例如相册),地图类应用程序(例如谷歌地图),浏览器(例如Safari,Google Chrome)等等。
在本发明实施例中,保障终端安全的数据均存储在基带芯片的安全存储区,在基带芯片上实现对数据的独立调用和独立运算,即使在应用操作系统或账号信息被清除的情况下终端仍能激活预设的防护策略,保障终端的安全。
图3B是终端设备300的一种实现方式的结构框图。终端设备硬件层包括基带芯片,用于基础通信操作系统(如图3B中的AMSS OS);以及应用处理器,用于运行嵌入式操作系统(如图3B中的Android系统),其中,基带芯片中设置有为手机防盗模块开辟的独立的安全存储区,例如在海思芯片中;AMSS为运行在基带芯片上的操作系统,用于负责 处理通信协议、射频、GPIO等;Modem stack可以是modem协议栈,用于实现和硬件基带芯片的通信;Modem API可以是modem的接口层,封装modem的网络、信号处理能力,为android操作系统封装可调用的通话、上网、短信能力;防盗模块可以是在AMSS系统上运行,通过socket(又称“套接字”)通信可实现云端交互;Linux核心层可以是针对android定制的轻量级linux操作系统内核,提供安全性、内存管理、进程管理、网络协议栈和驱动模型等服务;系统运行库层(Libraries)可以包括程序库和Android运行库,包含一些C/C++库,这些库能被Android系统中不同的组件使用。它们通过Android应用程序框架为开发者提供服务,封装linux内核的能力,供上传的framework调用;应用程序框架层(Framework)为Java语言层,对Libraries层进一步封装成java代码可调用的应用程序编程接口API;应用程序层可以提供一系列的核心应用程序,例如电子邮件、短信、日历、地图、浏览器和联系人管理等,开发者可以利用Java语言设计和编写属于自己的应用程序,也可以用于运行APK(AndroidPackage);防盗客户端位于应用层,用于与用户进行交互。
在一种可能的实施例中,防盗客户端用户接受用户输入信息,例如可以是账号或者密码,通过AT指令进入到防盗模块中,防盗模块将用户输入的信息传输至基带芯片中的安全存储区。在一种可能的实施例中,当用户在应用操作系统或者账号信息被清除时,例如该终端设备被重装系统时,存储在基带芯片中的安全存储区的信息也不会被丢失。
在本发明实施例中,保障终端安全的数据均存储在基带芯片的安全存储区,在基带芯片上实现对数据的独立调用和独立运算,即使在应用操作系统或账号信息被清除的情况下终端仍能激活预设的防护策略,保障终端的安全。
图3C是终端设备300的一种实现方式的结构框图,终端设备300包括软件部分和硬件部分,防盗客户端位于系统的应用层,提供与用户进行交互的界面;Modem API可以是modem的接口层,封装modem的网络、信号处理能力,为android操作系统封装可调用的通话、上网、短信能力;防盗模块可以是在AMSS系统上运行,通过socket(又称“套接字”)通信可实现云端交互;应用处理器(Application processor),运行应用程序和处理用户数据;基带芯片中设置有为手机防盗模块开辟的独立的安全存储区;
在本发明实施例中,保障终端安全的数据均存储在基带芯片的安全存储区,在基带芯片上实现对数据的独立调用和独立运算,即使在应用操作系统或账号信息被清除的情况下终端仍能激活预设的防护策略,保障终端的安全。
图3D是终端设备300的在一种实现方式的结构框图,可信执行环境(TEE,Trusted Execution Environment)是运行于一般操作系统(例如Android)之外的独立运行环境,TEE向一般操作系统供安全服务并且与一般操作系统隔离,一般操作系统及其上的应用程序无法访问它的硬件和软件安全资源。TEE向被称作可信应用程序的安全软件提供安全可执行环境。它同时加强了对这些可信应用程序中数据和资源的机密性、完整性和访问权限的保护。为了保证TEE的可信性,TEE在安全引导过程中进行认证并且与操作系统分离。在TEE内部,每一个可信应用都是独立的。可信应用程序不能未经授权的访问另一个可信应用程序的安全资源。可信应用程序可以由不同的应用服务提供商提供。TEE中,通过TEE内部接口(TEE internal API)控制可信应用对安全资源和服务的访问。这 些资源和服务包括密钥注入和管理、加密、安全存储、安全时钟、可信用户界面(UI)和可信键盘等。
如图3D所示,终端设备包括一般操作系统应用环境,可以是一般操作系统(例如,Android等)及客户端应用程序等;可信执行环境(TEE),运行于一般操作系统之外的独立运行环境,TEE向一般操系统提供安全服务并且与一般操作系统隔离。在一般操作系统应用环境中,提供一种防盗客户端,用于与用户进行交互。例如,可以是第三方应用程序也可以是系统界面。在可信执行环境(TEE)中,提供一种防盗模块,例如,可以是可信防盗应用。在硬件安全资源中,存储有用户的安全信息,例如,可以是账号、密码等各种安全数据,可以通过TEE内部接口(TEE internal API)控制可信应用对安全资源和服务的访问。在一些实施例中,安全信息也可以存储在防盗模块中。
在本发明实施例中,保障终端安全的数据均存储在硬件安全资源中,操作系统及其上的应用程序无法访问它的硬件和软件安全资源,并且在TEE内部,每一个可信应用都是独立的。可信应用程序不能未经授权的访问另一个可信应用程序的安全资源。即使在应用操作系统或账号信息被清除的情况下终端仍能激活预设的防护策略,保障终端的安全。
如图3E,在一些实施例中,存储器315中也可以包括安全存储区3151,用于存储保障终端安全的数据,如存储保障终端安全的安全防护应程序,具体地,安全防护应用程序的具体形式可以为运行在AMSS上的一个安全防护客户端。
请参见图4,图4是本发明第一实施例提供的一种保障终端安全的方法的流程示意图,如图所示,本发明实施例中的方法可以包括:
步骤S401:门户系统Portal获取用户的挂失请求并将挂失请求发送到安全管理服务器PF Server。
可选地,在将挂失请求发送到安全管理服务器PF Server之前,门户系统Portal需要对用户的身份进行验证,在确定用户的身份后将挂失请求发送到安全管理服务器PF Server。
具体地,门户系统Portal可以通过账号系统、预设规则设置(如设置访问门户系统的白名单)等方式验证用户的身份。例如在接受用户的挂失请求前获取用户输入的账号和密码,在账号和密码均正确的情况下确定用户的身份,然后再获取用户的挂失请求,具体实现中可通过门户系统上的挂失按钮获取用户的挂失请求。
可选地,所述挂失请求中可以携带终端标识数据,终端标识数据被安全管理服务器PF Server用于确定终端的身份并存储终端标识数据。
具体地,所述终端标识数据可以为IMEI、IMSI、MEID或通用唯一标识符(Universal Unique Identifier,UUID)等确定终端身份的数据。
在一种具体实现方式中,所述门户系统Portal可以为所述安全管理服务器PF Server的前端界面,安全管理服务器PF Server为门户系统Portal的后台管理服务器,则门户系统Portal可通过表格插件(如Table)等方式将挂失请求发送给安全管理服务器;在另一种具体实现方式中,所述门户系统Portal的后台管理服务器不为安全管理服务器PF Server,则门户系统Portal首先将挂失请求传递到门户系统Portal的后台管理服务器,由所述后台管理服务器将挂失请求发送给安全管理服务器PF Server。
步骤S402:安全管理服务器PF Server将挂失请求对应的终端的状态记录为挂失状态。
具体地,安全管理服务器PF Server将挂失请求对应的终端的状态以及终端标识数据记录在同一个数据表中。
例如,终端标识数据为IMEI,挂失请求对应的终端的IMEI为123456789012345,则在安全管理服务器的数据库中添加如表1的数据:
Key(主键) IMEI State(状态)
