WO2018233718A1 - Application program security management method and apparatus, and storage medium - Google Patents

Application program security management method and apparatus, and storage medium Download PDF

Info

Publication number
WO2018233718A1
WO2018233718A1 PCT/CN2018/092689 CN2018092689W WO2018233718A1 WO 2018233718 A1 WO2018233718 A1 WO 2018233718A1 CN 2018092689 W CN2018092689 W CN 2018092689W WO 2018233718 A1 WO2018233718 A1 WO 2018233718A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
icon
control
password
location
Prior art date
Application number
PCT/CN2018/092689
Other languages
French (fr)
Chinese (zh)
Inventor
姚均营
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018233718A1 publication Critical patent/WO2018233718A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/725Cordless telephones

Definitions

  • the present disclosure relates to the field of application security management technologies, and in particular, to an application security management method, apparatus, and storage medium.
  • an application security management method including: when an operation of inputting a password is performed on a current interface, determining whether a location of an icon of an application corresponding to the operation is consistent with a preset location; If the location of the icon is consistent with the preset location, the password input by the user is processed according to a preset algorithm and sent to the application for authentication; if the location of the icon is inconsistent with the preset location, the user inputs the password.
  • the password is processed according to a random algorithm and sent to the application for authentication.
  • an application security management apparatus comprising: a determination module configured to determine whether a location of an icon of an application corresponding to the operation is performed when an operation of inputting a password is performed on a current interface
  • the processing module is configured to: when the judgment result of the determining module is that the position of the icon is consistent with the preset position, the password input by the user is processed according to a preset algorithm, where the determining module is When the judgment result is that the position of the icon is inconsistent with the preset position, the password input by the user is processed according to a random algorithm; and the sending module is configured to send the password processed by the processing module to the application for authentication.
  • a storage medium having stored thereon one or more programs, the one or more programs being executed by one or more processors, the one or a virus attack processor executing An application security management method according to the present disclosure.
  • FIG. 1 is a flow chart of an application security management method in accordance with an embodiment of the present disclosure
  • FIG. 2 is a schematic diagram of setting a location of a smart terminal desktop icon according to an embodiment of the present disclosure
  • FIG. 3 is a flow chart of a method of setting a security option in accordance with an embodiment of the present disclosure
  • FIG. 4 is a flowchart of a method of password authentication of an application in accordance with an embodiment of the present disclosure
  • FIG. 5 is a schematic diagram of a framework of a smart terminal security input system according to an embodiment of the present disclosure
  • FIG. 6 is a block diagram of a secure input system in accordance with an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of an application security management apparatus according to an embodiment of the present disclosure.
  • FIG. 1 is a flow chart of an application security management method in accordance with an embodiment of the present disclosure.
  • an application security management method is applied to a smart terminal, and includes steps S101 to S103.
  • step S101 when the operation of inputting the password is performed on the current interface, it is determined whether the position of the icon of the application corresponding to the operation is consistent with the preset position, and if so, step S102 is performed; otherwise, step S103 is performed.
  • step S102 the password input by the user is processed according to a preset algorithm and sent to the application for authentication.
  • step S103 the password input by the user is processed according to a random algorithm and then sent to the application for authentication.
  • the step S102 may include: mapping and converting the password input by the user according to a preset password mapping algorithm, and sending the converted password to the application for authentication.
  • step S103 may include: randomly converting the password input by the user according to a random password mapping algorithm, and sending the converted password to the application for authentication.
  • the method may further include: pre-setting and storing the security option of the application according to the operation of the user.
  • the security options may include location information of the icon, annotation information of the control for secure management of the application, and a preset password mapping algorithm generated according to the correspondence between the temporary password and the real password input by the user.
  • the method further includes: monitoring whether the current interface has a control for obtaining an input focus; if a control for obtaining an input focus occurs, determining whether the control is an labeled control according to a control property of the control; The control is an annotated control, and it is determined that the current interface performs an operation of inputting a password.
  • a method of setting location information of an icon includes: setting location information of a relative position of the icon, the relative location including a direction of the icon relative to an icon of the reference application (ie, referring to the application), and an icon in the direction The distance from the icon of the reference app.
  • the user can first select a reference application, set the direction of the icon of the current application (hereinafter also referred to as "application”) with respect to the icon of the reference application, and set the distance between the icons of the two applications in the opposite direction.
  • application the direction of the icon of the current application
  • FIG. 2 is a schematic diagram of setting a smart terminal desktop icon location according to an embodiment of the present disclosure.
  • the application that needs to be encrypted is the application A.
  • the application A When setting the location information of the location of the icon, first select a reference application B, and set the direction of the icon of the application A relative to the icon of the application B.
  • the set direction can be up, down, left, right, top left, bottom left, top right, bottom right.
  • the relative distance between the icon of the application A and the icon of the application B is set.
  • the relative distance can be 1, 2, 3, 4, and the like.
  • the relative position information of the icon of the application A may be set such that the icon of the application A is located on the right side of the icon of the application B, or the icon of the application A is located first of the icon of the application B.
  • the method of annotating a control for secure management of an application includes: recording control information of the control.
  • the control information may include at least one of a package name, a class name, an absolute coordinate position of the control, and a relative position of the control.
  • the password input control for security management in the application is marked, for example, the password input box control of the password input page in the application is marked.
  • the method of labeling the password input control is to record the control information of the control, including the package name, the class name, the absolute coordinate position of the control, the relative position of the control, and the like, so as to achieve the purpose of uniquely determining the control.
  • the method further includes randomly adjusting the location of the icon of the application.
  • Settings can be made such that when the user passes the authentication and exits the application normally, the location of the icon of the application can be randomly adjusted. You can adjust the location of the app's icon by modifying the desktop icon database file.
  • a policy that randomly adjusts the location of an application's icon can be customized by the user.
  • the position of the icon of the application can be referred to as the center of the circle, so as to conveniently adjust the position of the icon in a circular area with a radius of one-hand operation. . This way, the user can easily restore the position of the icon to the preset position with one hand.
  • the user in order to pass the authentication after inputting the password, the user needs to restore the icon of the application to the preset location before starting the application.
  • the user can preset the location of the icon of each application and the temporary password in advance.
  • important applications such as social, banking, and payment in public
  • the temporary password will not be able to complete the payment or login authentication on other devices.
  • the mobile terminal is lost and the temporary password is leaked, since the location of the icon of the application is randomly disturbed, the other person cannot know the preset position of the icon of each application, and thus the password authentication operation cannot be completed by the temporary password.
  • the password authentication is associated with the location of the icon of the application, and only when the location and password of the icon of the application are correct, the authentication can be passed, and the temporary password mapping is performed.
  • a true password that reduces the security risks associated with password leakage and/or loss of smart terminals.
  • FIG. 3 is a flow chart of a method of setting a security option in accordance with an embodiment of the present disclosure.
  • the method of setting the security option may include the following steps S201 to S205.
  • step S201 when the user inputs the system administrator password, the preset function interface is entered.
  • step S202 an application that needs to perform security management is determined according to the user's selection, and location information on the desktop of the icon of the application is preset according to the user's operation.
  • step S203 the password input control in the application is marked, and the control is located through the control information of the interface layout control.
  • step S204 a crypto map algorithm is generated based on the temporary password and the real password input by the user.
  • the temporary password can be used as the password that is entered when the application password is authenticated, and the real password is the password that is actually submitted when the application password is authenticated.
  • the user enters a temporary password and a real password corresponding to the labeled control.
