WO2019001588A1 - Procédé et appareil de traitement de données, terminal, et support de stockage - Google Patents

Procédé et appareil de traitement de données, terminal, et support de stockage Download PDF

Info

Publication number
WO2019001588A1
WO2019001588A1 PCT/CN2018/098541 CN2018098541W WO2019001588A1 WO 2019001588 A1 WO2019001588 A1 WO 2019001588A1 CN 2018098541 W CN2018098541 W CN 2018098541W WO 2019001588 A1 WO2019001588 A1 WO 2019001588A1
Authority
WO
WIPO (PCT)
Prior art keywords
parameter
unlocking
key
processor side
terminal
Prior art date
Application number
PCT/CN2018/098541
Other languages
English (en)
Chinese (zh)
Inventor
魏明业
Original Assignee
西安中兴新软件有限责任公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西安中兴新软件有限责任公司 filed Critical 西安中兴新软件有限责任公司
Publication of WO2019001588A1 publication Critical patent/WO2019001588A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal

Definitions

  • the present disclosure relates to the field of mobile communications technologies, and in particular, to a data processing method and apparatus, terminal, and storage medium.
  • mobile terminals support more and more functions.
  • Many of the functions on mobile terminals require locking because they involve user privacy or require authorization from the communications carrier.
  • privacy application lock For example, privacy application lock, user privacy data lock and lock network technology.
  • security data In the process of locking and unlocking, it is necessary to use security data such as key, lock parameters and unlock parameters.
  • the present disclosure provides a data processing method, including: receiving a first parameter of an unlocking object delivered by a server and a first key of an unlocking object, where the first parameter and the first key are used for determining Whether the terminal satisfies the condition for parsing the data; acquiring the second parameter of the unlocking object located at the terminal and the second key of the unlocking object; when the first parameter and the second parameter satisfy the preset first condition and When the first secret key and the second secret key satisfy the preset second condition, the unlocked object is unlocked.
  • the present disclosure provides a data processing method, including: acquiring an unlocking parameter generated based on a locking object from a terminal; generating a first key and a second key according to the unlocking parameter; and sending the first secret Key to the server; generating an application processor AP side unlocking parameter and a modem processor modem side unlocking parameter according to the second key; and generating an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter; Generating an encrypted modem side unlocking parameter and a modem side key according to the modem side unlocking parameter; and writing the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter to the storage on the AP side
  • the second area in the area, the storage area on the AP side further includes a first area, the second area has higher authority than the first area; and the modem side key, the modem side unlocking parameter, and the The encrypted AP-side unlocking parameter is written in a fourth area in the storage area on the modem side
  • the present disclosure provides a data processing apparatus, including: a receiving module, an obtaining module, and an unlocking module; the receiving module is configured to receive a first parameter of the unlocking object and a unlocking object of the unlocking object delivered by the server a first key, the first parameter and the first key are used to determine whether the terminal satisfies the condition for parsing data; the obtaining module is configured to acquire a second parameter of the unlocking object and a second key of the unlocking object; The unlocking module is configured to: when the first parameter and the second parameter satisfy a preset first condition, and the first key and the second key satisfy a preset second condition, Unlock the object to unlock it.
  • the present disclosure provides a data processing apparatus, including: an acquisition module, a first generation module, a transmission module, a second generation module, a third generation module, a fourth generation module, a first write module, and a second Writing a module;
  • the obtaining module is configured to acquire an unlocking parameter generated based on the locking object from the terminal;
  • the first generating module is configured to generate a first key and a second key according to the unlocking parameter;
  • the sending module is configured to send the first key to the server;
  • the second generating module is configured to generate an application processor AP side unlocking parameter and a modem processor modem side unlocking parameter according to the second key;
  • the third generation module is configured to generate an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter, and the fourth generating module is configured to generate an encrypted modem side unlocking parameter and a modem according to the modem side unlocking parameter.
  • the first write module is configured to write the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter into a storage area on the AP side.
  • the second area of the AP, the storage area of the AP side further includes a first area, the second area is higher than the first area; the second write module is configured to use the modem side key
  • the encrypted AP side unlocking parameter and the modem side unlocking parameter are written in a fourth area in the storage area on the modem side, and the modem side storage area further includes a third area, the fourth area
  • the authority is higher than the third area.
  • the present disclosure provides a terminal comprising at least a display screen, a processor, and a storage medium configured to store executable instructions, wherein the processor is configured to execute the stored executable instructions, the executable The instructions are configured to perform the data processing methods described herein.
  • the present disclosure provides a computer storage medium having stored therein computer executable instructions configured to perform the data processing methods described herein.
  • FIG. 1 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure
  • FIG. 2 is a flowchart of a data processing method in accordance with an embodiment of the present disclosure
  • FIG. 3 is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 4 is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 5 is a schematic structural diagram of an AP processor according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of a modem processor according to an embodiment of the present disclosure.
  • FIG. 7A is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 7B is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 7C is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 8A is a flowchart of a data processing method according to an embodiment of the present disclosure.
  • FIG. 8B is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • 8C is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 9A is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • 9B is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • 9C is a flowchart of a data processing method in accordance with an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of a data processing apparatus of an application according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram of a data processing device of an application according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • mobile terminals support more and more functions.
  • Many of the functions on mobile terminals require locking because they involve user privacy or require authorization from the communications carrier.
  • privacy application lock For example, privacy application lock, user privacy data lock and lock network technology.
  • security data In the process of locking and unlocking, it is necessary to use security data such as key, lock parameters and unlock parameters.
  • the mobile terminal After the operator locks the network, the mobile terminal generates a lock flag and unlocking information, and the unlocking information includes an unlocking parameter.
  • the unlocking parameter is stored locally in the mobile terminal or stored in the server.
  • the user inputs an unlocking parameter (such as an unlocking code) obtained from the store or through the network, and the mobile terminal compares the unlocking parameter input by the user with the unlocking parameter stored locally in the mobile terminal, if the unlocking parameter input by the user is stored in the If the local unlocking parameters of the mobile terminal are the same, the lock flag is deleted to unlock the network.
  • the user needs to go to the store or obtain the unlocking code through the network, which is very troublesome and the user experience is poor.
  • unlocking parameters it is not safe to store the unlocking parameters in the mobile terminal or the server. If the unlocking parameters are stored in the mobile terminal, there is a risk of being stolen. Even if the unlocking parameters are encrypted, the criminals may still steal the encrypted unlocking. The parameters are cracked. If the unlocking parameter is stored in the server, there is still the possibility that the unlocking parameter is tampered with during the process of sending the unlocking parameter to the mobile terminal by the server. Therefore, there is a need for a secure data processing method that can be automated.
  • the present disclosure particularly provides a data processing method and apparatus therefor, a terminal, and a storage medium that substantially obviate one or more of the problems due to the limitations and disadvantages of the related art.
  • embodiments of the present disclosure provide a data processing method.
  • the method can be applied to many scenarios, for example, unlocking of private data stored by a user on a mobile terminal, unlocking of a privacy application installed on a mobile terminal, and some services requiring an operator authorization (such as unlocking a network).
  • the mobile terminal includes an application processor (AP) chip and a modem chip.
  • AP application processor
  • the storage area on the AP side includes at least two areas.
  • the two areas are used as an example.
  • the storage area on the AP side includes a first area and a second area, where the second area is a security area in the storage area, and the second area is higher than the first area. region.
  • the first area may be a common storage area in the AP side storage area
  • the second area may be It is the Replay Protect Memory Block (RPMB) on the AP side.
  • the manufacturer sets the second area to be accessible only by the AP processor before leaving the factory.
  • the storage area on the modem side includes at least two areas. The two areas are taken as an example.
  • the storage area on the modem side includes a third area and a fourth area, wherein the fourth area is a security area in the storage area, and the fourth area is higher than the third area. region.
  • the third area may be a common storage area in the modem side storage area
  • the fourth area may be a security file storage area on the modem side ( SFS, Secure File System).
  • SFS Secure File System
  • the unlocking parameter generated based on the locking object is obtained from the terminal, and the first key and the second key are generated according to the unlocking parameter, and the first key is sent to the server.
  • the AP side unlocking parameter, the modem side unlocking parameter, the encrypted AP side unlocking parameter, the AP side key, the encrypted modem side unlocking parameter, and the modem side key are generated according to the second key, and the AP side key,
  • the AP side unlocking parameter and the encrypted modem side unlocking parameter are stored in the second area, and the modem side key, the modem side unlocking parameter, and the encrypted AP side unlocking parameter are stored in the fourth area, and the unlocking condition is set.
  • the mobile terminal meets the set unlocking condition
