WO2019090702A1 - Terminal security protection method and device - Google Patents

Terminal security protection method and device Download PDF

Info

Publication number
WO2019090702A1
WO2019090702A1 PCT/CN2017/110479 CN2017110479W WO2019090702A1 WO 2019090702 A1 WO2019090702 A1 WO 2019090702A1 CN 2017110479 W CN2017110479 W CN 2017110479W WO 2019090702 A1 WO2019090702 A1 WO 2019090702A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
security
security information
mode
security mode
Prior art date
Application number
PCT/CN2017/110479
Other languages
French (fr)
Chinese (zh)
Inventor
涂永峰
龙水平
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201780096669.7A priority Critical patent/CN111316269A/en
Priority to PCT/CN2017/110479 priority patent/WO2019090702A1/en
Publication of WO2019090702A1 publication Critical patent/WO2019090702A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present application relates to the field of communications, and in particular, to a security protection method and apparatus for a terminal.
  • the terminal can store various information of the user, such as contact information, financial information, work materials, personal privacy, and the like.
  • information of the user such as contact information, financial information, work materials, personal privacy, and the like.
  • the terminal leaves the user (such as lost, swimming, or bathing).
  • the terminal faces a variety of risks (such as the lock screen password is cracked, the message Being eavesdropped, etc.).
  • the information of the terminal can be remotely destroyed. It is also possible to set more complicated security information for the terminal and cooperate with the fingerprint password to improve the security of the terminal. However, using the above method may result in a large loss of information. At the same time, the risk of the terminal being cracked cannot be completely eliminated.
  • the embodiments of the present invention provide a security protection method and device for a terminal.
  • the terminal By enabling the terminal to enter a security mode, the security performance of the terminal when the user is in control is improved, and the information loss risk of the terminal is reduced.
  • an embodiment of the present invention provides a method for securing a terminal, which is used to protect terminal information security, and includes the following steps:
  • the terminal detects a first operation of the user, the first operation is for causing the terminal to enter a security mode; the security mode includes at least one of the following options: the terminal enters a screen lock state, in a first time period The screen cannot be unlocked, the terminal cannot perform a shutdown or restart operation; the terminal does not allow the flight mode to be activated; and the terminal is powered off, and the power-on operation is not allowed in the second time period. Therefore, the terminal can effectively ensure the security of the terminal under the control of the user in the security mode, thereby greatly reducing the security risk.
  • the method further includes: when the terminal enters a screen lock state for a time greater than or equal to a first threshold, the terminal automatically enters the security mode.
  • the method further includes: verifying the first security information before the terminal enters the security mode; the first security information includes at least one of the following options: a number, a graphic Password, and biometrics.
  • the method further includes: the first operation includes at least one of the following: a voice, a specific gesture, selecting a touch button, and operating a physical button.
  • the method further includes: in the security mode, at least one of a software function or a hardware function of the terminal is disabled.
  • the method further includes: the terminal device can be according to user requirements The user can set the protection of the security risks that the user pays attention to. In this way, the terminal security can be enhanced, the efficiency is improved, and the user is personalized.
  • the method further includes: the terminal detects a second operation, and the terminal exits the security mode.
  • the method further includes: before exiting the security mode, the terminal verifies the second security information, where the second security information is different from the first security information; the second security The information includes at least one of the following options: numbers, graphical passwords, and biometrics.
  • the second security information has a higher operational authority than the first security information, and the second security information needs to be verified when the terminal is powered on during the second time period. The implementation manner can effectively improve the security of the terminal, and can also facilitate the operation of the user.
  • the method further includes: if the terminal performs the operation prohibited in the security mode during the first time period or the second time period, the second verification is required. Security Information.
  • the method further includes: if the terminal does not set the second security information, the operation of the terminal in the security mode is prohibited.
  • the method further includes: before entering the security mode, the terminal verifies the first security information, otherwise the security mode cannot be entered.
  • the method further includes: the terminal may preset a time point, and when the preset time point is reached, the terminal automatically enters a security mode, and the terminal may also be improved in this manner.
  • Equipment security may be used to improve the terminal's performance of the terminal.
  • the method further includes: the terminal has an intelligent mode, and the terminal may enter the security mode according to the smart mode state, so that the flexibility of the terminal security protection may be improved.
  • the method further includes: the terminal recording the security log in the security mode, so that the user can query any event in the security mode to improve security.
  • the method further includes: when the terminal detects an abnormality, the terminal sends information to the matched terminal, and the user may process in time to reduce the loss.
  • an embodiment of the present invention provides a terminal, including: a detecting module, configured to detect a first operation of a user, where the first operation is used to enter the security mode; the security mode includes the following At least one of the options: the terminal enters a screen lock state, the screen cannot be unlocked during the first time period, the terminal cannot perform a shutdown or restart operation; the terminal does not allow the flight mode to be activated; and, the terminal Shutdown, the boot operation is not allowed during the second time period.
  • the terminal further includes: a verification module, configured to verify the first security information; the first security information includes at least one of the following options: a number, a graphic password, and a biometric.
  • the terminal further includes: a prohibiting module, configured to disable at least one of a software function or a hardware function of the terminal.
  • an embodiment of the present invention provides a terminal, including: one or more processors; one or more memories, where one or more computer programs are stored in the one or more memories, the one or more The computer program includes instructions that, when executed by the one or more processors, cause the terminal to perform any of the methods described in the first aspect above.
  • an embodiment of the present invention provides a computer program product including instructions, when the computer program
  • the serial product when run on an electronic device, causes the electronic device to perform the method described in the first aspect above.
  • an embodiment of the present invention provides a computer readable storage medium, including instructions, when the instruction is run on an electronic device, causing the electronic device to perform the method described in the first aspect above.
  • an embodiment of the present invention further provides a data processing system, including a module for performing the methods provided by the foregoing first aspect.
  • the solution provided by the present invention has better security performance, more applicable scenarios, and higher degree of personalization. If the user can customize the settings according to their own needs, the security risks that need to be concerned, and the software and hardware functions required for the restrictions.
  • the user can set a safe shutdown time to ensure that the terminal cannot be turned on after the user leaves for a period of time. At the same time, the user can also set a safe shutdown password. After the security shutdown state is completed or after the end, only the security shutdown password verification succeeds, the terminal can boot normally.
  • FIG. 1 is a block diagram showing a partial structure of a terminal according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for a terminal to enter a security mode according to an embodiment of the present invention
  • FIG. 3(a) is a flowchart of a method for a terminal to activate a security mode according to an embodiment of the present invention
  • FIG. 3(b) is a schematic diagram of a special gesture activation security mode according to an embodiment of the present invention.
  • FIG. 3(c) is a schematic diagram of a lock screen of a terminal in a secure mode according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for a self-activation security mode of a terminal according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a method for detecting an abnormality of a terminal according to an embodiment of the present invention
  • FIG. 6 is a flowchart of a method for shutting down a terminal in a secure mode according to an embodiment of the present invention
  • FIG. 6(b) is a schematic diagram of a shutdown interface in a secure mode according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a method for determining whether a user configures second security information according to an embodiment of the present invention
  • FIG. 8 is a flowchart of a method for verifying second security information in a terminal security mode shutdown according to an embodiment of the present invention
  • FIG. 9 is a flowchart of a method for setting a second time period according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of a method for booting in a second time period according to an embodiment of the present invention.
  • FIG. 11 is a block diagram of a terminal according to an embodiment of the present invention.
  • first, second, third, etc. may be used to describe various messages, requests, and terminals in the embodiments of the present invention, these messages, requests, and terminals should not be limited to these terms. These terms are only used to Messages, requests, and terminals are distinguished from one another.
  • a first terminal may also be referred to as a second terminal without departing from the scope of the embodiments of the present invention.
  • the second terminal may also be referred to as a first terminal.
  • the security protection method provided by the embodiment of the present invention is used to protect terminal information security.
  • the terminal can be, for example, a mobile phone, a tablet computer, a laptop computer, a digital camera, a personal digital assistant (PDA), a navigation device, a mobile Internet device (MID), or a wearable device. .
  • PDA personal digital assistant
  • MID mobile Internet device
  • FIG. 1 is a block diagram showing a partial structure of a terminal according to an embodiment of the present invention.
  • the terminal is described by taking the mobile phone 100 as an example.
  • the mobile phone 100 includes: a radio frequency (RF) circuit 110, a power source 120, a processor 130, a memory 140, an input unit 150, a display unit 160, a sensor 170, and audio.
  • the circuit 180 and a component such as a wireless fidelity (Wi-Fi) module 190.
  • Wi-Fi wireless fidelity
  • the components of the mobile phone 100 will be specifically described below with reference to FIG. 1 :
  • the RF circuit 110 can be used to send and receive information or to receive and transmit signals during a call.
  • the RF circuit 110 may send downlink data received from the base station to the processor 130 for processing, and send the uplink data to the base station.
  • RF circuits include, but are not limited to, RF chips, antennas, at least one amplifier, transceiver, coupler, Low Noise Amplifier (LNA), duplexer, RF switch, and the like.
  • LNA Low Noise Amplifier
  • RF circuitry 110 can also communicate wirelessly with networks and other devices.
  • the wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CodeDivision). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.
  • GSM Global System of Mobile communication
  • GPRS General Packet Radio Service
  • the memory 140 can be used to store software programs and modules, and the processor 130 executes various functional applications and data processing of the mobile phone 100 by running software programs and modules stored in the memory 140.
  • the memory 140 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the mobile phone 100 (such as audio data, phone book, etc.) and the like.
  • memory 140 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the memory 140 can also store a knowledge base, a tag library, and an algorithm library.
  • the input unit 150 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the handset 100.
  • the input unit 150 may include a touch panel 151 and other input devices 152.
  • the touch panel 151 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 151 or near the touch panel 151. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 151 may include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 130 is provided and can receive commands from the processor 130 and execute them. In addition, resistive, capacitive, infrared, and table can be used.
  • the touch panel 151 is implemented in various types such as surface acoustic waves.
  • the input unit 150 may also include other input devices 152.
  • other input devices 152 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 160 can be used to display information input by the user or information provided to the user and various menus of the mobile phone 100.
  • the display unit 160 may include a display panel 161.
  • the display panel 161 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 151 can cover the display panel 161. When the touch panel 151 detects a touch operation on or near the touch panel 151, the touch panel 151 transmits to the processor 130 to determine the type of the touch event, and then the processor 130 according to the touch event. The type provides a corresponding visual output on display panel 161.
  • the touch panel 151 and the display panel 161 are two independent components to implement the input and input functions of the mobile phone 100 in FIG. 1, in some embodiments, the touch panel 151 may be integrated with the display panel 161. The input and output functions of the mobile phone 100 are implemented.
  • the handset 100 can also include at least one type of sensor 170, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 161 according to the brightness of the ambient light, and the proximity sensor may close the display panel 161 when the mobile phone 100 moves to the ear. / or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping).
  • the mobile phone 100 can also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, and the like, and will not be described herein.
  • the audio circuit 180, the speaker 181, and the microphone 182 can provide an audio interface between the user and the handset 100.
  • the audio circuit 180 can transmit the converted electrical data of the received audio data to the speaker 181 for conversion to the sound signal output by the speaker 181; on the other hand, the microphone 182 converts the collected sound signal into an electrical signal by the audio circuit 180. After receiving, it is converted into audio data, and then the audio data is output to the RF circuit 110 for transmission to, for example, another mobile phone, or the audio data is output to the memory 140 for further processing.
  • Wi-Fi is a short-range wireless transmission technology.
  • the mobile phone 100 can help users to send and receive emails, browse web pages, and access streaming media through the Wi-Fi module 190, which provides users with wireless broadband Internet access.
  • FIG. 1 shows the Wi-Fi module 190, it can be understood that it does not belong to the essential configuration of the mobile phone 100, and may be omitted as needed within the scope of not changing the essence of the invention.
  • the processor 130 is the control center of the handset 100, which connects various portions of the entire handset using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 140, and recalling data stored in the memory 140, The various functions and processing data of the mobile phone 100 are executed, thereby realizing various services based on the mobile phone.
  • the processor 130 may include one or more processing units; preferably, the processor 130 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 130.
  • the processor 130 may execute program instructions stored in the memory 140 to implement the method shown in the following embodiments.
  • the mobile phone 100 also includes a power source 120 (such as a battery) that supplies power to various components, and the power source can pass through the power tube.
  • the system is logically coupled to the processor 130 to manage functions such as charging, discharging, and power consumption through a power management system.
  • the mobile phone 100 may further include a camera, a Bluetooth module, and the like, and details are not described herein.
  • the embodiment of the present invention provides a method for security protection of a terminal. As shown in FIG. 2, the method in this embodiment includes:
  • Step 201 The terminal detects the first operation
  • Step 202 verifies the first security information, and the terminal enters a security mode.