  • a password mapping algorithm between the temporary password and the real password is generated according to the temporary password and the real password, and the preset password mapping algorithm is saved. According to the algorithm, the temporary password can be mapped to generate a real password.
  • step S205 the preset position information of the icon of the application, the control labeling information, and the password mapping algorithm are saved for use in subsequent password authentication.
  • FIG. 4 is a flow chart of a method of password authentication of an application in accordance with an embodiment of the present disclosure.
  • the method for the application to perform password authentication may include the following steps S401 to S412.
  • step S401 the control that currently obtains the input focus is monitored to obtain control information.
  • the desktop activity window can be monitored through system services. For example, in the Android system, it is monitored by the Window Manager Service.
  • step S402 it is determined according to the control information obtained in step S401 and the control information in the security option whether the control that has obtained the input focus is the already marked control, and if so, step S403 is performed; otherwise, step S402 is continued.
  • the current focus control is an annotated password input control by information such as a package name, a class name, an absolute coordinate position of the control, and a relative position of the control that have obtained the input focus.
  • step S403 location information of an icon of an application to which the current focus control belongs is acquired.
  • the current location completion information acquisition of the icon of the application can be obtained by reading the database of the icon of the desktop application.
  • the current location of the application's icon can be obtained through the Launcher Provider.
  • step S404 it is determined whether the current location of the icon of the application is consistent with the preset location information. If yes, step S405 is performed; otherwise, step S409 is performed.
  • the determination may be made by the position information of the preset relative position, that is, by comparing the relative direction and the relative distance of the icon of the current icon and the reference application with the position information of the preset relative position.
  • step S405 when the user activates the input keyboard on the password input control, the temporary password input by the user is acquired.
  • the temporary password of the user input generated by the input method process can be obtained through the Input Method Manager Service.
  • step S406 a real password is generated from the temporary password by a preset password mapping algorithm.
  • step S407 the obtained real password is passed to the application, and the real password is input on the control.
  • step S408 the application successfully completes the password authentication by the real password.
  • step S409 when the user activates the input keyboard on the password input control, the temporary password input by the user is acquired.
  • step S410 the temporary password input by the user is mapped to a random character by using a random cipher mapping algorithm.
  • step S411 a random password is passed to the application, and a random password is entered on the control.
  • step S412 the application cannot complete the password authentication operation by using a random password, and the authentication fails.
  • step S409 even if the correct temporary password is input, since the random password mapping algorithm is used at this time, the real password cannot be mapped, so the authentication still fails.
  • FIG. 6 is a block diagram of a secure input system in accordance with an embodiment of the present disclosure.
  • the input system of the intelligent terminal includes three parts: a target program, a system process, and an input method process.
  • the target program for example, social application, mobile banking application
  • the system process receives the application, it binds the input box and displays the interface of the input method.
  • an Input Method Manager for example, social application, mobile banking application
  • an Input Method Manager Service for collaborative interaction.
  • the system process receives the temporary password generated by the input method process and maps the characters to the processed characters through the corresponding algorithm. Then, the system process passes the processed characters to the target program, thereby completing the mapping operation of the password.
  • a custom input processing thread is added to the input system to complete the mapping of the password.
  • the user performs an input operation through a touch screen, physical buttons, and the like.
  • Drivers such as touch screen drivers, buttons, and the like of the system kernel layer convert physical signals into input events according to event rules defined by the multi-touch protocol, and write them to the device input node file.
  • the input device node file is in the /dev/input/ directory.
  • the system framework layer input scheduling thread is then responsible for reading the input events in the device input node file and passing them to the upper application to generate the characters. For example, when a user invokes an input method process to enter a character, the input dispatch thread passes the user's input event to the input method process, and the input method process generates a character based on the incoming input event.
  • the system framework layer in addition to completing the conventional input event reading, the system framework layer also customizes the input processing thread, and maps the password generated by the input method to the processed state through the current location of the applied icon and the password mapping algorithm. Password. Finally, the input processing thread passes the processed password to the target program, thereby completing the password input.
  • FIG. 7 is a schematic structural diagram of an application security management apparatus according to an embodiment of the present disclosure.
  • the application security management apparatus may include a determination module 701, a processing module 702, and a transmission module 703.
  • the determining module 701 is configured to determine whether the position of the icon of the application corresponding to the operation is consistent with the preset position when the operation of inputting the password is performed on the current interface.
  • the processing module 702 is configured to process the password input by the user according to a preset algorithm when the determination result of the determining module 701 is that the position of the icon of the application is consistent with the preset location, and the determination result of the determining module 701 is the application.
  • the password input by the user is processed according to a random algorithm.
  • the sending module 703 is configured to send the processed password to the application for authentication.
  • the application security management apparatus may further include: a setting module configured to preset and store a security option of the application according to an operation of the user, the security option including an icon of the application The location information, the annotation information of the control for securely managing the application, and the preset password mapping algorithm generated according to the correspondence between the temporary password and the real password input by the user.
  • the setting module may include: a location setting sub-module configured to set location information of a relative position of the icon of the application, the relative location including an icon of the icon of the application relative to a reference application And a distance between the icon of the application and the icon of the reference application in the direction; and a control labeling sub-module configured to record control information of the control, the control information including a package name, a class At least one of the name, the absolute coordinate position of the control, and the relative position of the control.
  • the application security management apparatus may further include: a monitoring module configured to monitor whether a current interface has a control for obtaining an input focus, and when a control that obtains an input focus appears, according to a control attribute of the control Determining whether the control is an labeled control, and when the control is an labeled control, determining that the current interface performs an operation of inputting a password.
  • a monitoring module configured to monitor whether a current interface has a control for obtaining an input focus, and when a control that obtains an input focus appears, according to a control attribute of the control Determining whether the control is an labeled control, and when the control is an labeled control, determining that the current interface performs an operation of inputting a password.
  • the monitoring module can also monitor whether the authentication of the application is successful and whether the application exits normally.
  • the application security management apparatus may further include: an icon adjustment module configured to randomly adjust a location of the icon of the application after the user exits the application.
  • the icon adjustment module can randomly adjust the position of the application's icon to automatically jump to the location of the application's icon. You can adjust the location of the app's icon by modifying the desktop icon database file.
  • the application security management apparatus associates the password authentication with the location of the icon of the application, and only passes the authentication and the temporary password mapping when the location and password of the icon of the application are correct.
  • a true password that reduces the security risks associated with password leakage and/or loss of smart terminals.
  • the present disclosure also provides a storage medium having stored thereon one or more programs, the one or more programs being executed by one or more processors, the one or the virus attack processor executing according to the present disclosure Application security management method.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The present disclosure provides an application program security management method and apparatus, and a storage medium. The application program security management method comprises: when an operation of entering a password is performed in a current interface, determining the location of an icon of an application program corresponding to the operation is consistent with a preset location; if consistent, processing, according to a preset algorithm, a password entered by a user, and then sending the password to the application program for authentication; and if inconsistent, processing, according to a random algorithm, the password entered by the user, and then sending the password to the application program for authentication.