  • the first parameter and the first key sent by the server are received, and the second parameter and the second key are obtained from the terminal itself, only when the first parameter and the second parameter meet the preset.
  • the unlocking process is started when the first condition and the first key and the second key satisfy the preset second condition, by acquiring the encrypted modem side unlocking parameter stored in the second area and storing in the fourth area
  • the encrypted AP side unlocking parameter is double-sidedly unlocked.
  • FIG. 1 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 1, in an embodiment, the method may include steps S101 to S106.
  • the terminal generates a lock flag and an unlock parameter based on the lock object according to the user's lock operation.
  • the locking object may be a communication network provided by an operator, may be a privacy application (such as a secure payment application), or may be a user's private data.
  • the locking operation may be a lock operation, and may be a privacy application locking operation or a privacy data locking operation.
  • the setting operation is included before the locking operation.
  • the setting operation sets a third condition for the user, the third condition being that the terminal satisfies the condition of unlocking.
  • the third condition is that the counter in the terminal reaches a threshold;
  • the locking object is a privacy application (such as a payment application) or privacy data of the user, the third condition
  • the terminal obtains the password input by the user, wherein the password may be a digital password, a fingerprint password, an eye password, a voice password, etc., and the user or the operator or the manufacturer may set the user according to the actual application needs. .
  • the third condition is that the counter in the terminal reaches a threshold
  • the user needs to set the size of the threshold.
  • the terminal sends the threshold to the server, and the server stores the threshold.
  • the terminal and the counter in the server start counting synchronously.
  • the terminal acquires the password input by the user
  • the user needs to input the password into the terminal.
  • the terminal sends the password information to the server, and the server stores the password information.
  • the terminal acquires an unlocking parameter generated based on the locking object from itself, and generates a first key and a second key according to the unlocking parameter.
  • the first key is the same as the second key
  • the terminal writes the second key to the unlocking process executed by the AP processor in a macro definition manner, where the unlocking single process is used.
  • the unlocking object is unlocked when the user unlocks, wherein the unlocking object is the locking object in step S101.
  • the terminal sends the first key to the server, and the server receives and stores the first key; and at step S104, the terminal generates an AP side unlocking parameter according to the second key, and the modem side is unlocked.
  • Parameters, encrypted AP side unlock parameters, AP side keys, encrypted modem side unlock parameters, and modem side keys are included in the terminal.
  • the terminal first generates an AP side unlocking parameter and a modem side unlocking parameter according to the second key, and the AP side unlocking parameter and the modem side unlocking parameter may be the same or different. Then, the terminal generates an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter, and generates an encrypted modem side unlocking parameter and a modem side key according to the modem side unlocking parameter.
  • the encryption process of the AP side unlocking parameter and the encryption method of the AP side unlocking parameter and the AP side key may be any existing encryption algorithm, such as an asymmetric RSA algorithm, for the modem.
  • the side unlocking parameter is subjected to encryption processing, and the encryption method for generating the encrypted modem side unlocking parameter and the modem side key may also be any existing encryption method, and the encryption method may be used to encrypt the AP side unlocking parameter.
  • the encryption method is the same or different.
  • the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter are written in the second area in the storage area on the AP side.
  • the storage area on the AP side further includes a first area, and the second area has higher authority than the first area.
  • the mobile terminal adopts a partitioning mode of an embedded multimedia chip (EMMC), the first area is a common storage area on the AP side, and the second area is an AP. Side RPMB area.
  • the manufacturer sets the second area to be unlocked only by the unlocking process executed by the AP processor.
  • the modem side key, the modem side unlocking parameter, and the encrypted AP side unlocking parameter are written in the fourth area in the storage area on the modem side.
  • the storage area on the modem side further includes a third area, and the fourth area has higher authority than the third area.
  • the mobile terminal adopts a partition mode of an embedded multimedia chip (EMMC)
  • the third area is a common storage area on the modem side
  • the fourth area is a modem.
  • Side SFS area The manufacturer sets the fourth area to be unlocked by the AP processor only after the factory is executed.
  • the terminal when unlocking, acquires the encrypted AP side unlocking parameter from the fourth area and acquires the encrypted modem side unlocking parameter from the second area to unlock, if only the AP side and the modem side are both
  • the terminal deletes the lock flag to complete the unlocking.
  • Embodiments of the present disclosure also provide a data processing method.
  • 2 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 2, in an embodiment, the method may include steps S201 to S204.
  • step S201 when the terminal satisfies the preset third condition, the message that the terminal meets the preset third condition is sent to the server.
  • the preset third condition is a third condition set by the user in the setting operation in the step S101, and the message that the terminal satisfies the preset third condition includes the terminal identifier of the terminal.
  • step S201 can be applied to multiple different scenarios in the specific implementation process.
  • the following describes the scenarios based on several scenarios.
  • it can also be applied to other different scenarios.
  • the scene is not limited to the following.
  • Unlocking the network scenario At a certain moment, the counter in the user terminal reaches the preset threshold, that is, the preset third condition is met, and the terminal reports the message that the counter reaches the preset threshold to the server.
  • Unlocking the privacy application scenario At a certain moment, the user wants to open the locked privacy application (for example, a secure payment application), so the user inputs the password required to open the privacy application, that is, the preset third condition is met, and the terminal The message reporting server for entering the password of the privacy application input by the user is obtained by itself.
  • the locked privacy application for example, a secure payment application
  • Unlocking the privacy data scene At a certain moment, the user wants to read the private data that he has locked, so the user inputs the password required to read the private data, that is, the preset third condition is met, and the terminal acquires the user by itself.
  • the message input server for reading the password for reading the private data is sent to the server.
  • the password input by the user may be a digital password, a fingerprint password, an eye password, a voice password, etc., and the user or the operator or the manufacturer may according to the actual application needs. Set it yourself, I won't go into details here.
  • step S202 the first parameter of the unlocking object and the first key of the unlocking object delivered by the server are received.
  • the first parameter and the first key are sent by the server according to the terminal identifier, and the first parameter and the first key are used to determine whether the terminal satisfies the condition for parsing data.
  • the first parameter has different meanings according to different application scenarios in the specific implementation process.
  • the following describes the several parameters based on several scenarios. Of course, in the specific implementation process, it can also be applied. Other different scenarios are not limited to the following.
  • the first parameter is a value reached by the server-side counter; in the scenario of unlocking the privacy application scenario and unlocking the privacy data, the first parameter is password information pre-stored in the server, where The password information is the password information that the terminal transmits to the server and is stored by the server in step S101.
  • step S203 a second parameter of the unlocking object located at the terminal and a second key of the unlocking object are acquired.
  • the second parameter corresponds to the first parameter, and has different meanings according to different application scenarios in a specific implementation process.
  • the following describes the several scenarios based on the descriptions thereof. Of course, in the specific implementation process. It can also be applied to other different scenarios, not limited to the following.
  • the second parameter is a value reached by the terminal counter; in the unlocking the privacy application scenario and the unlocking privacy data scenario, the second parameter is password information input by the user into the terminal.
  • the second key is the same as the second key written in the unlocking process in the manner defined by the macro in step S102 of FIG.
  • step S204 when the first parameter and the second parameter satisfy a preset first condition and the first key and the second key satisfy a preset second condition, the unlocking object is unlocked. Unlock it.
  • the preset first condition is that the first parameter and the second parameter satisfy a certain relationship, and may be equal to each other, or may be a difference or a sum of the two, satisfying a certain range, user or operation.
  • the manufacturer or manufacturer can set it according to the needs of the actual application, and will not go into details here.
  • the preset second condition is that the first key and the second key satisfy a certain relationship, and may be equal to each other, or may be a difference or a sum of the two, satisfying a certain range. Or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.
  • the unlocking object is the same as the locking object in step S101 of FIG. 1.
  • the unlocking the unlocking object refers to starting an unlocking single process executed by the AP processor, and the unlocking single process is used to execute the unlocking object.
  • one parameter and one secret key are stored on the server side, and one parameter and one secret key are also stored on the terminal side, by determining whether the parameters on the server side and the terminal side are different from the secret key.
  • the predetermined condition is met to decide whether to unlock the unlocked object.
  • a person skilled in the art may also store a plurality of parameters and a plurality of keys on the server side and the terminal side respectively to determine whether to unlock the unlocked object.
  • two parameters and two keys are stored on the server side, and two parameters and two keys are also stored on the terminal side.
  • Embodiments of the present disclosure also provide a data processing method.
  • 3 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 3, in an embodiment, the method may include steps S301 to S307.
  • step S301 when the terminal satisfies the preset third condition, the message that the terminal satisfies the preset third condition is sent to the server.
  • step S302 the first parameter of the unlocking object and the first key of the unlocking object delivered by the server are received.