  • Step 203 after the terminal enters the security mode, detecting the second operation
  • Step 204 if the time to enter the security mode exceeds the first time period, the process proceeds to step 205; if the time to enter the security mode is within the first time period, the process proceeds to step 206;
  • Step 205 the terminal outputs the exit security mode
  • Step 206 The terminal inputs the second security information, and exits the security mode after the verification succeeds.
  • the execution subject of the embodiment of the present invention is a terminal, and the terminal includes an electronic device having communication capability, such as a smart phone, a tablet computer, and a navigation device.
  • an electronic device having communication capability such as a smart phone, a tablet computer, and a navigation device.
  • the first operation described in step 201 includes at least one of the following options: voice, specific gesture, selection of touch button, and operation of physical button.
  • voice and specific gestures can be preset by the terminal or can be customized by the user.
  • the physical button can be operated as a single button or a combination of buttons.
  • the touch button can be a virtual button on the display of the terminal.
  • the user simultaneously presses the power button and volume button of the terminal, and the terminal enters a safe mode.
  • the first security information in step 202 includes at least one of the following options: a number, a graphic password, and a biometric (including but not limited to fingerprint, iris recognition, face recognition) At least one of them.
  • the first security information is used to verify that the terminal enters a security mode. For example, when the terminal detects the first operation, the user is required to input a fingerprint, and when the fingerprint verification is correct, the terminal enters a screen lock state.
  • the first time period may be a certain length of time, for example, 10 minutes.
  • the terminal After the terminal enters the security mode for more than 10 minutes, after receiving the instruction to exit the security mode, the terminal exits. Safe mode. If the terminal enters the security mode for less than 10 minutes, after receiving the instruction to exit the security mode, the terminal needs to successfully verify the second security information before exiting the security mode.
  • the first time period may also be a specific time period, for example, a time period of 14:10 to 14:30, after receiving the instruction to exit the security mode, if the current time is At 14:35, the terminal exits the security mode. After receiving the instruction to exit the security mode, if the current time is 14:20, the terminal needs to successfully verify the second security information before exiting the security mode.
  • the security mode described in step 201 includes at least one of the following options: the terminal enters a screen lock state, and in the first time period, the screen cannot be unlocked, and the terminal cannot Perform a shutdown or restart operation; or do not allow to start the flight mode; or do not allow the power on operation during the second time period.
  • the second time period may be a certain length of time, or may be a specific time period, and the second time period may be the same as or different from the first time period.
  • the security mode further includes that at least one of a software function or a hardware function of the terminal is disabled.
  • the restriction software function includes, but is not limited to, the terminal cannot change the mute setting (including mute, vibration, or normal volume), cannot use any payment software, turn off the lock screen camera and camera function, and the like.
  • the limiting hardware functions include, but are not limited to, turning off the communication module, the GPS/Beidou satellite positioning module, not performing the mobile network location area update or the different system switching, and prohibiting the automatic connection of the open Wi-Fi hotspot or the saved Wi-Fi hotspot saved by itself. Turn off the mobile network data service function, close the audio interface, close the SD card interface, and turn off the Universal Serial Bus (USB) or other data line interface.
  • USB Universal Serial Bus
  • the terminal is in a secure mode to enhance security risk protection by disabling software and hardware functions.
  • the security risks include, but are not limited to, the flight mode of the third-party activated terminal, shutdown or restart (which may result in the terminal not being in the network, unable to call in), and the third party resets the terminal to the vibration or normal volume (when the call is incoming)
  • the vibration or ringing is regarded as an interference.
  • the third party uses Near Field Communication (NFC) to repeatedly charge the card.
  • NFC Near Field Communication
  • the terminal may set a risk option to select when configuring the security mode information, and the risk option may include the risks described in the foregoing embodiments, such as property risk, communication risk, and the like.
  • the second security information in step 204 is different from the first security information, and the second security information includes at least one of the following options: a number, a graphic password, and a biometric.
  • the second security information is used by the terminal to exit the security mode.
  • the second security information has a higher operational authority, and can enable the terminal to exit the security mode in advance.
  • the terminal has a record security log function in the security mode, where the security log record content includes, but is not limited to, operations and abnormalities of the terminal.
  • the security log is stored in the terminal and can be viewed by a user.
  • the security log may be customized by a user, including but not limited to a SIM/SD card being pulled out, the terminal repeatedly unlocking, reading, copying or sending out sensitive information, installing software .
  • FIG. 3(a) is a specific example of the first operation provided on the basis of the foregoing step 201.
  • the method steps include:
  • Step 301 The user clicks the security mode switch on the screen or draws a specific gesture on the terminal screen, and sends instruction information for activating the security mode to the terminal;
  • Step 302 the terminal determines whether to set the first security information, if the setting jumps to step 304, if not set, then jump to step 303;
  • Step 303 If the first security information is not set, the user is required to configure the first security information, and the terminal enters the security mode after configuring the first security information.
  • step 304 the terminal directly enters a security mode.
  • the terminal acquires a specific gesture drawn by the user on the screen of the terminal in step 301, when the specific gesture is the same as the specific gesture stored in the terminal, The terminal enters safe mode.
  • the specific gesture of the activation security mode may also be changed by the user through the operating system, and when the new specific gesture is successfully set, the original specific gesture is invalid.
  • the user may also choose not to set the first security information, and after detecting the first operation of the user, the terminal directly enters the security mode.
  • FIG. 3(b) is a flowchart of an implementation method for activating a security mode using a specific gesture according to another embodiment of the present invention.
  • the terminal presents an interface 305, and the interface 305 is in a screen unlock state.
  • the terminal receives activation security.
  • the mode command the terminal enters the security mode.
  • the interface 307 presented by the terminal is that the terminal enters a screen lock state in the security mode.
  • FIG. 4 is a flowchart of a self-activation method of a terminal security mode according to another embodiment of the present invention. As shown in FIG. 4, the method in this embodiment includes:
  • Step 401 the terminal enters a screen lock state
  • Step 402 The time when the terminal screen is locked is greater than or equal to the first threshold
  • step 403 the terminal enters a security mode.
  • the first threshold in step 402 is set by the terminal, and when the time to enter the screen lock state is greater than or equal to the first threshold, the terminal activates itself and enters a safe mode state. .
  • the terminal when the screen locking time reaches the first threshold, the terminal needs to input security information for verification before entering the security mode.
  • FIG. 5 is a flowchart of a method for detecting an interface anomaly according to another embodiment of the present invention. As shown in FIG. 5, the method in this embodiment includes:
  • Step 501 The terminal matches another terminal.
  • Step 502 after entering the security mode, detecting that an abnormality occurs on the interface;
  • Step 503 The terminal sends notification information to the matched terminal.
  • the terminal in step 501 of this embodiment includes, but is not limited to, a mobile phone, a tablet computer, a smart wearable device, and the like.
  • the method for configuring the matching terminal in this embodiment includes pre-storing the identifier of the configured terminal in the terminal to implement matching.
  • the identifier includes, but is not limited to, a telephone number or an International Mobile Subscriber Identification Number (IMSI)/International Mobile Equipment Identity (IMEI).
  • IMSI International Mobile Subscriber Identification Number
  • IMEI International Mobile Equipment Identity
  • the terminal matching method further includes performing, by using a wireless communication manner such as Bluetooth, Wi-Fi, or NFC. Further, the terminal can match one or more other terminals.
  • a wireless communication manner such as Bluetooth, Wi-Fi, or NFC.
  • the terminal turns on Bluetooth and pairs with another terminal, and the two terminals complete the matching.
  • the notification information includes, but is not limited to, an abnormal code, location information, and time information.
  • the notification is immediately sent.
  • the information is sent to the matching terminal, for example, by using a short message or a data service, and the user can immediately report the lost SIM card after receiving the notification information, or recover the mobile phone as much as possible according to the notification information.
  • the terminal in the security mode, when the terminal detects that a USB device is inserted, the terminal immediately sends the notification information to the matching terminal.
  • the terminal may be associated with a software or network platform account, an email account, and in the secure mode, when the terminal detects an abnormality, sending the notification information to the corresponding account.
  • the manner in which the terminal sends the notification information to the matching terminal includes, but is not limited to, a short message, and the message is sent through social software or instant messaging software, and the email is sent.
  • the terminal in the security mode, when the terminal detects that the interface part is damaged or modified, the terminal sends notification information to the matching terminal.
  • the terminal in the security mode, records all the detected interface abnormalities into the security log, and the recorded content includes but is not limited to the abnormal type, the time when the abnormality occurs, and the location information.
  • the embodiment of the present invention provides a terminal shutdown method in a security mode. As shown in FIG. 6(a), the method in this embodiment includes:
  • Step 601 the terminal sets a second time period
  • Step 602 The terminal detects a first operation
  • step 603 the terminal is shut down, and the booting operation is not allowed in the second time period
  • Step 604 reaches a second period of time, and the terminal can normally perform power on/off.
  • the second time period may be preset when the terminal is shipped from the factory or manually set by the user. Specifically, if the user does not set the second time period when the user is turned off, the terminal prompts the user to perform the setting before the shutdown operation.
  • FIG. 6(b) is a schematic diagram of a specific operation interface for shutting down in the safe mode.
  • 605 is a power button
  • 606 is a terminal entering a flight mode option
  • 607 is a terminal entering a mute option
  • 608 is a terminal.
  • Terminal restart option 609 is the shutdown option
  • 610 is the shutdown option in safe mode.
  • the terminal detects that the power button 605 is pressed or pressed or other physical buttons are pressed in combination, and after reaching the preset time of the terminal, the terminal presents the image shown in FIG. 6(b). In the interface shown, after the user clicks the safe shutdown option 610, the terminal enters the safe mode and shuts down.
  • FIG. 7 provides a specific method for determining whether the user configures the first security information in the security mode, the user is shut down.
  • the method includes:
  • Step 701 The terminal detects the first operation, where the first operation may be a click security shutdown option 610, and the terminal receives an instruction to initiate a safe shutdown.
  • Step 702 The terminal determines whether the first security information is set.
  • Step 703 The security information is not set, and the terminal requires the user to configure the first security information.
  • step 704 the terminal is powered off.
  • FIG. 8 provides a method for requiring the first security information verification to perform shutdown.
  • the method includes:
  • Step 801 the terminal detects the first operation, and the first operation may be a click security shutdown option 610, at which time the terminal receives an instruction to initiate a safe shutdown;
  • Step 802 Verify the first security information, and if the verification fails, re-enter the verification;
  • Step 803 verifying that the first security information is correct, and the terminal is powered off.
  • the security information input limit may be set. After the input error exceeds a certain limit, the terminal enters a locked state, and when the locked state limited time is reached, the terminal may perform a re-operation.
  • FIG. 9 provides a terminal security protection method.
  • the method includes:
  • Step 901 in the security mode, the terminal is powered off
  • Step 902 it is determined whether the time when the terminal enters the safe shutdown state is in the second time period, if the second time period jumps to step 904, if not in the second time period, the process proceeds to step 903;
  • Step 903 exiting the safe shutdown mode, and the terminal may perform a booting operation when receiving the booting instruction
  • Step 904 the terminal is not allowed to perform a booting operation and maintain a safe shutdown state
  • the terminal sets a timer to set a safe shutdown time.
  • the timer does not overflow, and the power-on signal cannot be sent, only after the second time period is reached.
  • the timer overflows, the power-on signal can be sent normally, and the terminal can be powered on normally.
  • FIG. 10 provides a method for the user to boot in the second time period.
  • the method includes:
  • Step 1001 The terminal receives a booting instruction within a second time period
  • Step 1002 Verify the second security information. If the verification is incorrect, go to step 1003. If the verification is correct, go to step 1005.
  • Step 1003 When the second security information is incorrect and does not exceed the limited number of times, the process jumps to step 1002. If the number of times exceeds the limit, the process jumps to step 1004.
  • step 1004 the terminal continues to be in the security mode and prohibits the booting operation
  • step 1005 the terminal exits the security mode, and the terminal starts up normally.
  • step 1004 if the user verifies that the second security information is incorrect more than a certain number of times (for example, three times), the terminal screen is locked and the power-on operation is no longer accepted.
  • the embodiment of the present invention provides a terminal 1100.
  • the terminal 1100 includes a detection module 1101, a verification module 1102, and a prohibition module 1103.
  • the detecting module 1101 is configured to detect a first operation and a second operation of the user, where the first operation is used to enter the security mode, and the second operation is used to enable the terminal to exit the security mode; 1102.
  • the first security information and the second security information are used for verification.
  • the prohibition module 1103 is configured to disable at least one of a software function or a hardware function of the terminal.
  • the detection and detection module 1101 is connected to the verification module 1102.
  • the verification module 1102 responds to request the user to perform security information verification.
  • the forbidden module 1103, in the security mode prohibits the terminal from being shut down or restarted during the first time period; in the second time period, prohibiting the When the terminal security information error exceeds a certain threshold, the prohibition module 1103 locks the terminal and prohibits the operation.
  • the embodiment of the present invention further provides a computer storage medium for storing the computer software instructions used in the foregoing method and apparatus for implementing terminal security protection shown in FIG. 1-11, which is configured to perform the foregoing method embodiment. code.
  • the embodiment of the invention also provides a computer program product.
  • the computer program product includes computer software instructions that are loadable by a processor to implement the methods of the above method embodiments.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • the functions described herein can be implemented in hardware, software, firmware, or any combination thereof.
  • the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a general purpose or special purpose computer.