Description

应用程序安全管理方法、装置及存储介质Application security management method, device and storage medium 技术领域Technical field
本公开涉及应用程序安全管理技术领域,具体地,涉及一种应用程序安全管理方法、装置及存储介质。The present disclosure relates to the field of application security management technologies, and in particular, to an application security management method, apparatus, and storage medium.
背景技术Background technique
随着智能手机的快速普及,移动支付等业务在手机终端的服务获得了快速增长,客户信息失窃和资金损失成为普通用户的重大安全威胁。用户通常需要在餐厅、车站、商场等公共场合输入支付密码,从而存在密码泄露的风险。此外,用户同样面临智能手机丢失后移动支付应用程序中各类信息泄露的风险。因此,依靠单一的密码鉴权方式已经无法满足用户的安全需求。With the rapid popularization of smart phones, services such as mobile payment have experienced rapid growth in mobile terminal services, and theft of customers and the loss of funds have become major security threats for ordinary users. Users usually need to enter a payment password in public places such as restaurants, stations, shopping malls, etc., and there is a risk of password leakage. In addition, users are also at risk of leaking all kinds of information in mobile payment applications after the loss of smartphones. Therefore, relying on a single password authentication method can no longer meet the security needs of users.
如何提供一种安全、便捷的应用程序安全管理方法成为智能终端急需解决的问题。How to provide a safe and convenient application security management method has become an urgent problem for intelligent terminals.
发明内容Summary of the invention
根据本公开的一个方面,提供一种应用程序安全管理方法,包括:在当前界面执行了输入密码的操作时,判断与所述操作对应的应用程序的图标的位置是否与预设位置一致;若所述图标的位置与预设位置一致,则将用户输入的密码按照预设算法处理后发送给所述应用程序进行鉴权;若所述图标的位置与预设位置不一致,则将用户输入的密码按照随机算法处理后发送给所述应用程序进行鉴权。According to an aspect of the present disclosure, an application security management method is provided, including: when an operation of inputting a password is performed on a current interface, determining whether a location of an icon of an application corresponding to the operation is consistent with a preset location; If the location of the icon is consistent with the preset location, the password input by the user is processed according to a preset algorithm and sent to the application for authentication; if the location of the icon is inconsistent with the preset location, the user inputs the password. The password is processed according to a random algorithm and sent to the application for authentication.
根据本公开的另一个方面,提供一种应用程序安全管理装置,包括:判断模块,其构造为在当前界面执行了输入密码的操作时,判断与所述操作对应的应用程序的图标的位置是否与预设位置一致;处理模块,其构造为在所述判断模块的判断结果为所述图标的位置与预设位置一致时,将用户输入的密码按照预设算法处理,在所述判断模块的判断结果为所述图标的位置与预设位置不一致时,将用户输入的密码按照随机算法处理;以及发送模块,其构造为将所述处理模块处 理后的密码发送给所述应用程序进行鉴权。According to another aspect of the present disclosure, there is provided an application security management apparatus, comprising: a determination module configured to determine whether a location of an icon of an application corresponding to the operation is performed when an operation of inputting a password is performed on a current interface The processing module is configured to: when the judgment result of the determining module is that the position of the icon is consistent with the preset position, the password input by the user is processed according to a preset algorithm, where the determining module is When the judgment result is that the position of the icon is inconsistent with the preset position, the password input by the user is processed according to a random algorithm; and the sending module is configured to send the password processed by the processing module to the application for authentication. .
根据本公开的另一个方面,提供一种存储介质,其上存储有一个或者多个程序,所述一个或者多个程序被一个或者多个处理器执行时,所述一个或毒攻处理器执行根据本公开的应用程序安全管理方法。According to another aspect of the present disclosure, there is provided a storage medium having stored thereon one or more programs, the one or more programs being executed by one or more processors, the one or a virus attack processor executing An application security management method according to the present disclosure.
附图说明DRAWINGS
此处所说明的附图用来提供对本公开的进一步理解,构成本申请的一部分,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的不当限定。在附图中:The drawings described herein are provided to provide a further understanding of the present disclosure, and are intended to be a part of the present disclosure. In the drawing:
图1为根据本公开实施例的应用程序安全管理方法的流程图;1 is a flow chart of an application security management method in accordance with an embodiment of the present disclosure;
图2为根据本公开实施例的对智能终端桌面图标位置进行设置的示意图;2 is a schematic diagram of setting a location of a smart terminal desktop icon according to an embodiment of the present disclosure;
图3为根据本公开实施例的对安全选项进行设置的方法的流程图;3 is a flow chart of a method of setting a security option in accordance with an embodiment of the present disclosure;
图4为根据本公开实施例的对应用程序进行密码鉴权的方法的流程图;4 is a flowchart of a method of password authentication of an application in accordance with an embodiment of the present disclosure;
图5为根据本公开实施例的智能终端安全输入系统的框架示意图;FIG. 5 is a schematic diagram of a framework of a smart terminal security input system according to an embodiment of the present disclosure; FIG.
图6为根据本公开实施例的安全输入系统的框图;以及6 is a block diagram of a secure input system in accordance with an embodiment of the present disclosure;
图7为根据本公开实施例的应用程序安全管理装置的结构示意图。FIG. 7 is a schematic structural diagram of an application security management apparatus according to an embodiment of the present disclosure.
本公开目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present disclosure will be further described with reference to the accompanying drawings.
具体实施方式Detailed ways
为了使本公开所要解决的技术问题、技术方案及有益效果更加清楚、明白,以下结合附图和实施例,对本公开进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本公开,并不用于限定本公开。The present disclosure will be further described in detail below in conjunction with the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the disclosure and are not intended to limit the disclosure.
图1为根据本公开实施例的应用程序安全管理方法的流程图。1 is a flow chart of an application security management method in accordance with an embodiment of the present disclosure.
如图1所示,根据公开实施例的应用程序安全管理方法适用于智能终端,并且包括步骤S101至S103。As shown in FIG. 1, an application security management method according to the disclosed embodiment is applied to a smart terminal, and includes steps S101 to S103.
在步骤S101,在当前界面执行了输入密码的操作时,判断与所述操作对应的应用程序的图标的位置是否与预设位置一致,若是,执行步骤S102;否则,执行步骤S103。In step S101, when the operation of inputting the password is performed on the current interface, it is determined whether the position of the icon of the application corresponding to the operation is consistent with the preset position, and if so, step S102 is performed; otherwise, step S103 is performed.
在步骤S102,将用户输入的密码按照预设算法处理后发送给所述应用程序进行鉴权。In step S102, the password input by the user is processed according to a preset algorithm and sent to the application for authentication.
在步骤S103,将用户输入的密码按照随机算法处理后发送给所述应用程序进行鉴权。In step S103, the password input by the user is processed according to a random algorithm and then sent to the application for authentication.
在一个实施例中,步骤S102可以包括:将用户输入的密码按照预设密码映射算法进行映射转换,并将转换后得到的密码发送给该应用程序进行鉴权。In an embodiment, the step S102 may include: mapping and converting the password input by the user according to a preset password mapping algorithm, and sending the converted password to the application for authentication.
在一个实施例中,步骤S103可以包括:将用户输入的密码按照随机密码映射算法进行随机转换,并将转换后得到的密码发送给该应用程序进行鉴权。In an embodiment, step S103 may include: randomly converting the password input by the user according to a random password mapping algorithm, and sending the converted password to the application for authentication.
在一个实施例中,在步骤S101之前,该方法还可以包括:根据用户的操作预先设置并存储该应用程序的安全选项。安全选项可以包括图标的位置信息、对该应用程序进行安全管理的控件的标注信息以及根据用户输入的临时密码和真实密码的对应关系生成的预设密码映射算法。In an embodiment, before the step S101, the method may further include: pre-setting and storing the security option of the application according to the operation of the user. The security options may include location information of the icon, annotation information of the control for secure management of the application, and a preset password mapping algorithm generated according to the correspondence between the temporary password and the real password input by the user.