  • step S301 is similar to step S201 of FIG. 2, and step S302 is similar to step S202 of FIG. 2, and therefore, no further description is made here.
  • the first parameter is read from a storage area on the modem side.
  • the first parameter and the first key delivered by the server in step S302 are received by the modem processor in the terminal.
  • the terminal stores the first parameter and the first key in a third area on the modem side, where the third area is a normal storage area on the modem side.
  • the second parameter is read from a second reserved field in the first region.
  • the first area on the AP side that is, the normal storage area on the AP side
  • two fields, a first reserved field and a second reserved field are reserved, and the first reserved field is initialized to a null value
  • the second reserved field is used to store the second parameter.
  • step S305 if the first parameter and the second parameter satisfy a preset first condition, the first key is read from the storage area on the modem side, and the first secret is The value of the key is written to the first reserved field.
  • the preset first condition is that the first parameter and the second parameter satisfy a certain relationship, and may be equal to each other, or may be a difference or a sum of the two, satisfying a certain range, user or operation.
  • the manufacturer or manufacturer can set it according to the needs of the actual application, and will not go into details here.
  • the terminal deletes the first key in the storage area on the modem side, and ends the processing flow.
  • step S306 if the first reserved field is non-empty, the value in the first reserved field is compared with the value of the second key.
  • the unlocking single process performed by the AP processor in the terminal monitors the first reserved field in real time, and when the first reserved field is non-empty, the unlocking single process compares the first reserved field. And a value of the second key, wherein the second key is written in the unlocking process in a macro definition manner; if the first reserved field is a null value, the unlocking The single process continues to monitor the first reserved field in real time.
  • step S307 if the value in the first reserved field and the value of the second key satisfy the preset second condition, the unlocked object is unlocked.
  • the preset second condition is that the value in the first reserved field satisfies a certain relationship with the value of the second key, and may be equal to each other, or may be a difference or sum of the two. To meet a certain range, the user or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.
  • the terminal deletes the value in the first reserved field, and ends the processing flow.
  • the unlocking object is the same as the locking object in step S101, and the unlocking the unlocking object refers to starting an unlocking single process executed by the AP processor, where the unlocking single process is used to perform an AP side and an unlocking object. Double-sided cross data unlock processing on the modem side.
  • one parameter and one secret key are stored on the server side, and one parameter and one secret key are also stored on the terminal side, by determining whether the parameters on the server side and the terminal side are different from the secret key.
  • the predetermined condition is met to decide whether to unlock the unlocked object.
  • a person skilled in the art may also store a plurality of parameters and a plurality of keys on the server side and the terminal side respectively to determine whether to unlock the unlocked object.
  • two parameters and two keys are stored on the server side, and two parameters and two keys are also stored on the terminal side.
  • Embodiments of the present disclosure also provide a data processing method.
  • 4 is a flow chart of a data processing method in accordance with an embodiment of the present disclosure. As shown in FIG. 4, in an embodiment, the method may include steps S401 to S410.
  • step S401 when the terminal satisfies the preset third condition, the message that the terminal meets the preset third condition is sent to the server.
  • step S402 the first parameter of the unlocking object and the first key of the unlocking object delivered by the server are received.
  • the first parameter is read from a storage area on the modem side.
  • the second parameter is read from a second reserved field in the first region.
  • step S405 if the first parameter and the second parameter satisfy a preset first condition, the first key is read from the storage area on the modem side, and the first secret is The value of the key is written to the first reserved field.
  • step S406 if the first reserved field is non-empty, the value in the first reserved field is compared with the value of the second key.
  • steps S401 to S406 are similar to steps S301 to S306 of FIG. 3, and therefore, no further description is made herein.
  • the encrypted AP side unlocking parameter and the encrypted modem side unlocking parameter are acquired from the terminal.
  • the encrypted modem side unlocking parameter is acquired from the second area in the storage area on the AP side, and the right of the second area is higher than the first area.
  • the mobile terminal adopts a partitioning mode of an embedded multimedia chip (EMMC), the first area is a common storage area on the AP side, and the second area is an AP. Side RPMB area.
  • EMMC embedded multimedia chip
  • Side RPMB area The manufacturer sets the second area to be unlocked only by the unlocking process executed by the AP processor.
  • the encrypted AP side unlocking parameter is acquired from the fourth area in the storage area on the modem side, and the storage area on the modem side further includes a third area having a lower authority than the fourth area.
  • the mobile terminal adopts a partition mode of an embedded multimedia chip (EMMC), the third area is a common storage area on the modem side, and the fourth area is a modem. Side SFS area. The manufacturer sets the fourth area to be unlocked by the AP processor only after the factory is executed.
  • EMMC embedded multimedia chip
  • a first flag bit is generated based on the encrypted AP side unlocking parameter, the first flag bit being used to indicate whether the parsing of the encrypted AP side unlocking parameter is successful.
  • the generating the first flag bit based on the encrypted AP side unlocking parameter includes: acquiring an AP side unlocking parameter and an AP side key from the second area; and decrypting the encrypted AP side unlocking parameter according to the AP side key The decrypted AP side unlocking parameter is obtained; the decrypted AP side unlocking parameter and the AP side unlocking parameter are compared to obtain a first comparison result; and the first flag bit is generated according to the first comparison result.
  • the first flag bit may be set to 0 or 1, where 0 indicates that the parsing fails, and 1 indicates that the parsing is successful.
  • the first flag bit may also be set to 00 to indicate parsing failure, 11 Indicates that the analysis was successful. The user or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.
  • a second flag bit is generated based on the encrypted modem side unlocking parameter, the second flag bit being used to indicate whether the encrypted modem side unlocking parameter is resolved successfully.
  • the generating, according to the encrypted modem side unlocking parameter, a second flag bit comprising: acquiring a modem side unlocking parameter and a modem side key from the fourth area; and decrypting the encrypted modem side unlocking parameter according to the modem side key Obtaining the decrypted modem side unlocking parameter; comparing the decrypted modem side unlocking parameter and the modem side unlocking parameter to obtain a second comparison result; and generating a second flag bit according to the second comparison result.
  • the second flag bit may be set to 0 or 1, where 0 indicates that the parsing fails, 1 indicates that the parsing is successful, and of course, the second flag bit may also be set to 00 to indicate parsing failure, 11 Indicates that the analysis was successful.
  • the user or the operator or the manufacturer can set it according to the needs of the actual application, and will not be described here.
  • the method of setting the first mark bit may be the same as or different from the method of setting the second mark bit.
  • step S410 when the first marker bit and the second marker bit satisfy a preset fourth condition, the unlocked object is unlocked.
  • the preset fourth condition is that both the encrypted AP side unlocking parameter and the encrypted modem side unlocking parameter are successfully parsed. For example, when both the first flag bit and the second flag bit are set to 0, the parsing fails, and 1 indicates that the parsing is successful, if and only if the first flag bit and the second flag bit are both 1, the first flag bit is indicated. And the second marker bit satisfies the preset first condition.
  • the terminal ends the processing flow.
  • one parameter and one secret key are stored on the server side, and one parameter and one secret key are also stored on the terminal side, by determining whether the parameters on the server side and the terminal side are different from the secret key.
  • the predetermined condition is met to decide whether to unlock the unlocked object.
  • a person skilled in the art may also store a plurality of parameters and a plurality of keys on the server side and the terminal side respectively to determine whether to unlock the unlocked object.
  • two parameters and two keys are stored on the server side, and two parameters and two keys are also stored on the terminal side.
  • Embodiments of the present disclosure also provide a data processing method. Before introducing a data processing method provided by this embodiment, the composition of the AP processor and the modem processor in this embodiment will be described.
  • FIG. 5 is a schematic structural diagram of an AP processor according to an embodiment of the present disclosure.
  • the AP processor includes a processing area for executing a command and a storage area for storing data.
  • the processing area of the AP processor includes: an unlocking single process, an AP side data storage module, an AP side data processing module, and an AP side data parsing module.
  • the unlocking single process is used to perform double-side cross data unlocking processing on the AP side and the modem side on the unlocking object.
  • the storage area of the AP processor includes a common storage area and an RPMB area, and the RPMB area belongs to a security area in the storage area, and the area has higher authority than the normal storage area. The manufacturer sets the RPMB area before leaving the factory, and only the unlocking single process can be accessed.
  • FIG. 6 is a schematic structural diagram of a modem processor according to an embodiment of the present disclosure.
  • the modem processor includes a processing area for executing a command and a storage area for storing data.
  • the processing area of the modem processor includes: a modem side data storage module, a modem side data processing module, and a modem side data parsing module.
  • the storage area of the modem processor includes a common storage area and an SFS area, and the SFS area belongs to a security area in the storage area, and the area has higher authority than the normal storage area. The manufacturer sets the SFS area before leaving the factory, and only the unlocking single process can be accessed.
  • FIGS. 7A through 7C are flowcharts of a data processing method according to an embodiment of the present disclosure. As shown in FIGS. 7A through 7C, in an embodiment, the method includes steps S701 through S718.
  • the terminal is in an initial state, and four values are stored in the normal storage area in the storage area of the terminal AP processor, and are respectively stored in four different positions.
  • terminal parameter 1 and terminal parameter 2 are terminal parameters (terminal parameter 1 and terminal parameter 2), and the other two are null values.