Abstract

The present application relates to the field of terminals, and in particular, to a terminal security protection method. In the terminal security protection method, secure-mode information is configured according to potential risks in respect of the terminal, and the secure mode of the terminal is established according to the configured secure-mode information. The terminal security protection method comprises a secure switch-off method, that is, setting a secure switch-off period during which the terminal does not accept switch-on operations. Through the solution provided by the present application, it is possible to effectively ensure terminal security in cases where the terminal is out of the control of the user.

Description

一种终端的安全保护方法及装置Terminal security protection method and device 技术领域Technical field
本申请涉及通信领域,尤其涉及一种终端的安全保护方法及装置。The present application relates to the field of communications, and in particular, to a security protection method and apparatus for a terminal.
背景技术Background technique
随着信息技术的发展,以手机为代表的智能终端的兴起,为人们的生活提供了极大地方便。目前,终端可以存储用户的多种信息,如联系方式,财务信息,工作资料,个人隐私等。但是,在日常的生活工作中,经常存在终端离开用户掌控的情况(如遗失,游泳健身或洗浴时寄存),在这种情况下,终端会面临很多种风险(如锁屏密码被破解、消息被窃听等)。With the development of information technology, the rise of smart terminals represented by mobile phones has greatly facilitated people's lives. Currently, the terminal can store various information of the user, such as contact information, financial information, work materials, personal privacy, and the like. However, in daily life and work, there are often situations in which the terminal leaves the user (such as lost, swimming, or bathing). In this case, the terminal faces a variety of risks (such as the lock screen password is cracked, the message Being eavesdropped, etc.).
目前为了防止终端受到上述风险的威胁,当终端遗失时,可以对终端的信息进行远程销毁。也可以对终端设置更为复杂的安全信息并配合指纹密码,提高终端安全性。但是采用上述方式可能会造成较大的信息损失。同时,也不能完全的消除终端被破解的风险。At present, in order to prevent the terminal from being threatened by the above risks, when the terminal is lost, the information of the terminal can be remotely destroyed. It is also possible to set more complicated security information for the terminal and cooperate with the fingerprint password to improve the security of the terminal. However, using the above method may result in a large loss of information. At the same time, the risk of the terminal being cracked cannot be completely eliminated.
发明内容Summary of the invention
本发明实施例提供了一种终端的安全保护方法和装置,通过使终端进入安全模式,提升终端脱离用户掌控时的安全性能,降低终端的信息损失风险。The embodiments of the present invention provide a security protection method and device for a terminal. By enabling the terminal to enter a security mode, the security performance of the terminal when the user is in control is improved, and the information loss risk of the terminal is reduced.
第一方面,本发明的实施例提供了一种终端的安全保护的方法,用于保护终端信息安全,包括以下步骤:In a first aspect, an embodiment of the present invention provides a method for securing a terminal, which is used to protect terminal information security, and includes the following steps:
终端检测到用户的第一操作,所述第一操作用于使所述终端进入安全模式;所述安全模式包括以下选项中的至少一种:所述终端进入屏幕锁定状态,在第一时间段内,屏幕不能解锁,所述终端不能进行关机或重启操作;所述终端不允许启动飞行模式;和,所述终端关机,在第二时间段内不允许进行开机操作。由此,终端在安全模式下可以有效的保证终端在脱离用户掌控情况下的安全,极大降低了安全风险。The terminal detects a first operation of the user, the first operation is for causing the terminal to enter a security mode; the security mode includes at least one of the following options: the terminal enters a screen lock state, in a first time period The screen cannot be unlocked, the terminal cannot perform a shutdown or restart operation; the terminal does not allow the flight mode to be activated; and the terminal is powered off, and the power-on operation is not allowed in the second time period. Therefore, the terminal can effectively ensure the security of the terminal under the control of the user in the security mode, thereby greatly reducing the security risk.
在一种可能的实现方式中,所述方法还包括:所述终端进入屏幕锁定状态的时间大于等于第一阈值时,所述终端自动进入所述安全模式。In a possible implementation manner, the method further includes: when the terminal enters a screen lock state for a time greater than or equal to a first threshold, the terminal automatically enters the security mode.
在另一种可能的实现方式中,所述方法还包括:所述终端进入所述安全模式前,验证第一安全信息;所述第一安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。In another possible implementation manner, the method further includes: verifying the first security information before the terminal enters the security mode; the first security information includes at least one of the following options: a number, a graphic Password, and biometrics.
在另一种可能的实现方式中,所述方法还包括:所述第一操作包括以下选项中的至少一种:语音、特定手势、选择触摸按键和操作物理按键。In another possible implementation manner, the method further includes: the first operation includes at least one of the following: a voice, a specific gesture, selecting a touch button, and operating a physical button.
在另一种可能的实现方式中,所述方法还包括:在安全模式下,所述终端的软件功能或硬件功能中的至少一种功能被禁用。通过这种实现方式可以更好地提高终端设备的安全性,便于用户个性化设置。In another possible implementation manner, the method further includes: in the security mode, at least one of a software function or a hardware function of the terminal is disabled. Through this implementation, the security of the terminal device can be better improved, and the user can be personalized.
在另一种可能的实现方式中,所述方法还包括:所述终端设备可以根据用户需求 自行设置对用户关注的安全风险进行保护,通过这种方式可以有针对性的加强终端安全,提高效率,便于用户个性化设置。In another possible implementation, the method further includes: the terminal device can be according to user requirements The user can set the protection of the security risks that the user pays attention to. In this way, the terminal security can be enhanced, the efficiency is improved, and the user is personalized.
在另一种可能的实现方式中,所述方法还包括:所述终端检测到第二操作,所述终端退出安全模式。In another possible implementation manner, the method further includes: the terminal detects a second operation, and the terminal exits the security mode.
在另一种可能的实现方式中,所述方法还包括:退出安全模式前,所述终端验证第二安全信息,所述第二安全信息与所述第一安全信息不同;所述第二安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。其中所述第二安全信息相比所述第一安全信息具有更高的操作权限,当在所述第二时间段内对所述终端进行开机操作时需要验证所述第二安全信息,通过这种实现方式可以有效提高所述终端的安全性,同时也可以便于用户的操作。In another possible implementation manner, the method further includes: before exiting the security mode, the terminal verifies the second security information, where the second security information is different from the first security information; the second security The information includes at least one of the following options: numbers, graphical passwords, and biometrics. The second security information has a higher operational authority than the first security information, and the second security information needs to be verified when the terminal is powered on during the second time period. The implementation manner can effectively improve the security of the terminal, and can also facilitate the operation of the user.
在另一种可能的实现方式中,所述方法还包括:所述终端在所述第一时间段内或所述第二时间段内,如果执行安全模式下所禁止的操作,需要验证第二安全信息。In another possible implementation manner, the method further includes: if the terminal performs the operation prohibited in the security mode during the first time period or the second time period, the second verification is required. Security Information.
在另一种可能的实现方式中,所述方法还包括:若所述终端未设置所述第二安全信息,则所述终端在安全模式下的操作被禁止。In another possible implementation manner, the method further includes: if the terminal does not set the second security information, the operation of the terminal in the security mode is prohibited.
在另一种可能的实现方式中,所述方法还包括:进入安全模式前,终端验证第一安全信息,否则不能进入安全模式。In another possible implementation manner, the method further includes: before entering the security mode, the terminal verifies the first security information, otherwise the security mode cannot be entered.
在另一种可能的实现方式中,所述方法还包括:所述终端可以预设一个时间点,到达预设的时间点时,所述终端自动进入安全模式,通过这种方式也可以提高终端设备的安全性。In another possible implementation manner, the method further includes: the terminal may preset a time point, and when the preset time point is reached, the terminal automatically enters a security mode, and the terminal may also be improved in this manner. Equipment security.
在另一种可能的实现方式中,所述方法还包括:所述终端具有智能模式,所述终端可以根据智能模式状态进入安全模式,这样可以提高所述终端安全保护的灵活性。In another possible implementation manner, the method further includes: the terminal has an intelligent mode, and the terminal may enter the security mode according to the smart mode state, so that the flexibility of the terminal security protection may be improved.
在另一种可能的实现方式中,所述方法还包括:所述终端在安全模式下记录安全日志,便于用户查询安全模式下的任何事件,提高安全性。In another possible implementation manner, the method further includes: the terminal recording the security log in the security mode, so that the user can query any event in the security mode to improve security.
在另一种可能的实现方式中,所述方法还包括:当终端检测到异常时,所述终端向匹配的终端发送信息,用户可以及时处理,降低损失。In another possible implementation manner, the method further includes: when the terminal detects an abnormality, the terminal sends information to the matched terminal, and the user may process in time to reduce the loss.
第二方面,本发明的实施例提供了一种终端,包括:检测模块,用于检测用户的第一操作,所述第一操作用于使所述终端进入安全模式;所述安全模式包括以下选项中的至少一种:所述终端进入屏幕锁定状态,在第一时间段内,屏幕不能解锁,所述终端不能进行关机或重启操作;所述终端不允许启动飞行模式;和,所述终端关机,在第二时间段内不允许进行开机操作。In a second aspect, an embodiment of the present invention provides a terminal, including: a detecting module, configured to detect a first operation of a user, where the first operation is used to enter the security mode; the security mode includes the following At least one of the options: the terminal enters a screen lock state, the screen cannot be unlocked during the first time period, the terminal cannot perform a shutdown or restart operation; the terminal does not allow the flight mode to be activated; and, the terminal Shutdown, the boot operation is not allowed during the second time period.
在一种可能的实现方式中,所述终端还包括:验证模块,用于验证第一安全信息;所述第一安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。In a possible implementation manner, the terminal further includes: a verification module, configured to verify the first security information; the first security information includes at least one of the following options: a number, a graphic password, and a biometric.
在另一种可能的实现方式中,所述终端还包括:禁止模块,用于禁用所述终端的软件功能或硬件功能中的至少一种功能。In another possible implementation manner, the terminal further includes: a prohibiting module, configured to disable at least one of a software function or a hardware function of the terminal.
第三方面,本发明实施例提供一种终端,包括:一个或多个处理器;一个或多个存储器,所述一个或多个存储器中存储有一个或多个计算机程序,所述一个或多个计算机程序包括指令,当所述指令被所述一个或多个处理器执行时,使得所述终端执行上述第一方面中所述的任一方法。In a third aspect, an embodiment of the present invention provides a terminal, including: one or more processors; one or more memories, where one or more computer programs are stored in the one or more memories, the one or more The computer program includes instructions that, when executed by the one or more processors, cause the terminal to perform any of the methods described in the first aspect above.
第四方面,本发明实施例提供一种包含指令的计算机程序产品,当所述计算机程 序产品在电子设备上运行时,使得所述电子设备执行上述第一方面所述的方法。In a fourth aspect, an embodiment of the present invention provides a computer program product including instructions, when the computer program The serial product, when run on an electronic device, causes the electronic device to perform the method described in the first aspect above.
第五方面,本发明实施例提供一种计算机可读存储介质,包括指令,当所述指令在电子设备上运行时,使得所述电子设备执行上述第一方面所述的方法。In a fifth aspect, an embodiment of the present invention provides a computer readable storage medium, including instructions, when the instruction is run on an electronic device, causing the electronic device to perform the method described in the first aspect above.
第六方面,本发明实施例还提供了一种数据处理系统,包括用于执行上述第一方面提供的各方法的模块。In a sixth aspect, an embodiment of the present invention further provides a data processing system, including a module for performing the methods provided by the foregoing first aspect.
较于现有技术,本发明提供的方案安全性能性更好,可应用场景多,个性化程度高。如用户可以根据自身需求,在操作系统中,自定义设置所需要关注的安全风险,和所需限制的软件和硬件功能。用户在离开终端时,可以设置安全关机时间,保证在用户离开一段时间内,终端无法开机。同时,用户也可以设置安全关机密码,在安全关机状态下或结束后,只有安全关机密码验证成功后,所述终端才可以正常开机。Compared with the prior art, the solution provided by the present invention has better security performance, more applicable scenarios, and higher degree of personalization. If the user can customize the settings according to their own needs, the security risks that need to be concerned, and the software and hardware functions required for the restrictions. When the user leaves the terminal, the user can set a safe shutdown time to ensure that the terminal cannot be turned on after the user leaves for a period of time. At the same time, the user can also set a safe shutdown password. After the security shutdown state is completed or after the end, only the security shutdown password verification succeeds, the terminal can boot normally.
本发明的这些和其它方面在以下(多个)实施例的描述中会更加简明易懂。These and other aspects of the invention will be more apparent from the following description of the embodiments.
附图说明DRAWINGS
图1为本发明实施例提供的一种终端的部分结构框图;1 is a block diagram showing a partial structure of a terminal according to an embodiment of the present invention;
图2为本发明实施例提供的终端进入安全模式的方法流程图;2 is a flowchart of a method for a terminal to enter a security mode according to an embodiment of the present invention;
图3(a)为本发明实施例提供的终端激活安全模式的方法流程图;FIG. 3(a) is a flowchart of a method for a terminal to activate a security mode according to an embodiment of the present invention;
图3(b)为本发明实施例提供的特殊手势激活安全模式示意图;FIG. 3(b) is a schematic diagram of a special gesture activation security mode according to an embodiment of the present invention;