在一个实施例中,该方法还包括:监测当前界面是否出现获得输入焦点的控件;若出现了获得输入焦点的控件,则根据所述控件的控件属性判断所述控件是否为已标注控件;若所述控件是已标注控件,则判断当前界面执行了输入密码的操作。In an embodiment, the method further includes: monitoring whether the current interface has a control for obtaining an input focus; if a control for obtaining an input focus occurs, determining whether the control is an labeled control according to a control property of the control; The control is an annotated control, and it is determined that the current interface performs an operation of inputting a password.
在一个实施例中,设置图标的位置信息的方法包括:设置图标的相对位置的位置信息,该相对位置包括图标相对于参考应用(即,参考应用程序)的图标的方向以及在该方向上图标与参考应用的图标的距离。In one embodiment, a method of setting location information of an icon includes: setting location information of a relative position of the icon, the relative location including a direction of the icon relative to an icon of the reference application (ie, referring to the application), and an icon in the direction The distance from the icon of the reference app.
用户可以先选择一个参考应用,设置当前应用程序(下文中也称作“应用”)的图标相对于参考应用的图标的方向,并且设置在相 对方向上的两个应用的图标之间的距离。The user can first select a reference application, set the direction of the icon of the current application (hereinafter also referred to as "application") with respect to the icon of the reference application, and set the distance between the icons of the two applications in the opposite direction.
图2为根据本公开实施例的对智能终端桌面图标位置进行设置的示意图。2 is a schematic diagram of setting a smart terminal desktop icon location according to an embodiment of the present disclosure.
如图2所示,当前需要加密的应用为应用A,在设置图标的位置的位置信息时,先选择一个参考应用B,并且设置应用A的图标相对于应用B的图标的方向。设置的方向可以为上、下、左、右、左上、左下、右上、右下。最后设置应用A的图标和应用B的图标的相对距离。相对距离可以为1、2、3、4等。这样可以完成应用A的图标的相对位置的位置信息的设置。比如,应用A的图标的相对位置信息可以设置为应用A的图标位于应用B的图标的右侧第一个,或者应用A的图标位于应用B的图标的上方第一个。As shown in FIG. 2, the application that needs to be encrypted is the application A. When setting the location information of the location of the icon, first select a reference application B, and set the direction of the icon of the application A relative to the icon of the application B. The set direction can be up, down, left, right, top left, bottom left, top right, bottom right. Finally, the relative distance between the icon of the application A and the icon of the application B is set. The relative distance can be 1, 2, 3, 4, and the like. This completes the setting of the positional information of the relative position of the icon of the application A. For example, the relative position information of the icon of the application A may be set such that the icon of the application A is located on the right side of the icon of the application B, or the icon of the application A is located first of the icon of the application B.
在一个实施例中,对应用程序进行安全管理的控件进行标注的方法包括:记录该控件的控件信息。控件信息可以包括包名、类名、控件绝对坐标位置以及控件相对位置中的至少一个。In one embodiment, the method of annotating a control for secure management of an application includes: recording control information of the control. The control information may include at least one of a package name, a class name, an absolute coordinate position of the control, and a relative position of the control.
在完成应用的图标位置设置后,对应用中进行安全管理的密码输入控件进行标注,比如,对应用中密码输入页面的密码输入框控件进行标注。After completing the application's icon location setting, the password input control for security management in the application is marked, for example, the password input box control of the password input page in the application is marked.
根据本公开实施例,对密码输入控件进行标注方法是记录该控件的控件信息,包括包名、类名、控件绝对坐标位置、控件相对位置等,以达到可以对控件进行唯一确定的目的。According to an embodiment of the present disclosure, the method of labeling the password input control is to record the control information of the control, including the package name, the class name, the absolute coordinate position of the control, the relative position of the control, and the like, so as to achieve the purpose of uniquely determining the control.
在一个实施例中,当用户退出应用程序后,该方法还包括:随机调整该应用程序的图标的位置。In one embodiment, after the user exits the application, the method further includes randomly adjusting the location of the icon of the application.
可以进行设置,使得当用户鉴权通过并正常退出应用程序时,可以随机调整应用程序的图标的位置。可以通过修改桌面图标数据库文件来调整应用程序的图标的位置。Settings can be made such that when the user passes the authentication and exits the application normally, the location of the icon of the application can be randomly adjusted. You can adjust the location of the app's icon by modifying the desktop icon database file.
随机调整应用的图标的位置的策略可以由用户自定义。为了方便用户单手操作快速还原图标位置到预设位置,随机调整图标的位置时可以参考应用的图标的位置为圆心,以方便单手操作的距离为半径的圆形区域内随机调整图标的位置。这样的方式可以方便用户单手操作快速还原图标的位置到预设位置。A policy that randomly adjusts the location of an application's icon can be customized by the user. In order to facilitate the user to quickly restore the icon position to the preset position with one hand, when the position of the icon is randomly adjusted, the position of the icon of the application can be referred to as the center of the circle, so as to conveniently adjust the position of the icon in a circular area with a radius of one-hand operation. . This way, the user can easily restore the position of the icon to the preset position with one hand.
根据本公开实施例,为了在输入密码后通过鉴权,用户需要在启动应用程序前,将应用的图标还原到预设位置。According to an embodiment of the present disclosure, in order to pass the authentication after inputting the password, the user needs to restore the icon of the application to the preset location before starting the application.
由于每次退出包括了被标注的控件的应用程序时,桌面上应用程序的图标的位置都会被随机打乱,因此在不知道应用的图标的预设位置的情况下,即使输入了临时密码也无法映射生成真正的密码通过鉴权。Since the location of the icon of the application on the desktop is randomly shuffled each time the application including the labeled control is exited, even if the temporary password is entered without knowing the preset position of the icon of the application Unable to map to generate real passwords through authentication.
根据本公开实施例,用户可以对各个应用的图标的位置和临时密码进行提前预设。在公共场合使用社交、银行、支付类等重要应用时,即使密码被泄露,他人得到的也只是临时密码,而通过临时密码在其他设备上无法完成支付或登陆鉴权。另外一方面,当移动终端丢失且临时密码被泄露时,由于应用的图标的位置被随机打乱,他人无法知晓各应用的图标的预设位置,因而通过临时密码也无法完成密码鉴权操作。According to an embodiment of the present disclosure, the user can preset the location of the icon of each application and the temporary password in advance. When using important applications such as social, banking, and payment in public, even if the password is leaked, others will only get the temporary password, and the temporary password will not be able to complete the payment or login authentication on other devices. On the other hand, when the mobile terminal is lost and the temporary password is leaked, since the location of the icon of the application is randomly disturbed, the other person cannot know the preset position of the icon of each application, and thus the password authentication operation cannot be completed by the temporary password.
根据本公开实施例的应用程序安全管理方法,把密码鉴权和应用程序的图标的位置进行关联,只有在应用程序的图标的位置和密码都正确时,才能通过鉴权,并且通过临时密码映射真正的密码,能够降低密码泄露和/或智能终端丢失等情况带来的安全风险。According to the application security management method of the embodiment of the present disclosure, the password authentication is associated with the location of the icon of the application, and only when the location and password of the icon of the application are correct, the authentication can be passed, and the temporary password mapping is performed. A true password that reduces the security risks associated with password leakage and/or loss of smart terminals.
图3为根据本公开实施例的对安全选项进行设置的方法的流程图。3 is a flow chart of a method of setting a security option in accordance with an embodiment of the present disclosure.
请参阅图3,对安全选项进行设置的方法可以包括如下步骤S201至S205。Referring to FIG. 3, the method of setting the security option may include the following steps S201 to S205.
在步骤S201,当用户输入系统管理员密码时进入预设功能界面。In step S201, when the user inputs the system administrator password, the preset function interface is entered.
在步骤S202,根据用户的选择确定需要进行安全管理的应用程序,并根据用户的操作预设该应用程序的图标的在桌面上的位置信息。In step S202, an application that needs to perform security management is determined according to the user's selection, and location information on the desktop of the icon of the application is preset according to the user's operation.
