WO2019001588A1

WO2019001588A1 - Data processing method and apparatus, terminal, and storage medium

Info

Publication number: WO2019001588A1
Application number: PCT/CN2018/098541
Authority: WO
Inventors: 魏明业
Original assignee: 西安中兴新软件有限责任公司
Priority date: 2017-06-28
Filing date: 2018-08-03
Publication date: 2019-01-03
Also published as: CN109150814B; CN109150814A

Abstract

Provided are a data processing method and apparatus, a terminal, and a storage medium. The method comprises: receiving a first parameter of an unlocking object and a first secret key of the unlocking object issued by a server, the first parameter and the first secret key being used for determining whether a terminal satisfies a data analysis condition; obtaining a second parameter of the unlocking object and a second secret key of the unlocking object located in the terminal; when the first parameter and the second parameter satisfy a preset first condition, and the first secret key and the second secret key satisfy a preset second condition, unlocking the unlocking object.

Description

Data processing method and device thereof, terminal, storage medium

Technical field

The present disclosure relates to the field of mobile communications technologies, and in particular, to a data processing method and apparatus, terminal, and storage medium.

Background technique

With the development and evolution of intelligent mobile terminals, mobile terminals support more and more functions. Many of the functions on mobile terminals require locking because they involve user privacy or require authorization from the communications carrier. For example, privacy application lock, user privacy data lock and lock network technology. In the process of locking and unlocking, it is necessary to use security data such as key, lock parameters and unlock parameters.

Summary of the invention

In one aspect, the present disclosure provides a data processing method, including: receiving a first parameter of an unlocking object delivered by a server and a first key of an unlocking object, where the first parameter and the first key are used for determining Whether the terminal satisfies the condition for parsing the data; acquiring the second parameter of the unlocking object located at the terminal and the second key of the unlocking object; when the first parameter and the second parameter satisfy the preset first condition and When the first secret key and the second secret key satisfy the preset second condition, the unlocked object is unlocked.

In another aspect, the present disclosure provides a data processing method, including: acquiring an unlocking parameter generated based on a locking object from a terminal; generating a first key and a second key according to the unlocking parameter; and sending the first secret Key to the server; generating an application processor AP side unlocking parameter and a modem processor modem side unlocking parameter according to the second key; and generating an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter; Generating an encrypted modem side unlocking parameter and a modem side key according to the modem side unlocking parameter; and writing the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter to the storage on the AP side The second area in the area, the storage area on the AP side further includes a first area, the second area has higher authority than the first area; and the modem side key, the modem side unlocking parameter, and the The encrypted AP-side unlocking parameter is written in a fourth area in the storage area on the modem side, and the storage area on the modem side further includes a third area, and the fourth area has higher authority than the third area.

In another aspect, the present disclosure provides a data processing apparatus, including: a receiving module, an obtaining module, and an unlocking module; the receiving module is configured to receive a first parameter of the unlocking object and a unlocking object of the unlocking object delivered by the server a first key, the first parameter and the first key are used to determine whether the terminal satisfies the condition for parsing data; the obtaining module is configured to acquire a second parameter of the unlocking object and a second key of the unlocking object; The unlocking module is configured to: when the first parameter and the second parameter satisfy a preset first condition, and the first key and the second key satisfy a preset second condition, Unlock the object to unlock it.

In another aspect, the present disclosure provides a data processing apparatus, including: an acquisition module, a first generation module, a transmission module, a second generation module, a third generation module, a fourth generation module, a first write module, and a second Writing a module; the obtaining module is configured to acquire an unlocking parameter generated based on the locking object from the terminal; the first generating module is configured to generate a first key and a second key according to the unlocking parameter; The sending module is configured to send the first key to the server; the second generating module is configured to generate an application processor AP side unlocking parameter and a modem processor modem side unlocking parameter according to the second key; The third generation module is configured to generate an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter, and the fourth generating module is configured to generate an encrypted modem side unlocking parameter and a modem according to the modem side unlocking parameter. The first write module is configured to write the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter into a storage area on the AP side. The second area of the AP, the storage area of the AP side further includes a first area, the second area is higher than the first area; the second write module is configured to use the modem side key The encrypted AP side unlocking parameter and the modem side unlocking parameter are written in a fourth area in the storage area on the modem side, and the modem side storage area further includes a third area, the fourth area The authority is higher than the third area.

In another aspect, the present disclosure provides a terminal comprising at least a display screen, a processor, and a storage medium configured to store executable instructions, wherein the processor is configured to execute the stored executable instructions, the executable The instructions are configured to perform the data processing methods described herein.

In another aspect, the present disclosure provides a computer storage medium having stored therein computer executable instructions configured to perform the data processing methods described herein.

DRAWINGS

In the drawings, which are not necessarily to scale, the Like reference numerals with different letter suffixes may indicate different examples of similar components. The drawings generally illustrate the various embodiments discussed herein by way of example and not limitation.

1 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure;

2 is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

3 is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

4 is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

FIG. 5 is a schematic structural diagram of an AP processor according to an embodiment of the present disclosure; FIG.

6 is a schematic structural diagram of a modem processor according to an embodiment of the present disclosure;

7A is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

7B is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

7C is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

FIG. 8A is a flowchart of a data processing method according to an embodiment of the present disclosure; FIG.

8B is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

8C is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

9A is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

9B is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

9C is a flowchart of a data processing method in accordance with an embodiment of the present disclosure;

FIG. 10 is a schematic structural diagram of a data processing apparatus of an application according to an embodiment of the present disclosure; FIG.

11 is a schematic structural diagram of a data processing device of an application according to an embodiment of the present disclosure;

FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.

Detailed ways

The technical solutions in the embodiments of the present disclosure are clearly and completely described below in conjunction with the drawings in the embodiments of the present disclosure. Some embodiments are disclosed, rather than all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present disclosure without creative efforts are within the scope of the present disclosure.

Taking the unlocking network as an example, after the operator locks the network, the mobile terminal generates a lock flag and unlocking information, and the unlocking information includes an unlocking parameter. In the related art, the unlocking parameter is stored locally in the mobile terminal or stored in the server. . When the user unlocks the network, the user inputs an unlocking parameter (such as an unlocking code) obtained from the store or through the network, and the mobile terminal compares the unlocking parameter input by the user with the unlocking parameter stored locally in the mobile terminal, if the unlocking parameter input by the user is stored in the If the local unlocking parameters of the mobile terminal are the same, the lock flag is deleted to unlock the network. However, in this unlocking network method, the user needs to go to the store or obtain the unlocking code through the network, which is very troublesome and the user experience is poor.

In addition, it is not safe to store the unlocking parameters in the mobile terminal or the server. If the unlocking parameters are stored in the mobile terminal, there is a risk of being stolen. Even if the unlocking parameters are encrypted, the criminals may still steal the encrypted unlocking. The parameters are cracked. If the unlocking parameter is stored in the server, there is still the possibility that the unlocking parameter is tampered with during the process of sending the unlocking parameter to the mobile terminal by the server. Therefore, there is a need for a secure data processing method that can be automated.

Accordingly, the present disclosure particularly provides a data processing method and apparatus therefor, a terminal, and a storage medium that substantially obviate one or more of the problems due to the limitations and disadvantages of the related art.

In one aspect, embodiments of the present disclosure provide a data processing method. The method can be applied to many scenarios, for example, unlocking of private data stored by a user on a mobile terminal, unlocking of a privacy application installed on a mobile terminal, and some services requiring an operator authorization (such as unlocking a network).

In various embodiments of the present disclosure, the mobile terminal includes an application processor (AP) chip and a modem chip.

The storage area on the AP side includes at least two areas. The two areas are used as an example. The storage area on the AP side includes a first area and a second area, where the second area is a security area in the storage area, and the second area is higher than the first area. region. In the implementation process, if the mobile terminal adopts an EMMC (Embedded Multi Media Card) partitioning mode, the first area may be a common storage area in the AP side storage area, and the second area may be It is the Replay Protect Memory Block (RPMB) on the AP side. The manufacturer sets the second area to be accessible only by the AP processor before leaving the factory.

The storage area on the modem side includes at least two areas. The two areas are taken as an example. The storage area on the modem side includes a third area and a fourth area, wherein the fourth area is a security area in the storage area, and the fourth area is higher than the third area. region. In the implementation process, if the mobile terminal adopts the partition mode of the EMMC, the third area may be a common storage area in the modem side storage area, and the fourth area may be a security file storage area on the modem side ( SFS, Secure File System). The manufacturer sets the fourth area to be accessible only by the AP processor before leaving the factory.

In the data processing method provided by the embodiment of the present disclosure, the unlocking parameter generated based on the locking object is obtained from the terminal, and the first key and the second key are generated according to the unlocking parameter, and the first key is sent to the server. In addition, the AP side unlocking parameter, the modem side unlocking parameter, the encrypted AP side unlocking parameter, the AP side key, the encrypted modem side unlocking parameter, and the modem side key are generated according to the second key, and the AP side key, The AP side unlocking parameter and the encrypted modem side unlocking parameter are stored in the second area, and the modem side key, the modem side unlocking parameter, and the encrypted AP side unlocking parameter are stored in the fourth area, and the unlocking condition is set. When the mobile terminal meets the set unlocking condition, the first parameter and the first key sent by the server are received, and the second parameter and the second key are obtained from the terminal itself, only when the first parameter and the second parameter meet the preset. And the unlocking process is started when the first condition and the first key and the second key satisfy the preset second condition, by acquiring the encrypted modem side unlocking parameter stored in the second area and storing in the fourth area The encrypted AP side unlocking parameter is double-sidedly unlocked.

