WO2019127467A1 - Data access method and device - Google Patents

Data access method and device Download PDF

Info

Publication number
WO2019127467A1
WO2019127467A1 PCT/CN2017/120131 CN2017120131W WO2019127467A1 WO 2019127467 A1 WO2019127467 A1 WO 2019127467A1 CN 2017120131 W CN2017120131 W CN 2017120131W WO 2019127467 A1 WO2019127467 A1 WO 2019127467A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
user
sensitive data
access
application
Prior art date
Application number
PCT/CN2017/120131
Other languages
French (fr)
Chinese (zh)
Inventor
朱江
桑玉蕾
方习文
张冠男
李基�
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2017/120131 priority Critical patent/WO2019127467A1/en
Priority to CN201780090948.2A priority patent/CN110651270B/en
Publication of WO2019127467A1 publication Critical patent/WO2019127467A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the embodiments of the present invention relate to the field of communications technologies, and in particular, to a data access method and apparatus.
  • Data such as applications, photos, etc.
  • terminals such as mobile phones and tablets are usually stored in the form of files in the memory of the terminal.
  • data sensitive to the user such as the user's call record, transfer information, application account and password, etc.
  • the terminal may encrypt and store the sensitive data using a certain encryption algorithm. Then, when the terminal needs to access the above sensitive data, it is necessary to first obtain a key for decrypting the sensitive data, and then use the key to access the encrypted sensitive data.
  • an authentication method such as a fingerprint, a face or a password is required. Authenticate the user identity of the current operation. If the authentication succeeds, the user of the current operation terminal is considered to be a legitimate user, and the terminal can automatically generate a key for decrypting the sensitive data and store it in the cache. When the user triggers the terminal to access the sensitive data, the terminal can obtain the password from the cache. This key thus successfully accesses sensitive data.
  • the terminal screen is unlocked, the user who operates the terminal is not necessarily a legitimate user authenticated by the terminal. For example, after the terminal screen is unlocked, it is borrowed or stolen by others. However, at this time, the terminal has generated a key that can be used to decrypt the sensitive data, so that the illegal user who has not passed the terminal authentication can also use the key to access the sensitive data, resulting in security risks such as user information leakage.
  • the embodiment of the present application provides a data access method and device, which can reduce the risk of user information leakage and improve the security of the terminal.
  • an embodiment of the present application provides a data access method, including: the terminal can automatically perform identity authentication on a current user of the operation terminal; and subsequently, when the terminal acquires sensitive application access sensitive data (the sensitive data has been used by the key is In response to the request, the terminal may provide an access result to the sensitive application according to the result of the identity authentication, wherein when the result of the identity authentication is that the current user is an illegal user, the access result is not included in the access result. This contains sensitive data.
  • the access authority of the terminal to the sensitive data is not solely dependent on the identity authentication performed by the user when the screen is unlocked, but the current user of the operation terminal may still be displayed after the screen is opened or the screen is unlocked. Continuous identity authentication is performed, so that the user's sensitive data can be protected in real time according to the real-time identity authentication result, thereby preventing the illegal user from accessing the sensitive data of the legitimate user when operating the terminal, thereby improving the security of the terminal.
  • the method further includes: if the result of the identity authentication is the current user If the user is an illegal user, the terminal deletes the key used to decrypt the sensitive data.
  • the method further includes: if the result of the identity authentication is that the current user is illegal The user deletes the key used to decrypt the sensitive data.
  • the sensitive application can be prevented from accessing the sensitive data by deleting the key, and the terminal can also delete the key when the terminal detects that the illegal user triggers the sensitive application to request access to the sensitive data. Ways to prevent sensitive applications from accessing sensitive data.
  • the method further includes: when the terminal is powered on, the terminal may generate the key for unlocking the sensitive data; and store the key in an encrypted area protected by an encryption algorithm.
  • the key in the encryption zone is allowed to be accessed only after obtaining the verification information associated with the user's valid identity authentication information.
  • the terminal may acquire verification information associated with the identity authentication information input by the user, and then use the verification information to save the key stored in the encrypted area to the cache area.
  • the verification information may be preset for the terminal.
  • the terminal may obtain the verification information, and use the verification information to save the key stored in the encryption area to the cache area.
  • the terminal deletes the key for decrypting the sensitive data
  • the key that is located in the cache area is specifically deleted.
  • the terminal obtains a request for the sensitive application to access the sensitive data, and specifically includes: if the current user opens the operation of the sensitive application, the terminal acquires the request of the sensitive application to access the sensitive data; or If it is detected that the current user opens the target application interface in the sensitive application (the target application interface is an application interface that includes the sensitive data), the terminal acquires a request for the sensitive application to access the sensitive data.
  • the terminal automatically authenticates the current user of the operation terminal, which specifically includes: the terminal automatically acquires the user behavior when the current user operates the terminal; and the terminal compares the behavior of the user with the behavior of the pre-stored legal user.
  • the feature authenticates the identity of the current user, thereby implementing a real-time authentication process for the current user identity.
  • the method further includes: the terminal displaying the first interface that does not include the sensitive data.
  • the first interface may include a prompt for invalidation of the access request, a prompt for inputting the identity authentication information, the sensitive data after the mask processing, or a prompt for opening the access right to the illegal user.
  • the terminal may further include: the terminal acquiring the authorization of the legal user to open the unauthorized user access right; the terminal acquiring the The length of time an illegal user can access the sensitive data.
  • the terminal displays a second interface that includes the sensitive data; if the illegal user is detected after the valid duration is exceeded, When requesting access to the sensitive data, the terminal displays a first interface that does not include the sensitive data.
  • an embodiment of the present application provides a data access method, including: the terminal automatically performs identity authentication on a current user of the operation terminal; if the result of the identity authentication is that the current user is an illegal user, the terminal only stores the The non-sensitive data has access rights. At this time, the terminal cannot read the stored sensitive data. Therefore, the first interface displayed by the terminal does not include the sensitive data or a sensitive application that needs to access the sensitive data at runtime; if the identity authentication The result is that the current user is a legitimate user, and the terminal has access rights to the stored sensitive data and non-sensitive data. At this time, the second interface displayed by the terminal includes the sensitive data or the sensitivity of the runtime to access the sensitive data. application.
  • an embodiment of the present application provides a terminal, including: an authentication unit, configured to automatically perform identity authentication on a current user of an operation terminal, and an obtaining unit, configured to acquire a request for sensitive application to access sensitive data, where the sensitive data has been
  • the sensitive application is an application that needs to access the sensitive data at the runtime;
  • the response unit is configured to provide an access result to the sensitive application, wherein when the result of the identity authentication is that the current user is an illegal user, This access result does not include the sensitive data.
  • the terminal further includes a deleting unit, and when the result of the identity authentication is that the current user is an illegal user, the deleting unit is configured to delete the key used to decrypt the sensitive data.
  • the obtaining unit is further configured to: when the terminal is powered on, generate the key for unlocking the sensitive data; store the key in an encrypted area protected by an encryption algorithm.
  • the obtaining unit is further configured to: when the screen of the terminal is unlocked, acquire verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or the verification The information is preset for the terminal; the key stored in the encrypted area is saved to the cache area using the verification information.
  • the obtaining unit is further configured to: if the result of the identity authentication is that the current user is a legitimate user, obtain verification information, and the verification information and the identity authentication information acquired by the terminal when the screen is unlocked Correspondingly, the verification information is preset by the terminal; using the verification information, the key stored in the encryption area is saved in the cache area.
  • the unit is deleted, specifically for deleting the key stored in the cache area.
  • the obtaining unit is specifically configured to: if detecting that the current user opens the sensitive application, obtain a request for the sensitive application to access the sensitive data; or; if the current user is detected When the operation of the target application interface in the sensitive application is opened, a request for accessing the sensitive data by the sensitive application is obtained, and the target application interface is an application interface that includes the sensitive data.
  • the authentication unit is specifically configured to: automatically obtain the user behavior when the current user operates the terminal; and authenticate the identity of the current user by comparing the behavior of the user with the behavior characteristics of the pre-stored legal user.
  • the terminal further includes a display unit for displaying the first interface that does not include the sensitive data.
  • the obtaining unit when the first interface includes a prompt for opening an access right to an illegal user, is further configured to: obtain a legal user's authorization to open an unauthorized user access right; and obtain the illegal user access to the The effective duration of sensitive data.
  • the display unit is further configured to display, during the valid duration, a second interface that includes the sensitive data if an illegal user is requested to access the sensitive data; when the valid duration is exceeded If an illegal user is detected to request access to the sensitive data, a first interface that does not include the sensitive data is displayed.
  • an embodiment of the present application provides a terminal, including: an authentication unit, configured to automatically perform identity authentication on a current user of the operation terminal, and a display unit, configured to: if the result of the identity authentication is that the current user is illegal
  • the user displays a first interface, where the first interface does not include the sensitive data or a sensitive application that needs to access the sensitive data at runtime; if the result of the identity authentication is that the current user is a legitimate user, the second interface is displayed, and the second interface is displayed.
  • the interface contains the sensitive data or sensitive applications that need to access the sensitive data at runtime.
  • an embodiment of the present application provides a terminal, including: a processor, a memory, an output device, and an input device connected by a bus; the memory is configured to store a computer to execute an instruction, and the processor is connected to the memory through the bus.
  • the processor executes the computer execution instruction stored in the memory to enable the terminal to execute any of the above data access methods.
  • an embodiment of the present application provides a computer readable storage medium, where the computer readable storage medium stores an instruction, when the instruction is run on any one of the foregoing terminals, causing the terminal to perform any one of the foregoing data accesses. method.
  • the embodiment of the present application provides a computer program product, including instructions, when the terminal runs on any of the foregoing terminals, causing the terminal to execute any of the foregoing data access methods.
  • the names of the components in the terminal are not limited to the device itself, and in actual implementation, the components may appear under other names. As long as the functions of the various components are similar to the embodiments of the present application, they are within the scope of the claims and their equivalents.
  • FIG. 1 is a schematic structural diagram 1 of a terminal according to an embodiment of the present disclosure
  • FIG. 2 is a schematic structural diagram of a programming module in a terminal according to an embodiment of the present application.
  • FIG. 3 is a schematic diagram of an access process of sensitive data in the prior art
  • FIG. 4 is a schematic diagram 1 of an application scenario of a data access method according to an embodiment of the present disclosure
  • FIG. 5 is a schematic diagram 2 of an application scenario of a data access method according to an embodiment of the present disclosure
  • FIG. 6 is a schematic diagram 3 of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram 1 of a data access method according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic diagram 2 of a data access method according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic diagram 3 of a data access method according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic diagram 4 of a data access method according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic diagram 4 of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic diagram 5 of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 13A is a schematic diagram 6 of an application scenario of a data access method according to an embodiment of the present disclosure
  • FIG. 13B is a schematic diagram 7 of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 14 is a schematic diagram 8 of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic diagram 9 of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 16 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 17 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 18 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present application.
  • FIG. 19 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present disclosure.
  • FIG. 20 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present application.
  • FIG. 20B is a schematic diagram of an application scenario of a data access method according to an embodiment of the present application.
  • FIG. 21 is a schematic structural diagram 2 of a terminal according to an embodiment of the present disclosure.
  • FIG. 22 is a schematic structural diagram 3 of a terminal according to an embodiment of the present disclosure.
  • first and second are used for descriptive purposes only, and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, features defining “first” and “second” may explicitly or implicitly include one or more of the features. In the description of the embodiments of the present application, “multiple” means two or more unless otherwise stated.
  • a data access method provided by an embodiment of the present application can be applied to a mobile phone, a tablet computer, a wearable device, an in-vehicle device, an augmented reality (AR), a virtual reality (VR) device, a notebook computer, and a super mobile device.
  • the embodiment of the present application does not impose any limitation on any terminal having a friend function, such as an ultra-mobile personal computer (UMPC), a netbook, or a personal digital assistant (PDA).
  • UMPC ultra-mobile personal computer
  • PDA personal digital assistant
  • the terminal in the embodiment of the present application may be the mobile phone 100.
  • the embodiment will be specifically described below by taking the mobile phone 100 as an example. It should be understood that the illustrated mobile phone 100 is only one example of the above terminal, and the mobile phone 100 may have more or fewer components than those shown in FIG. 1, and two or more components may be combined, or Can have different component configurations.
  • the handset 100 can communicate with other electronic devices 102 and 104, other than the handset 100, and the server 106.
  • the handset 100 can include a bus 110, a processor 120, a memory 130, a user input module 150, a display module 160, a communication interface 170, and other similar and/or suitable components.
  • Bus 110 may be circuitry that interconnects the above elements and communicates (e.g., control messages) between the elements.
  • the processor 120 can receive commands from the other components (such as the memory 130, the user input module 150, the display module 160, the communication interface 170, the communication configuration control module 170, etc.) through the bus 110, can interpret the received commands, and can Interpret commands to perform calculations or data processing.
  • the other components such as the memory 130, the user input module 150, the display module 160, the communication interface 170, the communication configuration control module 170, etc.
  • Memory 130 may store commands or data received from processor 120 or other components (e.g., user input module 150, display module 160, communication interface 170, etc.) or commands or data generated by processor 120 or other components.
  • processor 120 e.g., user input module 150, display module 160, communication interface 170, etc.
  • Memory 130 may include programming modules such as kernel 131, middleware 132, application programming interface (API) 133, applications 134, and the like. Each of the above programming modules may be implemented in software, firmware, hardware, or a combination of two or more thereof, as described in detail in the related description of FIG.
  • the kernel 131 may control or manage system resources (e.g., bus 110, processor 120, memory 130, etc.) for performing operations or functions implemented by other programming modules (e.g., middleware 132, API 133, and applications 134). Additionally, the kernel 131 can provide an interface that can access and control or manage the various elements of the handset 100 by using the middleware 132, the API 133, or the application 134.
  • system resources e.g., bus 110, processor 120, memory 130, etc.
  • other programming modules e.g., middleware 132, API 133, and applications 134.
  • the kernel 131 can provide an interface that can access and control or manage the various elements of the handset 100 by using the middleware 132, the API 133, or the application 134.
  • the middleware 132 can be used to operate between the API 133 or the application 134 and the kernel 131 in communication with the kernel 131 with the API 133 or the application 134 and exchange data therewith.
  • the middleware 132 can be configured as an intermediary for communication between the API 133 or the application 134 and the kernel 131.
  • a priority may be assigned to at least one of the one or more applications 134 (where the priority may be Load balancing of work requests is performed using methods of system resources (e.g., bus 110, processor 120, memory 130, etc.) of handset 100.