图3(c)为本发明实施例提供的终端在安全模式下的锁屏示意图;FIG. 3(c) is a schematic diagram of a lock screen of a terminal in a secure mode according to an embodiment of the present invention;
图4为本发明实施例提供的终端自激活安全模式方法的流程图;4 is a flowchart of a method for a self-activation security mode of a terminal according to an embodiment of the present invention;
图5为本发明实施例提供的终端检测异常方法的流程图;FIG. 5 is a flowchart of a method for detecting an abnormality of a terminal according to an embodiment of the present invention;
图6(a)本发明实施例提供的终端在安全模式下关机方法的流程图;FIG. 6 is a flowchart of a method for shutting down a terminal in a secure mode according to an embodiment of the present invention;
图6(b)本发明实施例提供的安全模式下关机界面的示意图;FIG. 6(b) is a schematic diagram of a shutdown interface in a secure mode according to an embodiment of the present invention;
图7示出本发明实施例提供的判断用户是否配置第二安全信息方法的流程图;FIG. 7 is a flowchart of a method for determining whether a user configures second security information according to an embodiment of the present invention;
图8示出本发明实施例提供的终端安全模式关机下验证第二安全信息方法的流程图;FIG. 8 is a flowchart of a method for verifying second security information in a terminal security mode shutdown according to an embodiment of the present invention;
图9示出本发明实施例提供的设置第二时间段方法的流程图;FIG. 9 is a flowchart of a method for setting a second time period according to an embodiment of the present invention;
图10示出本发明实施例提供的在第二时间段内开机方法的流程图;FIG. 10 is a flowchart of a method for booting in a second time period according to an embodiment of the present invention;
图11示出本发明实施例提供的一种终端的框图。FIG. 11 is a block diagram of a terminal according to an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合附图,对本发明的实施例进行描述。Embodiments of the present invention will be described below with reference to the accompanying drawings.
在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。本文中字符“/”,一般表示前后关联对象是一种“或”的关系。The terms used in the embodiments of the present invention are for the purpose of describing particular embodiments only and are not intended to limit the invention. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The character "/" in this article generally indicates that the contextual object is an "or" relationship.
应当理解,尽管在本发明实施例中可能采用术语第一、第二、第三等来描述各种消息、请求和终端,但这些消息、请求和终端不应限于这些术语。这些术语仅用来将 消息、请求和终端彼此区分开。例如,在不脱离本发明实施例范围的情况下,第一终端也可以被称为第二终端,类似地,第二终端也可以被称为第一终端。It should be understood that although the terms first, second, third, etc. may be used to describe various messages, requests, and terminals in the embodiments of the present invention, these messages, requests, and terminals should not be limited to these terms. These terms are only used to Messages, requests, and terminals are distinguished from one another. For example, a first terminal may also be referred to as a second terminal without departing from the scope of the embodiments of the present invention. Similarly, the second terminal may also be referred to as a first terminal.
本发明实施例提供的安全保护方法,用于保护终端信息安全。该终端例如可以为:移动电话、平板电脑、膝上型电脑、数码相机、个人数字助理(personal digital assistant,PDA)、导航装置、移动上网装置(Mobile Internet Device,MID)或可穿戴式设备等。The security protection method provided by the embodiment of the present invention is used to protect terminal information security. The terminal can be, for example, a mobile phone, a tablet computer, a laptop computer, a digital camera, a personal digital assistant (PDA), a navigation device, a mobile Internet device (MID), or a wearable device. .
图1为本发明实施例提供的终端的部分结构框图。该终端以手机100为例进行说明,参考图1,手机100包括:射频(Radio Frequency,RF)电路110、电源120、处理器130、存储器140、输入单元150、显示单元160、传感器170、音频电路180、以及无线保真(wireless fidelity,Wi-Fi)模块190等部件。本领域技术人员可以理解,图1中示出的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。FIG. 1 is a block diagram showing a partial structure of a terminal according to an embodiment of the present invention. The terminal is described by taking the mobile phone 100 as an example. Referring to FIG. 1 , the mobile phone 100 includes: a radio frequency (RF) circuit 110, a power source 120, a processor 130, a memory 140, an input unit 150, a display unit 160, a sensor 170, and audio. The circuit 180, and a component such as a wireless fidelity (Wi-Fi) module 190. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 1 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different components may be arranged.
下面结合图1对手机100的各个构成部件进行具体的介绍:The components of the mobile phone 100 will be specifically described below with reference to FIG. 1 :
RF电路110可用于收发信息或在通话过程中进行信号的接收和发送。例如:RF电路110可以将从基站接收的下行数据发送给处理器130处理,并把上行数据发送给基站。通常,RF电路包括但不限于RF芯片、天线、至少一个放大器、收发信机、耦合器、低噪声放大器(Low Noise Amplifier,LNA)、双工器、射频开关等。此外,RF电路110还可以与网络和其他设备进行无线通信。所述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(Global System of Mobile communication,GSM)、通用分组无线服务(General Packet Radio Service,GPRS)、码分多址(CodeDivision Multiple Access,CDMA)、宽带码分多址(Wideband Code Division MultipleAccess,WCDMA)、长期演进(Long Term Evolution,LTE)、电子邮件、短消息服务(Short Messaging Service,SMS)等。The RF circuit 110 can be used to send and receive information or to receive and transmit signals during a call. For example, the RF circuit 110 may send downlink data received from the base station to the processor 130 for processing, and send the uplink data to the base station. Generally, RF circuits include, but are not limited to, RF chips, antennas, at least one amplifier, transceiver, coupler, Low Noise Amplifier (LNA), duplexer, RF switch, and the like. In addition, RF circuitry 110 can also communicate wirelessly with networks and other devices. The wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CodeDivision). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.
存储器140可用于存储软件程序以及模块,处理器130通过运行存储在存储器140的软件程序以及模块,从而执行手机100的各种功能应用以及数据处理。存储器140可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机100的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器140可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。存储器140还可以存储知识库、标签库和算法库。The memory 140 can be used to store software programs and modules, and the processor 130 executes various functional applications and data processing of the mobile phone 100 by running software programs and modules stored in the memory 140. The memory 140 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the mobile phone 100 (such as audio data, phone book, etc.) and the like. Moreover, memory 140 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The memory 140 can also store a knowledge base, a tag library, and an algorithm library.
输入单元150可用于接收输入的数字或字符信息,以及产生与手机100的用户设置以及功能控制有关的键信号输入。具体地,输入单元150可包括触控面板151以及其他输入设备152。触控面板151,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板151上或在触控面板151附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触控面板151可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器130,并能接收处理器130发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表 面声波等多种类型实现触控面板151。除了触控面板151,输入单元150还可以包括其他输入设备152。具体地,其他输入设备152可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 150 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the handset 100. Specifically, the input unit 150 may include a touch panel 151 and other input devices 152. The touch panel 151, also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 151 or near the touch panel 151. Operation), and drive the corresponding connecting device according to a preset program. Optionally, the touch panel 151 may include two parts: a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 130 is provided and can receive commands from the processor 130 and execute them. In addition, resistive, capacitive, infrared, and table can be used. The touch panel 151 is implemented in various types such as surface acoustic waves. In addition to the touch panel 151, the input unit 150 may also include other input devices 152. Specifically, other input devices 152 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元160可用于显示由用户输入的信息或提供给用户的信息以及手机100的各种菜单。显示单元160可包括显示面板161,可选的,可以采用液晶显示屏(liquid crystal display,LCD)、机电激光显示(organic light-emitting diode,OLED)等形式来配置显示面板161。进一步的,触控面板151可覆盖显示面板161,当触控面板151检测到在其上或附近的触摸操作后,传送给处理器130以确定触摸事件的类型,随后处理器130根据触摸事件的类型在显示面板161上提供相应的视觉输出。虽然在图1中,触控面板151与显示面板161是作为两个独立的部件来实现手机100的输入和输入功能,但是在某些实施例中,可以将触控面板151与显示面板161集成而实现手机100的输入和输出功能。The display unit 160 can be used to display information input by the user or information provided to the user and various menus of the mobile phone 100. The display unit 160 may include a display panel 161. Alternatively, the display panel 161 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 151 can cover the display panel 161. When the touch panel 151 detects a touch operation on or near the touch panel 151, the touch panel 151 transmits to the processor 130 to determine the type of the touch event, and then the processor 130 according to the touch event. The type provides a corresponding visual output on display panel 161. Although the touch panel 151 and the display panel 161 are two independent components to implement the input and input functions of the mobile phone 100 in FIG. 1, in some embodiments, the touch panel 151 may be integrated with the display panel 161. The input and output functions of the mobile phone 100 are implemented.
手机100还可包括至少一种传感器170,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板161的亮度,接近传感器可在手机100移动到耳边时,关闭显示面板161和/或背光。作为运动传感器的一种,加速计传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等。手机100还可以配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。The handset 100 can also include at least one type of sensor 170, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 161 according to the brightness of the ambient light, and the proximity sensor may close the display panel 161 when the mobile phone 100 moves to the ear. / or backlight. As a kind of motion sensor, the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping). The mobile phone 100 can also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, and the like, and will not be described herein.
音频电路180、扬声器181、麦克风182可提供用户与手机100之间的音频接口。音频电路180可将接收到的音频数据转换后的电信号,传输到扬声器181,由扬声器181转换为声音信号输出;另一方面,麦克风182将收集的声音信号转换为电信号,由音频电路180接收后转换为音频数据,再将音频数据输出至RF电路110以发送给比如另一手机,或者将音频数据输出至存储器140以便进一步处理。The audio circuit 180, the speaker 181, and the microphone 182 can provide an audio interface between the user and the handset 100. The audio circuit 180 can transmit the converted electrical data of the received audio data to the speaker 181 for conversion to the sound signal output by the speaker 181; on the other hand, the microphone 182 converts the collected sound signal into an electrical signal by the audio circuit 180. After receiving, it is converted into audio data, and then the audio data is output to the RF circuit 110 for transmission to, for example, another mobile phone, or the audio data is output to the memory 140 for further processing.
Wi-Fi属于短距离无线传输技术,手机100通过Wi-Fi模块190可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图1示出了Wi-Fi模块190,但是可以理解的是,其并不属于手机100的必须构成,完全可以根据需要在不改变发明的本质的范围内而省略。Wi-Fi is a short-range wireless transmission technology. The mobile phone 100 can help users to send and receive emails, browse web pages, and access streaming media through the Wi-Fi module 190, which provides users with wireless broadband Internet access. Although FIG. 1 shows the Wi-Fi module 190, it can be understood that it does not belong to the essential configuration of the mobile phone 100, and may be omitted as needed within the scope of not changing the essence of the invention.
处理器130是手机100的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器140内的软件程序和/或模块,以及调用存储在存储器140内的数据,执行手机100的各种功能和处理数据,从而实现基于手机的多种业务。可选的,处理器130可包括一个或多个处理单元;优选的,处理器130可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器130中。The processor 130 is the control center of the handset 100, which connects various portions of the entire handset using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 140, and recalling data stored in the memory 140, The various functions and processing data of the mobile phone 100 are executed, thereby realizing various services based on the mobile phone. Optionally, the processor 130 may include one or more processing units; preferably, the processor 130 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 130.
本发明实施例中,处理器130可以执行存储器140中存储的程序指令,来在实现以下实施例所示的方法。In the embodiment of the present invention, the processor 130 may execute program instructions stored in the memory 140 to implement the method shown in the following embodiments.
手机100还包括给各个部件供电的电源120(比如电池),电源可以通过电源管 理系统与处理器130逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗等功能。The mobile phone 100 also includes a power source 120 (such as a battery) that supplies power to various components, and the power source can pass through the power tube. The system is logically coupled to the processor 130 to manage functions such as charging, discharging, and power consumption through a power management system.
尽管未示出,手机100还可以包括摄像头、蓝牙模块等,在此不再赘述。Although not shown, the mobile phone 100 may further include a camera, a Bluetooth module, and the like, and details are not described herein.
本发明实施例提供一种终端的安全保护的方法,如图2所示,本实施例的方法包括:The embodiment of the present invention provides a method for security protection of a terminal. As shown in FIG. 2, the method in this embodiment includes:
步骤201终端检测到第一操作;Step 201: The terminal detects the first operation;
步骤202验证第一安全信息,所述终端进入安全模式;Step 202 verifies the first security information, and the terminal enters a security mode.
步骤203所述终端进入安全模式后,检测到第二操作; Step 203, after the terminal enters the security mode, detecting the second operation;