In order to facilitate the understanding of the embodiments of the present disclosure, the following detailed description of the embodiments,

A data processing method provided by an embodiment of the present disclosure. FIG. 1 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 1, in an embodiment, the method may include steps S101 to S106.

At step S101, the terminal generates a lock flag and an unlock parameter based on the lock object according to the user's lock operation.

Here, the user performs a locking operation on the locking object on the terminal, and the terminal generates a locking flag and an unlocking parameter according to the locking operation of the user. The locking object may be a communication network provided by an operator, may be a privacy application (such as a secure payment application), or may be a user's private data. Correspondingly, the locking operation may be a lock operation, and may be a privacy application locking operation or a privacy data locking operation.

Here, the setting operation is included before the locking operation. The setting operation sets a third condition for the user, the third condition being that the terminal satisfies the condition of unlocking. When the locking object is a network provided by an operator, the third condition is that the counter in the terminal reaches a threshold; when the locking object is a privacy application (such as a payment application) or privacy data of the user, the third condition The terminal obtains the password input by the user, wherein the password may be a digital password, a fingerprint password, an eye password, a voice password, etc., and the user or the operator or the manufacturer may set the user according to the actual application needs. .

Here, when the third condition is that the counter in the terminal reaches a threshold, the user needs to set the size of the threshold. After the user sets the threshold, the terminal sends the threshold to the server, and the server stores the threshold. When the locking operation is completed, the terminal and the counter in the server start counting synchronously. When the third condition is that the terminal acquires the password input by the user, the user needs to input the password into the terminal. After acquiring the password input by the user, the terminal sends the password information to the server, and the server stores the password information.

At step S102, the terminal acquires an unlocking parameter generated based on the locking object from itself, and generates a first key and a second key according to the unlocking parameter.

Here, the first key is the same as the second key, and the terminal writes the second key to the unlocking process executed by the AP processor in a macro definition manner, where the unlocking single process is used. The unlocking object is unlocked when the user unlocks, wherein the unlocking object is the locking object in step S101.

At step S103, the terminal sends the first key to the server, and the server receives and stores the first key; and at step S104, the terminal generates an AP side unlocking parameter according to the second key, and the modem side is unlocked. Parameters, encrypted AP side unlock parameters, AP side keys, encrypted modem side unlock parameters, and modem side keys.

Here, the terminal first generates an AP side unlocking parameter and a modem side unlocking parameter according to the second key, and the AP side unlocking parameter and the modem side unlocking parameter may be the same or different. Then, the terminal generates an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter, and generates an encrypted modem side unlocking parameter and a modem side key according to the modem side unlocking parameter.

It is to be understood that the encryption process of the AP side unlocking parameter and the encryption method of the AP side unlocking parameter and the AP side key may be any existing encryption algorithm, such as an asymmetric RSA algorithm, for the modem. The side unlocking parameter is subjected to encryption processing, and the encryption method for generating the encrypted modem side unlocking parameter and the modem side key may also be any existing encryption method, and the encryption method may be used to encrypt the AP side unlocking parameter. The encryption method is the same or different.

At step S105, the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter are written in the second area in the storage area on the AP side.

Here, the storage area on the AP side further includes a first area, and the second area has higher authority than the first area. It should be understood that, in the embodiment of the present disclosure, the mobile terminal adopts a partitioning mode of an embedded multimedia chip (EMMC), the first area is a common storage area on the AP side, and the second area is an AP. Side RPMB area. The manufacturer sets the second area to be unlocked only by the unlocking process executed by the AP processor.

At step S106, the modem side key, the modem side unlocking parameter, and the encrypted AP side unlocking parameter are written in the fourth area in the storage area on the modem side.

Here, the storage area on the modem side further includes a third area, and the fourth area has higher authority than the third area. It should be understood that, in the embodiment of the present disclosure, the mobile terminal adopts a partition mode of an embedded multimedia chip (EMMC), the third area is a common storage area on the modem side, and the fourth area is a modem. Side SFS area. The manufacturer sets the fourth area to be unlocked by the AP processor only after the factory is executed.

It is to be understood that, when unlocking, the terminal acquires the encrypted AP side unlocking parameter from the fourth area and acquires the encrypted modem side unlocking parameter from the second area to unlock, if only the AP side and the modem side are both When the unlocking is successful, the terminal deletes the lock flag to complete the unlocking.

Embodiments of the present disclosure also provide a data processing method. 2 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 2, in an embodiment, the method may include steps S201 to S204.

At step S201, when the terminal satisfies the preset third condition, the message that the terminal meets the preset third condition is sent to the server.

Here, the preset third condition is a third condition set by the user in the setting operation in the step S101, and the message that the terminal satisfies the preset third condition includes the terminal identifier of the terminal.

It should be understood that step S201 can be applied to multiple different scenarios in the specific implementation process. The following describes the scenarios based on several scenarios. Of course, in the specific implementation process, it can also be applied to other different scenarios. The scene is not limited to the following.

Unlocking the network scenario: At a certain moment, the counter in the user terminal reaches the preset threshold, that is, the preset third condition is met, and the terminal reports the message that the counter reaches the preset threshold to the server.

Unlocking the privacy application scenario: At a certain moment, the user wants to open the locked privacy application (for example, a secure payment application), so the user inputs the password required to open the privacy application, that is, the preset third condition is met, and the terminal The message reporting server for entering the password of the privacy application input by the user is obtained by itself.

Unlocking the privacy data scene: At a certain moment, the user wants to read the private data that he has locked, so the user inputs the password required to read the private data, that is, the preset third condition is met, and the terminal acquires the user by itself. The message input server for reading the password for reading the private data is sent to the server.

It should be understood that, in the scenario of unlocking the privacy application scenario and unlocking the privacy data, the password input by the user may be a digital password, a fingerprint password, an eye password, a voice password, etc., and the user or the operator or the manufacturer may according to the actual application needs. Set it yourself, I won't go into details here.

At step S202, the first parameter of the unlocking object and the first key of the unlocking object delivered by the server are received.

Here, the first parameter and the first key are sent by the server according to the terminal identifier, and the first parameter and the first key are used to determine whether the terminal satisfies the condition for parsing data.

It should be understood that the first parameter has different meanings according to different application scenarios in the specific implementation process. The following describes the several parameters based on several scenarios. Of course, in the specific implementation process, it can also be applied. Other different scenarios are not limited to the following.

In the unlocking network scenario, the first parameter is a value reached by the server-side counter; in the scenario of unlocking the privacy application scenario and unlocking the privacy data, the first parameter is password information pre-stored in the server, where The password information is the password information that the terminal transmits to the server and is stored by the server in step S101.

At step S203, a second parameter of the unlocking object located at the terminal and a second key of the unlocking object are acquired.

Here, the second parameter corresponds to the first parameter, and has different meanings according to different application scenarios in a specific implementation process. The following describes the several scenarios based on the descriptions thereof. Of course, in the specific implementation process. It can also be applied to other different scenarios, not limited to the following.

In the unlocking network scenario, the second parameter is a value reached by the terminal counter; in the unlocking the privacy application scenario and the unlocking privacy data scenario, the second parameter is password information input by the user into the terminal.

Here, the second key is the same as the second key written in the unlocking process in the manner defined by the macro in step S102 of FIG.

At step S204, when the first parameter and the second parameter satisfy a preset first condition and the first key and the second key satisfy a preset second condition, the unlocking object is unlocked. Unlock it.

Here, the preset first condition is that the first parameter and the second parameter satisfy a certain relationship, and may be equal to each other, or may be a difference or a sum of the two, satisfying a certain range, user or operation. The manufacturer or manufacturer can set it according to the needs of the actual application, and will not go into details here.

Here, the preset second condition is that the first key and the second key satisfy a certain relationship, and may be equal to each other, or may be a difference or a sum of the two, satisfying a certain range. Or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.

Here, the unlocking object is the same as the locking object in step S101 of FIG. 1. The unlocking the unlocking object refers to starting an unlocking single process executed by the AP processor, and the unlocking single process is used to execute the unlocking object. Two-sided cross data unlocking processing on the AP side and the modem side.

It should be understood that, in the embodiment of the present disclosure, one parameter and one secret key are stored on the server side, and one parameter and one secret key are also stored on the terminal side, by determining whether the parameters on the server side and the terminal side are different from the secret key. The predetermined condition is met to decide whether to unlock the unlocked object. In a specific implementation process, a person skilled in the art may also store a plurality of parameters and a plurality of keys on the server side and the terminal side respectively to determine whether to unlock the unlocked object. For example, two parameters and two keys are stored on the server side, and two parameters and two keys are also stored on the terminal side. When the two parameters on the server side and the two parameters on the terminal side satisfy the predetermined condition and the server The unlocked object is unlocked when the two secret keys on the side and the two secret keys on the terminal side also satisfy the predetermined condition.