在步骤S203,对应用程序中的密码输入控件进行标注,并通过界面布局控件的控件信息定位到控件。In step S203, the password input control in the application is marked, and the control is located through the control information of the interface layout control.
在步骤S204,根据用户输入的临时密码和真实密码生成密码映射算法。临时密码可用作在应用程序密码鉴权时输入的密码,真实密码为应用程序密码鉴权时真正提交的密码。In step S204, a crypto map algorithm is generated based on the temporary password and the real password input by the user. The temporary password can be used as the password that is entered when the application password is authenticated, and the real password is the password that is actually submitted when the application password is authenticated.
用户输入与所标注控件对应的临时密码和真实密码。根据临时 密码和真实密码生成临时密码和真实密码之间的密码映射算法,并保存该预设的密码映射算法。根据该算法,临时密码可以映射生成真实密码。The user enters a temporary password and a real password corresponding to the labeled control. A password mapping algorithm between the temporary password and the real password is generated according to the temporary password and the real password, and the preset password mapping algorithm is saved. According to the algorithm, the temporary password can be mapped to generate a real password.
在步骤S205、将应用程序的图标的预设位置信息、控件标注信息、密码映射算法进行保存,供后续密码鉴权时使用。In step S205, the preset position information of the icon of the application, the control labeling information, and the password mapping algorithm are saved for use in subsequent password authentication.
图4为根据本公开实施例的对应用程序进行密码鉴权的方法的流程图。4 is a flow chart of a method of password authentication of an application in accordance with an embodiment of the present disclosure.
请参阅图4,应用程序进行密码鉴权的方法可以包括如下步骤S401至S412。Referring to FIG. 4, the method for the application to perform password authentication may include the following steps S401 to S412.
在步骤S401,监控当前获取输入焦点的控件,得到控件信息。In step S401, the control that currently obtains the input focus is monitored to obtain control information.
可以通过系统服务监控桌面活动窗口。比如在Android系统中,通过窗口管理器服务(Window Manager Service)进行监控。The desktop activity window can be monitored through system services. For example, in the Android system, it is monitored by the Window Manager Service.
在步骤S402,根据步骤S401得到的控件信息和安全选项中的控件信息判断获取了输入焦点的控件是否是已经标注的控件,若是,则执行步骤S403;否则,继续执行步骤S402。In step S402, it is determined according to the control information obtained in step S401 and the control information in the security option whether the control that has obtained the input focus is the already marked control, and if so, step S403 is performed; otherwise, step S402 is continued.
可以通过当前获取了输入焦点的控件的包名、类名、控件绝对坐标位置、控件相对位置等信息来判断当前聚焦控件是否为已标注的密码输入控件。It is possible to determine whether the current focus control is an annotated password input control by information such as a package name, a class name, an absolute coordinate position of the control, and a relative position of the control that have obtained the input focus.
在步骤S403,获取当前焦点控件所属应用程序的图标的位置信息。In step S403, location information of an icon of an application to which the current focus control belongs is acquired.
可以通过读取桌面应用的图标的数据库来获取应用的图标的当前位置完成信息获取。比如在Android系统中,可以通过启动器提供程序(Launcher Provider)来获取应用的图标的当前位置。The current location completion information acquisition of the icon of the application can be obtained by reading the database of the icon of the desktop application. For example, in the Android system, the current location of the application's icon can be obtained through the Launcher Provider.
在步骤S404,判断应用程序的图标的当前位置是否和预设的位置信息一致,若一致,则执行步骤S405;否则,执行步骤S409。In step S404, it is determined whether the current location of the icon of the application is consistent with the preset location information. If yes, step S405 is performed; otherwise, step S409 is performed.
检查应用程序的图标的当前位置是否为预设的图标的位置。可以通过预设的相对位置的位置信息来进行判断,即,通过对当前图标和参考应用的图标的相对方向和相对距离与预设的相对位置的位置信息进行比较来判断。Check if the current location of the app's icon is the location of the preset icon. The determination may be made by the position information of the preset relative position, that is, by comparing the relative direction and the relative distance of the icon of the current icon and the reference application with the position information of the preset relative position.
在步骤S405,当用户在密码输入控件上激活输入键盘时,获取 用户输入的临时密码。In step S405, when the user activates the input keyboard on the password input control, the temporary password input by the user is acquired.
可以通过输入法管理器服务(Input Method Manager Service)获取输入法进程生成的用户输入的临时密码。The temporary password of the user input generated by the input method process can be obtained through the Input Method Manager Service.
在步骤S406,通过预设的密码映射算法,由临时密码生成得到真实的密码。In step S406, a real password is generated from the temporary password by a preset password mapping algorithm.
在步骤S407,将得到的真实密码传递给应用程序,在控件上输入真实的密码。In step S407, the obtained real password is passed to the application, and the real password is input on the control.
在步骤S408,应用程序通过真实密码成功完成密码鉴权。At step S408, the application successfully completes the password authentication by the real password.
如果用户临时密码输入错误,也无法通过预设的密码映射算法生成得到真时的密码,此时鉴权仍然会失败。If the user's temporary password is incorrectly entered, the password cannot be generated by the default password mapping algorithm. At this time, the authentication still fails.
在步骤S409,当用户在密码输入控件上激活输入键盘时,获取用户输入的临时密码。In step S409, when the user activates the input keyboard on the password input control, the temporary password input by the user is acquired.
在步骤S410,采用随机密码映射算法,将用户输入的临时密码映射为随机字符。In step S410, the temporary password input by the user is mapped to a random character by using a random cipher mapping algorithm.
在步骤S411,将随机密码传递给应用程序,在控件上输入随机密码。In step S411, a random password is passed to the application, and a random password is entered on the control.
在步骤S412,应用通过随机密码无法完成密码鉴权操作,鉴权失败。In step S412, the application cannot complete the password authentication operation by using a random password, and the authentication fails.
在步骤S409中,即使输入正确的临时密码,由于此时采用随机密码映射算法,因此无法映射得到真实的密码,所以鉴权仍然会失败。In step S409, even if the correct temporary password is input, since the random password mapping algorithm is used at this time, the real password cannot be mapped, so the authentication still fails.
上述流程中,在对用户输入密码进行映射处理后,将映射生成的密码输入到获得了输入焦点的控件的详细描述将参照图5和图6进行说明。In the above process, after mapping the user input password, the detailed description of the control generated password input to the control that has obtained the input focus will be described with reference to FIGS. 5 and 6.
为根据本公开实施例的智能终端安全输入系统的框架示意图,图6为根据本公开实施例的安全输入系统的框图。A schematic block diagram of a smart terminal security input system in accordance with an embodiment of the present disclosure, and FIG. 6 is a block diagram of a secure input system in accordance with an embodiment of the present disclosure.
参见图5,智能终端的输入系统中包括目标程序、系统进程和输入法进程三部分。当目标程序(例如,社交应用、手机银行应用)需要输入字符内容时,首先向系统进程申请调用打开输入法进程。系统进程接收到申请时,绑定输入框并显示输入法的界面。比如,在基于Android的系统终端中,在目标程序、系统进程和输入法进程中分别 通过输入法管理器(Input Method Manager)、输入法管理器服务(Input Method Manager Service)和输入法服务(Input Method Service)进行协作交互。Referring to FIG. 5, the input system of the intelligent terminal includes three parts: a target program, a system process, and an input method process. When the target program (for example, social application, mobile banking application) needs to input character content, first apply to the system process to call the open input method process. When the system process receives the application, it binds the input box and displays the interface of the input method. For example, in an Android-based system terminal, an Input Method Manager, an Input Method Manager Service, and an Input Method Service (Input) are respectively performed in a target program, a system process, and an input method process. Method Service) for collaborative interaction.
在输入法进程生成字符时,字符内容并不直接传送给目标程序,而是需要通过系统进程进行处理之后再传递给目标程序。系统进程接收输入法进程生成的临时密码,并通过相应算法把这些字符映射为处理后的字符。然后,系统进程将处理后的字符传递给目标程序,从而完成密码的映射操作。When the input method process generates characters, the character content is not directly transmitted to the target program, but needs to be processed by the system process before being passed to the target program. The system process receives the temporary password generated by the input method process and maps the characters to the processed characters through the corresponding algorithm. Then, the system process passes the processed characters to the target program, thereby completing the mapping operation of the password.