步骤204若进入安全模式的时间超过第一时间段,跳转到步骤205;若进入安全模式时间处在第一时间段内,跳转到步骤206; Step 204, if the time to enter the security mode exceeds the first time period, the process proceeds to step 205; if the time to enter the security mode is within the first time period, the process proceeds to step 206;
步骤205所述终端输退出安全模式; Step 205, the terminal outputs the exit security mode;
步骤206所述终端输入第二安全信息,验证成功后退出安全模式。Step 206: The terminal inputs the second security information, and exits the security mode after the verification succeeds.
本发明实施例的执行主体是终端,所述终端包括智能手机、平板电脑、导航装置等具备通信能力的电子装置。The execution subject of the embodiment of the present invention is a terminal, and the terminal includes an electronic device having communication capability, such as a smart phone, a tablet computer, and a navigation device.
进一步的,在本发明实施例中,步骤201中所述的第一操作包括以下选项中的至少一种:语音、特定手势、选择触摸按键和操作物理按键。其中语音和特定手势可以由终端预设,也可以由用户自定义设置。操作物理按键,可以是单个按键或多个按键的组合。触摸按键,可以是在所述终端显示屏上的虚拟按键。Further, in the embodiment of the present invention, the first operation described in step 201 includes at least one of the following options: voice, specific gesture, selection of touch button, and operation of physical button. The voice and specific gestures can be preset by the terminal or can be customized by the user. The physical button can be operated as a single button or a combination of buttons. The touch button can be a virtual button on the display of the terminal.
具体的,在一些实施例中,用户同时按下所述终端的电源键和音量键,所述终端进入安全模式。Specifically, in some embodiments, the user simultaneously presses the power button and volume button of the terminal, and the terminal enters a safe mode.
进一步的,在本发明实施例中,步骤202中所述第一安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征(包括但不限于指纹,虹膜识别,人脸识别)中的至少一种。所述第一安全信息用于验证所述终端进入安全模式。例如,当所述终端检测到所述第一操作,则要求用户输入指纹,当指纹验证正确,所述终端进入屏幕锁定状态。Further, in the embodiment of the present invention, the first security information in step 202 includes at least one of the following options: a number, a graphic password, and a biometric (including but not limited to fingerprint, iris recognition, face recognition) At least one of them. The first security information is used to verify that the terminal enters a security mode. For example, when the terminal detects the first operation, the user is required to input a fingerprint, and when the fingerprint verification is correct, the terminal enters a screen lock state.
具体的,在步骤204中,所述第一时间段可以为某一时间长度,例如为10分钟,所述终端进入安全模式超过10分钟后,收到退出安全模式的指令后,所述终端退出安全模式。若所述终端进入安全模式的时间少于10分钟,收到退出安全模式的指令后,所述终端需要成功验证所述第二安全信息后,才能退出所述安全模式。Specifically, in step 204, the first time period may be a certain length of time, for example, 10 minutes. After the terminal enters the security mode for more than 10 minutes, after receiving the instruction to exit the security mode, the terminal exits. Safe mode. If the terminal enters the security mode for less than 10 minutes, after receiving the instruction to exit the security mode, the terminal needs to successfully verify the second security information before exiting the security mode.
具体的,在步骤204中,所述第一时间段还可以为一个具体的时间段,例如为14:10到14:30这一时间段,收到退出安全模式的指令后,如果当前时刻为14:35,所述终端退出安全模式。收到退出安全模式的指令后,如果当前时刻为14:20,所述终端需要成功验证所述第二安全信息后,才能退出所述安全模式。Specifically, in step 204, the first time period may also be a specific time period, for example, a time period of 14:10 to 14:30, after receiving the instruction to exit the security mode, if the current time is At 14:35, the terminal exits the security mode. After receiving the instruction to exit the security mode, if the current time is 14:20, the terminal needs to successfully verify the second security information before exiting the security mode.
进一步的,在本发明实施例中,步骤201中所述的所述安全模式包括以下选项中的至少一种:终端进入屏幕锁定状态,在第一时间段内,屏幕不能解锁,所述终端不能进行关机或重启操作;或不允许启动飞行模式;或在第二时间段内不允许进行开机操作。Further, in the embodiment of the present invention, the security mode described in step 201 includes at least one of the following options: the terminal enters a screen lock state, and in the first time period, the screen cannot be unlocked, and the terminal cannot Perform a shutdown or restart operation; or do not allow to start the flight mode; or do not allow the power on operation during the second time period.
同样的,所述第二时间段可以为某一时间长度,也可以为一个具体的时间段,并且第二时间段可以与第一时间段相同或不同。 Similarly, the second time period may be a certain length of time, or may be a specific time period, and the second time period may be the same as or different from the first time period.
进一步的,在本发明实施例中,所述安全模式还包括终端的软件功能或硬件功能中的至少一种功能被禁用。例如,所述限制软件功能包括但不限于所述终端不能更改静音设置(包括静音、震动或正常音量),不能使用任何支付软件,关闭锁屏拍照和摄像功能等。所述限制硬件功能包括但不限于关闭通信模块、GPS/北斗等卫星定位模块,不执行移动网络位置区域更新或异系统切换,禁止自动连接开放Wi-Fi热点或自身保存的信任Wi-Fi热点,关闭移动网络数据业务功能,关闭音频接口,关闭SD卡接口,关闭通用串行总线(Universal Serial Bus,USB)或其它数据线接口等。Further, in the embodiment of the present invention, the security mode further includes that at least one of a software function or a hardware function of the terminal is disabled. For example, the restriction software function includes, but is not limited to, the terminal cannot change the mute setting (including mute, vibration, or normal volume), cannot use any payment software, turn off the lock screen camera and camera function, and the like. The limiting hardware functions include, but are not limited to, turning off the communication module, the GPS/Beidou satellite positioning module, not performing the mobile network location area update or the different system switching, and prohibiting the automatic connection of the open Wi-Fi hotspot or the saved Wi-Fi hotspot saved by itself. Turn off the mobile network data service function, close the audio interface, close the SD card interface, and turn off the Universal Serial Bus (USB) or other data line interface.
可选的,在一些实施例中,终端在安全模式下,通过禁用软件和硬件功能以加强对安全风险的保护。其中所述安全风险包括但不限于第三方激活终端的飞行模式、关机或重启(可导致终端不在网,无法呼入电话),第三方将终端静音重设为震动或正常音量(呼入电话时的震动或铃声视为一种干扰),第三方通过近距离无线通讯技术(Near Field Communication,NFC),反复刷卡吸费,攻击者通过伪基站或Wi-Fi热点吸引终端(攻击者可能趁机下发诈骗或骚扰短信,或者窃听敏感信息(例如短消息、微信消息、理财软件消息等),或者诱骗终端下载带有病毒或监听程序的更新),攻击者发送较强的伪造卫星信号以压制正常的全球定位系统(Global Positioning System,GPS)/北斗等卫星定位信号,诱使终端生成错误的定位结果或个人活动轨迹,攻击者通过有线或无线接口入侵终端,利用软硬件设计漏洞或正常功能安装监听软件或窃取敏感信息等。Optionally, in some embodiments, the terminal is in a secure mode to enhance security risk protection by disabling software and hardware functions. The security risks include, but are not limited to, the flight mode of the third-party activated terminal, shutdown or restart (which may result in the terminal not being in the network, unable to call in), and the third party resets the terminal to the vibration or normal volume (when the call is incoming) The vibration or ringing is regarded as an interference. The third party uses Near Field Communication (NFC) to repeatedly charge the card. The attacker attracts the terminal through the pseudo base station or Wi-Fi hotspot (the attacker may take the opportunity to take the opportunity). Scam or harass text messages, or eavesdrop on sensitive information (such as short messages, WeChat messages, financial software messages, etc.), or trick the terminal to download updates with viruses or listeners), the attacker sends a strong forged satellite signal to suppress normal Satellite positioning signals such as Global Positioning System (GPS)/Beidou induce terminals to generate incorrect positioning results or personal activity tracks. Attackers invade terminals through wired or wireless interfaces, use software and hardware design loopholes or normal function installation. Monitor software or steal sensitive information.
可选的,在一些实施例中,所述终端可以设置风险选项,在配置安全模式信息时进行选择,所述风险选项可以包括上述实施例中所述的风险,例如财产风险,通信风险等。Optionally, in some embodiments, the terminal may set a risk option to select when configuring the security mode information, and the risk option may include the risks described in the foregoing embodiments, such as property risk, communication risk, and the like.
进一步的,在本发明实施例中,步骤204中所述第二安全信息与第一安全信息不同,所述第二安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。所述第二安全信息用于所述终端退出安全模式。所述第二安全信息具有更高的操作权限,可以使终端提前退出安全模式。Further, in the embodiment of the present invention, the second security information in step 204 is different from the first security information, and the second security information includes at least one of the following options: a number, a graphic password, and a biometric. The second security information is used by the terminal to exit the security mode. The second security information has a higher operational authority, and can enable the terminal to exit the security mode in advance.
可选的,在一些实施例中,所述终端在所述安全模式下具有记录安全日志功能,所述安全日志记录内容包括但不限于所述终端的操作、异常。所述安全日志存储在所述终端中,用户可以查看。Optionally, in some embodiments, the terminal has a record security log function in the security mode, where the security log record content includes, but is not limited to, operations and abnormalities of the terminal. The security log is stored in the terminal and can be viewed by a user.
可选的,在一些实施例中,所述安全日志可由用户自定义记录范围,包括但不限于SIM/SD卡被拔出,所述终端反复解锁,阅读、拷贝或外发敏感信息,安装软件。Optionally, in some embodiments, the security log may be customized by a user, including but not limited to a SIM/SD card being pulled out, the terminal repeatedly unlocking, reading, copying or sending out sensitive information, installing software .
具体的,图3(a)是在前述步骤201基础上提供的所述第一操作的具体实例。如图3(a)所示,方法步骤包括:Specifically, FIG. 3(a) is a specific example of the first operation provided on the basis of the foregoing step 201. As shown in Figure 3(a), the method steps include:
步骤301,用户在屏幕上点击安全模式开关或者在终端屏幕上划出特定手势,向终端发送激活安全模式的指令信息;Step 301: The user clicks the security mode switch on the screen or draws a specific gesture on the terminal screen, and sends instruction information for activating the security mode to the terminal;
步骤302,所述终端判断是否设置第一安全信息,若设置跳转到步骤304,若没有设置,则跳转到步骤303; Step 302, the terminal determines whether to set the first security information, if the setting jumps to step 304, if not set, then jump to step 303;
步骤303,未设置第一安全信息,则要求用户配置第一安全信息,所述终端配置第一安全信息后,进入安全模式。Step 303: If the first security information is not set, the user is required to configure the first security information, and the terminal enters the security mode after configuring the first security information.
步骤304,所述终端直接进入安全模式。 In step 304, the terminal directly enters a security mode.
具体的,在本发明实施例中,在步骤301中所述终端获取用户在所述终端屏幕上划出的特定手势,当所述特定手势与所述终端中存储的特定手势相同时,所述终端进入安全模式。Specifically, in the embodiment of the present invention, the terminal acquires a specific gesture drawn by the user on the screen of the terminal in step 301, when the specific gesture is the same as the specific gesture stored in the terminal, The terminal enters safe mode.
可选的,在一些实施例中,所述激活安全模式的特定手势也可以由用户通过操作系统更改设置,当新的特定手势设置成功后,原有特定手势失效。Optionally, in some embodiments, the specific gesture of the activation security mode may also be changed by the user through the operating system, and when the new specific gesture is successfully set, the original specific gesture is invalid.
可选的,在一些实施例中,用户也可以选择不设置第一安全信息,所述终端检测到用户第一操作后,终端直接进入安全模式。Optionally, in some embodiments, the user may also choose not to set the first security information, and after detecting the first operation of the user, the terminal directly enters the security mode.
进一步的,图3(b)为本发明另一个实施例,提供的使用特定手势激活安全模式的实现方法的流程图。如图3(b)所示,所述终端呈现界面305,界面305为屏幕解锁状态,当用户在所述终端界面305上划出特定的“S”型手势306时,所述终端接收激活安全模式的指令,所述终端进入安全模式。Further, FIG. 3(b) is a flowchart of an implementation method for activating a security mode using a specific gesture according to another embodiment of the present invention. As shown in FIG. 3(b), the terminal presents an interface 305, and the interface 305 is in a screen unlock state. When the user draws a specific “S” gesture 306 on the terminal interface 305, the terminal receives activation security. The mode command, the terminal enters the security mode.
进一步的,如图3(c)所示,所述终端呈现的界面307为所述终端在安全模式下进入屏幕锁定状态。Further, as shown in FIG. 3(c), the interface 307 presented by the terminal is that the terminal enters a screen lock state in the security mode.
进一步的,图4为本发明另一个实施例,提供的终端安全模式的自激活方法的流程图。如图4所示,本实施例的方法包括:Further, FIG. 4 is a flowchart of a self-activation method of a terminal security mode according to another embodiment of the present invention. As shown in FIG. 4, the method in this embodiment includes:
步骤401,所述终端进入屏幕锁定状态; Step 401, the terminal enters a screen lock state;
步骤402,所述终端屏幕锁定的时间大于或等于第一阈值;Step 402: The time when the terminal screen is locked is greater than or equal to the first threshold;
步骤403,终端进入安全模式。In step 403, the terminal enters a security mode.
可选的,在一些实施例中,步骤402中的第一阈值是所述终端设定的,当进入屏幕锁定状态的时间大于或等于第一阈值时,所述终端自行激活并进入安全模式状态。Optionally, in some embodiments, the first threshold in step 402 is set by the terminal, and when the time to enter the screen lock state is greater than or equal to the first threshold, the terminal activates itself and enters a safe mode state. .
可选的,在一些实施例中,屏幕锁定时间达到所述第一阈值时,所述终端需要输入安全信息进行验证后,才能进入安全模式。Optionally, in some embodiments, when the screen locking time reaches the first threshold, the terminal needs to input security information for verification before entering the security mode.
图5为本发明另一个实施例,提供检测接口异常方法的流程图。如图5所示,本实施例的方法包括:FIG. 5 is a flowchart of a method for detecting an interface anomaly according to another embodiment of the present invention. As shown in FIG. 5, the method in this embodiment includes:
步骤501,所述终端与另一个终端匹配;Step 501: The terminal matches another terminal.
步骤502,进入安全模式后,检测到接口发生异常; Step 502, after entering the security mode, detecting that an abnormality occurs on the interface;
步骤503,所述终端向匹配的终端发送通知信息。Step 503: The terminal sends notification information to the matched terminal.