Embodiments of the present disclosure also provide a data processing method. 3 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 3, in an embodiment, the method may include steps S301 to S307.

At step S301, when the terminal satisfies the preset third condition, the message that the terminal satisfies the preset third condition is sent to the server.

At step S302, the first parameter of the unlocking object and the first key of the unlocking object delivered by the server are received.

It should be understood that step S301 is similar to step S201 of FIG. 2, and step S302 is similar to step S202 of FIG. 2, and therefore, no further description is made here.

At step S303, the first parameter is read from a storage area on the modem side.

It should be understood that the first parameter and the first key delivered by the server in step S302 are received by the modem processor in the terminal. The terminal stores the first parameter and the first key in a third area on the modem side, where the third area is a normal storage area on the modem side.

At step S304, the second parameter is read from a second reserved field in the first region.

Here, in the first area on the AP side, that is, the normal storage area on the AP side, two fields, a first reserved field and a second reserved field, are reserved, and the first reserved field is initialized to a null value, The second reserved field is used to store the second parameter.

At step S305, if the first parameter and the second parameter satisfy a preset first condition, the first key is read from the storage area on the modem side, and the first secret is The value of the key is written to the first reserved field.

Here, if the first parameter and the second parameter do not satisfy the preset first condition, the terminal deletes the first key in the storage area on the modem side, and ends the processing flow.

At step S306, if the first reserved field is non-empty, the value in the first reserved field is compared with the value of the second key.

Here, the unlocking single process performed by the AP processor in the terminal monitors the first reserved field in real time, and when the first reserved field is non-empty, the unlocking single process compares the first reserved field. And a value of the second key, wherein the second key is written in the unlocking process in a macro definition manner; if the first reserved field is a null value, the unlocking The single process continues to monitor the first reserved field in real time.

At step S307, if the value in the first reserved field and the value of the second key satisfy the preset second condition, the unlocked object is unlocked.

Here, the preset second condition is that the value in the first reserved field satisfies a certain relationship with the value of the second key, and may be equal to each other, or may be a difference or sum of the two. To meet a certain range, the user or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.

Here, if the value in the first reserved field and the value of the second key do not satisfy the preset second condition, the terminal deletes the value in the first reserved field, and ends the processing flow.

Here, the unlocking object is the same as the locking object in step S101, and the unlocking the unlocking object refers to starting an unlocking single process executed by the AP processor, where the unlocking single process is used to perform an AP side and an unlocking object. Double-sided cross data unlock processing on the modem side.

Embodiments of the present disclosure also provide a data processing method. 4 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 4, in an embodiment, the method may include steps S401 to S410.

At step S401, when the terminal satisfies the preset third condition, the message that the terminal meets the preset third condition is sent to the server.

At step S402, the first parameter of the unlocking object and the first key of the unlocking object delivered by the server are received.

At step S403, the first parameter is read from a storage area on the modem side.

At step S404, the second parameter is read from a second reserved field in the first region.

At step S405, if the first parameter and the second parameter satisfy a preset first condition, the first key is read from the storage area on the modem side, and the first secret is The value of the key is written to the first reserved field.

At step S406, if the first reserved field is non-empty, the value in the first reserved field is compared with the value of the second key.

It should be understood that steps S401 to S406 are similar to steps S301 to S306 of FIG. 3, and therefore, no further description is made herein.

At step S407, the encrypted AP side unlocking parameter and the encrypted modem side unlocking parameter are acquired from the terminal.

Here, the encrypted modem side unlocking parameter is acquired from the second area in the storage area on the AP side, and the right of the second area is higher than the first area. It should be understood that, in the embodiment of the present disclosure, the mobile terminal adopts a partitioning mode of an embedded multimedia chip (EMMC), the first area is a common storage area on the AP side, and the second area is an AP. Side RPMB area. The manufacturer sets the second area to be unlocked only by the unlocking process executed by the AP processor.

Here, the encrypted AP side unlocking parameter is acquired from the fourth area in the storage area on the modem side, and the storage area on the modem side further includes a third area having a lower authority than the fourth area. It should be understood that, in the embodiment of the present disclosure, the mobile terminal adopts a partition mode of an embedded multimedia chip (EMMC), the third area is a common storage area on the modem side, and the fourth area is a modem. Side SFS area. The manufacturer sets the fourth area to be unlocked by the AP processor only after the factory is executed.

At step S408, a first flag bit is generated based on the encrypted AP side unlocking parameter, the first flag bit being used to indicate whether the parsing of the encrypted AP side unlocking parameter is successful.

Here, the generating the first flag bit based on the encrypted AP side unlocking parameter includes: acquiring an AP side unlocking parameter and an AP side key from the second area; and decrypting the encrypted AP side unlocking parameter according to the AP side key The decrypted AP side unlocking parameter is obtained; the decrypted AP side unlocking parameter and the AP side unlocking parameter are compared to obtain a first comparison result; and the first flag bit is generated according to the first comparison result.

It should be understood that the first flag bit may be set to 0 or 1, where 0 indicates that the parsing fails, and 1 indicates that the parsing is successful. Of course, the first flag bit may also be set to 00 to indicate parsing failure, 11 Indicates that the analysis was successful. The user or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.

At step S409, a second flag bit is generated based on the encrypted modem side unlocking parameter, the second flag bit being used to indicate whether the encrypted modem side unlocking parameter is resolved successfully.

Here, the generating, according to the encrypted modem side unlocking parameter, a second flag bit, comprising: acquiring a modem side unlocking parameter and a modem side key from the fourth area; and decrypting the encrypted modem side unlocking parameter according to the modem side key Obtaining the decrypted modem side unlocking parameter; comparing the decrypted modem side unlocking parameter and the modem side unlocking parameter to obtain a second comparison result; and generating a second flag bit according to the second comparison result.

It should be understood that the second flag bit may be set to 0 or 1, where 0 indicates that the parsing fails, 1 indicates that the parsing is successful, and of course, the second flag bit may also be set to 00 to indicate parsing failure, 11 Indicates that the analysis was successful. The user or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here. The method of setting the first mark bit may be the same as or different from the method of setting the second mark bit.

At step S410, when the first marker bit and the second marker bit satisfy a preset fourth condition, the unlocked object is unlocked.

Here, the preset fourth condition is that both the encrypted AP side unlocking parameter and the encrypted modem side unlocking parameter are successfully parsed. For example, when both the first flag bit and the second flag bit are set to 0, the parsing fails, and 1 indicates that the parsing is successful, if and only if the first flag bit and the second flag bit are both 1, the first flag bit is indicated. And the second marker bit satisfies the preset first condition.

Here, when the first flag bit and the second flag bit do not satisfy the preset fourth condition, the terminal ends the processing flow.

Embodiments of the present disclosure also provide a data processing method. Before introducing a data processing method provided by this embodiment, the composition of the AP processor and the modem processor in this embodiment will be described.

FIG. 5 is a schematic structural diagram of an AP processor according to an embodiment of the present disclosure. As shown in FIG. 5, the AP processor includes a processing area for executing a command and a storage area for storing data. The processing area of the AP processor includes: an unlocking single process, an AP side data storage module, an AP side data processing module, and an AP side data parsing module. The unlocking single process is used to perform double-side cross data unlocking processing on the AP side and the modem side on the unlocking object. The storage area of the AP processor includes a common storage area and an RPMB area, and the RPMB area belongs to a security area in the storage area, and the area has higher authority than the normal storage area. The manufacturer sets the RPMB area before leaving the factory, and only the unlocking single process can be accessed.

FIG. 6 is a schematic structural diagram of a modem processor according to an embodiment of the present disclosure. As shown in FIG. 6, the modem processor includes a processing area for executing a command and a storage area for storing data. The processing area of the modem processor includes: a modem side data storage module, a modem side data processing module, and a modem side data parsing module. The storage area of the modem processor includes a common storage area and an SFS area, and the SFS area belongs to a security area in the storage area, and the area has higher authority than the normal storage area. The manufacturer sets the SFS area before leaving the factory, and only the unlocking single process can be accessed.

7A through 7C are flowcharts of a data processing method according to an embodiment of the present disclosure. As shown in FIGS. 7A through 7C, in an embodiment, the method includes steps S701 through S718.

Referring to FIG. 7A, at step S701, the terminal is in an initial state, and four values are stored in the normal storage area in the storage area of the terminal AP processor, and are respectively stored in four different positions.

Of the four values, two are terminal parameters (terminal parameter 1 and terminal parameter 2), and the other two are null values. Here, the terminal parameter is the second parameter in the foregoing embodiment, and the location for storing the terminal parameter is the second reserved field in the foregoing embodiment, and the location for storing the null value is the first in the foregoing embodiment. Reserved field.

In step S702, when the terminal satisfies the parsing condition one, it reports to the server, and receives the server parameter 1 and key1 values delivered by the server according to the terminal identifier; when the terminal satisfies the parsing condition 2, the server reports the value to the server, and the receiving server delivers the message according to the terminal identifier. Server parameter 2 and key2 values.

The two server parameters are sent by the instruction, and the command header file includes server parameter 1 and server parameter 2, and the redundancy bit includes the key1 value and the key2 value.