  • the API 133 is an interface by which the application 134 can control functions provided by the kernel 131 or the middleware 132, and can include, for example, at least one interface or function for file control, window control, image processing, character control, and the like.
  • Applications 134 may include, for example, a home page application, a dialer application, a short message service (SMS)/multimedia message service (MMS) application, an instant messaging (IM) application, a browser application, a camera application, an alarm clock application, a contact application, voice dialing.
  • SMS short message service
  • MMS multimedia message service
  • IM instant messaging
  • browser application a browser application
  • camera application a camera application
  • alarm clock application a contact application
  • voice dialing voice dialing.
  • email (e-mail) applications calendar applications, media player applications, photo album applications, clock applications, and any other suitable and/or similar applications.
  • the memory 130 can also be used to store data related to user privacy or user interests, such as a user's call record, transfer information, bank account number, password, etc., and these data are referred to as sensitive data in subsequent embodiments.
  • the processor 120 can distinguish the particular data in the memory 130 as sensitive data by adding a specific identification.
  • an application that needs to access sensitive data at runtime may be referred to as a sensitive application, for example, a payment application, a banking application, and a chat application.
  • the application when running a particular window or service in the application, the application can request access to the sensitive data and present the sensitive data to the user through the display interface. For example, when the "Taobao" application runs the payment window, it can trigger the sensitive data of the "Taobao” application requesting access to the user's bank account.
  • the processor 120 can also store the data generated in the above sensitive application or the above specific window (or service) in the memory 130 by adding a specific identifier as sensitive data.
  • the sensitive data is usually stored in the memory 130 in an encrypted form. Then, when the mobile phone 100 needs to access the sensitive data, the key for decrypting the sensitive data needs to be obtained first, and then the key is used. The encrypted sensitive data is accessed in the memory 130.
  • the user input module 150 can receive commands or data input from a user via input-output means (eg, sensors, keyboards, touch screens, etc.) and can transmit the received commands or data to the processor 120 or memory 130 via the bus 110.
  • Display module 160 can display video, images, data, and the like to the user.
  • the display module 160 can display various information (eg, multimedia data, text data) received from the above components.
  • Communication interface 170 can control a short range communication connection with another electronic device 102.
  • the communication interface 170 may stop a scanning operation of waiting for receiving a signal from a neighboring electronic device or stopping a broadcast operation of a broadcast signal.
  • the communication interface 170 stops waiting for a scan operation to receive a signal from a neighboring electronic device or a broadcast operation to stop the broadcast signal.
  • the communication interface 170 can control the period of the scanning or broadcast operation.
  • handset 100 can communicate with another electronic device using communication interface 170.
  • communication interface 170 can communicate with another electronic device 104, server 106, and the like.
  • Communication interface 170 can communicate with other electronic devices 104, servers 106, etc., either directly or through network 162.
  • communication interface 170 can operate to connect handset 100 to network 162.
  • FIG. 2 is a block diagram showing a configuration of a programming module in accordance with an embodiment of the present disclosure.
  • programming module 310 can be included (or stored) in handset 100 (e.g., memory 130) shown in FIG. At least a portion of programming module 310 can be implemented as software, firmware, hardware, or a combination of two or more of them.
  • Programming module 310 can be implemented as hardware (eg, hardware 201) and can include an OS that controls resources associated with an electronic device (eg, cell phone 100) and/or various applications (eg, applications 370) that are executed in the OS.
  • the OS can be Android, iOS, Windows, Symbian, Tizen, Bada, and the like.
  • programming module 310 can include kernel 320, middleware 330, API 360, and/or application 370.
  • Kernel 320 may include system resource manager 321 and/or device driver 323.
  • the system resource manager 321 can include a process manager (not shown), a memory manager (not shown), and a file system manager (not shown).
  • the system resource manager 321 can perform control, allocation, recovery, and the like of system resources.
  • the device driver 323 may include, for example, a display driver (not shown), a camera driver (not shown), a Bluetooth driver (not shown), a shared memory driver (not shown), a USB driver (not shown) And a keypad driver (not shown), a Wi-Fi driver (not shown), and/or an audio driver (not shown).
  • device driver 323 can include an interprocess communication (IPC) driver (not shown).
  • IPC interprocess communication
  • the middleware 330 may include a plurality of modules that are implemented in advance to provide functions shared by the application 370.
  • middleware 330 can provide functionality to application 370 via API 360 to enable application 370 to efficiently utilize limited system resources within the electronic device.
  • the middleware 330 eg, the middleware 132
  • the middleware 330 may include at least one of the following: a runtime library 335, an application manager 341, a window manager 342, a multimedia manager 343, a resource manager 344, and a power supply.
  • the runtime library 335 can include library modules, such as used by a compiler, to add new functionality by using a programming language during execution of the application 370. According to an embodiment disclosed herein, the runtime 335 can perform functions related to input and output, management of memory, arithmetic functions, and the like.
  • the application manager 341 can manage, for example, the lifecycle of at least one application 370.
  • Window manager 342 can manage graphical user interface (GUI) resources used on the screen.
  • GUI graphical user interface
  • the multimedia manager 343 can detect a format for reproducing various media files, and can encode or decode the media file by using a codec suitable for the relevant format.
  • the resource manager 344 can manage resources of at least one application 370, such as source code, memory, storage space, and the like.
  • the power manager 345 can operate with a basic input/output system (BIOS), can manage a battery or power source, and can provide power information for operation and the like.
  • Database manager 346 can manage the database in a manner that enables generation, searching, and/or changing of a database to be used by at least one application 370.
  • the package manager 347 can manage the installation and/or update of applications distributed in the form of package files.
  • Connection manager 348 can manage wireless connections such as Wi-Fi and BT.
  • the notification manager 349 can display or report events such as arrival messages, appointments, proximity alerts, etc. to the user in a manner that does not bother the user.
  • the location manager 350 can manage location information of the electronic device.
  • the graphics manager 351 can manage graphics effects to be provided to the user and/or UIs related to the graphics effects.
  • Security manager 352 can provide various security functions for system security, user authentication, and the like. According to an embodiment of the present disclosure, when an electronic device (eg, mobile phone 100) has a phone function, the middleware 330 may further include a phone manager (not shown) for managing voice phone call functions of the electronic device and/or Video call function.
  • the middleware 330 can generate and use a new middleware module through various functional combinations of the internal component modules described above.
  • the middleware 330 can provide modules specialized according to the type of OS to provide differentiated functions.
  • the middleware 330 can also dynamically delete some of the existing components, or can add new components. Accordingly, the middleware 330 may omit some of the elements described in the various embodiments disclosed herein, and may include other elements, or some of these elements may be replaced with elements that perform similar functions and have different names.
  • API 360 (eg API 133) is a collection of API programming functions and can have different configurations depending on the OS. In the case of, for example, Android or iOS, one API set can be provided to each platform. In the case of, for example, Tizen, two or more API sets can be provided to each platform.
  • Application 370 may include, for example, a preloaded application and/or a third party application.
  • Application 370 eg, application 134) may include, for example, home page application 371, dialing application 372, SMS/MMS application 373, IM application 374, browser application 375, camera application 376, alarm application 377, contact application 378, voice dialing application 379.
  • email application 380 calendar application 381, media player application 382, album application 383, clock application 384, and any other suitable and/or similar applications.
  • application 370 can be divided into sensitive applications and non-sensitive applications.
  • an application that accesses the above sensitive data during operation for example, the SMS/MMS application 373, the contact application 378, the email application 380, and the album application 383 in FIG. 2 can be used as a sensitive application.
  • the sensitive application can be triggered to access the corresponding sensitive data according to the input operation of the user.
  • Different keys for decrypting sensitive data are generally different.
  • picture A and picture B are marked as sensitive data.
  • picture 1 can be used to encrypt picture A into ciphertext 1, and when picture B is stored.
  • the picture B is encrypted into the ciphertext 2 using the key 2.
  • the key 1 needs to be obtained first, and then the ciphertext 1 of the picture A is decrypted by using the key 1, and the ciphertext 2 of the picture B needs to be obtained first. 2. Further decrypting the ciphertext 2 of picture B using key 2.
  • the key 1 and the key 2 can be maintained by the kernel 320 of the mobile phone 100, and the sensitive application of the application layer cannot directly obtain the key of the sensitive data.
  • the above-mentioned key used for encrypting sensitive data or decrypting sensitive data specifically includes a data encryption key (DEK) and/or a key encryption key (KEK), which is used in this embodiment of the present application. Do not make any restrictions.
  • the email application 380 when the user inputs a specific operation to trigger the email application 380 to access a certain sensitive data, the email application 380 can request the kernel 320 to access the sensitive data by calling the relevant API.
  • the kernel 320 may acquire a key used to encrypt the sensitive data and decrypt the ciphertext of the sensitive data using the key, thereby feeding back the decrypted sensitive data to the email application 380.
  • the email application 380 is enabled to access the sensitive data.
  • the mobile phone 100 when the mobile phone 100 is powered on, the user is generally required to input a password password previously set for the mobile phone 100, such as a digital password consisting of 6 digits. Further, the mobile phone 100 can generate keys of respective sensitive data through a specific algorithm according to the password password input by the user, and store the keys in the encrypted area of the memory 130 and be maintained by the kernel 320. In order to ensure the security of the mobile phone 100, the kernel 320 has the right to access the key in the encrypted area only after obtaining the verification information associated with the user's valid identity authentication information. Thus, while the email application 380 is running, the kernel 320 cannot decrypt sensitive data through the keys in the encrypted area.
  • the kernel 320 can access the key in the encrypted area using the preset verification information.
  • identity authentication information such as a digital password, fingerprint, or pattern password for the mobile phone 100
  • the kernel 320 can access the key in the encrypted area using the preset verification information.
  • the identity authentication information may also serve as the verification information.
  • the kernel 320 can obtain the corresponding verification according to the identity authentication information input when the user unlocks.
  • the information uses the verification information to copy the key generated at boot time from the encryption area in the cache area of the memory 130.
  • the kernel 320 has direct access to the keys in the cache area.
  • the kernel 320 The key of the sensitive data can be obtained from the cache area, thereby decrypting the sensitive data using the key, and feeding the decrypted sensitive data to the email application 380.
  • the terminal lock screen will trigger the kernel 320 to delete the key stored in the cache area, preventing malicious programs from accessing sensitive data if the legitimate user is not authorized to unlock.
  • the kernel 320 in the rich execution environment illustrates the maintenance process of the keys in the cache area.
  • a dedicated processor, a memory, and the like may be disposed in the terminal to construct a key protection system such as a trusted execution environment (Tee) or a secure element (SE).
  • Tee trusted execution environment
  • SE secure element
  • the user who operates the mobile phone 100 after the screen is unlocked is not necessarily a legitimate user.
  • the mobile phone 100 is borrowed or stolen by another person after the screen is unlocked.
  • the mobile phone 100 has stored the key for decrypting the sensitive data to the cache area, so that the unauthenticated illegal user can use the key to access the sensitive data when operating the mobile phone 100, thereby causing leakage of user information, etc. Security risks.
  • the legal user refers to a user who can pass the identity authentication measures preset by the terminal.
  • the identity authentication measures preset by the terminal are fingerprint identification and face recognition.
  • the fingerprint authenticated by the user is stored in the terminal in advance.
  • the user of the information and face information can be considered as a legitimate user of the terminal.
  • a legitimate user of a terminal may include one or more, and any user other than the legitimate user may be regarded as an illegal user of the terminal.
  • An illegal user can also be converted into a legitimate user after a certain identity authentication measure.
  • the embodiment of the present application does not impose any limitation on this.
  • the user of the operation terminal may continue to perform identity authentication, so that if the sensitive application running on the terminal requests access to the encrypted sensitive data, the terminal A key for decrypting sensitive data can be obtained when it is confirmed that the current user is a legitimate user, thereby using the key to access sensitive data.
  • the terminal can block the access request of the sensitive application by deleting the key of the sensitive data, or even forcibly shutting down the sensitive application or forcibly shutting down, and preventing the sensitive application from accessing the sensitive data of the user, thereby preventing the illegal user from acquiring the user when operating the terminal.
  • Sensitive data improves the security of the terminal.
  • the access right of the sensitive data is not solely dependent on the identity authentication performed by the user when the screen is unlocked, but the current user of the operation terminal can still be authenticated after unlocking the screen.
  • the user's sensitive data can be protected in real time according to the real-time identity authentication result, thereby reducing the risk of user information leakage.
  • the terminal when the terminal is in the lock screen state, the user may input identity authentication information, such as a fingerprint, a digital password, a pattern password, and the like. Further, the terminal may determine, according to the identity authentication information input by the terminal, whether the user is a legitimate user. When it is determined that the user is a legitimate user, the terminal can unlock the screen. After the screen is unlocked, the user can use the application and data installed in the terminal; correspondingly, when it is determined that the user is an illegal user, the terminal continues to maintain the lock screen state. Users cannot use the applications and data installed in the terminal while the screen is locked.
  • identity authentication information such as a fingerprint, a digital password, a pattern password, and the like.
  • the terminal may determine, according to the identity authentication information input by the terminal, whether the user is a legitimate user. When it is determined that the user is a legitimate user, the terminal can unlock the screen. After the screen is unlocked, the user can use the application and data installed in the terminal; correspondingly, when it is determined that the user is
  • the fingerprint of the user Sam used to unlock the screen is pre-stored in the terminal.
  • the terminal when the terminal is in the lock screen state, if Sam inputs the fingerprint on the fingerprint identification device 501 of the terminal (ie, identity authentication) Information), the terminal matches the fingerprint input by Sam with the pre-stored fingerprint.
  • the similarity between the two is greater than the threshold, it indicates that Sam is a legitimate user of the terminal, and therefore, the terminal can unlock the screen and restore the interactivity between the terminal screen and the user.
  • the desktop 502 of the terminal can be accessed, and the desktop 502 includes one or more installed applications.
  • the application that needs to access the user's sensitive data at runtime is a privacy application.
  • the user's sensitive data includes the user's email address
  • the application 503 named "mail" in FIG. 4 needs to obtain the sensitive data of the user's email address during the running process, so the application of the "mail" can be regarded as 503.
  • the application of the "mail" can be regarded as 503.
  • the terminal can continue to authenticate the current user of the operation terminal. For example, when the fingerprint recognition device is integrated on the display screen of the terminal, the terminal can periodically collect the fingerprint received on the display screen after the screen is unlocked. It is further determined whether the fingerprint matches the fingerprint of a legal user stored in advance. When the collected fingerprint matches the fingerprint of the legal user stored in advance, the current user is a legal user; otherwise, the current user is an illegal user.