  • the terminal parameter is the second parameter in the foregoing embodiment
  • the location for storing the terminal parameter is the second reserved field in the foregoing embodiment
  • the location for storing the null value is the first in the foregoing embodiment. Reserved field.
  • step S702 when the terminal satisfies the parsing condition one, it reports to the server, and receives the server parameter 1 and key1 values delivered by the server according to the terminal identifier; when the terminal satisfies the parsing condition 2, the server reports the value to the server, and the receiving server delivers the message according to the terminal identifier. Server parameter 2 and key2 values.
  • the two server parameters are sent by the instruction, and the command header file includes server parameter 1 and server parameter 2, and the redundancy bit includes the key1 value and the key2 value.
  • the analysis condition 1 and the analysis condition 2 may be identical, that is, there is only one analysis condition, such as the third condition in the above embodiment.
  • those skilled in the art may separately set different analysis conditions 1 and analysis conditions 2.
  • the server parameter 1 and the server parameter 2 may also be consistent.
  • the server parameter 1 and the server parameter 2 are the same as the first parameter in the foregoing embodiment, those skilled in the art may separately set different server parameters 1 and server.
  • Parameter 2; the key1 value may be the same as the key2 value.
  • the key1 value and the key2 value are the first key in the foregoing embodiment.
  • those skilled in the art may separately set different key1 values and key2 values. .
  • server parameter 1 and server parameter 2 in the instruction header file are read.
  • step S704 it is compared whether the two terminal parameters stored by the terminal are consistent with the two server parameters.
  • the two terminal parameters stored in the terminal are the terminal parameter 1 and the terminal parameter 2, respectively, and the terminal parameter 1 and the terminal parameter 2 may be identical.
  • the terminal parameter 1 and the terminal parameter 2 are the second parameter in the foregoing embodiment.
  • those skilled in the art can also set different terminal parameters 1 and terminal parameters 2 respectively.
  • the two terminal parameters are consistent with the two server parameters, specifically comparing whether the terminal parameter 1 and the server parameter 1 are consistent, and comparing whether the terminal parameter 2 and the server parameter 2 are consistent.
  • step S705 if the two terminal parameters are consistent with the two server parameters, the corresponding key1 value and/or key2 value in the instruction is read, and the key1 value and/or the key2 value are stored to the null area reserved by the terminal.
  • the corresponding key1 value in the command is read, and the key1 value is stored to the null value area reserved by the terminal; if only the terminal parameter 2 is consistent with the server parameter 2, Then, the corresponding key2 value in the instruction is read, and the key2 value is stored to the null value area reserved by the terminal; if the terminal parameter 1 is consistent with the server parameter 1 and the terminal parameter 2 is consistent with the server parameter 2, the corresponding command is read.
  • the key1 value and the key2 value and store the key1 value and the key2 value to the null area reserved by the terminal.
  • step S701 if the two terminal parameters are inconsistent with the two server parameters, the process flow returns to step S701, and the key1 value and/or the key2 value delivered by the server is deleted.
  • step S701 if the two terminal parameters are inconsistent with the two server parameters, the process flow returns to step S701, and the key1 value and/or the key2 value delivered by the server is specifically deleted: if only the terminal parameter 1 is inconsistent with the server parameter 1 Delete the key1 value sent by the server and return to step S701; if only the terminal parameter 2 is inconsistent with the server parameter 2, delete the key2 value sent by the server and return to step S701; if the terminal parameter 1 is inconsistent with the server parameter 1 and the terminal parameter 2 If the server parameter 2 is also inconsistent, the key1 value and the key2 value sent by the server are deleted, and the process returns to step S701.
  • the unlocking single process determines whether the storage area of the key1 value and the key2 value is empty; if both the key1 value and the key2 value are not empty, it is determined whether the key1 value and the key2 value are written in the unlocking process.
  • Parameter 1 is consistent with parameter 2.
  • the key1 value and the key2 value are consistent with the parameter 1 and the parameter 2 written in the unlocking process. Specifically, it is determined whether the key1 value is consistent with the parameter 1 written in the unlocking process, and whether the key2 value is related to the unlocking list.
  • the parameters 2 written in the process are the same.
  • parameter 1 and the parameter 2 which are written in the process of the unlocking process can be the same as the parameter 2, and the second key in the above embodiment can be used. Parameter 1 and parameter 2.
  • the unlocking single process is set to monitor the null value area in the normal storage area of the terminal AP processor in real time, and the parameters 1 and 2 written in the unlocking single process are set by macro definition.
  • step S707 if one of the storage areas of the key1 value and the key2 value is empty, or one of the key1 value and the key2 value does not match the parameter 1 and the parameter 2 written in the unlocking process, the process flow goes to step S707; if the key1 value And the storage area of the key2 value is not empty, and the key1 value and the key2 value are both consistent with the parameters 1 and 2 written in the second single process, the process flow goes to step S708.
  • one of the storage areas of the key1 value and the key2 value is empty, and the storage area of the key1 value is empty, or the storage area of the key2 value is empty, or the storage areas of the key1 value and the key2 value are empty.
  • the key1 value and the key2 value have one inconsistent with the parameter 1 and the parameter 2 written in the unlocking process.
  • the key1 value is inconsistent with the parameter 1 written in the unlocking process, or the key2 value is written in the unlocking process.
  • the parameter 2 is inconsistent, or the key1 value is inconsistent with the parameter 1 written in the unlocking process and the key2 value is also inconsistent with the parameter 2 written in the unlocking process.
  • both the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the unlocking process.
  • the key1 value is consistent with the parameter 1 written in the unlocking process and the key2 value and the parameter written in the unlocking process. 2 is also consistent.
  • the unlocking single process continues to monitor the null area in the normal storage area in real time.
  • step S708 the unlocking single process performs steps S709 to S718.
  • step S709 the unlocking single process sends a request for acquiring an AP side parsing parameter to the SFS area.
  • the AP side resolution parameter is an AP side unlocking parameter encrypted in the foregoing embodiment.
  • the unlocking single process acquires an AP side parsing parameter.
  • the AP side data processing module in the AP processor decrypts the AP side parsing parameter.
  • the AP side data processing module in the AP processor decrypts the AP side parsing parameter, and the unlocking single process sends the AP side parsing parameter to the AP side data processing module, and the AP side data processing module collides.
  • the AP side parsing parameters are decrypted.
  • step S712 if the AP side data processing module decrypts the AP side parsing parameter is unsuccessful, the processing flow is terminated; if the AP side data processing module decrypts the AP side parsing parameter successfully, the AP side data processing module parses the decrypted AP side.
  • the parameter is sent to the AP side data parsing module in the AP processor for parsing, and the AP side parsing flag bit is generated according to the parsing result.
  • the decrypted AP side parsing parameter is the decrypted AP side unlocking parameter in the above embodiment
  • the AP side parsing flag bit is the first flag bit in the above embodiment.
  • the AP side data parsing module sends the AP side parsing flag bit to the unlocking single process.
  • the AP side parsing flag bit is used to indicate whether the AP side parsing parameter is successfully parsed; the AP side flag bit may be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing success.
  • the unlocking single process sends a request to acquire a modem side resolution parameter to the RPMB area.
  • the modem side resolution parameter is the encrypted modem side unlocking parameter in the above embodiment.
  • the unlocking single process acquires a modem side resolution parameter.
  • the modem side data processing module in the modem processor decrypts the modem side parsing parameter.
  • step S717 if the modem side data processing module decrypts the modem side parsing parameter is unsuccessful, the processing flow is terminated; if the modem side data processing module decrypts the modem side parsing parameter successfully, the modem side data processing module parses the decrypted modem side.
  • the parameter is sent to the modem side data parsing module in the modem processor for parsing, and the modem side parsing flag bit is generated according to the parsing result.
  • the decrypted modem side parsing parameter is the decrypted modem side unlocking parameter in the above embodiment
  • the modem side parsing flag bit is the second flag bit in the above embodiment.
  • the modem side parsing flag bit is used to indicate whether the modem side parsing parameter is successfully parsed; the modem side parsing flag bit may be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing succeeds.
  • the modem side data parsing module sends the modem side parsing flag bit to the unlocking single process.
  • the terminal is normally unlocked if and only if both parsing flag bits are 1.
  • the dual-side parsing and the dual-parsing parameters are set, and the dual-parsing parameters are respectively stored in the security area in the modem side and the AP side storage area, and the dual-side security area is only the AP processor.
  • the unlocked single process that is executed can be accessed.
  • the server sends the server parameter 1 and key1.
  • the server reports the server parameter 2 and the key2 value.
  • the terminal preferentially reads the server parameter.
  • the terminal When the server parameter is used, When the terminal parameters are consistent or the value of the server parameter meets the preset condition, the terminal reads the corresponding key value and writes the blank area in the normal storage area of the AP processor. If they are inconsistent, the terminal deletes the corresponding key value.
  • the unlocking single process will retrieve the AP side from the modem side security area when the blank area in the normal storage area of the AP processor is not empty, and the value in the blank area is consistent with the value of the parameter written by the macro definition.
  • the parameters are parsed, and the AP side analysis parameters are sent to the AP side data processing module for processing.
  • the processed data is sent to the AP side data analysis module for analysis.
  • the unlocking single process also extracts the modem side parsing parameter from the AP side security area and sends it to the modem side data processing module for processing, and the processed data is sent to the modem side data parsing module for parsing.
  • the terminal is normally unlocked.
  • the terminal cannot be unlocked normally.