Here, the analysis condition 1 and the analysis condition 2 may be identical, that is, there is only one analysis condition, such as the third condition in the above embodiment. Of course, those skilled in the art may separately set different analysis conditions 1 and analysis conditions 2. The server parameter 1 and the server parameter 2 may also be consistent. When the server parameter 1 and the server parameter 2 are the same as the first parameter in the foregoing embodiment, those skilled in the art may separately set different server parameters 1 and server. Parameter 2; the key1 value may be the same as the key2 value. When the value is the same, the key1 value and the key2 value are the first key in the foregoing embodiment. Of course, those skilled in the art may separately set different key1 values and key2 values. .

At step S703, server parameter 1 and server parameter 2 in the instruction header file are read.

At step S704, it is compared whether the two terminal parameters stored by the terminal are consistent with the two server parameters.

Here, the two terminal parameters stored in the terminal are the terminal parameter 1 and the terminal parameter 2, respectively, and the terminal parameter 1 and the terminal parameter 2 may be identical. When the two are consistent, the terminal parameter 1 and the terminal parameter 2 are the second parameter in the foregoing embodiment. Of course, those skilled in the art can also set different terminal parameters 1 and terminal parameters 2 respectively.

Here, it is compared whether the two terminal parameters are consistent with the two server parameters, specifically comparing whether the terminal parameter 1 and the server parameter 1 are consistent, and comparing whether the terminal parameter 2 and the server parameter 2 are consistent.

At step S705, if the two terminal parameters are consistent with the two server parameters, the corresponding key1 value and/or key2 value in the instruction is read, and the key1 value and/or the key2 value are stored to the null area reserved by the terminal.

It should be understood that if only the terminal parameter 1 is consistent with the server parameter 1, the corresponding key1 value in the command is read, and the key1 value is stored to the null value area reserved by the terminal; if only the terminal parameter 2 is consistent with the server parameter 2, Then, the corresponding key2 value in the instruction is read, and the key2 value is stored to the null value area reserved by the terminal; if the terminal parameter 1 is consistent with the server parameter 1 and the terminal parameter 2 is consistent with the server parameter 2, the corresponding command is read. The key1 value and the key2 value, and store the key1 value and the key2 value to the null area reserved by the terminal.

Here, if the two terminal parameters are inconsistent with the two server parameters, the process flow returns to step S701, and the key1 value and/or the key2 value delivered by the server is deleted.

It is to be understood that if the two terminal parameters are inconsistent with the two server parameters, the process flow returns to step S701, and the key1 value and/or the key2 value delivered by the server is specifically deleted: if only the terminal parameter 1 is inconsistent with the server parameter 1 Delete the key1 value sent by the server and return to step S701; if only the terminal parameter 2 is inconsistent with the server parameter 2, delete the key2 value sent by the server and return to step S701; if the terminal parameter 1 is inconsistent with the server parameter 1 and the terminal parameter 2 If the server parameter 2 is also inconsistent, the key1 value and the key2 value sent by the server are deleted, and the process returns to step S701.

At step S706, the unlocking single process determines whether the storage area of the key1 value and the key2 value is empty; if both the key1 value and the key2 value are not empty, it is determined whether the key1 value and the key2 value are written in the unlocking process. Parameter 1 is consistent with parameter 2.

Here, it is determined whether the key1 value and the key2 value are consistent with the parameter 1 and the parameter 2 written in the unlocking process. Specifically, it is determined whether the key1 value is consistent with the parameter 1 written in the unlocking process, and whether the key2 value is related to the unlocking list. The parameters 2 written in the process are the same.

It should be understood that the parameter 1 and the parameter 2 which are written in the process of the unlocking process can be the same as the parameter 2, and the second key in the above embodiment can be used. Parameter 1 and parameter 2.

Here, the unlocking single process is set to monitor the null value area in the normal storage area of the terminal AP processor in real time, and the parameters 1 and 2 written in the unlocking single process are set by macro definition.

Here, if one of the storage areas of the key1 value and the key2 value is empty, or one of the key1 value and the key2 value does not match the parameter 1 and the parameter 2 written in the unlocking process, the process flow goes to step S707; if the key1 value And the storage area of the key2 value is not empty, and the key1 value and the key2 value are both consistent with the parameters 1 and 2 written in the second single process, the process flow goes to step S708.

Here, one of the storage areas of the key1 value and the key2 value is empty, and the storage area of the key1 value is empty, or the storage area of the key2 value is empty, or the storage areas of the key1 value and the key2 value are empty.

Here, the key1 value and the key2 value have one inconsistent with the parameter 1 and the parameter 2 written in the unlocking process. Specifically, the key1 value is inconsistent with the parameter 1 written in the unlocking process, or the key2 value is written in the unlocking process. The parameter 2 is inconsistent, or the key1 value is inconsistent with the parameter 1 written in the unlocking process and the key2 value is also inconsistent with the parameter 2 written in the unlocking process.

Here, both the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the unlocking process. Specifically, the key1 value is consistent with the parameter 1 written in the unlocking process and the key2 value and the parameter written in the unlocking process. 2 is also consistent.

At step S707, the unlocking single process continues to monitor the null area in the normal storage area in real time.

At step S708, the unlocking single process performs steps S709 to S718.

Referring to FIG. 7B, in step S709, the unlocking single process sends a request for acquiring an AP side parsing parameter to the SFS area.

Here, the AP side resolution parameter is an AP side unlocking parameter encrypted in the foregoing embodiment.

At step S710, the unlocking single process acquires an AP side parsing parameter.

At step S711, the AP side data processing module in the AP processor decrypts the AP side parsing parameter.

Here, the AP side data processing module in the AP processor decrypts the AP side parsing parameter, and the unlocking single process sends the AP side parsing parameter to the AP side data processing module, and the AP side data processing module collides. The AP side parsing parameters are decrypted.

In step S712, if the AP side data processing module decrypts the AP side parsing parameter is unsuccessful, the processing flow is terminated; if the AP side data processing module decrypts the AP side parsing parameter successfully, the AP side data processing module parses the decrypted AP side. The parameter is sent to the AP side data parsing module in the AP processor for parsing, and the AP side parsing flag bit is generated according to the parsing result.

Here, the decrypted AP side parsing parameter is the decrypted AP side unlocking parameter in the above embodiment; the AP side parsing flag bit is the first flag bit in the above embodiment.

At step S713, the AP side data parsing module sends the AP side parsing flag bit to the unlocking single process.

Here, the AP side parsing flag bit is used to indicate whether the AP side parsing parameter is successfully parsed; the AP side flag bit may be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing success.

Referring to FIG. 7C, at step S714, the unlocking single process sends a request to acquire a modem side resolution parameter to the RPMB area.

Here, the modem side resolution parameter is the encrypted modem side unlocking parameter in the above embodiment.

At step S715, the unlocking single process acquires a modem side resolution parameter.

At step S716, the modem side data processing module in the modem processor decrypts the modem side parsing parameter.

In step S717, if the modem side data processing module decrypts the modem side parsing parameter is unsuccessful, the processing flow is terminated; if the modem side data processing module decrypts the modem side parsing parameter successfully, the modem side data processing module parses the decrypted modem side. The parameter is sent to the modem side data parsing module in the modem processor for parsing, and the modem side parsing flag bit is generated according to the parsing result.

Here, the decrypted modem side parsing parameter is the decrypted modem side unlocking parameter in the above embodiment; the modem side parsing flag bit is the second flag bit in the above embodiment.

Here, the modem side parsing flag bit is used to indicate whether the modem side parsing parameter is successfully parsed; the modem side parsing flag bit may be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing succeeds.

At step S718, the modem side data parsing module sends the modem side parsing flag bit to the unlocking single process.

It should be understood that the terminal is normally unlocked if and only if both parsing flag bits are 1.

It can be seen that, in the embodiment of the present disclosure, the dual-side parsing and the dual-parsing parameters are set, and the dual-parsing parameters are respectively stored in the security area in the modem side and the AP side storage area, and the dual-side security area is only the AP processor. The unlocked single process that is executed can be accessed. When the terminal meets the parsing condition, the server sends the server parameter 1 and key1. When the terminal meets the parsing condition 2, the server reports the server parameter 2 and the key2 value. The terminal preferentially reads the server parameter. When the server parameter is used, When the terminal parameters are consistent or the value of the server parameter meets the preset condition, the terminal reads the corresponding key value and writes the blank area in the normal storage area of the AP processor. If they are inconsistent, the terminal deletes the corresponding key value. The unlocking single process will retrieve the AP side from the modem side security area when the blank area in the normal storage area of the AP processor is not empty, and the value in the blank area is consistent with the value of the parameter written by the macro definition. The parameters are parsed, and the AP side analysis parameters are sent to the AP side data processing module for processing. The processed data is sent to the AP side data analysis module for analysis. In addition, the unlocking single process also extracts the modem side parsing parameter from the AP side security area and sends it to the modem side data processing module for processing, and the processed data is sent to the modem side data parsing module for parsing. When both the AP-side data parsing module and the modem-side data parsing module are successfully parsed, the terminal is normally unlocked. When one of the AP-side data parsing module and the modem-side data parsing module fails to parse, the terminal cannot be unlocked normally.