  • the terminal when the terminal detects that the illegal user Tom attempts to open the sensitive application 503 of “mail”, the terminal may block the operation of opening the “mail” application 503 to prevent the sensitive data of the legitimate user from being leaked. And display the prompt 601 that the operation is invalid.
  • the middleware 330 or the kernel 320 of the terminal detects an illegal user requesting to open the operation of the "mail" application 503, the reporting to the "mail" application 503 in the application 370 may be stopped. The operation. Thus, the "mail" application 503 also does not respond to the open operation, making the operation of opening the "mail” application 503 invalid.
  • the middleware 330 or the kernel 320 of the terminal detects an illegal user requesting to open the operation of the "mail" application 503, the operation may continue to be reported to the "mail" application 503 in the application 370, and the "mail" application 503 is When the current user is confirmed to be an illegal user, the operation may not be responded, so that the operation of opening the "mail" application 503 is invalid.
  • the terminal may delete the acquired key for decrypting the sensitive data.
  • the "mail" application 503 acquires an operation by the illegal user requesting to open the "mail” application and responds to the open operation in accordance with the normal response flow, since the "mail" application 503 requests access to the sensitive data from the kernel 320, the kernel 320 The valid key for decrypting the sensitive data cannot be obtained, so the encrypted sensitive data cannot be decrypted, so that the sensitive data of the legitimate user is prevented from being leaked by the illegal user.
  • the terminal when the terminal detects that the illegal user Tom attempts to open the sensitive application 503 of "mail", the terminal may further perform identity authentication on the current user of the operating terminal. For example, in FIG. 6, the terminal displays a prompt 701 requesting the user to input a fingerprint for identity verification.
  • the terminal can open and operate the "mail" application 503 in response to Tom opening the "mail" application 503.
  • the manner in which the user is requested to input a fingerprint for identity authentication in FIG. 6 is only an example. It can be understood that when detecting an illegal user requesting access to sensitive data, for example, requesting to open a sensitive application, the terminal may set one or more identities.
  • the authentication mode authenticates the identity of the current user, and the embodiment of the present application does not impose any limitation on this.
  • the terminal may set an application that includes more sensitive data to the first application with higher sensitivity level, and an application that includes less sensitive data to the second application with lower sensitivity level.
  • the terminal can identify whether the current user is a legitimate user by using multiple identity authentication methods, for example, requiring the user to simultaneously perform the user. Face recognition and iris recognition.
  • the terminal can identify whether the current user is the current one or only through an identity authentication method, such as authenticating the user's fingerprint.
  • an identity authentication method such as authenticating the user's fingerprint.
  • the present application provides various implementation manners to implement the function of rejecting unauthorized users to access sensitive data as shown in FIG. 5-6.
  • the terminal may be triggered to perform two operations.
  • the triggering terminal saves the key in the encrypted area to a cache area directly accessible by the kernel 320.
  • the second is to trigger the terminal to perform real-time authentication on the identity of the current user.
  • the terminal may obtain the verification information of the access encryption area according to the identity authentication information input by the user when unlocking, and then use the verification information to copy from the encrypted area of the terminal memory.
  • the terminal can authenticate the identity of the current user based on the user behavioral pattern of the user. For example, the terminal can collect user behaviors of legitimate users over a period of time (eg, frequency, amplitude of tapping the screen, frequency of use of each application, time, posture of the holding terminal, speed of movement or acceleration, etc.), through machine learning Algorithms such as artificial intelligence learn and judge the behavior characteristics of legitimate users (for example, touch screen pressure, moving acceleration, etc.). In this way, after the screen is unlocked, the terminal can collect the user behavior of the current user. If the user behavior of the current user matches the behavior of the legitimate user, the current user can be determined to be a legitimate user. Otherwise, the current user can be determined to be an illegal user.
  • the terminal can collect user behaviors of legitimate users over a period of time (eg, frequency, amplitude of tapping the screen, frequency of use of each application, time, posture of the holding terminal, speed of movement or acceleration, etc.), through machine learning Algorithms such as artificial intelligence learn and judge the behavior characteristics of legitimate
  • the real-time authentication of the identity of the current user by the terminal may be periodic or non-periodic, and the embodiment of the present application does not impose any limitation on this.
  • the terminal may delete the key stored in the cache area in order to prevent the illegal user from triggering the sensitive application to use the key in the cache area to access the sensitive data.
  • the terminal may delete the key stored in the cache area in order to prevent the illegal user from triggering the sensitive application to use the key in the cache area to access the sensitive data.
  • the terminal detects the request of the illegal user to access the sensitive data, for example, when the illegal user Tom requests to open the sensitive application "mail" 503
  • the sensitive application cannot obtain a valid key to decrypt the sensitive data, thereby making the access sensitive. The request for data failed.
  • the terminal may be triggered to perform two operations.
  • the trigger terminal saves the key in the encrypted area to the cache that the kernel 320 can directly access.
  • the second is to trigger the terminal to perform real-time authentication on the identity of the current user.
  • the terminal determines that the current user is an illegal user, the key stored in the cache area for decrypting sensitive data is not immediately deleted. Because the illegal user does not necessarily access the sensitive data in the terminal when operating the terminal. For example, when the illegal user Tom borrows the terminal of the legitimate user Sam, the sensitive data such as Sam's mail is generally not viewed.
  • the terminal can query the identity authentication result of the current user when receiving the request for accessing the sensitive data. If the identity authentication result indicates that the current user is an illegal user, the terminal may delete the key stored in the cache area.
  • the terminal when the terminal detects the request for accessing the sensitive data and determines that the current user is an illegal user, the terminal is triggered to delete the key stored in the cache area, so that the terminal does not frequently delete the key in the cache area. Then, in the scenario where the illegal user uses the terminal but does not access the sensitive data, the key of the sensitive data is still retained in the cache area, so that the subsequent legitimate user does not need to authenticate the identity when requesting access to the sensitive data on the terminal, and After the authentication is passed, the password of the encryption area is copied to the cache area.
  • the terminal after the screen is unlocked, the terminal does not need to perform real-time authentication on the identity of the current user, but when the user is requested to access the sensitive data, the terminal is triggered to authenticate the identity of the current user, thereby Reduce the amount of power consumed due to real-time identity authentication.
  • the terminal after the screen is unlocked, the terminal does not need to perform real-time authentication on the identity of the current user, but when the user is requested to access the sensitive data, the terminal is triggered to authenticate the identity of the current user, thereby Reduce the amount of power consumed due to real-time identity authentication.
  • the terminal obtains the verification information of the access encryption area according to the identity authentication information input by the user when unlocking, and uses the verification information to obtain a key for decrypting the sensitive data from the encryption area, and further Store the key in the cache area. Subsequently, when the terminal detects that the user requests to access the sensitive data, for example, when the user Tom opens the sensitive application "mail" 503, the terminal may be triggered to authenticate the identity of the current user Tom.
  • the terminal can delete the key stored in the cache area.
  • the kernel cannot obtain a valid key to decrypt the sensitive data, thereby causing the above request to access sensitive data to fail.
  • the terminal can obtain a key for decrypting sensitive data from the cache area, and then use the key to access the encrypted sensitive data.
  • the terminal unlocking screen and the terminal storing the key of the sensitive data to the cache area may be Does not have an association.
  • the terminal when the screen is unlocked, the terminal can be triggered to perform real-time authentication on the identity of the current user. Then, when the terminal detects that the user requests access to the sensitive data, the terminal can confirm the current user according to the identity authentication result obtained last time. Legal or illegal user.
  • the terminal may require the user to input the identity authentication information, and then obtain the verification information of the access encryption area according to the identity authentication information, so as to obtain the key used to decrypt the sensitive data from the encryption area by using the verification information. And store the key in the cache area. In this way, the terminal can use the key to access the encrypted sensitive data.
  • the terminal may prompt the current user to re-authenticate the identity. If the authentication is passed, the terminal may use the corresponding verification information to obtain a key for decrypting the sensitive data from the encryption area to access the sensitive data. Otherwise, the terminal does not respond to the request for accessing the sensitive data, and avoids the legitimate user. Sensitive data is leaked by illegal users.
  • the terminal may also authenticate the current user behavior according to the manner in which the user holds the terminal in the state of the information screen or the black screen. The identity of the user. Therefore, the above method of accessing sensitive data does not need to depend on the condition that the screen is in an unlocked state.
  • the terminal can perform real-time authentication on the identity of the current user. For example, when the screen is lit, the terminal can be triggered to start real-time authentication of the identity of the current user. Then, when the terminal determines that the current user is a legitimate user, or the terminal determines that the current user is a legitimate user, and detects that the legitimate user requests to access the sensitive data, the terminal may be triggered to save the key in the encrypted area to the kernel 320 for direct access. In the cache area.
  • the terminal when the terminal determines that the current user is an illegal user, or the terminal determines that the current user is an illegal user, and detects that the illegal user requests to access the sensitive data, the terminal may be triggered to delete the key in the cache area, and prompt the current user to re-create the key. Certified identity.
  • the terminal may also delete the key in the cache area, for example, the preset time is not received after the screen screen or the black screen.
  • the terminal is triggered to delete the key in the cache area, so that the malicious program can automatically access the sensitive data of the user through the key in the cache area.
  • the terminal refuses to access the sensitive application by the illegal user as an example, and describes a specific implementation manner in which the terminal refuses to access the sensitive data by the illegal user. It can be understood that the terminal can also refuse to access the sensitive data by the illegal user by denying the illegal user access to a certain function, a service or a window involving sensitive data in the sensitive application.
  • the window of the sensitive application "WeChat” containing user sensitive data is: a chat window when chatting with a friend. Then, after the screen is unlocked, the illegal user Tom can still open the "WeChat” application, and then, when the terminal detects that the illegal user Tom requests to open a certain window, for example, the illegal user Tom clicks on the chat window with Sara in FIG.
  • the request contains the identity of the chat window (eg, the activity name of the window), so the terminal can determine that the type of the window is a chat window involving sensitive data.
  • the terminal can block the operation of the illegal user Tom to open the chat window with Sara, for example, deleting the key of the sensitive data in the cache area, and the like.
  • the terminal may display a prompt 801 for further identity authentication of the current user. If the authentication is passed, the terminal can display a chat window with Sara in response to opening the chat window with Sara.
  • multiple identity authentication methods may be used to authenticate the identity of the current user.
  • the terminal may prompt the user to perform face recognition and fingerprint recognition simultaneously to verify the identity. This is because, after the terminal is stolen by an illegal user, the probability that the illegal user obtains multiple authentication information of the legitimate user is small. Therefore, using multiple identity authentication methods can reduce the identity verification information of the legitimate user by stealing the legitimate user. The chance of leaking sensitive data.
  • the terminal may also reject the illegal user by masking the sensitive data. Access sensitive data itself.
  • the sensitive data contained in the sensitive application "WeChat” is the telephone number "130-3292-0112". Then, when detecting that the illegal user Tom requests to open the chat window containing the sensitive data, the terminal may perform mask processing on the sensitive data "130-3292-0112" to display the masked sensitive data 901, that is, "** *-****-****". In this way, as shown in FIG. 13A, although the terminal opens the chat window containing the sensitive data, the sensitive data in the chat window has been anonymized by the mask processing, so that the illegal user cannot obtain the real sensitive data, thereby avoiding the legitimate user. Sensitive data is leaked by illegal users.
  • the terminal marks the Word file as sensitive data when storing the Word file named "August Report", and stores the Word file using a certain encryption algorithm. Then, when it is detected that the current user is an illegal user, the terminal may delete the key in the cache area for decrypting the Word file. At this time, as shown in FIG. 13B, the terminal can hide the related information of the Word file 902 using a certain encryption form when displaying the Word file 902. When it is detected that the illegal user Tom requests to open the Word file 902, since the terminal cannot obtain the key of the Word file 902, the "WeChat” application cannot acquire the decrypted Word file 902. At this time, as shown in FIG. 13B, the terminal can further determine whether the current user has the right to access the Word file 902 by verifying the identity authentication manner such as the power-on password.
  • the terminal may display a prompt that the terminal is operated by an illegal user by using various methods.
  • the terminal may prompt the user by text: the user currently operating the terminal is an illegal user; or, as shown in (b) of FIG. 14, the terminal may be forced to shut down or forcibly closed.
  • the method of the sensitive application of the sensitive data prompts the user that the user of the current operation terminal is an illegal user; or, as shown in (c) of FIG. 14, when the terminal detects that the user of the current operation terminal is an illegal user, the terminal may further Set permissions to open access to sensitive data to unauthorized users.
  • the timing at which the terminal prompts the terminal to be operated by the illegal user may be triggered when the terminal determines that the current user is an illegal user, or may be triggered when the terminal determines that the illegal user requests to access the sensitive data of the legal user. There are no restrictions on this.
  • the terminal may enter the access sensitive to the illegal user.
  • Data permission setting interface if the illegal user currently operating the terminal desires to obtain the right to access the sensitive data, for example, when the terminal detects that the illegal user clicks the setting option shown in (c) of FIG. 14, the terminal may enter the access sensitive to the illegal user. Data permission setting interface.
  • a time limit for allowing an unauthorized user to access sensitive data can be further set, for example, setting an illegal user to access the above sensitive data within 20 minutes.
  • the terminal may delete the key stored in the cache area for decrypting the sensitive data, so that the illegal user cannot continue to use the key to access the sensitive data.
  • the terminal may further authenticate the identity of the current user. If the current user has changed from the illegal user to the legitimate user, the terminal does not need to delete the key stored in the cache area. Otherwise, if the current user is still an illegal user, the terminal may delete the key stored in the cache area, so that the illegal user cannot continue to use the key to access the sensitive data.
  • the terminal detects that the user of the operation terminal changes from the illegal user to the legal user, for example, as shown in FIG. 16, the illegal user Tom operates the terminal for a period of time and then hands the terminal to its legitimate user Sam for use.
  • Sam-based user behavior determines that the current user is a legitimate user.
  • the terminal has deleted the key for accessing the sensitive data from the cache area when the terminal detects that the illegal user Tom operates the terminal, so the terminal can automatically copy the key to the cache area from the encrypted area of the memory at this time, thereby recovering.
  • the legitimate user Sam has access to sensitive data, and does not need the legitimate user Sam to perform identity authentication again.
  • the terminal may prompt the user to restore the access rights of the legitimate user to the sensitive data, and the legitimate user may use the key to access the sensitive data.