1 123456789012345 0
表1
其中,Key用于唯一地标识表中的此条记录,State为0则表示IMEI为123456789012345的终端处于挂失状态。
步骤S403:安全管理服务器PF Server向门户系统Portal发送“已挂失”的响应。
具体地,门户系统Portal可通过弹窗提示等方式向用户显示挂失的结果,如图5所示,图5是本发明实施例提供的门户系统Portal向用户显示挂失结果的示意图;门户系统Portal接收到安全管理服务器PF Server发送的“已挂失”响应时,向用户显示“挂失成功”的弹窗提示。
至此,通过步骤S101~S103,安全管理服务器PF Server保存有终端的挂失状态,等待终端在开机联网时进行状态查询。
以下介绍步骤S101~S103中涉及的终端(即与所述挂失请求对应的终端)与安全管理服务器PF Server的交互流程。
步骤S404:终端从安全存储区获取鉴权数据。
具体地,鉴权数据可以为第一认证凭证数据或第一加密数据。
具体地,安全存储区设置在基带芯片310上,安全存储区可对应于图3A所示的终端中的3101。
具体地,安全存储区3101可以保存安全防护应用程序,所述安全防护应用程序可以为运行在基带芯片310的上的一个安全防护客户端,终端可以通过所述安全防护客户端从安全存储区3101获取鉴权数据。
具体地,安全防护客户端可以在终端开机且联网的情况下从基带芯片的安全存储区获取鉴权数据。
具体地,可以采用“Trustzone”安全技术实现对安全存储区的隔离与防护。
步骤S405:终端向安全管理服务器PF Server发送状态查询请求,查询请求中携带鉴权数据。
步骤S406:安全管理服务器PF Server根据鉴权数据确定终端的身份。
具体的,例如鉴权数据中携带终端的IMEI,则安全管理服务器PF Server根据IMEI确定终端的身份,并利用IMEI查询安全管理服务器PF Server的数据库中有无该终端的挂失记录。
步骤S407:安全管理服务器PF Server向终端发送状态响应。
具体地,安全管理服务器PF Server向终端发送的状态响应有两种情况:一种是安全管理服务器PF Server的数据库中存在终端的挂失记录,则状态响应为“已挂失”;另一种 是安全管理服务器PF Server的数据库中不存在终端的挂失记录,则状态响应为“未挂失”。
在本发明实施例中,安全管理服务器在步骤S402中已经记录该终端的挂失状态,则状态响应为“已挂失”,终端接收到的状态响应为“已挂失”,则执行步骤S408。
步骤S408:终端激活预设的防护策略。
具体地,可设置一个标志位Flag作为激活预设的防护策略的激活参数,Flag的值为0,终端保持现状,Flag的值为1,则激活预设的防护策略,在确定终端的状态为“已挂失”的情况下,将Flag的值置为1。
至此,终端的预设防护策略开启,终端可以执行预设的防护策略,即终端执行步骤S409。
步骤S409:终端执行预设的防护策略。
具体地,终端以示警的方式提示所述终端当前处于挂失状态,例如终端在用户交互界面上显示“终端已挂失,当前不可操作”的信息提示。
可选地,终端可以锁定终端的应用操作系统(这里指应用处理器上的操作系统)使应用操作系统上的各个应用功能处于不可用状态。具体地,终端通过基带芯片向终端的应用操作系统发送AT指令,通知应用操作系统锁定位于应用操作系统上的各个应用功能,例如终端的应用操作上运行了应用A、应用B、应用C等应用,则在接收到AT指令后,操作系统对应用A、应用B以及应用C进行锁定,锁定后的终端只能实现通话和联网功能。
可选地,终端可以采集终端的各种信息,并在终端处于开机联网的情况下将信息发送给安全管理服务器PF Server。例如终端可以周期性地获取终端的位置,并在终端开机联网时将获取到的所有位置信息发送给安全管理服务器PF Server;又如终端可以在检测到终端的电信智能卡(如用户身份识别(Subscriber Identification Module,SIM)卡、全球用户身份识别(Universal Subscriber Identity Module,USIM)卡等)被更换时,记录下更换后的电信智能卡的信息,并在终端开机联网时将更换后的电信智能卡的信息发送给安全管理服务器PF Server。
可选地,终端可以在终端联网时获取安全管理服务器PF Server的远程控制指令并执行所述远程控制指令对应的目标操作,向安全管理服务器PF Server返回执行所述目标操作的执行结果。
在图4所述的方法中,终端在终端联网时向安全管理服务器PF Server发送状态查询请求,接收到安全管理服务器PF Server发送的状态响应后,在根据状态响应确定终端处于挂失状态的情况下激活预设的防护策略,其中,保障终端安全的数据(鉴权数据、与预设防护策略有关的数据)保存在基带芯片的安全存储区,刷机等方式无法使终端的防护策略失效,终端的防盗功能能够正常实现,增强终端的安全性。
在一种具体实现方式中,终端可通过基带芯片上运行的安全防护客户端执行图4对应的实施例中终端执行的各个步骤(步骤S404~S405、S408~S409),其中,与安全防护客户端对应的应用程序保存在安全存储区中。在本发明实施例中,终端与安全管理服务器采用账号系统进行认证(即鉴权数据为第一认证凭证数据)或采用密钥对的方式进行认证(即鉴权数据为第一加密数据)在激活和执行预设的防护策略时的具体实现过程有所不同,以 下通过第二实施例至第五实施例以安全防护客户端为例分别介绍在采用账号系统进行认证的情况下激活和执行终端的防护策略的实现过程和在采用密钥对的方式进行认证的情况下激活和执行终端的防护策略的实现过程。
请参见图6,图6是本发明第二实施例提供的一种激活预设的防护策略的方法的流程示意图,如图所示,所述方法包括:
步骤S501:防盗客户端PF Client获取用户输入的账号和密码,将账号和密码发送给认证服务器Up Server。
具体地,防盗客户端PF Client运行在终端的应用处理器的应用操作系统上,也即图1或图2中的防盗客户端,防盗客户端为对应图3A中的其中一个应用程序,防盗客户端的应用程序保存在安全存储区外。
具体地,防盗客户端PF Client通过用户交互界面获取用户输入的账号和密码,例如调用图3A中的用户接口程序向用户呈现图形化的操作界面,通过对话或按键等输入控件接收用户的操作,从而获取用户输入的账号和密码。
需要说明的是,用户在所述防盗客户端PF Client上输入账号和密码前,还需注册账号,注册的流程与现有技术中账号的注册流程一致,在此不做多余描述。
步骤S502:认证服务器Up Server在对账号和密码的验证通过的情况下,向防盗客户端PF Client发送第一认证凭证serviceToken。
具体地,认证服务器Up Server将账号和密码与保存在数据库中用户注册时设置的账号和密码进行匹配,若账号与用户设置的账号一致且密码与用户设置的密码一致则确定账号和密码通过验证。
具体地,第一认证凭证serviceToken为终端与认证服务器Up Server之间的密钥,在后续终端与认证服务器Up Server进行交互时,认证服务器Up Server可根据终端发送的第一认证凭证serviceToken判断终端的请求为合法请求。
步骤S503:防盗客户端PF Client将第一认证凭证serviceToken发送给安全防护客户端。
具体地,防盗客户端PF Client通过AT指令将第一认证凭证serviceToken发送给安全防护客户端。
需要说明的是,在本发明实施例中,第一认证凭证serviceToken对应于第一实施例中的鉴权数据,即鉴权数据为第一认证凭证serviceToken。
步骤S504:安全防护客户端将第一认证凭证serviceToken保存至安全存储区。
步骤S505:安全防护客户端向防盗客户端PF Client响应写入结果。
至此,用于确定终端身份的鉴权数据(即第一认证凭证serviceToken)已经保存至基带芯片的安全存储区,在后续的过程中,安全防护客户端可利用此鉴权数据与安全管理服务器PF Server进行交互。