Based on the foregoing embodiment, a data unlocking method provided by the present disclosure is applied to unlocking a network scenario. In this scenario, the terminal parameter 1 in the above embodiment is the terminal count 1; the terminal parameter 2 is the terminal count 2; the analysis condition 1 is the unlock network condition 1; the analysis condition 2 is the unlock network condition 2; the server parameter 1 is the server count 1 The server parameter 2 is the server count 2; the unlock single process is the subscriber identification module unlock (simunlock) module; the AP side resolution parameter is the AP side unlock network parameter; the modem side resolution parameter is the modem side unlock network parameter; the AP side The parsing flag bit is the AP side unlocking network tag bit; the modem side parsing flag bit is the modem side unlocking network tag bit; the modem side data storage module is the modem side unlocking network parameter storage module; and the modem side data processing module is the modem side unlocking network parameter decryption. The module side data parsing module is the modem side unlocking network module; the AP side data storage module is the AP side unlocking network parameter storage module; the AP side data processing module is the AP side unlocking network parameter decryption module; the AP side data parsing module is the AP side. Unlock the network module.

8A through 8C are flowcharts of a data unlocking method according to an embodiment of the present disclosure. Referring to FIGS. 8A through 8C, in an embodiment, the method may include steps S801 through S818.

Referring to FIG. 8A, at step S801, the terminal is in an initial state, and four values are stored in a normal storage area in the storage area of the AP processor, and are respectively stored in four different positions, wherein two are terminal counts, and the other two The number is null.

Here, the terminal counts are terminal count 1 and terminal count 2, respectively.

At step S802, when the terminal satisfies the unlocking network condition one, the server reports to the server, and receives the server count 1 and key1 values issued by the server according to the terminal identifier; when the terminal satisfies the parsing condition 2, reports the server to the server, and receives the server according to the terminal identifier. The sent server counts 2 and key2 values.

Here, the server count 1 is the value 1 reached by the lock counter 1 in the server, and the server count 2 is the value 2 reached by the lock counter 2 in the server.

At step S803, the server count 1 and the server count 2 are read.

At step S804, it is compared with whether the two terminal counts stored by the terminal are consistent with the two server counts.

Here, the terminal count 1 is the value 1 reached by the terminal unlocking network counter 1, and the terminal count 2 is the value 2 reached by the terminal unlocking network counter 2.

Here, it is compared whether the two terminal counts are consistent with the two server counts, specifically whether the comparison terminal count 1 is consistent with the server count 1, and the comparison between the terminal count 2 and the server count 2 is consistent.

At step S805, if the two terminal counts coincide with the two server counts, the corresponding key1 value and/or key2 value are read, and the key1 value and/or the key2 value are stored to the null area reserved by the terminal.

It should be understood that if only the terminal count 1 is consistent with the server count 1, the corresponding key1 value is read, and the key1 value is stored to the null area reserved by the terminal; if only the terminal count 2 is consistent with the server count 2, then read The corresponding key2 value is obtained, and the key2 value is stored in the null value area reserved by the terminal; if the terminal count 1 is consistent with the server count 1 and the terminal count 2 is consistent with the server count 2, the corresponding key1 value and the key2 value are read. And store the key1 value and the key2 value to the null area reserved by the terminal.

Here, if the two terminal counts are inconsistent with the two server counts, the process flow returns to step S801 to delete the key1 value and/or the key2 value delivered by the server, and the minimum synchronization count.

It is to be understood that, if the two terminal counts are inconsistent with the two server counts, the process flow returns to step S801 to delete the key1 value and/or the key2 value delivered by the server, and the minimum synchronization count, specifically: if only the terminal counts 1 If the server 1 is inconsistent with the server, the key1 value sent by the server is deleted, and the process returns to step S801, and the minimum synchronization is counted. If only the terminal count 2 is different from the server count 2, the key2 value sent by the server is deleted and the process returns to step S801 and is minimum. Synchronization count; if the terminal count 1 is inconsistent with the server count 1 and the terminal count 2 and the server count 2 are also inconsistent, the key1 value and the key2 value delivered by the server are deleted and the process returns to step S801, and the minimum synchronization count is performed.

Here, the minimum synchronization count specifically resets the terminal count 1 to the server count 1, and resets the terminal count 2 to the server count 2.

At step S806, the simunlock module determines whether the storage area of the key1 value and the key2 value is empty; if both the key1 value and the key2 value are not empty, it is determined whether the key1 value and the key2 value are the parameters 1 written in the simunlock module. Consistent with parameter 2.

Here, it is determined whether the key1 value and the key2 value are consistent with the parameter 1 and the parameter 2 written in the simunlock module, specifically: determining whether the key1 value is consistent with the parameter 1 written in the simunlock module, and determining whether the key2 value is written in the simunlock module. The specified parameter 2 is consistent.

Here, the simunlock module is configured to monitor a null value area in a normal storage area of the terminal AP processor in real time, and parameters 1 and 2 written in the simunlock module are set by a macro definition.

Here, if one of the storage areas of the key1 value and the key2 value is empty, or the key1 value and the key2 value have a parameter that is different from the parameter written in the simunlock module, the process flow goes to step S807; if the key1 value and the key2 value are stored If the area is not empty, and the key1 value and the key2 value are both consistent with the parameters 1 and 2 written in the simunlock module, the process goes to step S808.

Here, the key1 value and the key2 value have one inconsistency with the parameter 1 and the parameter 2 written in the simunlock module. Specifically, the key1 value is inconsistent with the parameter 1 written in the simunlock module, or the key2 value and the parameter 2 written in the simunlock module. Inconsistent, or the key1 value is inconsistent with the parameter 1 written in the simunlock module and the key2 value is also inconsistent with the parameter 2 written in the simunlock module.

Here, both the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the simunlock module. Specifically, the key1 value is consistent with the parameter 1 written by the simunlock module and the key2 value is also consistent with the parameter 2 written in the simunlock module.

At step S807, the simunlock module continues to monitor the null area in the normal storage area of the terminal AP processor in real time.

At step S808, the simunlock module performs steps S809 through S818.

Referring to FIG. 8B, in step S809, the simunlock module sends a request for acquiring an AP side unlocking network parameter to the SFS area.

At step S810, the simunlock module acquires an AP side unlocking network parameter.

At step S811, the AP side unlocking network parameter decryption module in the AP processor decrypts the AP side unlocking network parameter.

Here, the AP side unlocking network parameter decryption module in the AP processor decrypts the AP side unlocking network parameter, and the simunlock module sends the AP side unlocking network parameter to the AP side unlocking network parameter decryption module, and the AP side The unlocking network parameter decryption module decrypts the AP side unlocking network parameters.

Step S812: If the AP side unlocking network parameter decryption module decrypts the AP side unlocking network parameter is unsuccessful, the processing flow is terminated; if the AP side unlocking network parameter decryption module decrypts the AP side unlocking network parameter successfully, the AP side unlocking network parameter The decryption module sends the decrypted AP side unlocking network parameter to the AP side unlocking network module in the AP processor to unlock, and generates an AP side unlocking network flag bit according to the unlocking result.

Here, the AP side unlocking network flag bit is used to indicate whether the AP side unlocking is successful; the AP side unlocking network flag bit can be set to 0 or 1, where 0 indicates that the unlocking fails, and 1 indicates that the unlocking is successful.

At step S813, the AP side unlocking network module sends the AP side unlocking network flag bit to the simunlock module.

Referring to FIG. 8C, at step S814, the simunlock module sends a request for acquiring a modem side unlocking network parameter to the RPMB area.

At step S815, the simunlock module acquires a modem side unlocking network parameter.

At step S816, the modem side unlocking network parameter is decrypted by the modem side unlocking network parameter decryption module in the modem processor.

At step S817, if the modem side unlocking network parameter decryption module decrypts the modem side unlocking network parameter is unsuccessful, the processing flow is terminated; if the modem side unlocking network parameter decryption module decrypts the modem side unlocking network parameter successfully, the modem side unlocking network parameter is decrypted. The module sends the decrypted modem side unlocking network parameter to the modem side unlocking network module in the modem processor to unlock, and generates a modem side unlocking network marking bit according to the unlocking result.

Here, the modem side unlocking network flag bit is used to indicate whether the modem side unlocking network parameter is unlocked successfully; the modem side unlocking network flag bit can be set to 0 or 1, wherein 0 means unlocking failure, 1 means unlocking success.

At step S818, the modem side unlocking network module sends the modem side unlocking network flag bit to the simunlock module.

It should be understood that the terminal is normally unlocked if and only if both unlocking network flag bits are 1.

It can be seen that the parameters of the double-side unlocking and the double-side unlocking network are set in the embodiment of the present disclosure, and the parameters of the double-side unlocking network are respectively stored in the security area in the modem side and the AP side storage area. The two-sided security zone is accessible only to the simunlock module in the AP processor. When the terminal meets the conditions of the unlocking network, the server reports the value of the server 1 and the value of the key1. When the terminal meets the condition of the unlocking network, the server reports the server 2 and the key 2, and the server preferentially reads the server count. When the count is consistent with the terminal count, the terminal reads the corresponding key value and writes the corresponding blank area in the normal storage area of the AP processor. If they are inconsistent, the terminal deletes the corresponding key value and synchronizes the minimum count. The simunlock module may retrieve the AP side unlocking network parameter from the modem side security area when the blank area is not empty, and the value in the blank area is consistent with the parameter value written by the simunlock module itself through the macro definition, and The AP-side unlocking network parameters are sent to the AP-side unlocking network parameter decryption module for decryption. The data after successful decryption is sent to the AP-side unlocking network module for unlocking. In addition, the simunlock module also retrieves the modem side parsing parameter from the ap side security area and sends the modem side unlocking network parameter decryption module to decrypt, and the decrypted data is sent to the modem side unlocking network module for unlocking. When both the AP side unlocking network module and the modem side unlocking network module are successfully unlocked, the terminal is normally unlocked. When one of the AP side unlocking network module and the modem side unlocking network module fails to be unlocked, the terminal cannot be unlocked normally.