  • the user can open the control 1001 in the setting interface of the terminal to enable the access protection function for the above sensitive data. Further, after the terminal enables the protection function, the user may further set which applications or which functions of the application are generated when the data is sensitive data, and then the subsequent detection of the user request to open the applications or the functions may be performed by the foregoing embodiment.
  • the data access method protects sensitive data.
  • the user can also set the specific authentication method when the illegal user accesses the above sensitive data, and which users are used as legitimate users with access to the above sensitive data.
  • At least one application may be set as a sensitive application with an application granularity. Then, when the subsequent terminal detects that the illegal user accesses the sensitive application set by the user, the unauthorized user can be denied access to the encrypted sensitive data by using the data access method provided in the foregoing embodiment.
  • the user can also set specific sensitive data according to the window type, service type or data type in the application. When the user sets the window type and service type, the terminal recognizes the required access of the type window or service that is set. Data, set it to sensitive data.
  • the embodiment of the present application does not impose any restrictions on how to set sensitive data.
  • the user when setting a specific verification mode, can set one or more verification methods to verify the identity of the user requesting access to the sensitive data.
  • the user sets multiple authentication modes if the terminal detects that the illegal user accesses the sensitive data, the user needs to pass each authentication mode that has been set to access the sensitive data.
  • the terminal can also authenticate the identity of the current user. If the current user is an illegal user, the terminal may prohibit the illegal user from setting various protection functions of the sensitive data. In other words, this setting takes effect only when a legitimate user sets the protection functions of the above sensitive data. This prevents unauthorized users from gaining access to sensitive data by modifying the above setting options.
  • the terminal after the terminal unlocks the screen, the current user may continue to be authenticated based on the user's behavior on the terminal. Then, in other implementation manners of the present application, the terminal may further determine access rights to different data or applications in the memory according to the identity authentication result of the current user.
  • the terminal when the terminal detects that the current user is a legitimate user, the terminal may set the terminal to have access to all data (for example, sensitive data and non-sensitive data) stored by the terminal.
  • all data for example, sensitive data and non-sensitive data
  • the terminal can only set the terminal to have access rights to the non-sensitive data stored therein, that is, the terminal cannot read the stored sensitive data at this time.
  • the terminal marks the Word file as sensitive data when storing a Word file named "August Report". Subsequently, when the legitimate user Sam opens the chat record containing the sensitive data, since the terminal has access rights to all sensitive data at this time, the terminal can display the decrypted Word file by acquiring the key of the Word file. Correspondingly, when the illegal user Tom opens the chat record containing the above sensitive data, since the terminal has only access rights to the non-sensitive data at this time, that is, the terminal cannot perceive the Word file, the terminal displays the chat record with Sara. Does not include the Word file.
  • the terminal can also be applied as a granularity to set the access rights of the terminal. For example, when the terminal detects that the current user is a legitimate user, the terminal can be set to have access rights to both the sensitive application and the non-sensitive application. When the terminal detects that the current user is an illegal user, the terminal can be set to have access only to non-sensitive applications that do not need to access sensitive data.
  • the three applications "contact”, “short message”, and “mail” need to access the user's sensitive data at runtime, so these three applications can be set as sensitive applications.
  • the terminal can display icons of all installed applications on the desktop.
  • the terminal has access to the non-sensitive application at this time. Therefore, the terminal cannot obtain related information of the sensitive application when displaying the desktop, and cannot display the icon of the sensitive application.
  • the above terminal and the like include hardware structures and/or software modules corresponding to each function.
  • the embodiments of the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the embodiments of the present application.
  • the embodiment of the present application may perform the division of the function modules on the terminal or the like according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one processing module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present application is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • FIG. 21 is a schematic diagram showing a possible structure of a terminal involved in the foregoing embodiment, where the terminal includes: an authentication unit 2101, an obtaining unit 2102, a response unit 2103, and The unit 2104 and the display unit 2105 are deleted.
  • the authentication unit 2101 is configured to automatically perform identity authentication on the current user of the operation terminal, and the obtaining unit 2102 is configured to obtain a request for sensitive application to access sensitive data, where the sensitive data is encrypted by using a key.
  • the sensitive application is an application that needs to access the sensitive data at the runtime; the response unit 2103 is configured to provide an access result to the sensitive application, where, when the result of the identity authentication is that the current user is an illegal user, the access result is Does not include this sensitive data.
  • the deleting unit 2104 is configured to delete the key used to decrypt the sensitive data.
  • the obtaining unit 2102 is further configured to: when the terminal is powered on, generate the key for unlocking the sensitive data; store the key in an encrypted area protected by an encryption algorithm.
  • the obtaining unit 2102 is further configured to: when the screen of the terminal is unlocked, acquire verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or the verification information is preset by the terminal.
  • the key stored in the encrypted area is saved to the cache area using the check information.
  • the obtaining unit 2102 is further configured to: if the result of the identity authentication is that the current user is a legitimate user, obtain verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or The verification information is preset by the terminal; the verification key is used to save the key stored in the encryption area to the cache area.
  • the deleting unit 2104 is specifically configured to delete the key stored in the cache area.
  • the obtaining unit 2102 is specifically configured to: if detecting that the current user opens the sensitive application, acquiring a request for the sensitive application to access the sensitive data; or; if detecting that the current user opens the target in the sensitive application
  • the operation of the application interface obtains a request for the sensitive application to access the sensitive data
  • the target application interface is an application interface that includes the sensitive data.
  • the authentication unit 2101 is specifically configured to: automatically acquire the user behavior when the current user operates the terminal; and authenticate the identity of the current user by comparing the behavior of the user with the behavior characteristics of the pre-stored legal user.
  • the display unit 2105 is configured to display a first interface that does not include the sensitive data.
  • the obtaining unit 2102 is further configured to: obtain the authorization of the legal user to open the unauthorized user access authority; and obtain the effective duration of the illegal user accessing the sensitive data. .
  • the display unit 2105 is further configured to display, during the valid duration, a second interface that includes the sensitive data, if an illegal user is requested to access the sensitive data, and if an illegal user is detected after the valid duration is exceeded Requesting access to the sensitive data displays a first interface that does not contain the sensitive data.
  • the authentication unit 2101 is configured to automatically perform identity authentication on the current user of the operation terminal
  • the display unit 2105 is configured to: if the result of the identity authentication is that the current user is an illegal user, display The first interface, the first interface does not include the sensitive data or a sensitive application that needs to access the sensitive data at runtime; if the result of the identity authentication is that the current user is a legitimate user, the second interface is displayed, and the second interface includes the sensitive Sensitive applications that require access to sensitive data at the data or runtime.
  • FIG. 22 a possible structural diagram of the terminal involved in the foregoing embodiment is shown, including a processing module 2201, a storage module 2202, an output module 2203, and an input module 2204. .
  • the processing module 2201 is configured to control and manage the action of the terminal.
  • the input module 2204 is configured to support information interaction between the terminal and the user.
  • the storage module 2202 is configured to save program codes and data of the terminal.
  • the output module 2204 is for outputting information input by the user or information provided to the user and various menus of the terminal.
  • the processing module 2201 can correspond to the functions of the foregoing authentication unit 2101, the response unit 2103, and the deletion unit 2104, the output module 2203 can correspond to the function of the display unit 2105, and the input module 2204 can correspond to the function of the obtaining unit 2102. .
  • the processing module 2201 may be a processor or a controller, such as a central processing unit (CPU), a GPU, a general-purpose processor, a digital signal processor (DSP), and an application specific integrated circuit ( Application-Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the storage module 2202 may be a memory, which may include a high speed random access memory (RAM), and may also include a nonvolatile memory such as a magnetic disk storage device, a flash memory device, or other volatile solid state storage device.
  • RAM high speed random access memory
  • nonvolatile memory such as a magnetic disk storage device, a flash memory device, or other volatile solid state storage device.
  • the output module 2203 can be a display, a speaker or a headphone, etc., and is exemplified by a display.
  • the display can be configured in the form of a liquid crystal display, an organic light emitting diode or the like.
  • a touch panel can be integrated on the display for collecting touch events on or near the display, and transmitting the collected touch information to other devices (such as a processor, etc.).
  • the input module 2204 can be a touch screen, a transceiver circuit, a Bluetooth device, a Wi-Fi device, a peripheral interface, or the like for inputting user input.
  • the terminal provided by the embodiment of the present application may be the mobile phone shown in FIG. 100.
  • the computer program product includes one or more computer instructions.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • the computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media.
  • the usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a solid state disk (SSD)).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)

Abstract

Embodiments of the present application provide a data access method and device, relating to the technical field of communications. The method reduces risk of a user information leak, and improves security of a terminal. The method comprises: a terminal automatically performing identity authentication on a current user operating the terminal; the terminal obtaining a request of a sensitive application to access sensitive data, the sensitive data having been encrypted by means of a key, and the sensitive application being an application needing to access the sensitive data during operation; and in response to the request, the terminal providing an access result to the sensitive application, wherein if the result of the identity authentication is that the current user is an unauthorized user, the access result does not comprise the sensitive data.

Description

一种数据访问方法及装置Data access method and device 技术领域Technical field
本申请实施例涉及通信技术领域,尤其涉及一种数据访问方法及装置。The embodiments of the present invention relate to the field of communications technologies, and in particular, to a data access method and apparatus.
背景技术Background technique
手机、平板电脑等终端内的数据(例如应用、照片等)通常以文件的形式存储在终端的存储器中。对于用户较为敏感的数据,例如用户的通话记录、转账信息、应用的账号和密码等,终端可以使用一定加密算法对这些敏感数据加密后进行存储。那么,当终端需要访问上述敏感数据时,需要先获取用于解密敏感数据的密钥,进而使用该密钥访问被加密的敏感数据。Data (such as applications, photos, etc.) in terminals such as mobile phones and tablets are usually stored in the form of files in the memory of the terminal. For data sensitive to the user, such as the user's call record, transfer information, application account and password, etc., the terminal may encrypt and store the sensitive data using a certain encryption algorithm. Then, when the terminal needs to access the above sensitive data, it is necessary to first obtain a key for decrypting the sensitive data, and then use the key to access the encrypted sensitive data.
通常,当终端的屏幕从锁定状态进入解锁状态时,需要通过指纹、人脸或密码等认证方式。对当前操作的用户身份进行认证。若认证通过,则可认为当前操作终端的用户为合法用户,那么终端可自动生成用于解密敏感数据的密钥并存储在缓存中,等待用户触发终端访问敏感数据时,终端可从缓存中获取该密钥从而成功访问到敏感数据。Generally, when the screen of the terminal enters the unlocked state from the locked state, an authentication method such as a fingerprint, a face or a password is required. Authenticate the user identity of the current operation. If the authentication succeeds, the user of the current operation terminal is considered to be a legitimate user, and the terminal can automatically generate a key for decrypting the sensitive data and store it in the cache. When the user triggers the terminal to access the sensitive data, the terminal can obtain the password from the cache. This key thus successfully accesses sensitive data.
然而,终端屏幕解锁后操作终端的用户不一定是经过终端认证的合法用户,例如终端屏幕解锁后被其他人借用或盗抢。但此时终端已经生成可用于解密敏感数据的密钥,这就使得未经过终端认证的非法用户也可以使用该密钥访问上述敏感数据,造成用户信息泄露等安全隐患。However, after the terminal screen is unlocked, the user who operates the terminal is not necessarily a legitimate user authenticated by the terminal. For example, after the terminal screen is unlocked, it is borrowed or stolen by others. However, at this time, the terminal has generated a key that can be used to decrypt the sensitive data, so that the illegal user who has not passed the terminal authentication can also use the key to access the sensitive data, resulting in security risks such as user information leakage.
发明内容Summary of the invention
本申请的实施例提供一种数据访问方法及装置,可降低用户信息泄露的风险,提高终端的安全性。The embodiment of the present application provides a data access method and device, which can reduce the risk of user information leakage and improve the security of the terminal.
为达到上述目的,本申请的实施例采用如下技术方案:To achieve the above objective, the embodiment of the present application adopts the following technical solutions:
第一方面,本申请的实施例提供一种数据访问方法,包括:终端可自动对操作终端的当前用户进行身份认证;后续,当终端获取到敏感应用访问敏感数据(敏感数据已使用密钥被加密)的请求时,;响应于该请求,终端可根据身份认证的结果向该敏感应用提供访问结果,其中,当该身份认证的结果为该当前用户为非法用户时,该访问结果中不包该含敏感数据。In a first aspect, an embodiment of the present application provides a data access method, including: the terminal can automatically perform identity authentication on a current user of the operation terminal; and subsequently, when the terminal acquires sensitive application access sensitive data (the sensitive data has been used by the key is In response to the request, the terminal may provide an access result to the sensitive application according to the result of the identity authentication, wherein when the result of the identity authentication is that the current user is an illegal user, the access result is not included in the access result. This contains sensitive data.
可以看出,在本申请实施例中,终端对敏感数据的访问权限不是单一的依赖于解锁屏幕时对用户进行的身份认证,而是在亮屏或解锁屏幕后仍可对操作终端的当前用户进行持续身份认证,这样可根据实时的身份认证结果对用户的敏感数据进行实时保护,从而避免非法用户操作终端时访问到合法用户的敏感数据,提高了终端的安全性。It can be seen that, in the embodiment of the present application, the access authority of the terminal to the sensitive data is not solely dependent on the identity authentication performed by the user when the screen is unlocked, but the current user of the operation terminal may still be displayed after the screen is opened or the screen is unlocked. Continuous identity authentication is performed, so that the user's sensitive data can be protected in real time according to the real-time identity authentication result, thereby preventing the illegal user from accessing the sensitive data of the legitimate user when operating the terminal, thereby improving the security of the terminal.
在一种可能的设计方法中,在终端自动对操作终端的当前用户进行身份认证之后,且在终端获取敏感应用访问敏感数据的请求之前,还包括:若该身份认证的结果为该当前用户为非法用户,则终端删除用于解密该敏感数据的该密钥。In a possible design method, after the terminal automatically authenticates the current user of the operation terminal, and before the terminal obtains the request of the sensitive application to access the sensitive data, the method further includes: if the result of the identity authentication is the current user If the user is an illegal user, the terminal deletes the key used to decrypt the sensitive data.
在一种可能的设计方法中,在终端获取敏感应用访问敏感数据的请求之后,且在终端向该敏感应用提供第一访问结果之前,还包括:若该身份认证的结果为该当前用户为非法用户,则终端删除用于解密该敏感数据的该密钥。In a possible design method, after the terminal obtains the request for the sensitive application to access the sensitive data, and before the terminal provides the first access result to the sensitive application, the method further includes: if the result of the identity authentication is that the current user is illegal The user deletes the key used to decrypt the sensitive data.