图6所示,在输入系统中加入自定义输入处理线程,用来完成密码的映射。用户通过触摸屏、物理按键等进行输入操作。系统内核层的触摸屏驱动、按键等驱动等驱动程序根据多点触控协议定义的事件规则将物理信号转化成输入事件,并写入到设备输入节点文件。比如在基于Linux的智能系统中,输入设备节点文件在/dev/input/目录下。然后,系统框架层输入调度线程负责读取设备输入节点文件中的输入事件,并传递给上层应用程序生成字符。比如,当用户调用输入法进程输入字符时,输入调度线程将用户的输入事件传递给输入法进程,然后输入法进程根据传入的输入事件生成字符。As shown in Figure 6, a custom input processing thread is added to the input system to complete the mapping of the password. The user performs an input operation through a touch screen, physical buttons, and the like. Drivers such as touch screen drivers, buttons, and the like of the system kernel layer convert physical signals into input events according to event rules defined by the multi-touch protocol, and write them to the device input node file. For example, in a Linux-based intelligent system, the input device node file is in the /dev/input/ directory. The system framework layer input scheduling thread is then responsible for reading the input events in the device input node file and passing them to the upper application to generate the characters. For example, when a user invokes an input method process to enter a character, the input dispatch thread passes the user's input event to the input method process, and the input method process generates a character based on the incoming input event.
在本公开实施例中,系统框架层除了完成常规的输入事件读取外,还自定义了输入处理线程,通过应用的图标的当前位置和密码映射算法,将输入法生成的密码映射为处理后的密码。最后,输入处理线程将处理后得到的密码传递给目标程序,进而完成密码的输入。In the embodiment of the present disclosure, in addition to completing the conventional input event reading, the system framework layer also customizes the input processing thread, and maps the password generated by the input method to the processed state through the current location of the applied icon and the password mapping algorithm. Password. Finally, the input processing thread passes the processed password to the target program, thereby completing the password input.
图7为根据本公开实施例的应用程序安全管理装置的结构示意图。FIG. 7 is a schematic structural diagram of an application security management apparatus according to an embodiment of the present disclosure.
如图7所述,根据本公开实施例的应用程序安全管理装置可以包括判断模块701、处理模块702和发送模块703。As illustrated in FIG. 7, the application security management apparatus according to an embodiment of the present disclosure may include a determination module 701, a processing module 702, and a transmission module 703.
判断模块701构造为在当前界面执行了输入密码的操作时,判断与所述操作对应的应用程序的图标的位置是否与预设位置一致。The determining module 701 is configured to determine whether the position of the icon of the application corresponding to the operation is consistent with the preset position when the operation of inputting the password is performed on the current interface.
处理模块702构造为在判断模块701的判断结果为所述应用程序的图标的位置与预设位置一致时,将用户输入的密码按照预设算法处理,在判断模块701的判断结果为所述应用程序的图标的位置与预 设位置不一致时,将用户输入的密码按照随机算法处理。The processing module 702 is configured to process the password input by the user according to a preset algorithm when the determination result of the determining module 701 is that the position of the icon of the application is consistent with the preset location, and the determination result of the determining module 701 is the application. When the position of the icon of the program does not match the preset position, the password input by the user is processed according to a random algorithm.
发送模块703构造为将处理后得到的密码发送给该应用程序进行鉴权。The sending module 703 is configured to send the processed password to the application for authentication.
在一个实施例中,该应用程序安全管理装置还可以包括:设置模块,其构造为根据用户的操作预先设置并存储所述应用程序的安全选项,所述安全选项包括所述应用程序的图标的位置信息、对所述应用程序进行安全管理的控件的标注信息以及根据用户输入的临时密码和真实密码的对应关系生成的预设密码映射算法。In an embodiment, the application security management apparatus may further include: a setting module configured to preset and store a security option of the application according to an operation of the user, the security option including an icon of the application The location information, the annotation information of the control for securely managing the application, and the preset password mapping algorithm generated according to the correspondence between the temporary password and the real password input by the user.
在一个实施例中,设置模块可以包括:位置设置子模块,其构造为设置所述应用程序的图标的相对位置的位置信息,所述相对位置包括所述应用程序的图标相对于参考应用的图标的方向以及在所述方向上所述应用程序的图标与所述参考应用的图标的距离;以及控件标注子模块,其构造为记录所述控件的控件信息,所述控件信息包括包名、类名、控件绝对坐标位置以及控件相对位置中的至少一个。In one embodiment, the setting module may include: a location setting sub-module configured to set location information of a relative position of the icon of the application, the relative location including an icon of the icon of the application relative to a reference application And a distance between the icon of the application and the icon of the reference application in the direction; and a control labeling sub-module configured to record control information of the control, the control information including a package name, a class At least one of the name, the absolute coordinate position of the control, and the relative position of the control.
在一个实施例中,该应用程序安全管理装置还可以包括:监控模块,其构造为监测当前界面是否出现获得输入焦点的控件,当出现了获得输入焦点的控件时,根据所述控件的控件属性判断所述控件是否为已标注控件,并且在所述控件为已标注控件时,判断当前界面执行了输入密码的操作。In an embodiment, the application security management apparatus may further include: a monitoring module configured to monitor whether a current interface has a control for obtaining an input focus, and when a control that obtains an input focus appears, according to a control attribute of the control Determining whether the control is an labeled control, and when the control is an labeled control, determining that the current interface performs an operation of inputting a password.
监控模块也可以监控应用程序的鉴权是否成功以及应用程序是否正常退出。The monitoring module can also monitor whether the authentication of the application is successful and whether the application exits normally.
在一个实施例中,所述应用程序安全管理装置还可以包括:图标调整模块,其构造为在用户退出所述应用程序后,随机调整所述应用程序的图标的位置。In an embodiment, the application security management apparatus may further include: an icon adjustment module configured to randomly adjust a location of the icon of the application after the user exits the application.
当用户在正常使用并退出应用程序一定时间后,图标调整模块可以随机调整应用程序的图标的位置,以自动跳转应用程序的图标的位置。可以通过修改桌面图标数据库文件来调整应用程序的图标的位置。After the user has used and exited the application for a certain period of time, the icon adjustment module can randomly adjust the position of the application's icon to automatically jump to the location of the application's icon. You can adjust the location of the app's icon by modifying the desktop icon database file.
根据本公开实施例的应用程序安全管理装置,把密码鉴权和应用程序的图标的位置进行关联,只有在应用程序的图标的位置和密码 都正确时,才能通过鉴权,并且通过临时密码映射真正的密码,能够降低密码泄露和/或智能终端丢失等情况带来的安全风险。The application security management apparatus according to an embodiment of the present disclosure associates the password authentication with the location of the icon of the application, and only passes the authentication and the temporary password mapping when the location and password of the icon of the application are correct. A true password that reduces the security risks associated with password leakage and/or loss of smart terminals.
本公开还提供了一种存储介质,其上存储有一个或者多个程序,所述一个或者多个程序被一个或者多个处理器执行时,所述一个或毒攻处理器执行根据本公开的应用程序安全管理方法。The present disclosure also provides a storage medium having stored thereon one or more programs, the one or more programs being executed by one or more processors, the one or the virus attack processor executing according to the present disclosure Application security management method.
以上参照附图说明了本公开的实施例,并非因此局限本公开的权利范围。本领域技术人员不脱离本公开的范围和实质内所作的任何修改、等同替换和改进,均应在本公开的权利范围之内。The embodiments of the present disclosure have been described above with reference to the drawings, and are not intended to limit the scope of the disclosure. Any modifications, equivalent substitutions and improvements made by those skilled in the art without departing from the scope and spirit of the disclosure are intended to be included within the scope of the disclosure.