  • the terminal parameter 1 in the above embodiment is the terminal count 1; the terminal parameter 2 is the terminal count 2; the analysis condition 1 is the unlock network condition 1; the analysis condition 2 is the unlock network condition 2; the server parameter 1 is the server count 1
  • the server parameter 2 is the server count 2; the unlock single process is the subscriber identification module unlock (simunlock) module; the AP side resolution parameter is the AP side unlock network parameter; the modem side resolution parameter is the modem side unlock network parameter; the AP side
  • the parsing flag bit is the AP side unlocking network tag bit; the modem side parsing flag bit is the modem side unlocking network tag bit; the modem side data storage module is the modem side unlocking network parameter storage module; and the modem side data processing module is the modem side unlocking network parameter decryption.
  • the module side data parsing module is the modem side unlocking network module; the AP side data storage module is the AP side unlocking network parameter storage module; the AP side data processing module is the AP side unlocking network parameter decryption module; the AP side data parsing module is the AP side. Unlock the network module.
  • FIGS. 8A through 8C are flowcharts of a data unlocking method according to an embodiment of the present disclosure.
  • the method may include steps S801 through S818.
  • the terminal is in an initial state, and four values are stored in a normal storage area in the storage area of the AP processor, and are respectively stored in four different positions, wherein two are terminal counts, and the other two The number is null.
  • terminal counts are terminal count 1 and terminal count 2, respectively.
  • step S802 when the terminal satisfies the unlocking network condition one, the server reports to the server, and receives the server count 1 and key1 values issued by the server according to the terminal identifier; when the terminal satisfies the parsing condition 2, reports the server to the server, and receives the server according to the terminal identifier.
  • the sent server counts 2 and key2 values.
  • the server count 1 is the value 1 reached by the lock counter 1 in the server
  • the server count 2 is the value 2 reached by the lock counter 2 in the server.
  • step S803 the server count 1 and the server count 2 are read.
  • step S804 it is compared with whether the two terminal counts stored by the terminal are consistent with the two server counts.
  • the terminal count 1 is the value 1 reached by the terminal unlocking network counter 1
  • the terminal count 2 is the value 2 reached by the terminal unlocking network counter 2.
  • the two terminal counts are consistent with the two server counts, specifically whether the comparison terminal count 1 is consistent with the server count 1, and the comparison between the terminal count 2 and the server count 2 is consistent.
  • step S805 if the two terminal counts coincide with the two server counts, the corresponding key1 value and/or key2 value are read, and the key1 value and/or the key2 value are stored to the null area reserved by the terminal.
  • the corresponding key1 value is read, and the key1 value is stored to the null area reserved by the terminal; if only the terminal count 2 is consistent with the server count 2, then read The corresponding key2 value is obtained, and the key2 value is stored in the null value area reserved by the terminal; if the terminal count 1 is consistent with the server count 1 and the terminal count 2 is consistent with the server count 2, the corresponding key1 value and the key2 value are read. And store the key1 value and the key2 value to the null area reserved by the terminal.
  • step S801 if the two terminal counts are inconsistent with the two server counts, the process flow returns to step S801 to delete the key1 value and/or the key2 value delivered by the server, and the minimum synchronization count.
  • step S801 deletes the key1 value and/or the key2 value delivered by the server, and the minimum synchronization count, specifically: if only the terminal counts 1 If the server 1 is inconsistent with the server, the key1 value sent by the server is deleted, and the process returns to step S801, and the minimum synchronization is counted. If only the terminal count 2 is different from the server count 2, the key2 value sent by the server is deleted and the process returns to step S801 and is minimum.
  • Synchronization count if the terminal count 1 is inconsistent with the server count 1 and the terminal count 2 and the server count 2 are also inconsistent, the key1 value and the key2 value delivered by the server are deleted and the process returns to step S801, and the minimum synchronization count is performed.
  • the minimum synchronization count specifically resets the terminal count 1 to the server count 1, and resets the terminal count 2 to the server count 2.
  • the simunlock module determines whether the storage area of the key1 value and the key2 value is empty; if both the key1 value and the key2 value are not empty, it is determined whether the key1 value and the key2 value are the parameters 1 written in the simunlock module. Consistent with parameter 2.
  • it is determined whether the key1 value and the key2 value are consistent with the parameter 1 and the parameter 2 written in the simunlock module specifically: determining whether the key1 value is consistent with the parameter 1 written in the simunlock module, and determining whether the key2 value is written in the simunlock module.
  • the specified parameter 2 is consistent.
  • the simunlock module is configured to monitor a null value area in a normal storage area of the terminal AP processor in real time, and parameters 1 and 2 written in the simunlock module are set by a macro definition.
  • step S807 if one of the storage areas of the key1 value and the key2 value is empty, or the key1 value and the key2 value have a parameter that is different from the parameter written in the simunlock module, the process flow goes to step S807; if the key1 value and the key2 value are stored If the area is not empty, and the key1 value and the key2 value are both consistent with the parameters 1 and 2 written in the simunlock module, the process goes to step S808.
  • one of the storage areas of the key1 value and the key2 value is empty, and the storage area of the key1 value is empty, or the storage area of the key2 value is empty, or the storage areas of the key1 value and the key2 value are empty.
  • the key1 value and the key2 value have one inconsistency with the parameter 1 and the parameter 2 written in the simunlock module.
  • the key1 value is inconsistent with the parameter 1 written in the simunlock module, or the key2 value and the parameter 2 written in the simunlock module. Inconsistent, or the key1 value is inconsistent with the parameter 1 written in the simunlock module and the key2 value is also inconsistent with the parameter 2 written in the simunlock module.
  • both the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the simunlock module.
  • the key1 value is consistent with the parameter 1 written by the simunlock module and the key2 value is also consistent with the parameter 2 written in the simunlock module.
  • the simunlock module continues to monitor the null area in the normal storage area of the terminal AP processor in real time.
  • the simunlock module performs steps S809 through S818.
  • step S809 the simunlock module sends a request for acquiring an AP side unlocking network parameter to the SFS area.
  • the simunlock module acquires an AP side unlocking network parameter.
  • the AP side unlocking network parameter decryption module in the AP processor decrypts the AP side unlocking network parameter.
  • the AP side unlocking network parameter decryption module in the AP processor decrypts the AP side unlocking network parameter
  • the simunlock module sends the AP side unlocking network parameter to the AP side unlocking network parameter decryption module
  • the AP side The unlocking network parameter decryption module decrypts the AP side unlocking network parameters.
  • Step S812 If the AP side unlocking network parameter decryption module decrypts the AP side unlocking network parameter is unsuccessful, the processing flow is terminated; if the AP side unlocking network parameter decryption module decrypts the AP side unlocking network parameter successfully, the AP side unlocking network parameter The decryption module sends the decrypted AP side unlocking network parameter to the AP side unlocking network module in the AP processor to unlock, and generates an AP side unlocking network flag bit according to the unlocking result.
  • the AP side unlocking network flag bit is used to indicate whether the AP side unlocking is successful; the AP side unlocking network flag bit can be set to 0 or 1, where 0 indicates that the unlocking fails, and 1 indicates that the unlocking is successful.
  • the AP side unlocking network module sends the AP side unlocking network flag bit to the simunlock module.
  • the simunlock module sends a request for acquiring a modem side unlocking network parameter to the RPMB area.
  • the simunlock module acquires a modem side unlocking network parameter.
  • the modem side unlocking network parameter is decrypted by the modem side unlocking network parameter decryption module in the modem processor.
  • step S817 if the modem side unlocking network parameter decryption module decrypts the modem side unlocking network parameter is unsuccessful, the processing flow is terminated; if the modem side unlocking network parameter decryption module decrypts the modem side unlocking network parameter successfully, the modem side unlocking network parameter is decrypted.
  • the module sends the decrypted modem side unlocking network parameter to the modem side unlocking network module in the modem processor to unlock, and generates a modem side unlocking network marking bit according to the unlocking result.
  • the modem side unlocking network flag bit is used to indicate whether the modem side unlocking network parameter is unlocked successfully; the modem side unlocking network flag bit can be set to 0 or 1, wherein 0 means unlocking failure, 1 means unlocking success.
  • the modem side unlocking network module sends the modem side unlocking network flag bit to the simunlock module.
  • the terminal is normally unlocked if and only if both unlocking network flag bits are 1.
  • the parameters of the double-side unlocking and the double-side unlocking network are set in the embodiment of the present disclosure, and the parameters of the double-side unlocking network are respectively stored in the security area in the modem side and the AP side storage area.
  • the two-sided security zone is accessible only to the simunlock module in the AP processor.
  • the simunlock module may retrieve the AP side unlocking network parameter from the modem side security area when the blank area is not empty, and the value in the blank area is consistent with the parameter value written by the simunlock module itself through the macro definition, and The AP-side unlocking network parameters are sent to the AP-side unlocking network parameter decryption module for decryption. The data after successful decryption is sent to the AP-side unlocking network module for unlocking.
  • the simunlock module also retrieves the modem side parsing parameter from the ap side security area and sends the modem side unlocking network parameter decryption module to decrypt, and the decrypted data is sent to the modem side unlocking network module for unlocking.
  • the terminal is normally unlocked.
  • the terminal cannot be unlocked normally.
  • a data unlocking method provided by the present disclosure is applied to unlock a privacy application or unlock a privacy data scenario.
  • the unlocking of the privacy application is taken as an example.
  • the terminal parameters in the foregoing embodiment are conditional determination parameters, such as a two-handed fingerprint or a two-eye eye pattern (in this embodiment, a binocular eye pattern is taken as an example), and the terminal parameter 1 is a terminal.