Based on the foregoing embodiments, a data unlocking method provided by the present disclosure is applied to unlock a privacy application or unlock a privacy data scenario. In this embodiment, the unlocking of the privacy application is taken as an example. In this scenario, the terminal parameters in the foregoing embodiment are conditional determination parameters, such as a two-handed fingerprint or a two-eye eye pattern (in this embodiment, a binocular eye pattern is taken as an example), and the terminal parameter 1 is a terminal. Entered eye pattern data 1, terminal parameter 2 is the eye pattern data 2 entered by the terminal; the analysis condition 1 is the terminal input eye pattern 1; the analysis condition 2 is the terminal input eye pattern 2; the server parameter 1 is the server eye pattern data 1; the server Parameter 2 is the server eye pattern data 2; the unlocking single process is the privacy protection (Private Protection) module; the AP side analysis parameter is the AP side eye pattern parameter; the modem side analysis parameter is the modem side eye pattern parameter; and the AP side analysis flag bit is the AP side. Side resolution flag bit; modem side resolution flag bit is modem side resolution flag bit; modem side data storage module is modem side eye pattern parameter storage module; modem side data processing module is modem side privacy application parameter decryption module; modem side data parsing module The modem side privacy application parsing module; the AP side data storage module is an AP side eye pattern parameter storage module; and the AP side data processing module is an AP side privacy application parameter decryption. Block; AP side of the data analysis module AP side privacy application parsing module.

9A through 9C are flowcharts of a data unlocking method according to an embodiment of the present disclosure. Referring to FIGS. 9A through 9C, in an embodiment, the method may include steps S901 through S918.

Referring to FIG. 9A, at step S901, the terminal is in an initial state, and four values are stored in a normal storage area of the storage area of the terminal AP processor, and are respectively stored in four different positions, wherein two are used for storing terminal input. Eye pattern data, the other two are null values.

In step S902, when the terminal enters the eye 1 , it reports to the server, and receives the server eye data 1 and key 1 values issued by the server according to the terminal identifier; when the terminal enters the eye 2, reports to the server, and receives the server according to the terminal. Identifies the server eye pattern data 2 and key2 values that are delivered.

At step S903, the server eye pattern data 1 and the server eye pattern data 2 are read.

At step S904, it is compared whether the two eye pattern data entered by the terminal are consistent with the two server eye pattern data.

Here, comparing whether the two terminal eye pattern data is consistent with the two server eye pattern data, specifically comparing whether the eye pattern data 1 recorded by the terminal is consistent with the server eye pattern data 1, and comparing the eye pattern data 2 entered by the terminal with the server eye pattern Whether data 2 is consistent.

At step S905, if the two eye pattern data entered by the terminal are consistent with the two server eye pattern data, the corresponding key1 value and/or the key2 value are read, and the key1 value and/or the key2 value are stored to the terminal reserved. Null value area.

It should be understood that if only the eyeprint data 1 entered by the terminal is consistent with the server eyeprint data 1, the corresponding key1 value is read, and the key1 value is stored to the null value reserved by the terminal; If the data 2 is consistent with the server eye pattern data 2, the corresponding key2 value is read, and the corresponding key2 value is read, and the key2 value is stored to the null value area reserved by the terminal; if the eyeline data 1 and the server eye are entered by the terminal If the pattern data 1 is consistent and the eye pattern data 2 entered by the terminal is also consistent with the server eye pattern data 2, the corresponding key1 value and key2 value are read, and the key1 value and the key2 value are stored to the null area reserved by the terminal.

Here, if the two eye pattern data entered by the terminal are inconsistent with the two server eye pattern data, the process flow returns to step S901 to delete the key1 value and/or the key2 value delivered by the server.

It is to be understood that if the two eyeprint data entered by the terminal are inconsistent with the data of the two server eyeprints, the process returns to step S901 to delete the key1 value and/or the key2 value delivered by the server, specifically: if only the terminal is entered. If the eye pattern data 1 does not match the server eye pattern data 1, the key1 value sent by the server is deleted and the process returns to step S901. If only the eye pattern data 2 entered by the terminal does not match the server eye pattern data 2, the key2 sent by the server is deleted. And returning to step S901; if the eyeprint data 1 entered by the terminal is inconsistent with the server eyeprint data 1 and the eyeprint data 2 entered by the terminal does not match the server eyeprint data 2, the key1 value and the key2 value sent by the server are deleted. Go back to step S901.

At step S906, the privacy protection module determines whether the storage area of the key1 value and the key2 value is empty; if both the key1 value and the key2 value are not empty, it is determined whether the key1 value and the key2 value are written in the privacy protection module. Parameter 1 and parameter 2 are the same.

Here, it is determined whether the key1 value and the key2 value are consistent with the parameter 1 and the parameter 2 written in the privacy protection module, specifically: determining whether the key1 value is consistent with the parameter 1 written in the privacy protection module, and determining whether the key2 value is related to privacy protection. The parameters 2 written in the module are the same.

Here, the privacy protection module is configured to monitor a null value area in a normal storage area of the terminal AP processor in real time, and parameters 1 and 2 written in the privacy protection module are set by a macro definition.

Here, if one of the storage areas of the key1 value and the key2 value is empty, or one of the key1 value and the key2 value is inconsistent with the parameter written in the privacy protection module, the process flow goes to step S907; if the key1 value and the key2 value are The storage area is not empty, and the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the privacy protection module, and then the process goes to step S908.

Here, the key1 value and the key2 value have one inconsistency with the parameter 1 and the parameter 2 written in the privacy protection module. Specifically, the key1 value is inconsistent with the parameter 1 written in the privacy protection module, or the key2 value is written in the privacy protection module. The parameter 2 is inconsistent, or the key1 value is inconsistent with the parameter 1 written in the privacy protection module and the key2 value is also inconsistent with the parameter 2 written in the privacy protection module.

Here, both the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the privacy protection module, specifically: the key1 value is consistent with the parameter 1 written by the privacy protection module and the key2 value and the parameter 2 written in the privacy protection module are Also consistent.

At step S907, the privacy protection module continues to monitor the null area in the normal storage area of the terminal AP processor in real time.

At step S908, the privacy protection module performs steps S909 to S918.

Referring to FIG. 9B, at step S909, the privacy protection module sends a request for acquiring an AP side eye pattern parameter to the SFS area.

At step S910, the privacy protection module acquires an AP side eye pattern parameter.

At step S911, the AP side eye pattern parameter is decrypted by the AP side privacy application parameter decryption module in the AP processor.

Here, the AP side privacy application parameter decryption module in the AP processor decrypts the AP side eye pattern parameter, and the privacy protection module sends the AP side eye pattern parameter to the AP side privacy application parameter decryption module. The AP side privacy application parameter decryption module decrypts the AP side eye pattern parameter.

In step S912, if the AP side privacy application parameter decryption module decrypts the AP side eye pattern parameter is unsuccessful, the processing flow is terminated; if the AP side privacy application parameter decryption module decrypts the AP side eye pattern parameter successfully, the AP side privacy application parameter is decrypted. The module sends the decrypted AP eye pattern parameter to the AP side privacy application parsing module in the AP processor for parsing, and generates an AP side parsing flag bit according to the parsing result.

Here, the AP side parsing flag bit is used to indicate whether the AP side parsing is successful; the AP side parsing flag bit can be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing succeeds.

At step S913, the AP side privacy application parsing module sends the AP side parsing flag bit to the privacy protection module.

Referring to FIG. 9C, in step S914, the privacy protection module sends a request for acquiring a modem side eye pattern parameter to the RPMB area.

At step S915, the privacy protection module acquires a modem side eye pattern parameter.

At step S916, the modem side eye pattern parameter is decrypted by the modem side privacy application parameter decryption module in the modem processor.

Here, the modem side privacy application parameter decryption module in the modem processor decrypts the modem side eye pattern parameter, and the privacy protection module sends the modem side eye pattern parameter to a modem side privacy application parameter decryption module. The modem side privacy application parameter decryption module decrypts the modem side eye pattern parameter.

At step S917, if the modem side privacy application parameter decryption module decrypts the modem side eye pattern parameter is unsuccessful, the processing flow is terminated; if the modem side privacy application parameter decryption module decrypts the modem side eye pattern parameter successfully, the modem side privacy application parameter is decrypted. The module sends the decrypted modem side eye pattern parameter to the modem side privacy application parsing module in the modem processor for parsing, and generates a modem side parsing flag bit according to the parsing result.