也就是说,可以在终端检测到非法用户操作终端时,通过删除密钥的方式阻止敏 感应用访问敏感数据,也可以在终端检测到非法用户触发敏感应用请求访问敏感数据时,通过删除密钥的方式阻止敏感应用访问敏感数据。That is to say, when the terminal detects that the illegal user operates the terminal, the sensitive application can be prevented from accessing the sensitive data by deleting the key, and the terminal can also delete the key when the terminal detects that the illegal user triggers the sensitive application to request access to the sensitive data. Ways to prevent sensitive applications from accessing sensitive data.
在一种可能的设计方法中,该方法还包括:在终端开机时,终端可生成用于解锁该敏感数据的该密钥;并将该密钥存储在受加密算法保护的加密区域。加密区域中的密钥只有在获取到与用户有效的身份认证信息关联的校验信息后才允许被访问。In a possible design method, the method further includes: when the terminal is powered on, the terminal may generate the key for unlocking the sensitive data; and store the key in an encrypted area protected by an encryption algorithm. The key in the encryption zone is allowed to be accessed only after obtaining the verification information associated with the user's valid identity authentication information.
那么,在终端的屏幕解锁时,终端可获取与用户输入的身份认证信息相关联的校验信息,进而使用该校验信息将该加密区域中存储的该密钥保存至缓存区域中。当然,如果用户没有为终端设置身份认证信息,则该校验信息可以为终端预先设置。Then, when the screen of the terminal is unlocked, the terminal may acquire verification information associated with the identity authentication information input by the user, and then use the verification information to save the key stored in the encrypted area to the cache area. Of course, if the user does not set identity authentication information for the terminal, the verification information may be preset for the terminal.
又或者,当上述身份认证的结果说明当前用户为合法用户时,则终端可获取上述校验信息,并使用该校验信息将该加密区域中存储的该密钥保存至缓存区域中。Alternatively, when the result of the identity authentication indicates that the current user is a legitimate user, the terminal may obtain the verification information, and use the verification information to save the key stored in the encryption area to the cache area.
此时,终端删除用于解密该敏感数据的该密钥时,具体删除的是位于该缓存区域中的密钥。At this time, when the terminal deletes the key for decrypting the sensitive data, the key that is located in the cache area is specifically deleted.
在一种可能的设计方法中,终端获取敏感应用访问敏感数据的请求,具体包括:若检测到该当前用户打开敏感应用的操作,则终端获取到该敏感应用访问该敏感数据的请求;或者;若检测到该当前用户打开该敏感应用中目标应用界面(该目标应用界面为包含该敏感数据的应用界面)的操作,则终端获取到该敏感应用访问该敏感数据的请求。In a possible design method, the terminal obtains a request for the sensitive application to access the sensitive data, and specifically includes: if the current user opens the operation of the sensitive application, the terminal acquires the request of the sensitive application to access the sensitive data; or If it is detected that the current user opens the target application interface in the sensitive application (the target application interface is an application interface that includes the sensitive data), the terminal acquires a request for the sensitive application to access the sensitive data.
在一种可能的设计方法中,终端自动对操作终端的当前用户进行身份认证,具体包括:终端自动获取当前用户操作终端时的用户行为;终端通过对比该用户行为与预先存储的合法用户的行为特征,认证该当前用户的身份,从而实现对当前用户身份的实时认证过程。In a possible design method, the terminal automatically authenticates the current user of the operation terminal, which specifically includes: the terminal automatically acquires the user behavior when the current user operates the terminal; and the terminal compares the behavior of the user with the behavior of the pre-stored legal user. The feature authenticates the identity of the current user, thereby implementing a real-time authentication process for the current user identity.
在一种可能的设计方法中,在终端向该敏感应用提供访问结果之后,还包括:终端显示不包含该敏感数据的第一界面。In a possible design method, after the terminal provides the access result to the sensitive application, the method further includes: the terminal displaying the first interface that does not include the sensitive data.
其中,上述第一界面中可以包括访问请求无效的提示、输入身份认证信息的提示、经过掩码处理后的该敏感数据或向非法用户开放访问权限的提示。The first interface may include a prompt for invalidation of the access request, a prompt for inputting the identity authentication information, the sensitive data after the mask processing, or a prompt for opening the access right to the illegal user.
当第一界面中包括向非法用户开放访问权限的提示时,在终端显示不包含该敏感数据的第一界面之后,还可以包括:终端获取合法用户对开放非法用户访问权限的授权;终端获取该非法用户访问该敏感数据的有效时长。After the first interface includes the prompt for opening the access right to the unauthorized user, after the terminal displays the first interface that does not include the sensitive data, the terminal may further include: the terminal acquiring the authorization of the legal user to open the unauthorized user access right; the terminal acquiring the The length of time an illegal user can access the sensitive data.
在一种可能的设计方法中,在上述有效时长内,若检测到非法用户请求访问该敏感数据,则终端显示包含该敏感数据的第二界面;当超出上述有效时长后,若检测到非法用户请求访问该敏感数据,则终端显示不包含该敏感数据的第一界面。In a possible design method, if an illegal user is requested to access the sensitive data within the valid duration, the terminal displays a second interface that includes the sensitive data; if the illegal user is detected after the valid duration is exceeded, When requesting access to the sensitive data, the terminal displays a first interface that does not include the sensitive data.
第二方面,本申请的实施例提供一种数据访问方法,包括:终端自动对操作终端的当前用户进行身份认证;若该身份认证的结果为该当前用户为非法用户,则终端仅对存储的非敏感数据具有访问权限,此时,终端无法读取到已存储的敏感数据,因此终端显示的第一界面中不包含该敏感数据或运行时需要访问该敏感数据的敏感应用;若该身份认证的结果为该当前用户为合法用户,则终端对存储的敏感数据和非敏感数据均具有访问权限,此时,终端显示的第二界面中包含该敏感数据或运行时需要访问该敏感数据的敏感应用。In a second aspect, an embodiment of the present application provides a data access method, including: the terminal automatically performs identity authentication on a current user of the operation terminal; if the result of the identity authentication is that the current user is an illegal user, the terminal only stores the The non-sensitive data has access rights. At this time, the terminal cannot read the stored sensitive data. Therefore, the first interface displayed by the terminal does not include the sensitive data or a sensitive application that needs to access the sensitive data at runtime; if the identity authentication The result is that the current user is a legitimate user, and the terminal has access rights to the stored sensitive data and non-sensitive data. At this time, the second interface displayed by the terminal includes the sensitive data or the sensitivity of the runtime to access the sensitive data. application.
第三方面,本申请的实施例提供一种终端,包括:认证单元,用于自动对操作终 端的当前用户进行身份认证;获取单元,用于获取敏感应用访问敏感数据的请求,该敏感数据已使用密钥被加密,该敏感应用为运行时需要访问该敏感数据的应用;响应单元,用于向该敏感应用提供访问结果,其中,当该身份认证的结果为该当前用户为非法用户时,该访问结果中不包该含敏感数据。In a third aspect, an embodiment of the present application provides a terminal, including: an authentication unit, configured to automatically perform identity authentication on a current user of an operation terminal, and an obtaining unit, configured to acquire a request for sensitive application to access sensitive data, where the sensitive data has been The sensitive application is an application that needs to access the sensitive data at the runtime; the response unit is configured to provide an access result to the sensitive application, wherein when the result of the identity authentication is that the current user is an illegal user, This access result does not include the sensitive data.
在一种可能的设计方法中,终端还包括删除单元,当该身份认证的结果为该当前用户为非法用户时,该删除单元用于删除用于解密该敏感数据的该密钥。In a possible design method, the terminal further includes a deleting unit, and when the result of the identity authentication is that the current user is an illegal user, the deleting unit is configured to delete the key used to decrypt the sensitive data.
在一种可能的设计方法中,该获取单元还用于:在终端开机时,生成用于解锁该敏感数据的该密钥;将该密钥存储在受加密算法保护的加密区域。In a possible design method, the obtaining unit is further configured to: when the terminal is powered on, generate the key for unlocking the sensitive data; store the key in an encrypted area protected by an encryption algorithm.
在一种可能的设计方法中,该获取单元还用于:在终端的屏幕解锁时,获取校验信息,该校验信息与屏幕解锁时终端获取的身份认证信息相关联,或者,该校验信息为终端预先设置的;使用该校验信息将该加密区域中存储的该密钥保存至缓存区域中。In a possible design method, the obtaining unit is further configured to: when the screen of the terminal is unlocked, acquire verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or the verification The information is preset for the terminal; the key stored in the encrypted area is saved to the cache area using the verification information.
在一种可能的设计方法中,该获取单元还用于:若该身份认证的结果为该当前用户为合法用户,则获取校验信息,该校验信息与屏幕解锁时终端获取的身份认证信息相关联,或者,该校验信息为终端预先设置的;使用该校验信息将该加密区域中存储的该密钥保存至缓存区域中。In a possible design method, the obtaining unit is further configured to: if the result of the identity authentication is that the current user is a legitimate user, obtain verification information, and the verification information and the identity authentication information acquired by the terminal when the screen is unlocked Correspondingly, the verification information is preset by the terminal; using the verification information, the key stored in the encryption area is saved in the cache area.
在一种可能的设计方法中,删除单元,具体用于删除该缓存区域中存储的该密钥。In a possible design method, the unit is deleted, specifically for deleting the key stored in the cache area.
在一种可能的设计方法中,该获取单元具体用于:若检测到该当前用户打开该敏感应用的操作,则获取到该敏感应用访问该敏感数据的请求;或者;若检测到该当前用户打开该敏感应用中目标应用界面的操作,则获取到该敏感应用访问该敏感数据的请求,该目标应用界面为包含该敏感数据的应用界面。In a possible design method, the obtaining unit is specifically configured to: if detecting that the current user opens the sensitive application, obtain a request for the sensitive application to access the sensitive data; or; if the current user is detected When the operation of the target application interface in the sensitive application is opened, a request for accessing the sensitive data by the sensitive application is obtained, and the target application interface is an application interface that includes the sensitive data.
在一种可能的设计方法中,该认证单元具体用于:自动获取当前用户操作终端时的用户行为;通过对比该用户行为与预先存储的合法用户的行为特征,认证该当前用户的身份。In a possible design method, the authentication unit is specifically configured to: automatically obtain the user behavior when the current user operates the terminal; and authenticate the identity of the current user by comparing the behavior of the user with the behavior characteristics of the pre-stored legal user.
在一种可能的设计方法中,终端还包括显示单元,用于显示不包含该敏感数据的第一界面。In a possible design method, the terminal further includes a display unit for displaying the first interface that does not include the sensitive data.
在一种可能的设计方法中,当第一界面中包括向非法用户开放访问权限的提示时,该获取单元还用于:获取合法用户对开放非法用户访问权限的授权;获取该非法用户访问该敏感数据的有效时长。In a possible design method, when the first interface includes a prompt for opening an access right to an illegal user, the obtaining unit is further configured to: obtain a legal user's authorization to open an unauthorized user access right; and obtain the illegal user access to the The effective duration of sensitive data.
在一种可能的设计方法中,该显示单元还用于:在该有效时长内,若检测到非法用户请求访问该敏感数据,则显示包含该敏感数据的第二界面;当超出该有效时长后,若检测到非法用户请求访问该敏感数据,则显示不包含该敏感数据的第一界面。In a possible design method, the display unit is further configured to display, during the valid duration, a second interface that includes the sensitive data if an illegal user is requested to access the sensitive data; when the valid duration is exceeded If an illegal user is detected to request access to the sensitive data, a first interface that does not include the sensitive data is displayed.
第四方面,本申请的实施例提供一种终端,包括:认证单元,用于自动对操作终端的当前用户进行身份认证;显示单元,用于:若该身份认证的结果为该当前用户为非法用户,则显示第一界面,第一界面不包含该敏感数据或运行时需要访问该敏感数据的敏感应用;若该身份认证的结果为该当前用户为合法用户,则显示第二界面,第二界面包含该敏感数据或运行时需要访问该敏感数据的敏感应用。In a fourth aspect, an embodiment of the present application provides a terminal, including: an authentication unit, configured to automatically perform identity authentication on a current user of the operation terminal, and a display unit, configured to: if the result of the identity authentication is that the current user is illegal The user displays a first interface, where the first interface does not include the sensitive data or a sensitive application that needs to access the sensitive data at runtime; if the result of the identity authentication is that the current user is a legitimate user, the second interface is displayed, and the second interface is displayed. The interface contains the sensitive data or sensitive applications that need to access the sensitive data at runtime.
第五方面,本申请的实施例提供一种终端,包括:通过总线相连的处理器、存储器、输出设备和输入设备;该存储器用于存储计算机执行指令,该处理器与该存储器通过该总线连接,当终端运行时,该处理器执行该存储器存储的该计算机执行指令, 以使终端执行上述任一项数据访问方法。In a fifth aspect, an embodiment of the present application provides a terminal, including: a processor, a memory, an output device, and an input device connected by a bus; the memory is configured to store a computer to execute an instruction, and the processor is connected to the memory through the bus. When the terminal is running, the processor executes the computer execution instruction stored in the memory to enable the terminal to execute any of the above data access methods.
第六方面,本申请实施例提供一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当该指令在上述任一项终端上运行时,使得终端执行上述任一项数据访问方法。In a sixth aspect, an embodiment of the present application provides a computer readable storage medium, where the computer readable storage medium stores an instruction, when the instruction is run on any one of the foregoing terminals, causing the terminal to perform any one of the foregoing data accesses. method.
第七方面,本申请实施例提供一种包含指令的计算机程序产品,当其在上述任一项终端上运行时,使得终端执行上述任一项数据访问方法。In a seventh aspect, the embodiment of the present application provides a computer program product, including instructions, when the terminal runs on any of the foregoing terminals, causing the terminal to execute any of the foregoing data access methods.
本申请的实施例中,上述终端中各部件的名字对设备本身不构成限定,在实际实现中,这些部件可以以其他名称出现。只要各个部件的功能和本申请的实施例类似,即属于本申请权利要求及其等同技术的范围之内。In the embodiment of the present application, the names of the components in the terminal are not limited to the device itself, and in actual implementation, the components may appear under other names. As long as the functions of the various components are similar to the embodiments of the present application, they are within the scope of the claims and their equivalents.
另外,第二方面至第七方面中任一种设计方式所带来的技术效果可参见上述第一方面中不同设计方法所带来的技术效果,此处不再赘述。In addition, the technical effects brought by the design method of any one of the second aspect to the seventh aspect can be referred to the technical effects brought by different design methods in the above first aspect, and details are not described herein again.