  • terminal parameter 2 is the eye pattern data 2 entered by the terminal;
  • the analysis condition 1 is the terminal input eye pattern 1;
  • the analysis condition 2 is the terminal input eye pattern 2;
  • the server parameter 1 is the server eye pattern data 1;
  • the server Parameter 2 is the server eye pattern data 2;
  • the unlocking single process is the privacy protection (Private Protection) module;
  • the AP side analysis parameter is the AP side eye pattern parameter;
  • the modem side analysis parameter is the modem side eye pattern parameter;
  • the AP side analysis flag bit is the AP side.
  • Modem side resolution flag bit is modem side resolution flag bit
  • modem side data storage module is modem side eye pattern parameter storage module
  • modem side data processing module is modem side privacy application parameter decryption module
  • modem side data parsing module The modem side privacy application parsing module; the AP side data storage module is an AP side eye pattern parameter storage module; and the AP side data processing module is an AP side privacy application parameter decryption. Block; AP side of the data analysis module AP side privacy application parsing module.
  • FIGS. 9A through 9C are flowcharts of a data unlocking method according to an embodiment of the present disclosure.
  • the method may include steps S901 through S918.
  • the terminal is in an initial state, and four values are stored in a normal storage area of the storage area of the terminal AP processor, and are respectively stored in four different positions, wherein two are used for storing terminal input. Eye pattern data, the other two are null values.
  • step S902 when the terminal enters the eye 1 , it reports to the server, and receives the server eye data 1 and key 1 values issued by the server according to the terminal identifier; when the terminal enters the eye 2, reports to the server, and receives the server according to the terminal. Identifies the server eye pattern data 2 and key2 values that are delivered.
  • step S903 the server eye pattern data 1 and the server eye pattern data 2 are read.
  • step S904 it is compared whether the two eye pattern data entered by the terminal are consistent with the two server eye pattern data.
  • comparing whether the two terminal eye pattern data is consistent with the two server eye pattern data specifically comparing whether the eye pattern data 1 recorded by the terminal is consistent with the server eye pattern data 1, and comparing the eye pattern data 2 entered by the terminal with the server eye pattern Whether data 2 is consistent.
  • step S905 if the two eye pattern data entered by the terminal are consistent with the two server eye pattern data, the corresponding key1 value and/or the key2 value are read, and the key1 value and/or the key2 value are stored to the terminal reserved. Null value area.
  • the corresponding key1 value is read, and the key1 value is stored to the null value reserved by the terminal; If the data 2 is consistent with the server eye pattern data 2, the corresponding key2 value is read, and the corresponding key2 value is read, and the key2 value is stored to the null value area reserved by the terminal; if the eyeline data 1 and the server eye are entered by the terminal If the pattern data 1 is consistent and the eye pattern data 2 entered by the terminal is also consistent with the server eye pattern data 2, the corresponding key1 value and key2 value are read, and the key1 value and the key2 value are stored to the null area reserved by the terminal.
  • step S901 if the two eye pattern data entered by the terminal are inconsistent with the two server eye pattern data, the process flow returns to step S901 to delete the key1 value and/or the key2 value delivered by the server.
  • step S901 to delete the key1 value and/or the key2 value delivered by the server, specifically: if only the terminal is entered. If the eye pattern data 1 does not match the server eye pattern data 1, the key1 value sent by the server is deleted and the process returns to step S901. If only the eye pattern data 2 entered by the terminal does not match the server eye pattern data 2, the key2 sent by the server is deleted.
  • step S901 if the eyeprint data 1 entered by the terminal is inconsistent with the server eyeprint data 1 and the eyeprint data 2 entered by the terminal does not match the server eyeprint data 2, the key1 value and the key2 value sent by the server are deleted. Go back to step S901.
  • the privacy protection module determines whether the storage area of the key1 value and the key2 value is empty; if both the key1 value and the key2 value are not empty, it is determined whether the key1 value and the key2 value are written in the privacy protection module.
  • Parameter 1 and parameter 2 are the same.
  • it is determined whether the key1 value and the key2 value are consistent with the parameter 1 and the parameter 2 written in the privacy protection module specifically: determining whether the key1 value is consistent with the parameter 1 written in the privacy protection module, and determining whether the key2 value is related to privacy protection.
  • the parameters 2 written in the module are the same.
  • the privacy protection module is configured to monitor a null value area in a normal storage area of the terminal AP processor in real time, and parameters 1 and 2 written in the privacy protection module are set by a macro definition.
  • step S907 if one of the storage areas of the key1 value and the key2 value is empty, or one of the key1 value and the key2 value is inconsistent with the parameter written in the privacy protection module, the process flow goes to step S907; if the key1 value and the key2 value are The storage area is not empty, and the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the privacy protection module, and then the process goes to step S908.
  • one of the storage areas of the key1 value and the key2 value is empty, and the storage area of the key1 value is empty, or the storage area of the key2 value is empty, or the storage areas of the key1 value and the key2 value are empty.
  • the key1 value and the key2 value have one inconsistency with the parameter 1 and the parameter 2 written in the privacy protection module.
  • the key1 value is inconsistent with the parameter 1 written in the privacy protection module, or the key2 value is written in the privacy protection module.
  • the parameter 2 is inconsistent, or the key1 value is inconsistent with the parameter 1 written in the privacy protection module and the key2 value is also inconsistent with the parameter 2 written in the privacy protection module.
  • both the key1 value and the key2 value are consistent with the parameters 1 and 2 written in the privacy protection module, specifically: the key1 value is consistent with the parameter 1 written by the privacy protection module and the key2 value and the parameter 2 written in the privacy protection module are Also consistent.
  • the privacy protection module continues to monitor the null area in the normal storage area of the terminal AP processor in real time.
  • the privacy protection module performs steps S909 to S918.
  • the privacy protection module sends a request for acquiring an AP side eye pattern parameter to the SFS area.
  • the privacy protection module acquires an AP side eye pattern parameter.
  • the AP side eye pattern parameter is decrypted by the AP side privacy application parameter decryption module in the AP processor.
  • the AP side privacy application parameter decryption module in the AP processor decrypts the AP side eye pattern parameter
  • the privacy protection module sends the AP side eye pattern parameter to the AP side privacy application parameter decryption module.
  • the AP side privacy application parameter decryption module decrypts the AP side eye pattern parameter.
  • step S912 if the AP side privacy application parameter decryption module decrypts the AP side eye pattern parameter is unsuccessful, the processing flow is terminated; if the AP side privacy application parameter decryption module decrypts the AP side eye pattern parameter successfully, the AP side privacy application parameter is decrypted.
  • the module sends the decrypted AP eye pattern parameter to the AP side privacy application parsing module in the AP processor for parsing, and generates an AP side parsing flag bit according to the parsing result.
  • the AP side parsing flag bit is used to indicate whether the AP side parsing is successful; the AP side parsing flag bit can be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing succeeds.
  • the AP side privacy application parsing module sends the AP side parsing flag bit to the privacy protection module.
  • step S914 the privacy protection module sends a request for acquiring a modem side eye pattern parameter to the RPMB area.
  • the privacy protection module acquires a modem side eye pattern parameter.
  • the modem side eye pattern parameter is decrypted by the modem side privacy application parameter decryption module in the modem processor.
  • the modem side privacy application parameter decryption module in the modem processor decrypts the modem side eye pattern parameter
  • the privacy protection module sends the modem side eye pattern parameter to a modem side privacy application parameter decryption module.
  • the modem side privacy application parameter decryption module decrypts the modem side eye pattern parameter.
  • step S917 if the modem side privacy application parameter decryption module decrypts the modem side eye pattern parameter is unsuccessful, the processing flow is terminated; if the modem side privacy application parameter decryption module decrypts the modem side eye pattern parameter successfully, the modem side privacy application parameter is decrypted.
  • the module sends the decrypted modem side eye pattern parameter to the modem side privacy application parsing module in the modem processor for parsing, and generates a modem side parsing flag bit according to the parsing result.
  • the modem side parsing flag bit is used to indicate whether the modem side eye pattern parameter is successfully parsed; the modem side parsing flag bit may be set to 0 or 1, where 0 indicates parsing failure and 1 indicates parsing success.
  • the modem side privacy application parsing module sends the modem side parsing flag bit to the privacy protection module.
  • the terminal is normally unlocked if and only if both parsing flag bits are 1.
  • the double-sided analysis and the double-sided eye pattern parameters are set, and the double-sided eye pattern parameters are respectively stored in the security area in the modem side and the AP side storage area.
  • the two-sided security zone is accessible only to the privacy protection module in the AP processor.
  • the privacy protection module may retrieve the AP side eye pattern parameter from the modem side security area when the blank area is not empty, and the value in the blank area is consistent with the parameter value written by the privacy protection module itself through the macro definition. And the AP side eye pattern parameter is sent to the AP side privacy application parameter decryption module for decryption, and the decrypted data is sent to the AP side privacy application parsing module for parsing. In addition, the privacy protection module also extracts the modem side parsing parameter from the ap side security area and sends the modem side privacy application parameter decryption module to decrypt, and the decrypted data is sent to the modem side privacy application parsing module for parsing.
  • the terminal When the AP side privacy application parsing module and the modem side privacy application parsing module are successfully parsed, the terminal is normally unlocked. When one of the AP side privacy application parsing module and the modem side privacy application parsing module fails to parse, the terminal cannot be unlocked normally.
  • the present disclosure can implement security analysis of a privacy application.
  • a security area in which the parsing parameters are stored only a single process access can be performed by the AP processor, and the secure storage of the parsing parameters is strictly controlled. .