Here, the modem side parsing flag bit is used to indicate whether the modem side eye pattern parameter is successfully parsed; the modem side parsing flag bit may be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing success.

At step S918, the modem side privacy application parsing module sends the modem side parsing flag bit to the privacy protection module.

It can be seen that, in the embodiment of the present disclosure, the double-sided analysis and the double-sided eye pattern parameters are set, and the double-sided eye pattern parameters are respectively stored in the security area in the modem side and the AP side storage area. The two-sided security zone is accessible only to the privacy protection module in the AP processor. When the terminal enters the eye 1 to report to the server, the server sends the server eye data 1 and the key1 value. When the terminal enters the eye 2, it reports to the server, the server sends the server eye data 2 and the key2 value, and the terminal preferentially reads the server eye. When the server eye pattern data is consistent with the terminal input eye pattern, the terminal reads the corresponding key value and writes the corresponding blank area in the normal storage area of the AP processor. If they are inconsistent, the terminal deletes the corresponding key value. The privacy protection module may retrieve the AP side eye pattern parameter from the modem side security area when the blank area is not empty, and the value in the blank area is consistent with the parameter value written by the privacy protection module itself through the macro definition. And the AP side eye pattern parameter is sent to the AP side privacy application parameter decryption module for decryption, and the decrypted data is sent to the AP side privacy application parsing module for parsing. In addition, the privacy protection module also extracts the modem side parsing parameter from the ap side security area and sends the modem side privacy application parameter decryption module to decrypt, and the decrypted data is sent to the modem side privacy application parsing module for parsing. When the AP side privacy application parsing module and the modem side privacy application parsing module are successfully parsed, the terminal is normally unlocked. When one of the AP side privacy application parsing module and the modem side privacy application parsing module fails to parse, the terminal cannot be unlocked normally.

As can be seen from the above embodiments of the present disclosure, the present disclosure can implement security analysis of a privacy application. By setting a security area in which the parsing parameters are stored, only a single process access can be performed by the AP processor, and the secure storage of the parsing parameters is strictly controlled. . When the privacy application is enabled, it is necessary to determine whether the key value of the server is consistent with the key value of the terminal. Because the key value of the terminal is written by the macro definition in the single process executed by the AP processor, and the parameter written in the process is not stored data, and can hardly be acquired, so that data hijacking can be avoided, thereby enabling analysis. The process is safer.

The disclosure can also realize automatic unlocking of the network, and at the same time strictly control the security of automatically unlocking the network. In the related art, when it is determined whether the unlocking network condition is reached, the lock network counter is required to reach a preset threshold. If the lock network counter is only stored in the mobile phone, there is a risk of being tampered with. If it is only stored on the server side, the lock network count value may be tampered with after the server sends the lock network count value to the terminal. In order to prevent this from happening, the present disclosure synchronizes the network lock with the terminal at the server end. When determining whether the unlocking network condition is reached, the network lock count of the server is required to be the same as the lock network count of the terminal, and reaches a preset threshold. In addition, it is still necessary to determine whether the key value of the server end is consistent with the key value of the terminal. Because the key value of the terminal is written by the macro definition in the single process executed by the AP processor, and the parameter written in the process is not stored data, and can hardly be acquired, so that data hijacking can be avoided, thereby enabling analysis. The process is safer. Finally, by setting the security zone in which the parameters of the unlocking network are stored, only the single process access performed by the AP processor can be accessed, and the secure storage of the parameters of the unlocking network is strictly controlled.

In another aspect, the present disclosure further provides a data processing apparatus, each module included in the data processing apparatus and each submodule included in each module can be implemented by an AP processor and a modem processor in the terminal; In the process of implementation, the processor may be a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA).

FIG. 10 is a block diagram showing the structure of a data processing apparatus according to an embodiment of the present disclosure. As shown in FIG. 10, in some embodiments, the apparatus 1000 includes: a second obtaining module 1001, a first generating module 1002, a second sending module 1003, a second generating module 1004, a third generating module 1005, and a fourth. A module 1006, a first write module 1007, and a second write module 1008 are generated.

The second obtaining module 1001 is configured to acquire an unlocking parameter generated based on the locking object from the terminal. The first generating module 1002 is configured to generate a first key and a second key according to the unlocking parameter. The second sending module 1003 is configured to send the first key to the server. The second generation module 1004 is configured to generate an AP side unlocking parameter and a modem side unlocking parameter according to the second key. The third generation module 1005 is configured to generate an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter. The fourth generation module 1006 is configured to generate an encrypted modem side unlocking parameter and a modem side key according to the modem side unlocking parameter. The first writing module 1007 is configured to write the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter into a second area in a storage area on the AP side, where the AP The storage area on the side further includes a first area, and the second area is higher in authority than the first area; the second writing module 1008 is configured to use the modem side key and the encrypted AP side unlocking parameter. And the modem side unlocking parameter is written in a fourth area in the storage area on the modem side, and the storage area on the modem side further includes a third area, and the fourth area is higher in authority than the third area.

It should be noted here that the description of the above embodiment of the data processing apparatus is similar to the description of the above method embodiment, and has similar advantageous effects as the method embodiment. For technical details not disclosed in the embodiments of the data processing apparatus of the present disclosure, please refer to the description of the method embodiments of the present disclosure.

In another aspect, the present disclosure further provides a data processing apparatus, each module in the data processing apparatus and each submodule included in each module can be implemented by an AP processor and a modem processor in the terminal, where In the process of implementation, the processor may be a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA).

11 is a schematic structural diagram of a data processing device according to an embodiment of the present disclosure. As shown in FIG. 11 , in some embodiments, the apparatus 1100 includes: a receiving module 1101 , a first obtaining module 1102 , and an unlocking module 1103 . The receiving module 1101 is configured to receive a first parameter of the unlocking object and a first key of the unlocking object that are sent by the server, where the first parameter and the first key are used to determine whether the terminal satisfies the condition for analyzing the data. . The first obtaining module 1102 is configured to acquire a second parameter of the unlocking object located in the terminal and a second key of the unlocking object. The unlocking module 1103 is configured to: when the first parameter and the second parameter satisfy a preset first condition, and the first key and the second key satisfy a preset second condition, The unlocked object is unlocked.

In other embodiments of the present disclosure, the apparatus further includes: a first sending module, configured to: before the receiving module receives the first parameter of the unlocking object delivered by the server and the first key of the unlocking object, When the terminal meets the preset third condition, the terminal sends a message that the terminal meets the preset third condition to the server.

In other embodiments of the present disclosure, the apparatus further includes: a first reading module, a second reading module, and a first comparison module. The first reading module is configured to read the first parameter from a storage area on the modem side. The second reading module is configured to read the second parameter from a second reserved field in the first region. The first comparison module is configured to compare a value in the first reserved field in the first area with the second secret if the first parameter and the second parameter satisfy a preset first condition The value of the key is triggered, if the value in the first reserved field and the value of the second key meet the preset second condition, the unlocking module is triggered to unlock the unlocked object.

The first comparison module further includes: a read sub-module and a write sub-module comparison sub-module. The reading submodule is configured to read the first key from a storage area on the modem side if the first parameter and the second parameter satisfy a preset first condition. The write submodule is configured to write the value of the first key to the first reserved field. The comparison submodule is configured to compare the value in the first reserved field in the first region with the value of the second key if the first reserved field is non-empty.

The unlocking module further includes: an obtaining submodule, a first generating submodule, a second generating submodule, and an unlocking submodule. The acquiring submodule is configured to acquire an encrypted AP side unlocking parameter and an encrypted modem side unlocking parameter from the terminal. The first generation submodule is configured to generate a first flag bit based on the encrypted AP side unlocking parameter, where the first flag bit is used to indicate whether the encrypted AP side unlocking parameter is successfully parsed. The second generation submodule is configured to generate a second flag bit based on the encrypted modem side unlocking parameter, the second flag bit being used to indicate whether the encrypted modem side unlocking parameter is successfully resolved. The unlocking submodule is configured to unlock the unlocking object when the first marking bit and the second marking bit satisfy a preset fourth condition.

In other embodiments of the present disclosure, the acquiring sub-module is configured to acquire an encrypted modem side unlocking parameter from a second area in the storage area of the AP, where the right of the second area is higher than the first region. The acquiring sub-module is further configured to acquire an encrypted AP-side unlocking parameter from a fourth area in the storage area of the modem side, where the storage area on the modem side further includes a third authority having a lower authority than the fourth area. region.

In other embodiments of the present disclosure, the first generation sub-module is configured to acquire an AP-side unlocking parameter and an AP-side key from the second area, and unlock the encrypted AP side according to the AP-side key. The parameter is decrypted to obtain the decrypted AP side unlocking parameter, and the decrypted AP side unlocking parameter and the AP side unlocking parameter are compared to obtain a first comparison result, and the first flag bit is generated according to the first comparison result.

The second generation sub-module is configured to acquire a modem side unlocking parameter and a modem side key from the fourth area, and decrypt the encrypted modem side unlocking parameter according to the modem side key to obtain the decrypted The modem side unlocking parameter compares the decrypted modem side unlocking parameter with the modem side unlocking parameter to obtain a second comparison result, and generates a second flag bit according to the second comparison result.