附图说明DRAWINGS
图1为本申请实施例提供的一种终端的结构示意图一;FIG. 1 is a schematic structural diagram 1 of a terminal according to an embodiment of the present disclosure;
图2为本申请实施例提供的一种终端内编程模块的结构示意图;2 is a schematic structural diagram of a programming module in a terminal according to an embodiment of the present application;
图3为现有技术中敏感数据的访问流程示意图;3 is a schematic diagram of an access process of sensitive data in the prior art;
图4为本申请实施例提供的一种数据访问方法的应用场景示意图一;FIG. 4 is a schematic diagram 1 of an application scenario of a data access method according to an embodiment of the present disclosure;
图5为本申请实施例提供的一种数据访问方法的应用场景示意图二;FIG. 5 is a schematic diagram 2 of an application scenario of a data access method according to an embodiment of the present disclosure;
图6为本申请实施例提供的一种数据访问方法的应用场景示意图三;FIG. 6 is a schematic diagram 3 of an application scenario of a data access method according to an embodiment of the present disclosure;
图7为本申请实施例提供的一种数据访问方法的原理示意图一;FIG. 7 is a schematic diagram 1 of a data access method according to an embodiment of the present disclosure;
图8为本申请实施例提供的一种数据访问方法的原理示意图二;FIG. 8 is a schematic diagram 2 of a data access method according to an embodiment of the present disclosure;
图9为本申请实施例提供的一种数据访问方法的原理示意图三;FIG. 9 is a schematic diagram 3 of a data access method according to an embodiment of the present disclosure;
图10为本申请实施例提供的一种数据访问方法的原理示意图四;FIG. 10 is a schematic diagram 4 of a data access method according to an embodiment of the present disclosure;
图11为本申请实施例提供的一种数据访问方法的应用场景示意图四;FIG. 11 is a schematic diagram 4 of an application scenario of a data access method according to an embodiment of the present disclosure;
图12为本申请实施例提供的一种数据访问方法的应用场景示意图五;FIG. 12 is a schematic diagram 5 of an application scenario of a data access method according to an embodiment of the present disclosure;
图13A为本申请实施例提供的一种数据访问方法的应用场景示意图六;FIG. 13A is a schematic diagram 6 of an application scenario of a data access method according to an embodiment of the present disclosure;
图13B为本申请实施例提供的一种数据访问方法的应用场景示意图七;FIG. 13B is a schematic diagram 7 of an application scenario of a data access method according to an embodiment of the present disclosure;
图14为本申请实施例提供的一种数据访问方法的应用场景示意图八;FIG. 14 is a schematic diagram 8 of an application scenario of a data access method according to an embodiment of the present disclosure;
图15为本申请实施例提供的一种数据访问方法的应用场景示意图九;FIG. 15 is a schematic diagram 9 of an application scenario of a data access method according to an embodiment of the present disclosure;
图16为本申请实施例提供的一种数据访问方法的应用场景示意图十;FIG. 16 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present disclosure;
图17为本申请实施例提供的一种数据访问方法的应用场景示意图十一;FIG. 17 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present disclosure;
图18为本申请实施例提供的一种数据访问方法的应用场景示意图十二;FIG. 18 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present application;
图19为本申请实施例提供的一种数据访问方法的应用场景示意图十三;FIG. 19 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present disclosure;
图20A为本申请实施例提供的一种数据访问方法的应用场景示意图十四;FIG. 20 is a schematic diagram of an application scenario of a data access method according to an embodiment of the present application; FIG.
图20B为本申请实施例提供的一种数据访问方法的应用场景示意图十五;FIG. 20B is a schematic diagram of an application scenario of a data access method according to an embodiment of the present application;
图21为本申请实施例提供的一种终端的结构示意图二;FIG. 21 is a schematic structural diagram 2 of a terminal according to an embodiment of the present disclosure;
图22为本申请实施例提供的一种终端的结构示意图三。FIG. 22 is a schematic structural diagram 3 of a terminal according to an embodiment of the present disclosure.
具体实施方式Detailed ways
以下,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的 特征可以明示或者隐含地包括一个或者更多个该特征。在本申请实施例的描述中,除非另有说明,“多个”的含义是两个或两个以上。In the following, the terms "first" and "second" are used for descriptive purposes only, and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, features defining "first" and "second" may explicitly or implicitly include one or more of the features. In the description of the embodiments of the present application, "multiple" means two or more unless otherwise stated.
本申请实施例提供的一种数据访问方法可以应用于手机、平板电脑、可穿戴设备、车载设备、增强现实(augmented reality,AR)\虚拟现实(virtual reality,VR)设备、笔记本电脑、超级移动个人计算机(ultra-mobile personal computer,UMPC)、上网本、个人数字助理(personal digital assistant,PDA)等任意具有交友功能的终端上,本申请实施例对此不作任何限制。A data access method provided by an embodiment of the present application can be applied to a mobile phone, a tablet computer, a wearable device, an in-vehicle device, an augmented reality (AR), a virtual reality (VR) device, a notebook computer, and a super mobile device. The embodiment of the present application does not impose any limitation on any terminal having a friend function, such as an ultra-mobile personal computer (UMPC), a netbook, or a personal digital assistant (PDA).
如图1所示,本申请实施例中的终端可以为手机100。下面以手机100为例对实施例进行具体说明。应该理解的是,图示手机100仅是上述终端的一个范例,并且手机100可以具有比图1中所示出的更多的或者更少的部件,可以组合两个或更多的部件,或者可以具有不同的部件配置。As shown in FIG. 1 , the terminal in the embodiment of the present application may be the mobile phone 100. The embodiment will be specifically described below by taking the mobile phone 100 as an example. It should be understood that the illustrated mobile phone 100 is only one example of the above terminal, and the mobile phone 100 may have more or fewer components than those shown in FIG. 1, and two or more components may be combined, or Can have different component configurations.
参照图1,手机100可与除手机100外的其它电子设备102和104、以及服务器106通信。手机100可包括总线110、处理器120、存储器130、用户输入模块150、显示模块160、通信接口170和其它相似和/或合适组件。Referring to FIG. 1, the handset 100 can communicate with other electronic devices 102 and 104, other than the handset 100, and the server 106. The handset 100 can include a bus 110, a processor 120, a memory 130, a user input module 150, a display module 160, a communication interface 170, and other similar and/or suitable components.
总线110可以是将上述元件相互连接并在上述元件之间传递通信(例如控制消息)的电路。 Bus 110 may be circuitry that interconnects the above elements and communicates (e.g., control messages) between the elements.
处理器120可以通过总线110从上述其它元件(例如存储器130、用户输入模块150、显示模块160、通信接口170、通信配置控制模块170等)接收命令,可以解释接收到的命令,并可以根据所解释的命令来执行计算或数据处理。The processor 120 can receive commands from the other components (such as the memory 130, the user input module 150, the display module 160, the communication interface 170, the communication configuration control module 170, etc.) through the bus 110, can interpret the received commands, and can Interpret commands to perform calculations or data processing.
存储器130可以存储从处理器120或其它元件(例如用户输入模块150、显示模块160、通信接口170等)接收的命令或数据或者由处理器120或其它元件产生的命令或数据。 Memory 130 may store commands or data received from processor 120 or other components (e.g., user input module 150, display module 160, communication interface 170, etc.) or commands or data generated by processor 120 or other components.
存储器130可以包括编程模块,诸如内核131、中间件132、应用编程接口(API)133、应用134等。上述编程模块中的每个均可以用软件、固件、硬件或者其中两个或更多个的组合来实现,其详细描述可参见附图2的相关描述。 Memory 130 may include programming modules such as kernel 131, middleware 132, application programming interface (API) 133, applications 134, and the like. Each of the above programming modules may be implemented in software, firmware, hardware, or a combination of two or more thereof, as described in detail in the related description of FIG.
内核131可以控制或管理用于执行由其它编程模块(例如中间件132、API 133和应用134)实现的操作或功能的系统资源(例如总线110、处理器120、存储器130等等)。另外,内核131可以提供能够通过使用中间件132、API 133或应用134来访问并控制或者管理手机100的各个元件的接口。The kernel 131 may control or manage system resources (e.g., bus 110, processor 120, memory 130, etc.) for performing operations or functions implemented by other programming modules (e.g., middleware 132, API 133, and applications 134). Additionally, the kernel 131 can provide an interface that can access and control or manage the various elements of the handset 100 by using the middleware 132, the API 133, or the application 134.
中间件132可以用于在API 133或应用134与内核131之间以API 133或应用134与内核131通信并与其交换数据的方式运行。例如,中间件132可以被配置为用于在API 133或应用134与内核131之间进行通信的中介。另外,例如,关于从一个或多个应用134和/或中间件132接收的工作请求,可以通过使用向一个或多个应用134中的至少一个应用指派优先级(其中可以按所述优先级来使用手机100的系统资源(例如总线110、处理器120、存储器130等))的方法来执行工作请求的负载均衡。The middleware 132 can be used to operate between the API 133 or the application 134 and the kernel 131 in communication with the kernel 131 with the API 133 or the application 134 and exchange data therewith. For example, the middleware 132 can be configured as an intermediary for communication between the API 133 or the application 134 and the kernel 131. Additionally, for example, regarding a work request received from one or more applications 134 and/or middleware 132, a priority may be assigned to at least one of the one or more applications 134 (where the priority may be Load balancing of work requests is performed using methods of system resources (e.g., bus 110, processor 120, memory 130, etc.) of handset 100.
API 133是应用134能够通过其控制由内核131或中间件132提供的功能的接口,并可以包括例如用于文件控制、窗口控制、图像处理、字符控制等的至少一个接口或功能。The API 133 is an interface by which the application 134 can control functions provided by the kernel 131 or the middleware 132, and can include, for example, at least one interface or function for file control, window control, image processing, character control, and the like.
应用134可以包括例如主页应用、拨号器应用、短消息服务(SMS)/多媒体消息服务(MMS)应用、即时消息(IM)应用、浏览器应用、相机应用、闹钟应用、联系人应用、语音拨号应用、电子邮件(e-mail)应用、日历应用、媒体播放器应用、相册应用、时钟应用以及任意其它合适和/或类似的应用。 Applications 134 may include, for example, a home page application, a dialer application, a short message service (SMS)/multimedia message service (MMS) application, an instant messaging (IM) application, a browser application, a camera application, an alarm clock application, a contact application, voice dialing. Applications, email (e-mail) applications, calendar applications, media player applications, photo album applications, clock applications, and any other suitable and/or similar applications.
在本申请实施例中,存储器130中还可用于存储用户的通话记录、转账信息、银行帐号、密码等涉及用户隐私或用户利益的数据,后续实施例中将这些数据称为敏感数据。处理器120可通过添加特定的标识以区分存储器130中的特定数据为敏感数据。In the embodiment of the present application, the memory 130 can also be used to store data related to user privacy or user interests, such as a user's call record, transfer information, bank account number, password, etc., and these data are referred to as sensitive data in subsequent embodiments. The processor 120 can distinguish the particular data in the memory 130 as sensitive data by adding a specific identification.
那么,在运行特定的应用时,该应用可请求访问上述敏感数据,并通过显示界面向用户呈现这些敏感数据。本申请实施例中可将运行时需要访问敏感数据的应用称为敏感应用,例如,支付类应用、银行类应用以及聊天类应用等。Then, when running a specific application, the application can request access to the above sensitive data and present the sensitive data to the user through the display interface. In the embodiment of the present application, an application that needs to access sensitive data at runtime may be referred to as a sensitive application, for example, a payment application, a banking application, and a chat application.
又或者,在运行应用中特定的窗口或服务时,该应用可请求访问上述敏感数据,并通过显示界面向用户呈现这些敏感数据。例如,当“淘宝”应用运行支付窗口时,可触发“淘宝”应用请求访问用户的银行帐号这一敏感数据。Or, when running a particular window or service in the application, the application can request access to the sensitive data and present the sensitive data to the user through the display interface. For example, when the "Taobao" application runs the payment window, it can trigger the sensitive data of the "Taobao" application requesting access to the user's bank account.
相应的,在运行上述敏感应用或上述特定窗口(或服务)时生成的数据,处理器120也可通过添加特定的标识后作为敏感数据存储在存储器130中。Correspondingly, the processor 120 can also store the data generated in the above sensitive application or the above specific window (or service) in the memory 130 by adding a specific identifier as sensitive data.
如图1所示,上述敏感数据通常以加密的形式存储在存储器130中,那么,当手机100需要访问上述敏感数据时,需要先获取用于解密敏感数据的密钥,进而使用该密钥在存储器130中访问被加密的敏感数据。As shown in FIG. 1, the sensitive data is usually stored in the memory 130 in an encrypted form. Then, when the mobile phone 100 needs to access the sensitive data, the key for decrypting the sensitive data needs to be obtained first, and then the key is used. The encrypted sensitive data is accessed in the memory 130.
用户输入模块150可以接收经由输入-输出手段(例如,传感器、键盘、触摸屏等)从用户输入的命令或数据,并可以通过总线110向处理器120或存储器130传送接收到的命令或数据。显示模块160可以向用户显示视频、图像、数据等。The user input module 150 can receive commands or data input from a user via input-output means (eg, sensors, keyboards, touch screens, etc.) and can transmit the received commands or data to the processor 120 or memory 130 via the bus 110. Display module 160 can display video, images, data, and the like to the user.
显示模块160可以显示从上述元件接收到的各种信息(例如多媒体数据、文本数据)。The display module 160 can display various information (eg, multimedia data, text data) received from the above components.
通信接口170可以控制与另一电子设备102之间的短距离通信连接。当手机100与另一电子设备配对时,通信接口170可以停止等待从邻近电子设备接收信号的扫描操作或者停止广播信号的广播操作。例如,响应于手机100与另一电子设备102配对,通信接口170停止等待从邻近电子设备接收信号的扫描操作或者停止广播信号的广播操作。当手机100与另一电子设备配对时,通信接口170可以控制扫描或广播操作的周期。 Communication interface 170 can control a short range communication connection with another electronic device 102. When the mobile phone 100 is paired with another electronic device, the communication interface 170 may stop a scanning operation of waiting for receiving a signal from a neighboring electronic device or stopping a broadcast operation of a broadcast signal. For example, in response to the handset 100 being paired with another electronic device 102, the communication interface 170 stops waiting for a scan operation to receive a signal from a neighboring electronic device or a broadcast operation to stop the broadcast signal. When the handset 100 is paired with another electronic device, the communication interface 170 can control the period of the scanning or broadcast operation.