Claims (11)

  1. 一种应用程序安全管理方法,包括:An application security management method, including:
    在当前界面执行了输入密码的操作时,判断与所述操作对应的应用程序的图标的位置是否与预设位置一致;When the operation of inputting the password is performed on the current interface, determining whether the position of the icon of the application corresponding to the operation is consistent with the preset position;
    若所述应用程序的图标的位置与预设位置一致,则将用户输入的密码按照预设算法处理后发送给所述应用程序进行鉴权;If the location of the icon of the application is consistent with the preset location, the password input by the user is processed according to a preset algorithm and sent to the application for authentication;
    若所述应用程序的图标的位置与预设位置不一致,则将用户输入的密码按照随机算法处理后发送给所述应用程序进行鉴权。If the location of the icon of the application does not match the preset location, the password input by the user is processed according to a random algorithm and then sent to the application for authentication.
  2. 如权利要求1所述的应用程序安全管理方法,其中,在所述判断与所述操作对应的应用程序的图标的位置是否与预设位置一致的步骤之前,所述方法还包括:The application security management method according to claim 1, wherein before the step of determining whether the location of the icon of the application corresponding to the operation is consistent with the preset location, the method further includes:
    根据用户的操作预先设置并存储所述应用程序的安全选项,所述安全选项包括所述应用程序的图标的位置信息、对所述应用程序进行安全管理的控件的标注信息以及根据用户输入的临时密码和真实密码的对应关系生成的预设密码映射算法。Pre-setting and storing security options of the application according to a user's operation, the security options including location information of icons of the application, annotation information of controls for secure management of the application, and temporary input according to user input A preset password mapping algorithm generated by the correspondence between a password and a real password.
  3. 如权利要求2所述的应用程序安全管理方法,其中,设置所述应用程序的图标的位置信息的步骤包括:The application security management method according to claim 2, wherein the step of setting location information of the icon of the application comprises:
    设置所述应用程序的图标的相对位置的位置信息,所述相对位置包括所述应用程序的图标相对于参考应用的图标的方向以及在所述方向上所述应用程序的图标与所述参考应用的图标的距离,并且其中,标注需要对所述应用程序进行安全管理的控件的步骤包括:Position information of a relative position of an icon of the application, the relative position including a direction of an icon of the application relative to an icon of a reference application, and an icon of the application and the reference application in the direction The distance of the icon, and wherein the steps to mark the controls that need to be securely managed by the application include:
    记录所述控件的控件信息,所述控件信息包括包名、类名、控件绝对坐标位置以及控件相对位置中的至少一个。The control information of the control is recorded, and the control information includes at least one of a package name, a class name, an absolute coordinate position of the control, and a relative position of the control.
  4. 如权利要求3所述的应用程序安全管理方法,还包括:The application security management method of claim 3, further comprising:
    监测当前界面是否出现获得输入焦点的控件;Monitor the current interface for controls that have input focus;
    若出现了获得输入焦点的控件,则根据所述控件的控件属性判断所述控件是否为已标注控件;以及If a control that obtains an input focus appears, determining whether the control is an labeled control according to a control property of the control;
    若所述控件是已标注控件,则判断当前界面执行了输入密码的操作。If the control is an annotated control, it is determined that the current interface performs an operation of inputting a password.
  5. 如权利要求1至4任一项所述的方法,还包括:The method of any one of claims 1 to 4, further comprising:
    在用户退出所述应用程序后,随机调整所述应用程序的图标的位置。After the user exits the application, the location of the icon of the application is randomly adjusted.
  6. 一种应用程序安全管理装置,包括:An application security management device includes:
    判断模块,其构造为在当前界面执行了输入密码的操作时,判断与所述操作对应的应用程序的图标的位置是否与预设位置一致;a judging module configured to determine, when the current interface performs an operation of inputting a password, whether the position of the icon of the application corresponding to the operation is consistent with the preset position;
    处理模块,其构造为在所述判断模块的判断结果为所述应用程序的图标的位置与预设位置一致时,将用户输入的密码按照预设算法处理,在所述判断模块的判断结果为所述应用程序的图标的位置与预设位置不一致时,将用户输入的密码按照随机算法处理;以及a processing module configured to: when the judgment result of the determining module is that the position of the icon of the application is consistent with the preset position, the password input by the user is processed according to a preset algorithm, and the judgment result of the determining module is When the location of the icon of the application is inconsistent with the preset location, the password input by the user is processed according to a random algorithm;
    发送模块,其构造为将所述处理模块处理后的密码发送给所述应用程序进行鉴权。And a sending module configured to send the processed password of the processing module to the application for authentication.
  7. 如权利要求6所述的应用程序安全管理装置,还包括:The application security management device of claim 6, further comprising:
    设置模块,其构造为根据用户的操作预先设置并存储所述应用程序的安全选项,所述安全选项包括所述应用程序的图标的位置信息、对所述应用程序进行安全管理的控件的标注信息以及根据用户输入的临时密码和真实密码的对应关系生成的预设密码映射算法。a setting module configured to preset and store a security option of the application according to a user's operation, the security option including location information of an icon of the application, and annotation information of a control for securely managing the application And a preset password mapping algorithm generated according to the correspondence between the temporary password and the real password input by the user.
  8. 如权利要求7所述的应用程序安全管理装置,其中,所述设置模块包括:The application security management device of claim 7, wherein the setting module comprises:
    位置设置子模块,其构造为设置所述应用程序的图标的相对位置的位置信息,所述相对位置包括所述应用程序的图标相对于参考应用的图标的方向以及在所述方向上所述应用程序的图标与所述参考 应用的图标的距离;以及a location setting sub-module configured to set location information of a relative position of an icon of the application, the relative location including a direction of an icon of the application relative to an icon of a reference application and the application in the direction The distance between the icon of the program and the icon of the reference application;
    控件标注子模块,其构造为记录所述控件的控件信息,所述控件信息包括包名、类名、控件绝对坐标位置以及控件相对位置中的至少一个。And a control labeling submodule configured to record control information of the control, the control information including at least one of a package name, a class name, an absolute coordinate position of the control, and a relative position of the control.
  9. 如权利要求8所述的应用程序安全管理装置,还包括:The application security management device of claim 8 further comprising:
    监控模块,其构造为监测当前界面是否出现获得输入焦点的控件,当出现了获得输入焦点的控件时,根据所述控件的控件属性判断所述控件是否为已标注控件,并且在所述控件为已标注控件时,判断当前界面执行了输入密码的操作。a monitoring module configured to monitor whether the current interface has a control for obtaining an input focus. When a control that obtains an input focus occurs, determining whether the control is an labeled control according to a control property of the control, and the control is When the control has been marked, it is judged that the current interface has performed the operation of inputting a password.
  10. 如权利要求6至9任一项所述的应用程序安全管理装置,还包括:The application security management apparatus according to any one of claims 6 to 9, further comprising:
    图标调整模块,其构造为在用户退出所述应用程序后,随机调整所述应用程序的图标的位置。An icon adjustment module configured to randomly adjust a position of an icon of the application after the user exits the application.
  11. 一种存储介质,其上存储有一个或者多个程序,所述一个或者多个程序被一个或者多个处理器执行时,所述一个或毒攻处理器执行如权利要求1至5任一项所述的应用程序安全管理方法。A storage medium having stored thereon one or more programs, the one or more programs being executed by one or more processors, the one or the virus attack processor executing any one of claims 1 to 5 The application security management method described.
PCT/CN2018/092689 2017-06-23 2018-06-25 Application program security management method and apparatus, and storage medium WO2018233718A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710492686.4A CN109117623B (en) 2017-06-23 2017-06-23 Application security management method, device and storage medium
CN201710492686.4 2017-06-23