在终端丢失的情况下,用户通过在门户系统Portal上登录账号和密码完成对终端的挂失,以下通过步骤S506~S512介绍终端的挂失流程。
步骤S506:门户系统Portal获取用户输入的账号和密码,将账号和密码发送给认证服务器Up Server。
具体地,门户系统Portal可通过如图7所示的门户系统页面获取用户输入的账号和密码。
步骤S507:认证服务器Up Server在对账号和密码的验证通过的情况下,向门户系统Portal发送第二认证凭证upToken。
具体地,认证服务器Up Server对账号和密码进行验证的方式已在步骤S502中描述,不再赘述。
具体地,第二认证凭证upToken为门户系统Portal与认证服务器Up Server之间的密钥,在后续门户系统Portal与认证服务器Up Server进行交互时,认证服务器Up Server可根据门户系统Portal发送的第二认证凭证upToken判断门户系统的请求为合法请求。
步骤S508:门户系统Portal获取用户的挂失请求并将携带第二认证凭证upToken的挂失请求发送到安全管理服务器PF Server。
具体地,门户系统Portal通过获取用户在用户交互界面上的操作来获取用户的挂失请求,例如获取用户点击门户系统上的“挂失”按钮。
具体地,门户系统Portal与安全管理服务器之间的关系已在上述第一实施例中的步骤S401中进行描述,不再赘述。
步骤S509:安全管理服务器PF Server将第二认证凭证upToken发送到认证服务器Up Server判断挂失请求的合法性。
步骤S510:认证服务器Up Server向安全管理服务器PF Server“认证通过”响应。
具体地,第二认证凭证upToken为认证服务器在步骤S507发送给门户系统Portal的,认证服务器在接收到第二认证凭证upToken时确定门户系统Portal的请求合法,即认证通过。
步骤S511:安全管理服务器PF Server记录终端的挂失状态。
步骤S512:安全管理服务器PF Server向Portal发送“已挂失”的响应。
具体地,步骤S511~S512的具体实现方式已在上述第一实施例中步骤S402~S403中介绍,不再赘述。
至此,安全管理服务器PF Server已保存终端的挂失状态,等待终端在开机联网时进行状态查询。
步骤S513:安全防护客户端从安全存储区获取第一认证凭证serviceToken。
步骤S514:安全防护客户端向安全管理服务器PF Server发送状态查询请求,状态查询请求中携带第一认证凭证serviceToken。
可选地,所述状态查询请求中还携带终端的终端标识数据。
步骤S515:安全管理服务器PF Server根据第一认证凭证serviceToken确定终端的身份及挂失状态。
具体地,安全管理服务器PF Server将第一认证凭证serviceToken发送到认证服务器Up Server,由认证服务器Up Server对终端身份进行认证,其中,第一认证凭证serviceToken为认证服务器Up Server在步骤S502中发送给终端的防盗客户端PF Client,认证服务器在接收到安全防护客户端发送的第一认证凭证serviceToken时确定终端的请求合法,则向安全管理服务器PF Server发送“认证通过”响应,安全管理服务器PF Server从而确定终 端的身份。
具体地,安全管理服务器PF Server可根据终端的终端标识数据确定终端的挂失状态。例如安全管理服务器PF Server的数据库中保存有如表1所示的终端的状态记录,则若终端的IMEI为123456789012345时,安全管理服务器PF Server则确定终端处于挂失状态。
需要说明的是,步骤S515中描述的终端与步骤S511中的描述的终端为同一终端,则终端处于“挂失”状态,安全管理服务器PF Server执行步骤S516。
步骤S516:安全管理服务器PF Server向安全防护客户端发送“已挂失”的状态响应。
步骤S517:安全防护客户端激活预设的防护策略。
具体地,预设的防护策略的具体执行方式可参考上述第一实施例步骤S409,不再赘述。
在图6所述的方法中,针对于现有技术中利用账号系统进行认证的激活流程进行安全性增强,安全防护客户端接收防盗客户端PF Client发送的第一认证凭证serviceToken,第一认证凭证serviceToken被永久保存在基带芯片的安全存储区中,用户在丢失终端后可凭借账号和密码在门户系统上进行挂失,安全管理服务器PF Server可以保存终端的挂失记录,终端的安全防护客户端可以从向安全管理服务器PF Server发送serviceToken查询到终端的挂失状态,进而激活预设的防护策略,实现终端的防盗功能,终端的防盗功能由安全防护客户端进行激活,serviceToken和安全防护客户端的应用程序保存在基带芯片的安全存储区,即使在防盗客户端PF Client被移除的情况下也能激活预设的防护策略,提高终端的安全性。
当安全防护客户端接收到“已挂失”的状态响应时,安全防护客户端确定终端当前处于挂失状态,在激活预设的防护策略后,安全防护客户端执行预设的防护策略,在一种实施方式中,安全防护客户端向安全管理服务器PF Server发送控制指令查询请求查询安全管理服务器中是否有终端对应的远程控制指令存在,请参见图8,图8是本发明第三实施例提供的一种执行预设的防护策略的方法流程示意图,如图所示,所述方法包括:
步骤S601:门户系统Portal获取用户输入的账号和密码,将账号和密码发送给认证服务器Up Server。
步骤S602:认证服务器Up Server在对账号和密码的验证通过的情况下,向门户系统Portal发送第二认证凭证upToken。
具体地,步骤S601~S602的具体实现可参考上述第二实施例中步骤S506~S507的描述,不再赘述。
步骤S603:门户系统Portal获取用户的远程控制指令,并将携带第二认证凭证upToken和远程控制指令的远程控制请求发送到安全管理服务器PF Server。
具体地,所述远程控制指令包括但不限于地理位置上报指令、擦除数据指令、联系方式上报指令等对终端进行控制的指令。
步骤S604:安全管理服务器PF Server将第二认证凭证upToken发送到认证服务器Up Server判断远程控制请求的合法性。
步骤S605:认证服务器Up Server向安全管理服务器PF Server“认证通过”响应。
具体地,步骤S605与上述第二实施例中的步骤S510相同,不再赘述。
步骤S606:安全管理服务器PF Server缓存远程控制指令。
至此,安全管理服务器PF Server中缓存有远程控制指令,当安全防护客户端激活预设的防护策略后可在开机联网时获取远程控制指令。
步骤S607:安全防护客户端从安全存储区获取第一认证凭证serviceToken。
具体地,第一认证凭证serviceToken为采用账号系统进行认证产生的一个终端和服务器之间的密钥,由安全防护客户端在激活预设的防护策略之前保存在基带芯片的安全存储区中(参见第二实施例中步骤S504),可用于确定终端的身份,安全管理服务器PF Server在接收到第一认证凭serviceToken时可确定终端的请求为合法请求。
步骤S608:安全防护客户端向安全管理服务器PF Server发送控制指令查询请求,控制指令查询请求中携带第一认证凭证serviceToken。
步骤S609:安全管理服务器PF Server根据第一认证凭证serviceToken确定终端的身份并获取远程控制指令。
具体地,安全管理服务器PF Server接收到第一认证凭证serviceToken后,将第一认证凭证serviceToken发送到认证服务器Up Server,认证服务器Up Server对终端的身份进行认证,在认证通过时向安全管理服务PF Server发送“认证通过”响应,安全管理服务器PF Server确定终端的身份,然后查询与终端对应的远程控制指令,其中,安全管理服务器PF Server在步骤S606中已经缓存终端的远程控制指令。