根据本申请公开的各实施例,手机100可以使用通信接口170与另一电子设备通信。例如,通信接口170可以与另一电子设备104、服务器106等进行通信。通信接口170可以直接或者通过网络162与其它电子设备104、服务器106等进行通信。例如,通信接口170可以操作为将手机100连接至网络162。In accordance with various embodiments disclosed herein, handset 100 can communicate with another electronic device using communication interface 170. For example, communication interface 170 can communicate with another electronic device 104, server 106, and the like. Communication interface 170 can communicate with other electronic devices 104, servers 106, etc., either directly or through network 162. For example, communication interface 170 can operate to connect handset 100 to network 162.
图2是示出了根据本申请公开实施例的编程模块的配置的框图。2 is a block diagram showing a configuration of a programming module in accordance with an embodiment of the present disclosure.
参照图2,编程模块310可被包括(或被存储)在图1中示出的手机100(例如存储器130)中。编程模块310的至少一部分可以实施为软件、固件、硬件或它们中的两个或更多个的组合。编程模块310可以实施为硬件(例如硬件201),并可以包括控制与电子设备(例如手机100)相关的资源的OS和/或在OS中执行的各种应用(例如应用370)。例如,OS可以是Android、iOS、Windows、Symbian、Tizen、Bada等。Referring to FIG. 2, programming module 310 can be included (or stored) in handset 100 (e.g., memory 130) shown in FIG. At least a portion of programming module 310 can be implemented as software, firmware, hardware, or a combination of two or more of them. Programming module 310 can be implemented as hardware (eg, hardware 201) and can include an OS that controls resources associated with an electronic device (eg, cell phone 100) and/or various applications (eg, applications 370) that are executed in the OS. For example, the OS can be Android, iOS, Windows, Symbian, Tizen, Bada, and the like.
参照图2,编程模块310可以包括内核320、中间件330、API 360和/或应用370。Referring to FIG. 2, programming module 310 can include kernel 320, middleware 330, API 360, and/or application 370.
内核320(例如,内核131)可以包括系统资源管理器321和/或设备驱动程序323。系统资源管理器321可以包括进程管理器(未示出)、存储器管理器(未示出)和文件系统管理器(未示出)。系统资源管理器321可以执行对系统资源的控制、分配、恢复等。设备驱动程序323可以包括例如显示器驱动程序(未示出)、相机驱动程序(未示出)、蓝牙驱动程序(未示出)、共享存储器驱动程序(未示出)、USB驱动程序(未示出)、键区驱动程序(未示出)、Wi-Fi驱动程序(未示出)和/或音频驱动程序(未示出)。此外,根据本申请公开的实施例,设备驱动程序323可以包括进程间通信(IPC)驱动程序(未示出)。Kernel 320 (e.g., kernel 131) may include system resource manager 321 and/or device driver 323. The system resource manager 321 can include a process manager (not shown), a memory manager (not shown), and a file system manager (not shown). The system resource manager 321 can perform control, allocation, recovery, and the like of system resources. The device driver 323 may include, for example, a display driver (not shown), a camera driver (not shown), a Bluetooth driver (not shown), a shared memory driver (not shown), a USB driver (not shown) And a keypad driver (not shown), a Wi-Fi driver (not shown), and/or an audio driver (not shown). Moreover, in accordance with embodiments disclosed herein, device driver 323 can include an interprocess communication (IPC) driver (not shown).
中间件330可以包括预先实施的多个模块,以提供由应用370共用的功能。此外,中间件330可以通过API 360向应用370提供功能,以使应用370能够高效地使用电子设备内的有限系统资源。例如,如图2中所示,中间件330(例如中间件132)可以包括以下至少一项:运行库335、应用管理器341、窗口管理器342、多媒体管理器343、资源管理器344、电源管理器345、数据库管理器346、包管理器347、连接管理器348、通知管理器349、位置管理器350、图形管理器351、安全管理器352和任何其它合适和/或类似的管理器。The middleware 330 may include a plurality of modules that are implemented in advance to provide functions shared by the application 370. In addition, middleware 330 can provide functionality to application 370 via API 360 to enable application 370 to efficiently utilize limited system resources within the electronic device. For example, as shown in FIG. 2, the middleware 330 (eg, the middleware 132) may include at least one of the following: a runtime library 335, an application manager 341, a window manager 342, a multimedia manager 343, a resource manager 344, and a power supply. Manager 345, database manager 346, package manager 347, connection manager 348, notification manager 349, location manager 350, graphics manager 351, security manager 352, and any other suitable and/or similar manager.
运行库335可以包括例如由编译器使用的库模块,以在应用370的执行期间通过使用编程语言来添加新功能。根据本申请公开的实施例,运行库335可以执行与输入和输出、存储器的管理、算术功能等相关的功能。The runtime library 335 can include library modules, such as used by a compiler, to add new functionality by using a programming language during execution of the application 370. According to an embodiment disclosed herein, the runtime 335 can perform functions related to input and output, management of memory, arithmetic functions, and the like.
应用管理器341可以管理例如至少一个应用370的生命周期。窗口管理器342可以管理在屏幕上使用的图形用户界面(GUI)资源。多媒体管理器343可以检测用于再现各种媒体文件的格式,并可以通过使用适合于相关格式的编解码器对媒体文件进行编码或解码。资源管理器344可以管理至少一个应用370的资源,如源代码、存储器、存储空间等。The application manager 341 can manage, for example, the lifecycle of at least one application 370. Window manager 342 can manage graphical user interface (GUI) resources used on the screen. The multimedia manager 343 can detect a format for reproducing various media files, and can encode or decode the media file by using a codec suitable for the relevant format. The resource manager 344 can manage resources of at least one application 370, such as source code, memory, storage space, and the like.
电源管理器345可以与基本输入/输出系统(BIOS)一起操作,可以管理电池或电源,并可以提供用于操作的电源信息等。数据库管理器346可以用以下方式来管理数据库:使得能够产生、搜索和/或改变将由至少一个应用370使用的数据库。包管理器347可以管理对以包文件的形式分发的应用的安装和/或更新。The power manager 345 can operate with a basic input/output system (BIOS), can manage a battery or power source, and can provide power information for operation and the like. Database manager 346 can manage the database in a manner that enables generation, searching, and/or changing of a database to be used by at least one application 370. The package manager 347 can manage the installation and/or update of applications distributed in the form of package files.
连接管理器348可以管理诸如Wi-Fi和BT之类的无线连接。通知管理器349可以用不打扰用户的方式向用户显示或报告诸如到达消息、约会、接近警报等的事件。位置管理器350可以管理电子设备的位置信息。图形管理器351可以管理要向用户提供的图形效果和/或与图形效果相关的UI。安全管理器352可以提供用于系统安全、用户认证等的各种安全功能。根据本申请公开的实施例,当电子设备(例如,手机100)具有电话功能时,中间件330还可以包括电话管理器(未示出),用于管理电子设备的语音电话呼叫功能和/或视频电话呼叫功能。Connection manager 348 can manage wireless connections such as Wi-Fi and BT. The notification manager 349 can display or report events such as arrival messages, appointments, proximity alerts, etc. to the user in a manner that does not bother the user. The location manager 350 can manage location information of the electronic device. The graphics manager 351 can manage graphics effects to be provided to the user and/or UIs related to the graphics effects. Security manager 352 can provide various security functions for system security, user authentication, and the like. According to an embodiment of the present disclosure, when an electronic device (eg, mobile phone 100) has a phone function, the middleware 330 may further include a phone manager (not shown) for managing voice phone call functions of the electronic device and/or Video call function.
中间件330可以通过上述内部元件模块的各种功能组合来产生和使用新中间件模块。中间件330可以提供根据OS的类型而专门化的模块,以提供差异化功能。中间件330还可以动态删除现有元件中的一些元件,或可以添加新元件。因此,中间件330可以省略在本申请公开各个实施例中描述的元件中的一些元件,还可以包括其他元件,或可以将这些元件中的一些元件替换为执行相似功能并具有不同名称的元件。The middleware 330 can generate and use a new middleware module through various functional combinations of the internal component modules described above. The middleware 330 can provide modules specialized according to the type of OS to provide differentiated functions. The middleware 330 can also dynamically delete some of the existing components, or can add new components. Accordingly, the middleware 330 may omit some of the elements described in the various embodiments disclosed herein, and may include other elements, or some of these elements may be replaced with elements that perform similar functions and have different names.
API 360(例如API 133)是API编程功能的集合,并且可以根据OS而具有不同配置。在例如Android或iOS的情况下,可以向每个平台提供一个API集合。在例如Tizen的情况下,可以向每个平台提供两个或更多个API集合。API 360 (eg API 133) is a collection of API programming functions and can have different configurations depending on the OS. In the case of, for example, Android or iOS, one API set can be provided to each platform. In the case of, for example, Tizen, two or more API sets can be provided to each platform.
应用370(例如图1中的应用134)可以包括例如预加载的应用和/或第三方应用。应用370(例如应用134)可以包括例如主页应用371、拨号应用372、SMS/MMS应用373、IM应用374、浏览器应用375、相机应用376、闹钟应用377、联系人应用378、语音拨号应用379、电子邮件应用380、日历应用381、媒体播放器应用382、相册应用383、时钟应用384以及任意其它合适和/或类似的应用。Application 370 (eg, application 134 in FIG. 1) may include, for example, a preloaded application and/or a third party application. Application 370 (eg, application 134) may include, for example, home page application 371, dialing application 372, SMS/MMS application 373, IM application 374, browser application 375, camera application 376, alarm application 377, contact application 378, voice dialing application 379. , email application 380, calendar application 381, media player application 382, album application 383, clock application 384, and any other suitable and/or similar applications.
仍如图2所示,应用370可以划分为敏感应用和非敏感应用。其中,在运行过程中会访问到上述敏感数据的应用(例如,图2中的SMS/MMS应用373、联系人应用378、电子邮件应用380以及相册应用383)可作为敏感应用。Still as shown in FIG. 2, application 370 can be divided into sensitive applications and non-sensitive applications. Among them, an application that accesses the above sensitive data during operation (for example, the SMS/MMS application 373, the contact application 378, the email application 380, and the album application 383 in FIG. 2) can be used as a sensitive application.
一般,手机100在运行敏感应用时,可根据用户的输入操作触发敏感应用访问相应的敏感数据。不同解密敏感数据所需的密钥一般不同,例如,图片A和图片B被标记为敏感数据,在存储图片A时可使用密钥1将图片A加密为密文1,在存储图片B时可使用密钥2将图片B加密为密文2。那么,在解密图片A的密文1时需要先获取到上述密钥1,进而使用密钥1对图片A的密文1解密,在解密图片B的密文2时需要先获取到上述密钥2,进而使用密钥2对图片B的密文2解密。其中,上述密钥1和密钥2可由手机100的内核320进行维护,应用层的敏感应用无法直接获取到敏感数据的密钥。Generally, when the mobile phone 100 is running a sensitive application, the sensitive application can be triggered to access the corresponding sensitive data according to the input operation of the user. Different keys for decrypting sensitive data are generally different. For example, picture A and picture B are marked as sensitive data. When storing picture A, picture 1 can be used to encrypt picture A into ciphertext 1, and when picture B is stored. The picture B is encrypted into the ciphertext 2 using the key 2. Then, when decrypting the ciphertext 1 of the picture A, the key 1 needs to be obtained first, and then the ciphertext 1 of the picture A is decrypted by using the key 1, and the ciphertext 2 of the picture B needs to be obtained first. 2. Further decrypting the ciphertext 2 of picture B using key 2. The key 1 and the key 2 can be maintained by the kernel 320 of the mobile phone 100, and the sensitive application of the application layer cannot directly obtain the key of the sensitive data.
另外,上述加密敏感数据或解密敏感数据时使用的密钥具体包括数据加密密钥(data encryption key,DEK)和/或密钥加密密钥(key encryption key,KEK),本申请实施例对此不做任何限制。In addition, the above-mentioned key used for encrypting sensitive data or decrypting sensitive data specifically includes a data encryption key (DEK) and/or a key encryption key (KEK), which is used in this embodiment of the present application. Do not make any restrictions.
那么,以电子邮件应用380为敏感应用举例,当用户输入特定操作触发电子邮件应用380访问某一敏感数据时,电子邮件应用380可通过调用相关API向内核320请求访问该敏感数据。响应于电子邮件应用380的请求,内核320可获取加密该敏感数据时使用的密钥,并使用该密钥解密上述敏感数据的密文,从而将解密后的敏感数据反馈给电子邮件应用380,使得电子邮件应用380能够访问到该敏感数据。Then, with the email application 380 as a sensitive application, when the user inputs a specific operation to trigger the email application 380 to access a certain sensitive data, the email application 380 can request the kernel 320 to access the sensitive data by calling the relevant API. In response to the request of the email application 380, the kernel 320 may acquire a key used to encrypt the sensitive data and decrypt the ciphertext of the sensitive data using the key, thereby feeding back the decrypted sensitive data to the email application 380. The email application 380 is enabled to access the sensitive data.
如图3所示,手机100开机时一般会要求用户输入预先为手机100设置的口令密码,例如6位数字组成的数字密码。进而,手机100可根据用户输入的口令密码通过特定算法生成各个敏感数据的密钥,并将这些密钥存储在存储器130的加密区域内由内核320维护。为保证手机100的安全性,内核320只有在获取到与用户有效的身份认证信息关联的校验信息后,才有权限访问加密区域中的密钥。因此,在电子邮件应用380运行时,内核320无法通过该加密区域中的密钥解密敏感数据。As shown in FIG. 3, when the mobile phone 100 is powered on, the user is generally required to input a password password previously set for the mobile phone 100, such as a digital password consisting of 6 digits. Further, the mobile phone 100 can generate keys of respective sensitive data through a specific algorithm according to the password password input by the user, and store the keys in the encrypted area of the memory 130 and be maintained by the kernel 320. In order to ensure the security of the mobile phone 100, the kernel 320 has the right to access the key in the encrypted area only after obtaining the verification information associated with the user's valid identity authentication information. Thus, while the email application 380 is running, the kernel 320 cannot decrypt sensitive data through the keys in the encrypted area.
如果用户没有为手机100设置数字密码、指纹或图案密码等身份认证信息,则内核320可使用预设的校验信息访问加密区域中的密钥。另外,当用户为手机100设置有身份认证信息时,该身份认证信息也可作为上述校验信息。If the user does not set identity authentication information such as a digital password, fingerprint, or pattern password for the mobile phone 100, the kernel 320 can access the key in the encrypted area using the preset verification information. In addition, when the user sets the identity authentication information for the mobile phone 100, the identity authentication information may also serve as the verification information.