具体的,本实施例步骤501中所述终端包括但不限于手机、平板电脑、智能穿戴设备等。本实施例所述配置匹配终端方法包括将所配置终端的标识预先存储在终端中,实现匹配。所述标识包括但不限于电话号码或国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI)/国际移动设备识别码(International Mobile Equipment Identity,IMEI)等。Specifically, the terminal in step 501 of this embodiment includes, but is not limited to, a mobile phone, a tablet computer, a smart wearable device, and the like. The method for configuring the matching terminal in this embodiment includes pre-storing the identifier of the configured terminal in the terminal to implement matching. The identifier includes, but is not limited to, a telephone number or an International Mobile Subscriber Identification Number (IMSI)/International Mobile Equipment Identity (IMEI).
可选的,在一些实施例中,所述终端匹配方法还包括通过蓝牙,Wi-Fi,NFC等无线通信方式进行匹配。进一步的,终端可以匹配一个或多个其他终端。Optionally, in some embodiments, the terminal matching method further includes performing, by using a wireless communication manner such as Bluetooth, Wi-Fi, or NFC. Further, the terminal can match one or more other terminals.
具体的,在一些实施例中,所述终端打开蓝牙,与另一个终端配对,则两个终端完成匹配。Specifically, in some embodiments, the terminal turns on Bluetooth and pairs with another terminal, and the two terminals complete the matching.
进一步的,在步骤503中,所述通知信息包括但不限于异常的代号,位置信息和时间信息。Further, in step 503, the notification information includes, but is not limited to, an abnormal code, location information, and time information.
可选的,在一些实施例中,当所述终端检测到SIM/SD卡被拔出,立即发送通知 信息,例如通过短信或者数据业务发送给所述匹配的终端,用户在收到通知信息后,可以立即挂失SIM卡,或者根据通知信息尽可能追回手机。Optionally, in some embodiments, when the terminal detects that the SIM/SD card is unplugged, the notification is immediately sent. The information is sent to the matching terminal, for example, by using a short message or a data service, and the user can immediately report the lost SIM card after receiving the notification information, or recover the mobile phone as much as possible according to the notification information.
可选的,在一些实施例中,安全模式下,所述终端检测到有USB设备插入时,终端立即发送通知信息到匹配的终端。Optionally, in some embodiments, in the security mode, when the terminal detects that a USB device is inserted, the terminal immediately sends the notification information to the matching terminal.
可选的,在一些实施例中,所述终端可以与软件或网络平台账号,电子邮箱账号关联,在安全模式下,当所述终端检测到异常时,发送通知信息到相应账号。Optionally, in some embodiments, the terminal may be associated with a software or network platform account, an email account, and in the secure mode, when the terminal detects an abnormality, sending the notification information to the corresponding account.
具体的,所述终端向所述匹配终端发送通知信息的方式包括但不限于短信,通过社交软件或即时通信软件发送消息,电子邮件。Specifically, the manner in which the terminal sends the notification information to the matching terminal includes, but is not limited to, a short message, and the message is sent through social software or instant messaging software, and the email is sent.
可选的,在一些实施例中,在安全模式下,所述终端检测到接口部位被破坏或被改装,则会向匹配的终端发送通知信息。Optionally, in some embodiments, in the security mode, when the terminal detects that the interface part is damaged or modified, the terminal sends notification information to the matching terminal.
可选的,在一些实施例中,在安全模式下,所述终端会将所有检测到的接口异常记录到安全日志中,记录内容包括但不限于异常类型,发生异常的时间,位置信息。Optionally, in some embodiments, in the security mode, the terminal records all the detected interface abnormalities into the security log, and the recorded content includes but is not limited to the abnormal type, the time when the abnormality occurs, and the location information.
进一步的,本发明的实施例提供的一种安全模式下,终端关机方法。如图6(a)所示,本实施例的方法包括:Further, the embodiment of the present invention provides a terminal shutdown method in a security mode. As shown in FIG. 6(a), the method in this embodiment includes:
步骤601所述终端设置第二时间段; Step 601, the terminal sets a second time period;
步骤602所述终端检测到第一操作;Step 602: The terminal detects a first operation;
步骤603所述终端关机,在第二时间段内不允许进行开机操作;In step 603, the terminal is shut down, and the booting operation is not allowed in the second time period;
步骤604达到第二时间段,所述终端可以正常进行开关机。Step 604 reaches a second period of time, and the terminal can normally perform power on/off.
所述第二时间段可以在终端出厂时预设或用户手动进行设置。具体的,如果用户在关机时未设置第二时间段,在关机操作前,所述终端会提示用户进行设置。The second time period may be preset when the terminal is shipped from the factory or manually set by the user. Specifically, if the user does not set the second time period when the user is turned off, the terminal prompts the user to perform the setting before the shutdown operation.
具体的,图6(b)为安全模式下关机的具体操作界面示意图,如图6(b)所示,605为电源键,606为终端进入飞行模式选项,607为终端进入静音选项,608为终端重新启动选项,609为关机选项,610为安全模式下的关机选项。Specifically, FIG. 6(b) is a schematic diagram of a specific operation interface for shutting down in the safe mode. As shown in FIG. 6(b), 605 is a power button, 606 is a terminal entering a flight mode option, and 607 is a terminal entering a mute option, and 608 is a terminal. Terminal restart option, 609 is the shutdown option, and 610 is the shutdown option in safe mode.
可选的,在一些实施例中,所述终端检测到电源键605被按住或其他物理按键被组合按下,并达到所述终端预设时间后,所述终端呈现图6(b)所示的界面,用户点击安全关机选项610后,所述终端进入安全模式并关机。Optionally, in some embodiments, the terminal detects that the power button 605 is pressed or pressed or other physical buttons are pressed in combination, and after reaching the preset time of the terminal, the terminal presents the image shown in FIG. 6(b). In the interface shown, after the user clicks the safe shutdown option 610, the terminal enters the safe mode and shuts down.
进一步的,在上述实施例的基础上,图7提供在安全模式下,用户关机,判断用户是否配置第一安全信息的具体方法。所述方法包括:Further, based on the foregoing embodiment, FIG. 7 provides a specific method for determining whether the user configures the first security information in the security mode, the user is shut down. The method includes:
步骤701,终端检测到第一操作,第一操作可以为点击安全关机选项610,此时终端收到启动安全关机的指令;Step 701: The terminal detects the first operation, where the first operation may be a click security shutdown option 610, and the terminal receives an instruction to initiate a safe shutdown.
步骤702,所述终端判断是否设置第一安全信息;Step 702: The terminal determines whether the first security information is set.
步骤703,未设置安全信息,所述终端要求用户配置第一安全信息;Step 703: The security information is not set, and the terminal requires the user to configure the first security information.
步骤704,所述终端关机。In step 704, the terminal is powered off.
进一步的,在上述实施例的基础上,图8提供一种需要第一安全信息验证才能进行关机的方法。所述方法包括:Further, based on the above embodiment, FIG. 8 provides a method for requiring the first security information verification to perform shutdown. The method includes:
步骤801,终端检测到第一操作,第一操作可以为点击安全关机选项610,此时终端收到启动安全关机的指令; Step 801, the terminal detects the first operation, and the first operation may be a click security shutdown option 610, at which time the terminal receives an instruction to initiate a safe shutdown;
步骤802,验证第一安全信息,若验证失败则重新输入进行验证;Step 802: Verify the first security information, and if the verification fails, re-enter the verification;
步骤803,验证第一安全信息正确,所述终端关机。 Step 803, verifying that the first security information is correct, and the terminal is powered off.
可选的,在一些实施例中,可以设置安全信息输入次数限制,在输入错误超过一定限制后,所述终端进入锁定状态,当达到锁定状态限制时间后,终端可以进行重新操作。Optionally, in some embodiments, the security information input limit may be set. After the input error exceeds a certain limit, the terminal enters a locked state, and when the locked state limited time is reached, the terminal may perform a re-operation.
进一步的,在上述实施例的基础上,图9提供一种终端安全保护方法。所述方法包括:Further, based on the above embodiment, FIG. 9 provides a terminal security protection method. The method includes:
步骤901,在安全模式下,终端关机; Step 901, in the security mode, the terminal is powered off;
步骤902,判断所述终端进入安全关机状态的时间是否在第二时间段,若在第二时间段跳转到步骤904,若不在第二时间段,跳转到步骤903; Step 902, it is determined whether the time when the terminal enters the safe shutdown state is in the second time period, if the second time period jumps to step 904, if not in the second time period, the process proceeds to step 903;
步骤903,退出安全关机模式,所述终端在收到开机指令时,可以进行开机操作; Step 903, exiting the safe shutdown mode, and the terminal may perform a booting operation when receiving the booting instruction;
步骤904,所述终端不允许进行开机操作并保持安全关机状态;Step 904, the terminal is not allowed to perform a booting operation and maintain a safe shutdown state;
可选的,在一些实施例中,所述终端设置一个定时器来设定安全关机时间,在安全关机时间内,定时器未溢出,开机信号无法发送,只有在达到所述第二时间段后,定时器溢出,开机信号可以正常发送,所述终端可以正常开机。Optionally, in some embodiments, the terminal sets a timer to set a safe shutdown time. During the safe shutdown time, the timer does not overflow, and the power-on signal cannot be sent, only after the second time period is reached. The timer overflows, the power-on signal can be sent normally, and the terminal can be powered on normally.
进一步的,在上述实施例的基础上,图10提供一种用户在第二时间段内开机的方法。所述方法包括:Further, based on the above embodiment, FIG. 10 provides a method for the user to boot in the second time period. The method includes:
步骤1001,所述终端在第二时间段内收到开机指令;Step 1001: The terminal receives a booting instruction within a second time period;
步骤1002,验证第二安全信息,若验证错误则转到步骤1003,若验证正确则转到步骤1005Step 1002: Verify the second security information. If the verification is incorrect, go to step 1003. If the verification is correct, go to step 1005.
步骤1003,当第二安全信息错误时且未超过所限定的次数跳转到步骤1002,若超过限定次数则跳转到步骤1004。Step 1003: When the second security information is incorrect and does not exceed the limited number of times, the process jumps to step 1002. If the number of times exceeds the limit, the process jumps to step 1004.
步骤1004,终端继续处于安全模式并禁止开机操作;In step 1004, the terminal continues to be in the security mode and prohibits the booting operation;
步骤1005,终端退出安全模式,终端正常开机。In step 1005, the terminal exits the security mode, and the terminal starts up normally.
进一步的,在步骤1004中,若用户验证第二安全信息错误超过一定次数(例如3次),终端屏幕锁定,不再接受开机操作。Further, in step 1004, if the user verifies that the second security information is incorrect more than a certain number of times (for example, three times), the terminal screen is locked and the power-on operation is no longer accepted.
本发明实施例提供一种终端1100,如图11所示,包括检测模块1101、验证模块1102、禁止模块1103。其中检测模块1101,用于检测用户的第一操作和第二操作,所述第一操作用于使所述终端进入安全模式,所述第二操作用于使所述终端退出安全模式;验证模块1102,用于验证第一安全信息和第二安全信息;禁止模块1103,用于禁用所述终端的软件功能或硬件功能中的至少一种功能。The embodiment of the present invention provides a terminal 1100. As shown in FIG. 11, the terminal 1100 includes a detection module 1101, a verification module 1102, and a prohibition module 1103. The detecting module 1101 is configured to detect a first operation and a second operation of the user, where the first operation is used to enter the security mode, and the second operation is used to enable the terminal to exit the security mode; 1102. The first security information and the second security information are used for verification. The prohibition module 1103 is configured to disable at least one of a software function or a hardware function of the terminal.
可选的,在一些实施例中,所述检测检测模块1101与所述验证模块1102相连,当所述检测模块1101检测到用户操作时,所述验证模块1102响应,要求用户进行安全信息验证。Optionally, in some embodiments, the detection and detection module 1101 is connected to the verification module 1102. When the detection module 1101 detects a user operation, the verification module 1102 responds to request the user to perform security information verification.
可选的,在一些实施例中,所述禁止模块1103,在安全模式下,在所述第一时间段内禁止所述终端关机或重启等操作;在所述第二时间段内,禁止所述终端进行开机操作;所述终端安全信息错误次数超过一定阈值时,所述禁止模块1103,锁定终端,禁止操作。Optionally, in some embodiments, the forbidden module 1103, in the security mode, prohibits the terminal from being shut down or restarted during the first time period; in the second time period, prohibiting the When the terminal security information error exceeds a certain threshold, the prohibition module 1103 locks the terminal and prohibits the operation.
本发明实施例还提供了一种计算机存储介质,用于储存为上述图1-11所示的实现终端安全保护方法及装置所用的计算机软件指令,其包含用于执行上述方法实施例所设计的程序代码。 The embodiment of the present invention further provides a computer storage medium for storing the computer software instructions used in the foregoing method and apparatus for implementing terminal security protection shown in FIG. 1-11, which is configured to perform the foregoing method embodiment. code.
本发明实施例还提供了计算机程序产品。该计算机程序产品包括计算机软件指令,该计算机软件指令可通过处理器进行加载来实现上述方法实施例中的方法。The embodiment of the invention also provides a computer program product. The computer program product includes computer software instructions that are loadable by a processor to implement the methods of the above method embodiments.
尽管在此结合各实施例对本发明进行了描述,然而,在实施所要求保护的本发明过程中,本领域技术人员通过查看所述附图、公开内容、以及所附权利要求书,可理解并实现所述公开实施例的其他变化。在权利要求中,“包括”(comprising)一词不排除其他组成部分或步骤,“一”或“一个”不排除多个的情况。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施,但这并不表示这些措施不能组合起来产生良好的效果。Although the present invention has been described herein in connection with the embodiments of the present invention, it will be understood by those skilled in the <RTIgt; Other variations of the disclosed embodiments are achieved. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill several of the functions recited in the claims. Certain measures are recited in mutually different dependent claims, but this does not mean that the measures are not combined to produce a good effect.
本申请是参照本发明实施例的方法、装置(设备)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of the methods, apparatus, and computer program products of the embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art will appreciate that in one or more examples described above, the functions described herein can be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium may be any available media that can be accessed by a general purpose or special purpose computer.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。 The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims (15)