  • the privacy application it is necessary to determine whether the key value of the server is consistent with the key value of the terminal. Because the key value of the terminal is written by the macro definition in the single process executed by the AP processor, and the parameter written in the process is not stored data, and can hardly be acquired, so that data hijacking can be avoided, thereby enabling analysis. The process is safer.
  • the disclosure can also realize automatic unlocking of the network, and at the same time strictly control the security of automatically unlocking the network.
  • the lock network counter is required to reach a preset threshold. If the lock network counter is only stored in the mobile phone, there is a risk of being tampered with. If it is only stored on the server side, the lock network count value may be tampered with after the server sends the lock network count value to the terminal. In order to prevent this from happening, the present disclosure synchronizes the network lock with the terminal at the server end. When determining whether the unlocking network condition is reached, the network lock count of the server is required to be the same as the lock network count of the terminal, and reaches a preset threshold.
  • the key value of the server end is consistent with the key value of the terminal. Because the key value of the terminal is written by the macro definition in the single process executed by the AP processor, and the parameter written in the process is not stored data, and can hardly be acquired, so that data hijacking can be avoided, thereby enabling analysis. The process is safer. Finally, by setting the security zone in which the parameters of the unlocking network are stored, only the single process access performed by the AP processor can be accessed, and the secure storage of the parameters of the unlocking network is strictly controlled.
  • the present disclosure further provides a data processing apparatus, each module included in the data processing apparatus and each submodule included in each module can be implemented by an AP processor and a modem processor in the terminal;
  • the processor may be a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA).
  • FIG. 10 is a block diagram showing the structure of a data processing apparatus according to an embodiment of the present disclosure.
  • the apparatus 1000 includes: a second obtaining module 1001, a first generating module 1002, a second sending module 1003, a second generating module 1004, a third generating module 1005, and a fourth.
  • a module 1006, a first write module 1007, and a second write module 1008 are generated.
  • the second obtaining module 1001 is configured to acquire an unlocking parameter generated based on the locking object from the terminal.
  • the first generating module 1002 is configured to generate a first key and a second key according to the unlocking parameter.
  • the second sending module 1003 is configured to send the first key to the server.
  • the second generation module 1004 is configured to generate an AP side unlocking parameter and a modem side unlocking parameter according to the second key.
  • the third generation module 1005 is configured to generate an encrypted AP side unlocking parameter and an AP side key according to the AP side unlocking parameter.
  • the fourth generation module 1006 is configured to generate an encrypted modem side unlocking parameter and a modem side key according to the modem side unlocking parameter.
  • the first writing module 1007 is configured to write the AP side key, the AP side unlocking parameter, and the encrypted modem side unlocking parameter into a second area in a storage area on the AP side, where the AP
  • the storage area on the side further includes a first area, and the second area is higher in authority than the first area;
  • the second writing module 1008 is configured to use the modem side key and the encrypted AP side unlocking parameter.
  • the modem side unlocking parameter is written in a fourth area in the storage area on the modem side, and the storage area on the modem side further includes a third area, and the fourth area is higher in authority than the third area.
  • the present disclosure further provides a data processing apparatus, each module in the data processing apparatus and each submodule included in each module can be implemented by an AP processor and a modem processor in the terminal, where
  • the processor may be a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field programmable gate array (FPGA).
  • the apparatus 1100 includes: a receiving module 1101 , a first obtaining module 1102 , and an unlocking module 1103 .
  • the receiving module 1101 is configured to receive a first parameter of the unlocking object and a first key of the unlocking object that are sent by the server, where the first parameter and the first key are used to determine whether the terminal satisfies the condition for analyzing the data.
  • the first obtaining module 1102 is configured to acquire a second parameter of the unlocking object located in the terminal and a second key of the unlocking object.
  • the unlocking module 1103 is configured to: when the first parameter and the second parameter satisfy a preset first condition, and the first key and the second key satisfy a preset second condition, The unlocked object is unlocked.
  • the apparatus further includes: a first sending module, configured to: before the receiving module receives the first parameter of the unlocking object delivered by the server and the first key of the unlocking object, When the terminal meets the preset third condition, the terminal sends a message that the terminal meets the preset third condition to the server.
  • a first sending module configured to: before the receiving module receives the first parameter of the unlocking object delivered by the server and the first key of the unlocking object, When the terminal meets the preset third condition, the terminal sends a message that the terminal meets the preset third condition to the server.
  • the apparatus further includes: a first reading module, a second reading module, and a first comparison module.
  • the first reading module is configured to read the first parameter from a storage area on the modem side.
  • the second reading module is configured to read the second parameter from a second reserved field in the first region.
  • the first comparison module is configured to compare a value in the first reserved field in the first area with the second secret if the first parameter and the second parameter satisfy a preset first condition The value of the key is triggered, if the value in the first reserved field and the value of the second key meet the preset second condition, the unlocking module is triggered to unlock the unlocked object.
  • the first comparison module further includes: a read sub-module and a write sub-module comparison sub-module.
  • the reading submodule is configured to read the first key from a storage area on the modem side if the first parameter and the second parameter satisfy a preset first condition.
  • the write submodule is configured to write the value of the first key to the first reserved field.
  • the comparison submodule is configured to compare the value in the first reserved field in the first region with the value of the second key if the first reserved field is non-empty.
  • the unlocking module further includes: an obtaining submodule, a first generating submodule, a second generating submodule, and an unlocking submodule.
  • the acquiring submodule is configured to acquire an encrypted AP side unlocking parameter and an encrypted modem side unlocking parameter from the terminal.
  • the first generation submodule is configured to generate a first flag bit based on the encrypted AP side unlocking parameter, where the first flag bit is used to indicate whether the encrypted AP side unlocking parameter is successfully parsed.
  • the second generation submodule is configured to generate a second flag bit based on the encrypted modem side unlocking parameter, the second flag bit being used to indicate whether the encrypted modem side unlocking parameter is successfully resolved.
  • the unlocking submodule is configured to unlock the unlocking object when the first marking bit and the second marking bit satisfy a preset fourth condition.
  • the acquiring sub-module is configured to acquire an encrypted modem side unlocking parameter from a second area in the storage area of the AP, where the right of the second area is higher than the first region.
  • the acquiring sub-module is further configured to acquire an encrypted AP-side unlocking parameter from a fourth area in the storage area of the modem side, where the storage area on the modem side further includes a third authority having a lower authority than the fourth area. region.
  • the first generation sub-module is configured to acquire an AP-side unlocking parameter and an AP-side key from the second area, and unlock the encrypted AP side according to the AP-side key.
  • the parameter is decrypted to obtain the decrypted AP side unlocking parameter, and the decrypted AP side unlocking parameter and the AP side unlocking parameter are compared to obtain a first comparison result, and the first flag bit is generated according to the first comparison result.
  • the second generation sub-module is configured to acquire a modem side unlocking parameter and a modem side key from the fourth area, and decrypt the encrypted modem side unlocking parameter according to the modem side key to obtain the decrypted
  • the modem side unlocking parameter compares the decrypted modem side unlocking parameter with the modem side unlocking parameter to obtain a second comparison result, and generates a second flag bit according to the second comparison result.
  • the first parameter is a value reached by a lock counter in the server
  • the second parameter is a value reached by the terminal lock network counter.
  • the preset third condition is that the value reached by the terminal lock network counter exceeds a preset threshold.
  • the device further includes a reset module configured to reset the value reached by the terminal lock network counter when the value reached by the terminal lock counter is inconsistent with the value reached by the lock counter in the server The value reached by the lock counter in the server.
  • the first parameter is pre-stored password information in the server
  • the second parameter is password information entered by the terminal.
  • the preset third condition is that the terminal enters password information.
  • the above data locking method or data unlocking method is implemented in the form of a software function module, and is sold or used as a separate product, it may also be stored in a computer readable storage medium.
  • the technical solution of the embodiments of the present disclosure may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions for making A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the methods described in various embodiments of the present disclosure.
  • the foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • program codes such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • an embodiment of the present disclosure provides a computer storage medium having stored therein computer executable instructions configured to perform the data unlocking method or the data locking method described above.
  • FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • the terminal 1200 includes a display screen 1201, a processor 1202, and a storage medium 1203 configured to store executable instructions, wherein the processor 1202 is configured to execute the stored executable instructions.
  • the executable instructions are for executing the data processing method described above.
  • embodiments of the present disclosure can be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware aspects. Moreover, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) containing computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