步骤S610:安全管理服务器PF Server向安全防护客户端发送远程控制指令。
步骤S611:安全防护客户端执行远程控制指令对应的目标操作。
具体地,安全防护客户端可以获取终端的定位。
具体地,安全防护客户端可以擦除终端的数据,如终端中保存的联系人信息、终端中保存的短信信息、终端中保存的图片信息、终端中保存的各种应用的账号信息等。
具体地,安全防护客户端可以使终端上的各项应用处于禁止状态。
具体地,安全防护客户端可以在终端开机时以鸣叫等方式提示终端处于挂失状态。
步骤S612:安全防护客户端向安全管理服务器PF Server发送执行目标操作的执行结果。
具体地,例如远程控制指令为获取终端的地理位置,则安全防护客户端将获取到的终端的地理位置发送给安全管理服务器PF Server;又如,远程控制指令为擦除终端的数据,则安全防护客户端向安全管理服务器发送“擦除成功”的响应。
步骤S613:安全管理服务器PF Server将执行结果发送给Portal。
具体地,在执行结果为有关于终端的状态信息(如地理位置信息)的情况下,安全管理服务器还可以将所述执行结果发送到公安局的服务器中。
在图8所述的方法中,安全防护客户端在联网时主动向安全管理服务器PF Server查询是否有远程控制指令存在,当存在远程控制指令时则执行远程控制指令对应的目标操作并上报执行结果,安全防护客户端在基带芯片上运行,通过刷机等方式无法移除安全防护客户端,提高终端的安全性。
请参见图9,图9是本发明第四实施例提供的一种激活预设的防护策略的方法的流程示意图,如图所示,所述方法包括:
步骤S701:安全管理服务器PF Server从门户系统Portal获取用户的挂失请求。
具体地,门户系统通过接收门户系统的管理员发送的信息获取用户的挂失请求。
例如,用户在终端丢失后向门户系统的管理员提供购买终端的凭证以及终端标识数据,则门户系统的管理员打开门户系统Portal,对终端的挂失状态进行登记。
具体地,门户系统还可以通过验证用户提供的身份凭证获取用户的挂失请求。
例如,用户打开门户系统,在门户系统上上传购买终端的发票的图片以及终端标识数据,门户系统的后台管理服务器通过光学字符识别(Optical Character Recognition,OCR)技术识别发票上的信息,从而确定用户的挂失请求为合法请求。
步骤S702:安全管理服务器PF Server记录挂失请求对应的终端的挂失状态。
步骤S703:安全管理服务器PF Server向Portal发送“已挂失”的响应。
具体地,步骤S702~S703的具体实现方式已在上述第一实施例中步骤S402~S403中介绍,不再赘述。
至此,安全管理服务器PF Server已保存终端的挂失状态,等待终端在开机联网时对终端的状态进行查询。
步骤S704:安全防护客户端请求基带芯片采用预设密钥对终端标识数据加密得到第一加密数据。
具体地,预设密钥可以为公钥、私钥或对称密钥。
具体地,预设密钥可以保存在基带芯片的安全存储区,也可以由终端的基带芯片自动生成。
步骤S705:安全防护客户端将第一加密数据发送给安全管理服务器PF Server。
步骤S706:安全管理服务器PF Server对第一加密数据进行解密得到终端标识数据,根据终端标识数据确定终端的身份及挂失状态。
具体地,安全管理服务器PF Server采用与预设密钥对应的解密密钥对第一加密数据进行解密。
例如,预设密钥为公钥,则解密密钥为与公钥对应的私钥;又如预设密钥为私钥,则解密密钥为与私钥对应的公钥。
步骤S707:安全管理服务器PF Server向安全防护客户端发送“已挂失”的状态响应。
步骤S708:安全防护客户端激活预设的防护策略。
具体地,预设的防护策略的具体执行方式可参考上述第一实施例步骤S409,不再赘述。
在图9所述的方法中,不再利用现有技术中利用账号系统进行认证,终端与安全管理服务器PF Server之间采用约定的密钥对的方式进行认证,安全防护客户端和安全管理服务器PF Server通过传递加密数据完成对预设的防护策略进行激活,安全防护客户端运行在基带芯片上,无法通过刷机的方式移除,提高终端的安全性,另外,在此种认证方式中,不需要用户事先注册账号,用户只需在终端丢失时进行挂失,节省用户操作,简单有效。
当安全防护客户端接收到“已挂失”的状态响应时,安全防护客户端确定终端当前处于挂失状态,在激活预设的防护策略后,则执行预设的防护策略,在一种实施方式中,安全防护客户端主动执行安全防护操作,并将执行安全防护操作的执行结果发送给安全管理服务器PF Server。请参见图10,图10是本发明第五实施例提供的一种执行预设的防护策略的方法的流程示意图,如图所示,所述方法包括:
步骤S801:安全防护客户端获取终端的位置信息。
具体地,安全防护客户端在终端开机联网的情况下通过GPS定位获取终端的位置信息。
步骤S802:安全防护客户端请求基带芯片对位置信息进行加密得到第二加密数据。
具体地,基带芯片采用上述第四实施例中步骤S704提及的预设密钥对位置信息进行加密。
步骤S803:安全防护客户端将第二加密数据发送给安全管理服务器PF Server。
步骤S804:安全管理服务器PF Server对第二加密数据进行解密得到终端的位置信息。
具体地,安全管理服务器PF Server采用与预设密钥对应的解密密钥对第二加密数据进行解密得到终端的位置信息。
步骤S805:安全管理服务器PF Server将位置信息发送给用户。
具体地,安全管理服务器PF Server可以将位置信息发送至用户预留的手机号码、邮箱等社交账号上。
具体地,安全管理服务器PF Server还可以将位置信息发送给上述第四实施例中步骤S401提及的门户系统Portal。
在图10所述的方法中,安全防护客户端在终端联网时获取终端的地理位置,将地理位置加密并将加密后的数据发送给安全管理服务器PF Server,PF Server收到地理位置后将地理位置发送给用户,从而使用户能够确定终端的位置,安全防护客户端运行在基带芯片上,无法通过刷机的方式移除,提高终端的安全性。
需要说明的是,安全防护客户端主动执行的安全防护操作除了上述第五实施例中提及的获取终端的位置信息并上报给安全管理服务器PF Server外,还可以为上述第三实施例步骤S611中对远程控制指令对应的目标操作,在此不再赘述。
应理解的是,上述以安全防护客户端为执行主体的实施例仅为本发明实施例的一种具体实现方式,在可选实施方式中,终端还可以通过基带芯片上的其他应用程序或其他功能单元/模块执行上述方法,其中,所述保障终端安全的数据存储在安全存储区。
为便于更好理解和实施本发明实施例的上述方案,下面结合具体的应用场景来进行说明。以终端为手机为例,假设用户A为手机a的主人,手机a具备防盗功能,手机a的安全防护客户端运行在AMSS上。
情况一:安全防护客户端与安全管理服务器PF Server采用账号系统进行认证。
首先,用户A在手机或门户系统上注册手机a的制造商的云服务账号(假设账号为XYY,密码为123),当用户A想要开启手机a的防盗功能时,用户A在应用操作系统上的防盗客户端(如找回手机)上登录账号和密码,此时防盗客户端会将账号XYY和密码123发给到制造商的认证服务器上;认证服务器发现账号系统中有账号名为XYY的账号, 且账号名为XYY的密码为123,则确定用户A的身份合法,向防盗客户端返回一个第一认证凭证serviceToke(serviceToken为终端与认证服务器之间的会话凭证,即终端与认证服务器之间约定的一个交互密钥,后续终端向认证服务器请求数据时只需带上serviceToken,不用再发送账号和密码)。