Publications (1)

Publication Number Publication Date
WO2018233718A1 true WO2018233718A1 (en) 2018-12-27

Family

ID=64732416

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/092689 WO2018233718A1 (en) 2017-06-23 2018-06-25 Application program security management method and apparatus, and storage medium

Country Status (2)

Country Link
CN (1) CN109117623B (en)
WO (1) WO2018233718A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103034446A (en) * 2012-12-13 2013-04-10 广东欧珀移动通信有限公司 Method and device for unblocking operation interface of electronic device and switching themes
CN105630320A (en) * 2015-06-26 2016-06-01 东莞酷派软件技术有限公司 Screen unlocking method and screen unlocking apparatus for terminal
CN105809445A (en) * 2016-02-29 2016-07-27 宇龙计算机通信科技(深圳)有限公司 Password verifying and processing method, apparatus and terminal
CN105844145A (en) * 2016-04-19 2016-08-10 广州三星通信技术研究有限公司 Method and equipment for managing passwords
CN106453802A (en) * 2016-11-30 2017-02-22 努比亚技术有限公司 Cipher verification method and device, and terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN203120005U (en) * 2013-03-18 2013-08-07 黄伟强 Touch screen mobile phone unlocked based on pattern matching mode
CN104516645A (en) * 2013-09-26 2015-04-15 上海斐讯数据通信技术有限公司 Electronic device unlocking method
CN103778362B (en) * 2014-01-21 2017-07-14 宇龙计算机通信科技(深圳)有限公司 The unlocking method and communication terminal of communication terminal
CN103744583B (en) * 2014-01-22 2017-09-29 联想(北京)有限公司 Operation processing method and device and electronic equipment
CN106250754B (en) * 2016-07-27 2018-11-30 维沃移动通信有限公司 A kind of control method and mobile terminal of application program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103034446A (en) * 2012-12-13 2013-04-10 广东欧珀移动通信有限公司 Method and device for unblocking operation interface of electronic device and switching themes
CN105630320A (en) * 2015-06-26 2016-06-01 东莞酷派软件技术有限公司 Screen unlocking method and screen unlocking apparatus for terminal
CN105809445A (en) * 2016-02-29 2016-07-27 宇龙计算机通信科技(深圳)有限公司 Password verifying and processing method, apparatus and terminal
CN105844145A (en) * 2016-04-19 2016-08-10 广州三星通信技术研究有限公司 Method and equipment for managing passwords
CN106453802A (en) * 2016-11-30 2017-02-22 努比亚技术有限公司 Cipher verification method and device, and terminal

Also Published As

Publication number Publication date
CN109117623A (en) 2019-01-01
CN109117623B (en) 2024-01-05

Similar Documents

Publication Publication Date Title
US10375116B2 (en) System and method to provide server control for access to mobile client data
US10417020B2 (en) Remote assistance for managed mobile devices
CN107113302B (en) Security and permission architecture in multi-tenant computing systems
US11627129B2 (en) Method and system for contextual access control
WO2018228199A1 (en) Authorization method and related device
KR20170096117A (en) Security and permission architecture in a multi-tenant computing system
EP3557835B1 (en) Authorization credential migration method, terminal device and service server
US9158910B2 (en) Password resetting method and electronic device having password resetting function
US20120331532A1 (en) Device-agnostic mobile device thin client computing methods and apparatus
EP3817322A1 (en) Method for upgrading service application range of electronic identity card, and terminal device
US11552943B2 (en) Native remote access to target resources using secretless connections
EP3644578A1 (en) Point and click authentication
US11405375B2 (en) Device and method for receiving a temporary credit token
US9690918B2 (en) Biometric softkey system
WO2018166142A1 (en) Authentication processing method and apparatus
WO2018233718A1 (en) Application program security management method and apparatus, and storage medium
US10678895B2 (en) Data input method, and electronic device and system for implementing the data input method
EP3619904B1 (en) Smart card thumb print authentication
US20200327220A1 (en) System and methods for generating and authenticating dynamic usernames replication
US10756899B2 (en) Access to software applications
US20240129289A1 (en) User certificate with user authorizations
CN114218542A (en) Visitor identity auditing method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18820349

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07-05-2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18820349

Country of ref document: EP

Kind code of ref document: A1