In other embodiments of the present disclosure, when the device is applied to the unlocking network scenario, the first parameter is a value reached by a lock counter in the server, and the second parameter is a value reached by the terminal lock network counter. The preset third condition is that the value reached by the terminal lock network counter exceeds a preset threshold.

The device further includes a reset module configured to reset the value reached by the terminal lock network counter when the value reached by the terminal lock counter is inconsistent with the value reached by the lock counter in the server The value reached by the lock counter in the server.

In other embodiments of the present disclosure, when the device is used to unlock a privacy application scenario or unlock a private data view, the first parameter is pre-stored password information in the server, and the second parameter is password information entered by the terminal. The preset third condition is that the terminal enters password information.

It should be noted here that the description of the above device embodiment is similar to the description of the above method embodiment, and has similar advantageous effects as the method embodiment. For technical details not disclosed in the data locking device embodiment of the present disclosure, please refer to the description of the method embodiments of the present disclosure.

In the embodiment of the present disclosure, if the above data locking method or data unlocking method is implemented in the form of a software function module, and is sold or used as a separate product, it may also be stored in a computer readable storage medium. Based on such understanding, the technical solution of the embodiments of the present disclosure may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions for making A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the methods described in various embodiments of the present disclosure. The foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present disclosure are not limited to any specific combination of hardware and software.

In another aspect, an embodiment of the present disclosure provides a computer storage medium having stored therein computer executable instructions configured to perform the data unlocking method or the data locking method described above.

In another aspect, the present disclosure provides a terminal, and FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure. As shown in FIG. 12, in some embodiments, the terminal 1200 includes a display screen 1201, a processor 1202, and a storage medium 1203 configured to store executable instructions, wherein the processor 1202 is configured to execute the stored executable instructions. The executable instructions are for executing the data processing method described above.

Those skilled in the art will appreciate that embodiments of the present disclosure can be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware aspects. Moreover, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) containing computer usable program code.

The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

The above description is only for some embodiments of the present disclosure, and is not intended to limit the scope of the disclosure.

Claims

A data processing method is applied to a terminal, including:

And receiving, by the server, a first parameter of the unlocking object and a first key of the unlocking object, where the first parameter and the first key are used to determine whether the terminal satisfies a condition for parsing data;

Obtaining a second parameter of the unlocking object located at the terminal and a second key of the unlocking object;

The unlocking object is unlocked when the first parameter and the second parameter satisfy a preset first condition and the first key and the second key satisfy a preset second condition.
The method of claim 1, before the receiving the first parameter of the unlocking object and the unlocking the first key of the object, the method further includes:

And sending, by the terminal, a message that the terminal meets the preset third condition to the server, when the terminal meets the preset third condition.
The method of claim 2, wherein the terminal comprises an application processor and a modem processor, the storage area on the application processor side comprising a first area,

When the first parameter and the second parameter satisfy a preset first condition and the first key and the second key satisfy a preset second condition, performing the unlocking object Unlock, including:

Reading the first parameter from a storage area on a modem processor side;

Reading the second parameter from a second reserved field in the first area;

If the first parameter and the second parameter satisfy a preset first condition, compare a value in the first reserved field in the first area with a value of the second key;

If the value in the first reserved field and the value of the second key satisfy a preset second condition, the unlocked object is unlocked.
The method according to claim 3, wherein if the first parameter and the second parameter satisfy a preset first condition, comparing values in the first reserved field in the first region with the The value of the second key, including:

Reading the first key from a storage area on the modem processor side if the first parameter and the second parameter satisfy a preset first condition, and the first key The value is written to the first reserved field;

If the first reserved field is non-empty, compare the value in the first reserved field with the value of the second secret key.
The method of claim 1, wherein the terminal comprises an application processor and a modem processor, and the unlocking the unlocked object comprises:

Acquiring the encrypted application processor side unlocking parameter and the encrypted modem processor side unlocking parameter from the terminal;

Generating a first flag bit based on the encrypted application processor side unlocking parameter, the first flag bit being used to indicate whether parsing the encrypted application processor side unlocking parameter is successful;

Generating a second flag bit based on the encrypted modem processor side unlocking parameter, the second flag bit being used to indicate whether parsing the encrypted modem processor side unlocking parameter is successful;

When the first marker bit and the second marker bit satisfy a preset fourth condition, the unlocked object is unlocked.
The method of claim 5, wherein the obtaining the encrypted application processor side unlocking parameter and the encrypted modem processor side unlocking parameter from the terminal comprises:

Obtaining an encrypted modem processor side unlocking parameter from a second one of the storage areas on the application processor side, the second area having a higher authority than the first area;

Acquiring an encrypted application processor side unlocking parameter from a fourth area in the storage area on the modem processor side, the storage area on the modem processor side further including a lower authority than the fourth area Three areas.
The method of claim 6, wherein the generating the first flag bit based on the encrypted application processor side unlocking parameter comprises:

Obtaining an application processor side unlocking parameter and an application processor side key from the second area;

Decrypting the encrypted application processor side unlocking parameter according to the application processor side key to obtain the decrypted application processor side unlocking parameter;

Comparing the decrypted application processor side unlocking parameter with the application processor side unlocking parameter to obtain a first comparison result;

Generating a first flag bit according to the first comparison result.
The method of claim 7, wherein the generating the second flag bit based on the encrypted modem processor side unlocking parameter comprises:

Acquiring a modem processor side unlocking parameter and a modem processor side key from the fourth area;

Decrypting the encrypted modem processor side unlocking parameter according to the modulation and demodulation processor side key to obtain a decrypted modem processor side unlocking parameter;

Comparing the decrypted modem processor side unlocking parameter with the modem processor side unlocking parameter to obtain a second comparison result;

Generating a second flag bit according to the second comparison result.
A data processing method is applied to a terminal, including:

Acquiring an unlocking parameter generated based on the locking object from the terminal;

Generating a first key and a second key according to the unlocking parameter;

Sending the first key to the server;

Generating an application processor side unlocking parameter and a modem processor side unlocking parameter according to the second key;

Generating an encrypted application processor side unlocking parameter and an application processor side key according to the application processor side unlocking parameter;

Generating an encrypted modem processor side unlocking parameter and a modem processor side key according to the modem side unlocking parameter;

Writing the application processor side key, the application processor side unlocking parameter, and the encrypted modem processor side unlocking parameter to a second area in a storage area on the application processor side, the application The storage area on the processor side further includes a first area, and the second area has higher authority than the first area;

Writing the modem side key, the modem side unlocking parameter, and the encrypted application processor side unlocking parameter to a fourth area in a storage area on the modem processor side The storage area on the modem processor side further includes a third area, the fourth area having higher authority than the third area.
A data processing device includes: a receiving module, an acquiring module, and an unlocking module;

The receiving module is configured to receive a first parameter of the unlocking object that is sent by the server and a first key of the unlocking object, where the first parameter and the first key are used to determine whether the terminal meets the parsing data. condition;

The acquiring module is configured to acquire a second parameter of the unlocking object and a second key of the unlocking object;

The unlocking module is configured to: when the first parameter and the second parameter satisfy a preset first condition, and the first key and the second key satisfy a preset second condition, Unlock the object to unlock it.
The data processing apparatus according to claim 10, further comprising: a transmitting module configured to: when the receiving module receives the first parameter of the unlocking object delivered by the server and the first key of the unlocking object, when the terminal When the preset third condition is met, the message that the terminal meets the preset third condition is sent to the server.
A data processing apparatus includes: an obtaining module, a first generating module, a sending module, a second generating module, a third generating module, a fourth generating module, a first writing module, and a second writing module;

The obtaining module is configured to acquire, from the terminal, an unlocking parameter generated based on the locking object;

The first generating module is configured to generate a first key and a second key according to the unlocking parameter;

The sending module is configured to send the first key to a server;

The second generating module is configured to generate an application processor side unlocking parameter and a modem processor side unlocking parameter according to the second key;

The third generating module is configured to generate an encrypted application processor side unlocking parameter and an application processor side key according to the application processor side unlocking parameter;

The fourth generation module is configured to generate an encrypted modem processor side unlocking parameter and a modem processor side key according to the modulation and demodulation processor side unlocking parameter;

The first writing module is configured to write the application processor side key, the application processor side unlocking parameter, and the encrypted modem processor side unlocking parameter on the application processor side a second area in the storage area, the storage area on the application processor side further includes a first area, and the second area has a higher authority than the first area;

The second writing module is configured to write the modulation and demodulation processor side key, the encrypted application processor side unlocking parameter, and the modulation and demodulation processor side unlocking parameter in the modulation and demodulation A fourth area in the storage area on the processor side, the storage area on the modem processor side further includes a third area, the fourth area having higher authority than the third area.
A terminal comprising at least a display screen, a processor, and a storage medium configured to store executable instructions, wherein the processor is configured to execute stored executable instructions for performing as in claim 1 The data processing method according to any one of the preceding claims.
A terminal comprising at least a display screen, a processor, and a storage medium configured to store executable instructions, wherein the processor is configured to execute stored executable instructions for performing the method of claim 9. The data processing method described.
A computer storage medium having stored therein computer executable instructions configured to perform the data processing method of any one of claims 1-8.
A computer storage medium having stored therein computer executable instructions configured to perform the data processing method of claim 9.