当用户A发现手机a丢失时,用户A进入手机a的制造商的云服务门户系统,门户系统可以如图7所示,用户A在门户系统上输入账号XYY和密码123,门户系统将账号XYY和密码123传输到认证服务器,认证服务器发现账号系统中有账号名为XYY的账号,且账号名为XYY的密码为123,则确定用户A的身份合法并向门户系统返回第二认证凭证upToken(upToken为门户系统与认证服务器之间的会话凭证,即门户系统与认证服务器之间约定的一个交互密钥,后续门户系统与认证服务器进行数据交互时只需带上upToken,不用再发送账号和密码)告知门户系统用户A的身份合法;登录成功后,门户系统如图11A所示,图11A是本发明实施例提供的用户在门户系统登录成功后的页面示意图,用户A在门户系统上点击“挂失”按钮,门户系统将携带upToken的挂失请求发送到安全管理服务器,安全管理服务器在将upToken发送给认证服务器确定用户A的挂失请求合法后,向门户系统发送“已挂失”的响应,并将手机a的状态记录为“已挂失”,此时门户系统如图5所示;用户点击确定按钮后,可以进入远程管理页面,具体如图11B所示,图11B是本发明实施例提供的门户系统的远程管理页面示意图,用户A可以在门户系统上选择远程控制选项,假设用户选择“定位”、“擦除数据”,则门户系统将针对手机a的远程控制指令(定位指令和擦除数据指令)发送给安全管理服务器,安全管理服务器缓存有关于手机a的远程控制指令。
安全防护客户端在手机a开机联网时,向安全管理服务器发起状态查询请求,请求中携带serviceToken,安全管理服务器将serviceToken发送给认证服务器确定手机a的身份合法后,查询手机a的状态,向安全防护客户端发送“已挂失”的状态响应,安全防护客户端开启手机a的防护策略;安全防护客户端向门户系统发起的控制指令查询请求,安全管理服务器查询到与手机a有关的远程控制指令有定位指令和擦除数据指令,则将定位指令和擦除数据指令发送给安全防护客户端。安全防护客户端擦除手机中的数据并获取手机a的地理位置,假设获取到的地理位置为位置Y,向安全管理服务器返回位置Y和“擦除成功”的响应,安全管理服器向门户系统返回位置Y和“擦除成功”的响应,门户系统向用户展示远程控制的结果,具体如图11C所示,图11C是本发明实施例提供的门户系统向用户展示远程控制的结果的页面示意图。
在另一种可能实现的方式中,安全防护客户端在开启手机a的防盗功能后但未接收到用户的远程控制指令时,安全防护客户端可周期性地获取手机a的地理位置,并将地理位置发送给安全管理服务器,安全管理服务器将地理位置发送给门户系统,在用户登录成功后,可查询到手机a的地理位置移动轨迹,具体可如图11D所示,图11D是本发明实施例提供的门户系统向用户显示手机的地理位置移动轨迹的页面示意图,图11D中,门户系统的网页上显示手机a在不同时间上报的位置信息。
情况二:防盗客户端PF Client与安全管理服务器PF Server采用预设密钥进行认证。
在手机a丢失的情况下,用户A可向手机a的制造商的客服人员提供购机发票和手 机a的IMEI串号,客服人员在门户系统上进行挂失及远程控制,其中,门户系统与安全管理服务器的交互过程与情况一中描述的类似,不同之处在于门户系统向安全管理服务器发送挂失请求和远程控制指令时不再携带upToken,安全管理服务器默认请求合法,不再赘述其详细过程。
安全防护客户端在手机a开机联网时,将手机a的IMEI的串号加密后发送给安全管理服务器,安全管理服务器查询手机a的状态,向安全防护客户端发送“已挂失”的状态响应,安全防护客户端开启手机a的防护策略;开启防护策略后的流程与上述情况一中描述的类似,不再赘述。
上述详细阐述了本发明实施例的方法,下面提供了本发明实施例的装置。
请参见图12,图12是本发明实施例提供的一种基带芯片的结构示意图,该基带芯片90上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述基带芯片包括处理单元901、发送单元902以及接收单元903,其中,各个单元的详细描述如下:
处理单元901,用于从所述安全存储区获取鉴权数据;
发送单元902,用于向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定终端的身份;
接收单元903,用于接收所述安全管理服务器根据所述终端的身份发送的状态响应;
所述处理单元901还用于在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
需要说明的是,各个单元的实现还可以对应参照图4、图6、图8、图9或图10所示的方法实施例的相应描述。
在图12所描述的基带芯片90中,保障终端安全的数据保存在基带芯片的安全存储区上,刷机等方式无法使终端的防护策略失效,保证终端的防盗功能可以正常实现,提高终端的安全性。
请参见图13,图13是本发明实施例提供的一种终端和安全管理服务器的结构示意图,如图13所示,终端100和安全管理服务器110之间存在通信连接,例如wifi连接,可实现二者之间的数据通信。终端和安全管理服务器的功能块可由硬件、软件或硬件与软件的组合来实施本发明方案。所属领域的技术人员应理解,图13中所描述的功能块可经组合或分离为若干子块以实施本发明方案。因此,本发明中上面描述的内容可支持对下述功能模块的任何可能的组合或分离或进一步定义。
如图13所示,终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,终端100可包括:
处理单元1001,用于从所述安全存储区获取鉴权数据;
发送单元1002,用于向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
接收单元1003,用于接收所述安全管理服务器根据所述终端的身份发送的状态响应;
处理单元1001还用于在根据所述状态响应确定所述终端处于挂失状态的情况下,激 活预设的防护策略。
如图13所示,安全管理服务器110可包括:
接收单元1101,用于接收终端发送的状态查询请求,所述状态查询请求携带鉴权数据,所述鉴权数据存储于所述终端的基带芯片的安全存储区;
处理单元1102,用于根据所述鉴权数据确定所述终端的身份;
发送单元1103,用于向所述终端发送状态响应,所述状态响应被所述终端用于确定所述终端的状态,并在确定所述终端处于挂失状态的情况下,所述终端激活预设的防护策略。
在图13所描述的终端100中,保障终端安全的数据保存在基带芯片的安全存储区上,刷机等方式无法使终端的防护策略失效,保证终端的防盗功能可以正常实现,提高终端的安全性。
需要说明,图13对应的实施例中未提及的内容以及各个功能单元的具体实现,请参考图4、图6、图8、图9或图10实施例,这里不再赘述。
请参见图14,图14是本发明实施例提供的另一种基带芯片的结构示意图,该基带芯片120包括处理器1201、存储器1202、通信接口1203,所述处理器1201、所述存储器1202、所述通信接口1203通过一个或多个通信总线1204连接。
通信接口1203连接至基带芯片外围的通信模块。
存储器1202包括指令缓冲存储器12021、数据缓冲理存储器12022,其中,指令缓冲存储器12021用于存储程序指令,数据缓冲存储器12022用于存储数据,指令缓冲存储器和数据缓冲存储器中均包含安全存储区。
具体实现中,存储器1202包括但不限于是随机存储记忆体(英文:Random Access Memory,简称:RAM)、只读存储器(英文:Read-Only Memory,简称:ROM)、可擦除可编程只读存储器(英文:Erasable Programmable Read Only Memory,简称:EPROM)、或便携式只读存储器(英文:Compact Disc Read-Only Memory,简称:CD-ROM)。
处理器1201包括指令处理器内核12011、指令存储管理单元12012、数据存储管理单元12013,其中,指令存储管理单元12012用于对指令缓冲存储器12021中存储的程序指令进行管理,数据存储管理单元12013用于对数据缓冲存储器12022中存储的数据进行管理,所述处理器内核12011可以与所述存储管理单元12012、数据存储管理单元12013配合执行以下操作:
从安全存储区获取鉴权数据;