La présente invention concerne un appareil et un appareil de traitement de données, un terminal, et un support de stockage. Le procédé consiste à : recevoir un premier paramètre d'un objet de déverrouillage et une première clé secrète de l'objet de déverrouillage émis par un serveur, le premier paramètre et la première clé secrète étant utilisés pour déterminer si un terminal satisfait ou non une condition d'analyse de données ; obtenir un second paramètre de l'objet de déverrouillage et une seconde clé secrète de l'objet de déverrouillage situé dans le terminal ; lorsque le premier paramètre et le second paramètre satisfont une première condition prédéfinie, et que la première clé secrète et la seconde clé secrète satisfont une seconde condition prédéfinie, déverrouiller l'objet de déverrouillage.
PCT/CN2018/098541 2017-06-28 2018-08-03 Procédé et appareil de traitement de données, terminal, et support de stockage WO2019001588A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710510233.X 2017-06-28
CN201710510233.XA CN109150814B (zh) 2017-06-28 2017-06-28 数据处理方法及其装置、终端、存储介质

Publications (1)

Publication Number Publication Date
WO2019001588A1 true WO2019001588A1 (fr) 2019-01-03

Family

ID=64741144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/098541 WO2019001588A1 (fr) 2017-06-28 2018-08-03 Procédé et appareil de traitement de données, terminal, et support de stockage

Country Status (2)

Country Link
CN (1) CN109150814B (fr)
WO (1) WO2019001588A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726508A (zh) * 2021-08-30 2021-11-30 北京博瑞翔伦科技发展有限公司 一种用于无人仓离线智能锁的totp算法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102227734A (zh) * 2008-11-28 2011-10-26 国际商业机器公司 用于保护机密文件的客户端计算机和其服务器计算机以及其方法和计算机程序
CN105101183A (zh) * 2014-05-07 2015-11-25 中国电信股份有限公司 对移动终端上隐私内容进行保护的方法和系统
CN106384042A (zh) * 2016-09-13 2017-02-08 北京豆荚科技有限公司 一种电子设备以及安全系统
US20170085546A1 (en) * 2015-09-17 2017-03-23 T-Mobile Usa, Inc. Secure remote user device unlock
CN106548088A (zh) * 2016-10-19 2017-03-29 惠州Tcl移动通信有限公司 一种基于移动终端的保密存储区读取控制方法及移动终端

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7940932B2 (en) * 2004-04-08 2011-05-10 Texas Instruments Incorporated Methods, apparatus, and systems for securing SIM (subscriber identity module) personalization and other data on a first processor and secure communication of the SIM data to a second processor
CN100574189C (zh) * 2007-03-16 2009-12-23 中兴通讯股份有限公司 基于非对称算法的移动终端安全锁网锁卡保护和解锁方法
US9705674B2 (en) * 2013-02-12 2017-07-11 Amazon Technologies, Inc. Federated key management
CN104519479B (zh) * 2013-09-27 2019-06-11 中兴通讯股份有限公司 一种终端及其锁网和解除锁网的方法
CN104952128A (zh) * 2015-05-20 2015-09-30 范浪波 一种基于智能手持终端的电子解锁系统及其解锁方法
CN106817377A (zh) * 2017-03-27 2017-06-09 努比亚技术有限公司 一种数据加密装置、解密装置及方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102227734A (zh) * 2008-11-28 2011-10-26 国际商业机器公司 用于保护机密文件的客户端计算机和其服务器计算机以及其方法和计算机程序
CN105101183A (zh) * 2014-05-07 2015-11-25 中国电信股份有限公司 对移动终端上隐私内容进行保护的方法和系统
US20170085546A1 (en) * 2015-09-17 2017-03-23 T-Mobile Usa, Inc. Secure remote user device unlock
CN106384042A (zh) * 2016-09-13 2017-02-08 北京豆荚科技有限公司 一种电子设备以及安全系统
CN106548088A (zh) * 2016-10-19 2017-03-29 惠州Tcl移动通信有限公司 一种基于移动终端的保密存储区读取控制方法及移动终端

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726508A (zh) * 2021-08-30 2021-11-30 北京博瑞翔伦科技发展有限公司 一种用于无人仓离线智能锁的totp算法及系统
CN113726508B (zh) * 2021-08-30 2024-04-02 北京博瑞翔伦科技发展有限公司 一种用于无人仓离线智能锁的totp算法及系统

Also Published As

Publication number Publication date
CN109150814B (zh) 2022-12-02
CN109150814A (zh) 2019-01-04

Similar Documents

Publication Publication Date Title
CN106603484B (zh) 虚拟钥匙方法及应用该方法的装置、后台系统、用户终端
EP3255832B1 (fr) Procédé de chiffrement dynamique, terminal, et serveur
EP1560120A1 (fr) Procede d'acces
CN110535880B (zh) 物联网的访问控制方法以及系统
US10630474B2 (en) Method and system for encrypted data synchronization for secure data management
WO2014177076A1 (fr) Terminal, procédé de verrouillage de réseau et de déverrouillage de réseau associé, et support de stockage
CN115208705B (zh) 基于链路数据自适应调整的加密解密方法及装置
CN113282944B (zh) 智能锁开启方法、装置、电子设备及存储介质
CN104868998A (zh) 一种向电子设备供应加密数据的系统、设备和方法
CN112769789B (zh) 一种加密通信方法及系统
EP2065830B1 (fr) Système et procédé de contrôle d'accès à un dispositif
WO2019001588A1 (fr) Procédé et appareil de traitement de données, terminal, et support de stockage
CN110533128B (zh) 一种基于加密的防伪溯源数据处理方法、装置、系统及介质
KR102415628B1 (ko) Dim을 이용한 드론 인증 방법 및 장치
CN109302442B (zh) 一种数据存储证明方法及相关设备
US11463251B2 (en) Method for secure management of secrets in a hierarchical multi-tenant environment
CN116366289A (zh) 无人机遥感数据的安全监管方法及装置
JP2017108237A (ja) システム、端末装置、制御方法、およびプログラム
CN115037451B (zh) 数据保护方法及电子设备
CN110287725B (zh) 一种设备及其权限控制方法、计算机可读存储介质
CN114239065A (zh) 基于密钥的数据处理方法、电子设备及存储介质
CN116827691B (zh) 用于数据传输的方法及系统
JP7086163B1 (ja) データ処理システム
CN116052307A (zh) 一种开锁方法、系统、智能门锁及存储介质
CN115484593A (zh) 密钥找回方法、服务器及用户身份识别卡

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18823543

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18823543

Country of ref document: EP

Kind code of ref document: A1