  1. 一种终端的安全保护的方法,用于保护终端信息安全,其特征在于,所述方法包括:A method for securing a terminal for protecting terminal information security, characterized in that the method comprises:
    所述终端检测到用户的第一操作,所述第一操作用于使所述终端进入安全模式;The terminal detects a first operation of the user, where the first operation is used to enter the security mode of the terminal;
    所述安全模式包括以下选项中的至少一种:The security mode includes at least one of the following options:
    所述终端进入屏幕锁定状态,在第一时间段内,屏幕不能解锁,所述终端不能进行关机或重启操作;The terminal enters a screen lock state, in which the screen cannot be unlocked during the first time period, and the terminal cannot perform a shutdown or restart operation;
    所述终端不允许启动飞行模式;和,The terminal is not allowed to start the flight mode; and,
    所述终端关机,在第二时间段内不允许进行开机操作。The terminal is powered off, and the booting operation is not allowed in the second time period.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    所述终端进入屏幕锁定状态的时间大于等于第一阈值时,所述终端自动进入所述安全模式。When the terminal enters the screen lock state for a time greater than or equal to the first threshold, the terminal automatically enters the security mode.
  3. 根据权利要求1或2所述的方法,其特征在于,所述方法还包括:The method according to claim 1 or 2, wherein the method further comprises:
    所述终端进入所述安全模式前,验证第一安全信息;Before the terminal enters the security mode, verifying the first security information;
    所述第一安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。The first security information includes at least one of the following options: a number, a graphical password, and a biometric.
  4. 根据权利要求1-3任意一项所述的方法,其特征在于,所述第一操作包括以下选项中的至少一种:语音、特定手势、选择触摸按键和操作物理按键。The method of any of claims 1-3, wherein the first operation comprises at least one of the following: voice, a particular gesture, selecting a touch button, and operating a physical button.
  5. 根据权利要求1或2所述的方法,其特征在于,Method according to claim 1 or 2, characterized in that
    所述终端进入所述安全模式后,所述终端的软件功能或硬件功能中的至少一种功能被禁用。After the terminal enters the security mode, at least one of a software function or a hardware function of the terminal is disabled.
  6. 根据权利要求1-3任意一项所述的方法,其特征在于,所述方法还包括:The method of any of claims 1-3, wherein the method further comprises:
    所述终端检测到所述用户的第二操作,所述第二操作用于使所述终端退出安全模式。The terminal detects a second operation of the user, and the second operation is used to cause the terminal to exit the security mode.
  7. 根据权利要求6所述的方法,其特征在于,The method of claim 6 wherein:
    退出安全模式前,所述终端验证第二安全信息,所述第二安全信息与所述第一安全信息不同;Before exiting the security mode, the terminal verifies the second security information, where the second security information is different from the first security information;
    所述第二安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。The second security information includes at least one of the following options: a number, a graphical password, and a biometric.
  8. 一种终端,其特征在于,包括:A terminal, comprising:
    检测模块,用于检测用户的第一操作,所述第一操作用于使所述终端进入安全模式;a detecting module, configured to detect a first operation of the user, where the first operation is used to enter the security mode of the terminal;
    所述安全模式包括以下选项中的至少一种:The security mode includes at least one of the following options:
    所述终端进入屏幕锁定状态,在第一时间段内,屏幕不能解锁,所述终端不能进行关机或重启操作;The terminal enters a screen lock state, in which the screen cannot be unlocked during the first time period, and the terminal cannot perform a shutdown or restart operation;
    所述终端不允许启动飞行模式;和,The terminal is not allowed to start the flight mode; and,
    所述终端关机,在第二时间段内不允许进行开机操作。The terminal is powered off, and the booting operation is not allowed in the second time period.
  9. 根据权利要求8所述的终端,其特征在于,所述终端还包括:The terminal according to claim 8, wherein the terminal further comprises:
    验证模块,用于验证第一安全信息;a verification module, configured to verify the first security information;
    所述第一安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。The first security information includes at least one of the following options: a number, a graphical password, and a biometric.
  10. 根据权利要求8或9所述的终端,其特征在于,所述终端还包括: The terminal according to claim 8 or 9, wherein the terminal further comprises:
    禁止模块,用于禁用所述终端的软件功能或硬件功能中的至少一种功能。A prohibition module for disabling at least one of a software function or a hardware function of the terminal.
  11. 根据权利要求8-10任意一项所述的终端,其特征在于,A terminal according to any one of claims 8 to 10, characterized in that
    所述检测模块还用于检测用户的第二操作,所述第二操作用于使所述终端退出安全模式。The detecting module is further configured to detect a second operation of the user, and the second operation is used to cause the terminal to exit the security mode.
  12. 根据权利要求9所述的终端,其特征在于,The terminal according to claim 9, wherein
    所述验证模块还用于验证第二安全信息,所述第二安全信息与所述第一安全信息不同;The verification module is further configured to verify second security information, where the second security information is different from the first security information;
    所述第二安全信息包括以下选项中的至少一种:数字、图形密码、和生物特征。The second security information includes at least one of the following options: a number, a graphical password, and a biometric.
  13. 一种终端,其特征在于,包括:A terminal, comprising:
    一个或多个处理器;One or more processors;
    一个或多个存储器,所述一个或多个存储器中存储有一个或多个计算机程序,所述一个或多个计算机程序包括指令,当所述指令被所述一个或多个处理器执行时,使得所述终端执行如权利要求1-7任一所述的方法。One or more memories, the one or more memories having one or more computer programs, the one or more computer programs comprising instructions, when the instructions are executed by the one or more processors, The terminal is caused to perform the method of any of claims 1-7.
  14. 一种包含指令的计算机程序产品,其特征在于,当所述计算机程序产品在电子设备上运行时,使得所述电子设备执行如权利要求1-7中任一项所述的方法。A computer program product comprising instructions, wherein the computer program product, when run on an electronic device, causes the electronic device to perform the method of any one of claims 1-7.
  15. 一种计算机可读存储介质,包括指令,其特征在于,当所述指令在电子设备上运行时,使得所述电子设备执行如权利要求1-7中任意一项所述的方法。 A computer readable storage medium comprising instructions, wherein the instructions, when executed on an electronic device, cause the electronic device to perform the method of any of claims 1-7.
PCT/CN2017/110479 2017-11-10 2017-11-10 Terminal security protection method and device WO2019090702A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780096669.7A CN111316269A (en) 2017-11-10 2017-11-10 Terminal security protection method and device
PCT/CN2017/110479 WO2019090702A1 (en) 2017-11-10 2017-11-10 Terminal security protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/110479 WO2019090702A1 (en) 2017-11-10 2017-11-10 Terminal security protection method and device