向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
接收所述安全管理服务器根据所述终端的身份发送的状态响应;
在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
具体实现中,处理器内核12011通过指令存储管理单元12012调用指令缓冲存储器12021的安全存储区中存储的应用程序,处理器内核12011根据所述应用程序执行对应的操作:首先处理器内核12011指示数据存储管理单元12023从数据缓冲存储器12022的安 全存储区获取鉴权数据,然后首先处理器内核12011通过通信接口1203将鉴权数据发送给安全管理服务器,然后处理器内核12011通过通信接口1203接收安全管理服务器发送的状态响应,最后处理器内核12011在根据所述状态响应确定终端处于挂失状态的情况下,激活预设的防护策略。
在上述过程中,处理器内核12011可以通过基带芯片外围的终端的通信模块(如射频模块)与安全管理服务器进行通信(发送状态查询请求或接收状态响应)。
需要说明的是,所述处理器内核12011还可以与所述指令存储管理单元12012、数据存储管理单元12013配合执行图6、图8、图9或图10所示的方法中安全防护客户端执行的操作。
请参见图15,图15是本发明实施例提供的另一种安全管理服务器的结构示意图,该安全管理服务器130可包括处理器1301、存储器1302和收发器1303,所述处理器1301、存储器1302和收发器1303通过总线相互连接。
存储器1302包括但不限于是随机存储记忆体(英文:Random Access Memory,简称:RAM)、只读存储器(英文:Read-Only Memory,简称:ROM)、可擦除可编程只读存储器(英文:Erasable Programmable Read Only Memory,简称:EPROM)、或便携式只读存储器(英文:Compact Disc Read-Only Memory,简称:CD-ROM),该存储器1302用于相关指令及数据。收发器1303用于接收和发送数据。
处理器1301可以是一个或多个中央处理器(英文:Central Processing Unit,简称:CPU),在处理器1301是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。
该安全管理服务器130中的处理器1301用于读取所述存储器1302中存储的程序代码,执行以下操作:
通过收发器1303接收终端发送的状态查询请求,所述状态查询请求携带鉴权数据,所述鉴权数据存储于所述终端的基带芯片的安全存储区;
根据所述鉴权数据确定所述终端的身份;
通过收发器1303向所述终端发送状态响应,所述状态响应被所述终端用于确定所述终端的状态,并在确定所述终端处于挂失状态的情况下,所述终端激活预设的防护策略。
需要说明的是,所述处理器1301还可以执行图4、图6、图8、图9或图10所示的方法中安全管理服务器执行的操作。
本发明的一个实施例提供了一种保障终端(例如手机)安全的方法,解决终端的应用处理器上的操作系统被移除或替换时导致终端的防盗功能失效的问题。采用如图3A-3D所述的终端设备,例如可以是基带芯片上的安全存储区域中存储有用户安全信息,也可以采是TEE可信执行环境中运行防盗模块以及硬件安全资源中存储安全信息,其中,安全信息可以是账号、密码、各种应用程序与数据。在一些实施例,安全信息可以用于与服务器建立起连接,进而进行数据传输。
在一些实施中,用户可以登录服务器或者门户系统,例如通过云账号。在一些实施例中,服务器可以由手机厂商提供。在一些实施例中,用户也可以向服务器发送手机远程控 制指令,远程控制指令可以是删除数据、GPS定位、数据备份、远程锁定、发送消息等一项或者多项。
如图16所示,根据一个可能的实施例提供的远程控制指令界面,例如,该界面可以由具有显示器的终端设备提供。在一些实施例中,该界面包括但不限于“发送信息到设备”、“远程锁定设备”、“备份数据”、“清除数据”控件。在一些实施例中,用户还可以查看手机同步到服务器中的联系人信息、短信、网盘、相册等数据。在一些实施例中,该界面还可以提供地图服务,查看当前手机的位置。
在一些实施例中,用户登录到如图16的界面,发送远程控制指令,例如,可以是点击“备份数据”按钮。如图17所示,提供一种保障手机安全的方法,其运行流程如下:
步骤一:手机的基带芯片检测手机是否处于联网状态;
步骤二:当检测到手机处于联网状态时,基带芯片向AMSS系统中的防盗模块上报请求;
步骤三:防盗模块接收到基带芯片的请求后,读取基带芯片安全存储区的用户安全信息;
步骤四:读取到基带芯片安全存储区的用户安全信息后,防盗模块通过基带芯片发送指令至服务器上,其中,指令中包含有用户安全信息;
步骤五:服务器对接收到的用户信息进行鉴权,鉴权成功后,手机可以接受到服务器发送中的指令;
步骤六:服务器发送指令至所述手机,所述指令包括删除数据、定位、远程锁定、数据备份、发送短信、警报等操作。其中,所述指令为用户发送的手机远程控制指令。值得一提的是,在手机没有访问服务器时,服务器可能接收到远程控制指令,这时服务器将远程控制指令存储下来,在手机访问服务器时再发送给手机。
值得说明的是,在步骤一中,基带芯片向AMSS系统中的防盗模块上报请求的触发条件可以是基带芯片检测到连接到网络,例如,可以是检测到手机是否连接到WIFI、2G/3G/4G、蓝牙、GPRS、ZigBee等各种信号。在一些实施例中,手机发送用户安全信息给服务器可以是周期性的,比如,每5分钟发送一次。在一些实施例中,手机发送用户安全信息给服务器也可以是定时的,例如每天早上8点。在一些实施例中,基带芯片向AMSS系统中的防盗模块上报请求的触发条件也可以是检测到手机在同步数据至服务器,例如,手机同步相册至服务器。在一些实施例中,检测手机同步数据至服务器也可以是周期性或者定时的,例如每天8点或者每间隔5分钟。在一些实施例中,基带芯片向AMSS系统中的防盗模块上报请求的触发条件也可以是手机在运行某个应用程序,例如,打开相机应用程序。在一些实施例中,基带芯片向AMSS系统中的防盗模块上报请求的触发条件也可以是手机上接收到一些涉及用户安全的操作,例如,可以是密码输入错误,退出手机的云账号、删除数据、开关机等。
在步骤三中,也可以是基带芯片将安全信息上传至防盗模块。
在步骤五中,基带芯片通过发送用户安全信息与服务器建立数据连接。在一些实施例中,手机通过安全信息中的云账号信息可以访问服务器或者数据传输。
在一些实施例中,手机接收到服务器发送的远程控制指令后,可以进行删除数据、定 位、远程锁定、数据备份、发送短信、警报等操作。
本实施提供的保障手机安全的方法适用于手机丢失后,尤其是在手机注销或删除了云账号、手机系统被重置或者被“刷机”、以及断开网络连接等条件下。本实施例通过基带芯片上的安全存储区域来存储用户安全信息,或者采用TEE可信执行环境中运行防盗模块以及硬件安全资源中存储安全信息,从而即使在手机系统被重置的情况下也可以接收到来自服务器的远程控制指令,从而保证手机安全。
值得说明的是,在一些实施例中,手机也可以自动上报信息至服务器,例如定位信息。在一些实施例中,自动上报定位信息也可以是周期性或者定时的,例如每天8点或者每间隔5分钟。在一些实施例中,手机自动上报信息的条件可以是低电量,比如,电量低于10%。
综上所述,通过实施本发明实施例,保障终端安全的数据保存在基带芯片的安全存储区,无法通过刷机等方式所述数据,保证终端的防盗功能可以正常运行,提高终端的安全性。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,该流程可以由计算机程序来指令相关的硬件完成,该程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法实施例的流程。而前述的存储介质包括:ROM或随机存储记忆体RAM、磁碟或者光盘等各种可存储程序代码的介质。

Claims (36)

  1. 一种保障终端安全的方法,其特征在于,终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述基带芯片执行以下步骤:
    从所述安全存储区获取鉴权数据;
    向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
    接收所述安全管理服务器根据所述终端的身份发送的状态响应;
    在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
  2. 如权利要求1所述的方法,其特征在于,所述鉴权数据包括第一认证凭证数据;
    所述从所述安全存储区获取鉴权数据之前还包括:
    接收所述终端的应用处理器发送的第一认证凭证数据;
    将所述第一认证凭证数据保存至所述安全存储区。
  3. 如权利要求1所述的方法,其特征在于,所述鉴权数据包括第一加密数据;
    所述从所述安全存储区获取鉴权数据之前还包括:
    采用预设密钥对终端标识数据加密得到所述第一加密数据,并将所述第一加密数据保存在所述安全存储区。
  4. 如权利要求1所述的方法,其特征在于,所述预设的防护策略包括:
    向所述安全管理服务器发送控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;
    接收所述安全管理服务器发送的远程控制指令;
    执行所述远程控制指令对应的目标操作,并向所述安全管理服务器返回执行所述目标操作得到的执行结果。
  5. 如权利要求1所述的方法,其特征在于,所述预设的防护策略包括:
    获取所述终端当前的位置信息;
    对所述终端当前的位置信息进行加密得到第二加密数据;
    将所述第二加密数据发送给所述安全管理服务器。
  6. 如权利1所述的方法,其特征在于,所述预设的防护策略包括:
    以示警的方式提示所述终端当前处于挂失状态。
  7. 一种保障终端安全的方法,其特征在于,终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述终端执行以下步骤:
    从所述安全存储区获取鉴权数据;
    向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
    接收所述安全管理服务器根据所述终端的身份发送的状态响应;
    在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
  8. 如权利要求7所述的方法,其特征在于,所述鉴权数据包括第一认证凭证数据;
    所述从所述安全存储区获取鉴权数据之前还包括:
    接收认证服务器发送的第一认证凭证数据,其中,所述第一认证凭证数据为所述认证服务器在对所述终端发送的所述终端的用户的身份验证信息进行验证,并验证通过的情况下发送至所述终端的;
    将所述第一认证凭证数据保存至所述安全存储区。
  9. 如权利要求7所述的方法,其特征在于,所述鉴权数据包括第一加密数据;
    所述从所述安全存储区获取鉴权数据之前还包括:
    请求所述基带芯片采用预设密钥对终端标识数据加密得到所述第一加密数据。
  10. 如权利要求7所述的方法,其特征在于,所述预设的防护策略包括:
    向所述安全管理服务器发送控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;
    接收所述安全管理服务器发送的远程控制指令;
    执行所述远程控制指令对应的目标操作,并向所述安全管理服务器返回执行所述目标操作得到的执行结果。
  11. 如权利要求7所述的方法,其特征在于,所述预设的防护策略包括:
    获取所述终端当前的位置信息;
    请求所述基带芯片对所述位置信息进行加密得到第二加密数据;
    将所述第二加密数据发送给所述安全管理服务器。
  12. 如权利要求7所述的方法,其特征在于,所述预设的防护策略包括:
    以示警的方式提示所述终端当前处于挂失状态。
  13. 如权利要求7-12任一项所述的方法,其特征在于,所述从所述安全存储区获取鉴权数据包括:
    通过所述基带芯片上运行的安全防护客户端从所述安全存储区获取鉴权数据。
  14. 一种保障终端安全的方法,其特征在于,包括:
    接收终端发送的状态查询请求,所述状态查询请求携带鉴权数据,所述鉴权数据存储于所述终端的基带芯片的安全存储区;
    根据所述鉴权数据确定所述终端的身份;
    根据所述终端的身份向所述终端发送状态响应,所述状态响应被所述终端用于确定所述终端的状态,并在确定所述终端处于挂失状态的情况下,所述终端激活预设的防护策略。
  15. 如权利要求14所述的方法,其特征在于,所述方法还包括:
    接收用户的挂失请求,所述挂失请求中携带终端标识数据;
    根据所述终端标识数据确定所述挂失请求对应的终端;
    将所述挂失请求对应的终端的状态记录为挂失状态。
  16. 如权利要求14所述的方法,其特征在于,所述向所述终端发送状态响应之后还包括:
    接收所述终端发送的控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;
    在检测到存在与所述终端对应的远程控制指令的情况下,向所述终端发送所述远程控制指令;
    接收所述终端返回的执行所述远程控制指令对应的目标操作得到的执行结果。
  17. 如权利要求16所述的方法,其特征在于,所述向所述终端发送所述远程控制指令之前还包括:
    接收用户的远程控制请求,所述远程控制请求中携带所述终端的终端标识数据及与所述终端对应的远程控制指令;
    缓存所述终端标识数据及所述远程控制指令。
  18. 如权利要求14所述的方法,其特征在于,所述向所述终端发送状态响应之后还包括:
    接收所述终端发送的第二加密数据;
    对所述第二加密数据进行解密得到所述终端当前的位置信息。
  19. 一种基带芯片,其特征在于,所述基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述基带芯片包括:
    处理单元,用于从所述安全存储区获取鉴权数据;
    发送单元,用于向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定终端的身份;
    接收单元,用于接收所述安全管理服务器根据所述终端的身份发送的状态响应;
    所述处理单元还用于在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
  20. 如权利要求19所述的基带芯片,其特征在于,所述鉴权数据包括第一认证凭证数据;
    所述接收单元还用于接收所述终端的应用处理器发送的第一认证凭证数据;
    所述处理单元还用于将所述第一认证凭证数据保存至所述安全存储区。
  21. 如权利要求19所述的基带芯片,其特征在于,所述鉴权数据包括第一加密数据;
    所述处理单元还用于采用预设密钥对终端标识数据加密得到所述第一加密数据,并将所述第一加密数据保存在所述安全存储区。
  22. 如权利要求19所述的基带芯片,其特征在于,所述发送单元还用于:
    向所述安全管理服务器发送控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;
    所述接收单元还用于接收所述安全管理服务器发送的远程控制指令;
    所述处理单元具体还用于执行所述远程控制指令对应的目标操作,并向所述安全管理服务器返回执行所述目标操作得到的执行结果。
  23. 如权利要求19所述的基带芯片,其特征在于,所述处理单元具体用于:
    获取所述终端当前的位置信息;
    所述处理单元具体还用于对所述终端当前的位置信息进行加密得到第二加密数据;
    所述发送单元还用于将所述第二加密数据发送给所述安全管理服务器。
  24. 如权利要求19所述的基带芯片,其特征在于,所述处理单元具体用于:
    以示警的方式提示所述终端当前处于挂失状态。
  25. 一种终端,其特征在于,所述终端的基带芯片上设置有安全存储区,所述安全存储区用于存储保障终端安全的数据,所述终端包括:
    处理单元,用于从所述安全存储区获取鉴权数据;
    发送单元,用于向安全管理服务器发送状态查询请求,所述状态查询请求携带所述鉴权数据,所述鉴权数据被所述安全管理服务器用于确定所述终端的身份;
    接收单元,用于接收所述安全管理服务器根据所述终端的身份发送的状态响应;
    所述处理单元还用于在根据所述状态响应确定所述终端处于挂失状态的情况下,激活预设的防护策略。
  26. 如权利要求25所述的终端,其特征在于,所述鉴权数据包括第一认证凭证数据;
    所述接收单元还用于接收认证服务器发送的第一认证凭证数据,其中,所述第一认证凭证数据为所述认证服务器在对所述终端发送的所述终端的用户的身份验证信息进行验证,并验证通过的情况下发送至所述终端的;
    所述处理单元还用于将所述第一认证凭证数据保存至所述安全存储区。
  27. 如权利要求25所述的终端,其特征在于,所述鉴权数据包括第一加密数据;
    所述处理单元还用于请求所述基带芯片采用预设密钥对终端标识数据加密得到所述第一加密数据。
  28. 如权利要求25所述的终端,其特征在于,所述发送单元还用于:
    向所述安全管理服务器发送控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;
    所述接收单元还用于接收所述安全管理服务器发送的远程控制指令;
    所述处理单元具体用于执行所述远程控制指令对应的目标操作,并向所述安全管理服务器返回执行所述目标操作得到的执行结果。
  29. 如权利要求25所述的终端,其特征在于,所述处理单元具体用于:
    获取所述终端当前的位置信息;
    所述处理单元具体还用于请求所述基带芯片对所述终端当前的位置信息进行加密得到第二加密数据;
    所述发送单元还用于将所述第二加密数据发送给所述安全管理服务器。
  30. 如权利要求25所述的终端,其特征在于,所述处理单元具体用于:
    以示警的方式提示所述终端当前处于挂失状态。
  31. 如权利要求25-30任一项所述的终端,其特征在于,所述处理单元具体用于:
    通过所述基带芯片上运行的终端安全防护客户端从所述安全存储区获取鉴权数据。
  32. 一种安全管理服务器,其特征在于,包括:
    接收单元,用于接收终端发送的状态查询请求,所述状态查询请求携带鉴权数据,所述鉴权数据存储于所述终端的基带芯片的安全存储区;
    处理单元,用于根据所述鉴权数据确定所述终端的身份;
    发送单元,用于根据所述终端的身份向所述终端发送状态响应,所述状态响应被所述终端用于确定所述终端的状态,并在确定所述终端处于挂失状态的情况下,所述终端激活预设的防护策略。
  33. 如权利要求32所述的安全管理服务器,其特征在于,所述接收单元还用于:
    接收用户的挂失请求,所述挂失请求中携带终端标识数据;
    所述处理单元还用于根据所述终端标识数据确定所述挂失请求对应的终端;
    所述处理单元还用于将所述挂失请求对应的终端的状态记录为挂失状态。
  34. 如权利要求32所述的安全管理服务器,其特征在于,所述接收单元还用于:
    接收所述终端发送的控制指令查询请求,所述控制指令查询请求中携带所述鉴权数据;
    所述发送单元还用于在检测到存在与所述终端对应的远程控制指令的情况下,向所述 终端发送所述远程控制指令;
    所述接收单元还用于接收所述终端返回的执行所述远程控制指令对应的目标操作得到的执行结果。
  35. 如权利要求34所述的安全管理服务器,其特征在于,所述接收单元还用于:
    接收用户的远程控制请求,所述远程控制请求中携带所述终端的终端标识数据及与所述终端对应的远程控制指令;
    所述处理单元还用于缓存所述终端标识数据及所述远程控制指令。
  36. 如权利要求32所述的安全管理服务器,其特征在于,所述接收单元还用于:
    用于接收所述终端发送的第二加密数据;
    所述处理单元还用于对所述第二加密数据进行解密得到所述终端当前的位置信息。
PCT/CN2017/114504 2016-12-02 2017-12-04 一种保障终端安全的方法和设备 WO2018099485A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780003581.6A CN108307674B (zh) 2016-12-02 2017-12-04 一种保障终端安全的方法和设备
US16/308,287 US20190268155A1 (en) 2016-12-02 2017-12-04 Method for Ensuring Terminal Security and Device