Publications (1)

Publication Number Publication Date
WO2019090702A1 true WO2019090702A1 (en) 2019-05-16

Family

ID=66437433

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/110479 WO2019090702A1 (en) 2017-11-10 2017-11-10 Terminal security protection method and device

Country Status (2)

Country Link
CN (1) CN111316269A (en)
WO (1) WO2019090702A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117376880A (en) * 2022-06-30 2024-01-09 华为技术有限公司 Switching method and terminal of security service
CN115767025B (en) * 2022-11-10 2024-01-23 合芯科技有限公司 Method, device, electronic equipment and storage medium for preventing data leakage

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140274376A1 (en) * 2013-03-15 2014-09-18 Zynga Inc. Systems and methods of providing parental controls for game content
CN104182707A (en) * 2014-08-12 2014-12-03 广东欧珀移动通信有限公司 Anti-theft method and device for handheld intelligent mobile terminal
CN105701394A (en) * 2014-11-24 2016-06-22 比亚迪股份有限公司 Anti-addiction method and terminal
CN105736433A (en) * 2014-12-10 2016-07-06 中国长城计算机深圳股份有限公司 Fan control method and device and terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222517A (en) * 2007-12-21 2008-07-16 深圳市赛格导航科技股份有限公司 Mobile communication terminal and its anti-theft method
CN105120102B (en) * 2015-09-06 2018-07-20 郓小明 Intelligent invisible positioning anti-theft device and mobile terminal for mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140274376A1 (en) * 2013-03-15 2014-09-18 Zynga Inc. Systems and methods of providing parental controls for game content
CN104182707A (en) * 2014-08-12 2014-12-03 广东欧珀移动通信有限公司 Anti-theft method and device for handheld intelligent mobile terminal
CN105701394A (en) * 2014-11-24 2016-06-22 比亚迪股份有限公司 Anti-addiction method and terminal
CN105736433A (en) * 2014-12-10 2016-07-06 中国长城计算机深圳股份有限公司 Fan control method and device and terminal

Also Published As

Publication number Publication date
CN111316269A (en) 2020-06-19

Similar Documents

Publication Publication Date Title
US20210336780A1 (en) Key updating method, apparatus, and system
US11269981B2 (en) Information displaying method for terminal device and terminal device
CN106778175B (en) Interface locking method and device and terminal equipment
US11227042B2 (en) Screen unlocking method and apparatus, and storage medium
WO2018161743A1 (en) Fingerprint recognition method and related product
KR20150046766A (en) Unlocking process mehtod, apparatus and device for terminal
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
WO2019011109A1 (en) Permission control method and related product
US11176228B2 (en) Application interface display method, apparatus, and terminal, and storage medium
WO2018049893A1 (en) Data transmission method and terminal device
WO2019196693A1 (en) Application control method and device, readable storage medium and terminal
WO2016078504A1 (en) Identity authentication method and device
CN106327193B (en) A kind of system unlocking method and equipment
JP7148045B2 (en) AUTHENTICATION WINDOW DISPLAY METHOD, TERMINAL, COMPUTER-READABLE STORAGE MEDIUM AND COMPUTER PROGRAM
WO2016192511A1 (en) Method and apparatus for remotely deleting information
WO2019007371A1 (en) Method for preventing information from being stolen, storage device, and mobile terminal
CN103279272B (en) A kind of method and device starting application program in an electronic
US10764038B2 (en) Method and apparatus for generating terminal key
CN108156537B (en) Remote operation method of mobile terminal and mobile terminal
TW201826158A (en) Method, Device and Terminal for Displaying Data
WO2019071581A1 (en) Application startup control method and user terminal
US11516654B2 (en) Method for automatically encrypting short message, storage device and mobile terminal
WO2019196655A1 (en) Mode switching method and apparatus, and computer-readable storage medium, and terminal
WO2019090702A1 (en) Terminal security protection method and device
CN113923005B (en) Method and system for writing data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17931252

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17931252

Country of ref document: EP

Kind code of ref document: A1