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201611097112 2016-12-02
CN201611097112.9 2016-12-02
CNPCT/CN2017/079082 2017-03-31
CN2017079082 2017-03-31

Publications (1)

Publication Number Publication Date
WO2018099485A1 true WO2018099485A1 (zh) 2018-06-07

Family

ID=62241229

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/114504 WO2018099485A1 (zh) 2016-12-02 2017-12-04 一种保障终端安全的方法和设备

Country Status (3)

Country Link
US (1) US20190268155A1 (zh)
CN (1) CN108307674B (zh)
WO (1) WO2018099485A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112771826A (zh) * 2018-11-05 2021-05-07 深圳市欢太科技有限公司 一种应用程序登录方法、应用程序登录装置及移动终端

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3480801A1 (en) * 2017-11-02 2019-05-08 Tata Consultancy Services Limited System and method for conducting a secured computer based candidate assessment
CN110443059A (zh) * 2018-05-02 2019-11-12 中兴通讯股份有限公司 数据保护方法及装置
CN110677250B (zh) 2018-07-02 2022-09-02 阿里巴巴集团控股有限公司 密钥和证书分发方法、身份信息处理方法、设备、介质
CN110795774B (zh) 2018-08-02 2023-04-11 阿里巴巴集团控股有限公司 基于可信高速加密卡的度量方法、设备和系统
CN110795742B (zh) * 2018-08-02 2023-05-02 阿里巴巴集团控股有限公司 高速密码运算的度量处理方法、装置、存储介质及处理器
CN110874478B (zh) 2018-08-29 2023-05-02 阿里巴巴集团控股有限公司 密钥处理方法及装置、存储介质和处理器
CN110275785B (zh) * 2019-04-28 2023-01-13 创新先进技术有限公司 数据处理方法、装置、客户端和服务器
CN110519764B (zh) * 2019-09-19 2023-06-23 京东方科技集团股份有限公司 一种通信设备的安全验证方法、系统、计算机设备和介质
CN110851881B (zh) * 2019-10-31 2023-07-04 成都欧珀通信科技有限公司 终端设备的安全检测方法及装置、电子设备及存储介质
CN110933057B (zh) * 2019-11-21 2021-11-23 深圳渊联技术有限公司 物联网安全终端及其安全控制方法
CN113127189A (zh) * 2019-12-31 2021-07-16 奇安信科技集团股份有限公司 鉴定任务管理方法、系统及装置
CN113139194A (zh) * 2020-01-20 2021-07-20 华控清交信息科技(北京)有限公司 公安数据查询方法、装置、终端设备和介质
CN111666560A (zh) * 2020-05-28 2020-09-15 南开大学 一种基于可信执行环境的密码管理方法和系统
CN114185602B (zh) * 2020-09-15 2023-08-22 成都鼎桥通信技术有限公司 操作系统的启动方法、装置和终端
CN112187893B (zh) * 2020-09-16 2024-02-20 新石器慧通(北京)科技有限公司 车辆安全交互方法、装置、车辆和存储介质
CN112560116A (zh) * 2020-12-04 2021-03-26 Oppo(重庆)智能科技有限公司 一种功能控制方法、装置和存储介质
US12003623B2 (en) * 2020-12-18 2024-06-04 Dell Products, L.P. Multilayer encryption for user privacy compliance and corporate confidentiality
CN114692113B (zh) * 2020-12-31 2024-02-13 成都鼎桥通信技术有限公司 解密方法、装置、移动终端和可读存储介质
CN113691671B (zh) * 2021-07-15 2022-11-29 荣耀终端有限公司 安全信息的开放方法、系统及电子设备
CN116456023A (zh) * 2022-01-10 2023-07-18 荣耀终端有限公司 终端防盗方法及终端设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080014990A1 (en) * 2005-07-25 2008-01-17 Pixtel Media Technology (P) Ltd. Method of locating a mobile communication system for providing anti theft and data protection during successive boot-up procedure
CN103052024A (zh) * 2012-12-06 2013-04-17 广东欧珀移动通信有限公司 一种手机防盗方法、客户端及服务器
CN103152425A (zh) * 2013-03-15 2013-06-12 苏州九光信息科技有限公司 基于云技术的移动设备的安全管理系统
CN104125223A (zh) * 2014-07-22 2014-10-29 浪潮电子信息产业股份有限公司 一种移动设备隐私数据的安全防护系统
CN104144418A (zh) * 2013-05-10 2014-11-12 中国移动通信集团公司 基带芯片、移动终端及用于移动终端实现鉴权的方法

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100384943B1 (ko) * 1999-12-30 2003-06-18 엘지전자 주식회사 인증 실패/권한 부정 가입자에 대한 지능망적 처리방법
CN101252703B (zh) * 2008-03-28 2012-05-30 宇龙计算机通信科技(深圳)有限公司 一种终端资料的保护方法、系统以及移动通信终端
CN105657147B (zh) * 2015-05-29 2019-10-11 宇龙计算机通信科技(深圳)有限公司 一种移动终端防盗方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080014990A1 (en) * 2005-07-25 2008-01-17 Pixtel Media Technology (P) Ltd. Method of locating a mobile communication system for providing anti theft and data protection during successive boot-up procedure
CN103052024A (zh) * 2012-12-06 2013-04-17 广东欧珀移动通信有限公司 一种手机防盗方法、客户端及服务器
CN103152425A (zh) * 2013-03-15 2013-06-12 苏州九光信息科技有限公司 基于云技术的移动设备的安全管理系统
CN104144418A (zh) * 2013-05-10 2014-11-12 中国移动通信集团公司 基带芯片、移动终端及用于移动终端实现鉴权的方法
CN104125223A (zh) * 2014-07-22 2014-10-29 浪潮电子信息产业股份有限公司 一种移动设备隐私数据的安全防护系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112771826A (zh) * 2018-11-05 2021-05-07 深圳市欢太科技有限公司 一种应用程序登录方法、应用程序登录装置及移动终端
CN112771826B (zh) * 2018-11-05 2023-01-10 深圳市欢太科技有限公司 一种应用程序登录方法、应用程序登录装置及移动终端

Also Published As

Publication number Publication date
CN108307674A (zh) 2018-07-20
CN108307674B (zh) 2020-06-16
US20190268155A1 (en) 2019-08-29

Similar Documents

Publication Publication Date Title
WO2018099485A1 (zh) 一种保障终端安全的方法和设备
US11704134B2 (en) Device locator disable authentication
US11736292B2 (en) Access token management method, terminal, and server
US11233630B2 (en) Module with embedded wireless user authentication
US10362483B2 (en) System, methods and devices for secure data storage with wireless authentication
US10783232B2 (en) Management system for self-encrypting managed devices with embedded wireless user authentication
US9032493B2 (en) Connecting mobile devices, internet-connected vehicles, and cloud services
KR101714873B1 (ko) 컨텍스트 기반 데이터 액세스 제어
US20180239897A1 (en) Performance of distributed system functions using a trusted execution environment
US20140282992A1 (en) Systems and methods for securing the boot process of a device using credentials stored on an authentication token
US10440111B2 (en) Application execution program, application execution method, and information processing terminal device that executes application
US20140373184A1 (en) Mobile device persistent security mechanism
US20180083939A1 (en) Geolocation dependent variable authentication
WO2016045189A1 (zh) 一种双系统终端的数据读写方法及双系统终端
EP4242902A2 (en) Self-encrypting module with embedded wireless user authentication
AU2018291864A1 (en) Method to recover data from a locked device for upload to a service
US20140047536A1 (en) Electronic device and method for performing user authentication using access point and peripheral device
CN115834051A (zh) 基于did凭证数据的安全保存方法和装置、授权方法和装置、电子设备及存储介质
WO2011091538A1 (en) Method, device and system for remote access of a mobile device
CN116305231A (zh) 基于did凭证数据流转的授权管理方法和装置、电子设备及存储介质
CN115883148A (zh) 基于did凭证数据存储区的多元化注册方法和装置、电子设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17876206

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17876206

Country of ref document: EP

Kind code of ref document: A1