那么,仍如图3所示,在手机100每次成功解锁屏幕后,可认为当前操作终端的用户为合法用户,此时,内核320可根据用户解锁时输入的身份认证信息获取对应的校验信息,进而使用该校验信息从加密区域将开机时生成的密钥复制在存储器130的 缓存区域中。内核320对缓存区域中的密钥具有直接的访问权限,因此,在屏幕解锁后运行电子邮件应用380时,如果电子邮件应用380通过调用相关API向内核320请求访问某一敏感数据,则内核320可从缓存区域中获取该敏感数据的密钥,从而使用该密钥解密敏感数据,并将解密后的敏感数据反馈给电子邮件应用380。终端锁定屏幕将触发内核320将缓存区域中存储的密钥删除,防止恶意程序在合法用户并未授权解锁的情况下访问到敏感数据。Then, as shown in FIG. 3, after the mobile phone 100 successfully unlocks the screen, the user of the current operating terminal can be regarded as a legitimate user. At this time, the kernel 320 can obtain the corresponding verification according to the identity authentication information input when the user unlocks. The information, in turn, uses the verification information to copy the key generated at boot time from the encryption area in the cache area of the memory 130. The kernel 320 has direct access to the keys in the cache area. Therefore, when the email application 380 is run after the screen is unlocked, if the email application 380 requests access to the sensitive data by the kernel 320 by calling the relevant API, the kernel 320 The key of the sensitive data can be obtained from the cache area, thereby decrypting the sensitive data using the key, and feeding the decrypted sensitive data to the email application 380. The terminal lock screen will trigger the kernel 320 to delete the key stored in the cache area, preventing malicious programs from accessing sensitive data if the legitimate user is not authorized to unlock.
另外,需要说明的是,图3中仅以普通执行环境(rich execution environment,REE)中的内核320举例说明对缓存区域中密钥的维护过程。在本申请的一些实施例中,终端内还可以设置专用的处理器和存储器等部件构建可信执行环境(trusted execution environment,Tee)或安全元件(secure element,SE)等密钥保护系统。这样,可由该密钥保护系统对缓存区域中的密钥进行维护,以加强终端的安全性。In addition, it should be noted that, in FIG. 3, only the kernel 320 in the rich execution environment (REE) illustrates the maintenance process of the keys in the cache area. In some embodiments of the present application, a dedicated processor, a memory, and the like may be disposed in the terminal to construct a key protection system such as a trusted execution environment (Tee) or a secure element (SE). In this way, the key in the cache area can be maintained by the key protection system to enhance the security of the terminal.
但是,当屏幕解锁后操作手机100的用户不一定是合法用户,例如屏幕解锁后手机100被其他人借用或盗抢。但屏幕解锁后手机100已经将用于解密敏感数据的密钥存储至缓存区域,这就使得未经认证的非法用户操作手机100时也可以使用该密钥访问上述敏感数据,造成用户信息泄露等安全隐患。However, the user who operates the mobile phone 100 after the screen is unlocked is not necessarily a legitimate user. For example, the mobile phone 100 is borrowed or stolen by another person after the screen is unlocked. However, after the screen is unlocked, the mobile phone 100 has stored the key for decrypting the sensitive data to the cache area, so that the unauthenticated illegal user can use the key to access the sensitive data when operating the mobile phone 100, thereby causing leakage of user information, etc. Security risks.
其中,上述合法用户是指能够通过终端预设的身份认证措施的用户,例如,终端预设的身份认证措施为指纹识别和人脸识别,那么,预先在终端内存储有经过用户身份认证的指纹信息和人脸信息的用户可认为是该终端的合法用户。当然,一个终端的合法用户可以包括一个或多个,除合法用户之外的任意用户都可以视为该终端的非法用户。非法用户通过一定的身份认证措施后也可转变为合法用户,本申请实施例对此不做任何限制。The legal user refers to a user who can pass the identity authentication measures preset by the terminal. For example, the identity authentication measures preset by the terminal are fingerprint identification and face recognition. Then, the fingerprint authenticated by the user is stored in the terminal in advance. The user of the information and face information can be considered as a legitimate user of the terminal. Of course, a legitimate user of a terminal may include one or more, and any user other than the legitimate user may be regarded as an illegal user of the terminal. An illegal user can also be converted into a legitimate user after a certain identity authentication measure. The embodiment of the present application does not impose any limitation on this.
在本申请的实施例提供一种数据访问方法中,当终端解锁屏幕后,仍可对操作终端的用户继续进行身份认证,这样,如果终端上运行的敏感应用请求访问加密的敏感数据时,终端可以在确认当前用户为合法用户时获取解密敏感数据的密钥,从而使用该密钥访问敏感数据。In the data access method provided by the embodiment of the present application, after the terminal unlocks the screen, the user of the operation terminal may continue to perform identity authentication, so that if the sensitive application running on the terminal requests access to the encrypted sensitive data, the terminal A key for decrypting sensitive data can be obtained when it is confirmed that the current user is a legitimate user, thereby using the key to access sensitive data.
否则,终端可通过删除密敏感数据的密钥,屏蔽敏感应用的访问请求,甚至强制关闭敏感应用或强制关机等手段,阻止敏感应用访问用户的敏感数据,从而避免非法用户操作终端时获取用户的敏感数据,提高了终端的安全性。Otherwise, the terminal can block the access request of the sensitive application by deleting the key of the sensitive data, or even forcibly shutting down the sensitive application or forcibly shutting down, and preventing the sensitive application from accessing the sensitive data of the user, thereby preventing the illegal user from acquiring the user when operating the terminal. Sensitive data improves the security of the terminal.
可以看出,在本申请实施例中,敏感数据的访问权限不是单一的依赖于解锁屏幕时对用户进行的身份认证,而是在解锁屏幕后仍可对操作终端的当前用户进行持续身份认证,这样可根据实时的身份认证结果对用户的敏感数据进行实时保护,从而降低用户信息泄露的风险。It can be seen that, in the embodiment of the present application, the access right of the sensitive data is not solely dependent on the identity authentication performed by the user when the screen is unlocked, but the current user of the operation terminal can still be authenticated after unlocking the screen. In this way, the user's sensitive data can be protected in real time according to the real-time identity authentication result, thereby reducing the risk of user information leakage.
具体的,当终端处于锁屏状态时,可接收用户输入的身份认证信息,例如,指纹、数字密码、图案密码等。进而,终端可根据用户输入的身份认证信息判断该用户是否为合法用户。当确定出该用户为合法用户时,终端可解锁屏幕,屏幕解锁后用户可使用终端内安装的应用和数据;相应的,当确定出该用户为非法用户时,终端继续保持锁屏状态,在锁屏状态下用户无法使用终端内安装的应用和数据。Specifically, when the terminal is in the lock screen state, the user may input identity authentication information, such as a fingerprint, a digital password, a pattern password, and the like. Further, the terminal may determine, according to the identity authentication information input by the terminal, whether the user is a legitimate user. When it is determined that the user is a legitimate user, the terminal can unlock the screen. After the screen is unlocked, the user can use the application and data installed in the terminal; correspondingly, when it is determined that the user is an illegal user, the terminal continues to maintain the lock screen state. Users cannot use the applications and data installed in the terminal while the screen is locked.
示例性的,终端内预先存储有用户Sam用于解锁屏幕的指纹,那么,如图4所示,当终端处于锁屏状态时,如果Sam在终端的指纹识别器件501上输入指纹(即身份认证信息),则终端将Sam输入的指纹与预先存储的指纹进行匹配。当二者的相似度大于阈值时,则说明Sam为该终端的合法用户,因此,终端可解锁屏幕,恢复终端屏幕与用户之间的可交互性。如图4所示,屏幕解锁后可进入终端的桌面502,该桌面502中包括一个或多个已安装的应用。Exemplarily, the fingerprint of the user Sam used to unlock the screen is pre-stored in the terminal. Then, as shown in FIG. 4, when the terminal is in the lock screen state, if Sam inputs the fingerprint on the fingerprint identification device 501 of the terminal (ie, identity authentication) Information), the terminal matches the fingerprint input by Sam with the pre-stored fingerprint. When the similarity between the two is greater than the threshold, it indicates that Sam is a legitimate user of the terminal, and therefore, the terminal can unlock the screen and restore the interactivity between the terminal screen and the user. As shown in FIG. 4, after the screen is unlocked, the desktop 502 of the terminal can be accessed, and the desktop 502 includes one or more installed applications.
其中,在运行时需要访问用户的敏感数据的应用为隐私应用。例如,用户的敏感数据包括用户的邮箱地址,而图4中名称为“邮件”的应用503在运行过程中需要获取用户的邮箱地址这一敏感数据,因此可将该“邮件”的应用503视为一个敏感应用。Among them, the application that needs to access the user's sensitive data at runtime is a privacy application. For example, the user's sensitive data includes the user's email address, and the application 503 named "mail" in FIG. 4 needs to obtain the sensitive data of the user's email address during the running process, so the application of the "mail" can be regarded as 503. For a sensitive application.
当屏幕解锁后,终端仍可继续对操作终端的当前用户进行身份认证,例如,当终端的显示屏上集成有指纹识别器件时,终端可在屏幕解锁后定期采集显示屏上接收到的指纹,进而识别该指纹是否与预先存储的合法用户的指纹匹配。当采集到的指纹与预先存储的合法用户的指纹匹配时,说明当前用户为合法用户;否则,说明当前用户为非法用户。After the screen is unlocked, the terminal can continue to authenticate the current user of the operation terminal. For example, when the fingerprint recognition device is integrated on the display screen of the terminal, the terminal can periodically collect the fingerprint received on the display screen after the screen is unlocked. It is further determined whether the fingerprint matches the fingerprint of a legal user stored in advance. When the collected fingerprint matches the fingerprint of the legal user stored in advance, the current user is a legal user; otherwise, the current user is an illegal user.
那么,如图5所示,当终端检测到非法用户Tom尝试打开“邮件”这一敏感应用503时,为避免合法用户的敏感数据被泄露,终端可屏蔽打开上述“邮件”应用503这一操作,并显示操作无效的提示601。Then, as shown in FIG. 5, when the terminal detects that the illegal user Tom attempts to open the sensitive application 503 of “mail”, the terminal may block the operation of opening the “mail” application 503 to prevent the sensitive data of the legitimate user from being leaked. And display the prompt 601 that the operation is invalid.
例如,结合图2所示的编程模块310,当终端的中间件330或内核320检测到非法用户请求打开上述“邮件”应用503的操作时,可停止向应用370中的“邮件”应用503上报该操作。这样,“邮件”应用503也不会响应该打开操作,使得打开“邮件”应用503的操作无效。For example, in conjunction with the programming module 310 shown in FIG. 2, when the middleware 330 or the kernel 320 of the terminal detects an illegal user requesting to open the operation of the "mail" application 503, the reporting to the "mail" application 503 in the application 370 may be stopped. The operation. Thus, the "mail" application 503 also does not respond to the open operation, making the operation of opening the "mail" application 503 invalid.
或者,当终端的中间件330或内核320检测到非法用户请求打开上述“邮件”应用503的操作时,可继续向应用370中的“邮件”应用503上报该操作,而“邮件”应用503在确认当前用户为非法用户时可对该操作不做响应,使得打开“邮件”应用503的操作无效。Alternatively, when the middleware 330 or the kernel 320 of the terminal detects an illegal user requesting to open the operation of the "mail" application 503, the operation may continue to be reported to the "mail" application 503 in the application 370, and the "mail" application 503 is When the current user is confirmed to be an illegal user, the operation may not be responded, so that the operation of opening the "mail" application 503 is invalid.
又或者,当终端的中间件330或内核320检测到非法用户请求打开上述“邮件”应用503的操作时,终端可删除已获取到的用于解密敏感数据的密钥。这样,即便“邮件”应用503获取到非法用户请求打开上述“邮件”应用的操作,并按照正常的响应流程响应该打开操作,由于“邮件”应用503向内核320请求访问敏感数据时,内核320无法获取到解密该敏感数据的有效密钥,因此无法对加密的敏感数据解密,从而避免合法用户的敏感数据被非法用户泄露。Still alternatively, when the middleware 330 or the kernel 320 of the terminal detects an illegal user requesting to open the operation of the "mail" application 503, the terminal may delete the acquired key for decrypting the sensitive data. Thus, even if the "mail" application 503 acquires an operation by the illegal user requesting to open the "mail" application and responds to the open operation in accordance with the normal response flow, since the "mail" application 503 requests access to the sensitive data from the kernel 320, the kernel 320 The valid key for decrypting the sensitive data cannot be obtained, so the encrypted sensitive data cannot be decrypted, so that the sensitive data of the legitimate user is prevented from being leaked by the illegal user.
在本申请的另一些实施例中,如图6所示,当终端检测到非法用户Tom尝试打开“邮件”这一敏感应用503时,终端还可以对操作终端的当前用户进行进一步的身份认证。例如图6中终端显示请求用户输入指纹进行身份验证的提示701。In other embodiments of the present application, as shown in FIG. 6, when the terminal detects that the illegal user Tom attempts to open the sensitive application 503 of "mail", the terminal may further perform identity authentication on the current user of the operating terminal. For example, in FIG. 6, the terminal displays a prompt 701 requesting the user to input a fingerprint for identity verification.
那么,如果身份验证通过,则说明终端判断出的非法用户Tom有误,或者,非法用户Tom请求合法用户Sam输入其指纹以授权Tom继续访问“邮件”应用503。此时,终端可响应Tom打开“邮件”应用503这一操作,打开并正常运行该“邮件”应用503。Then, if the authentication is passed, the illegal user Tom determined by the terminal is incorrect, or the illegal user Tom requests the legitimate user Sam to input his fingerprint to authorize Tom to continue to access the "mail" application 503. At this time, the terminal can open and operate the "mail" application 503 in response to Tom opening the "mail" application 503.
其中,图6中请求用户输入指纹进行身份认证的方式仅为举例,可以理解的是, 当检测到非法用户请求访问敏感数据,例如,请求打开敏感应用时,终端可设置一种或多种身份认证方式对当前用户的身份进行认证,本申请实施例对此不做任何限制。The manner in which the user is requested to input a fingerprint for identity authentication in FIG. 6 is only an example. It can be understood that when detecting an illegal user requesting access to sensitive data, for example, requesting to open a sensitive application, the terminal may set one or more identities. The authentication mode authenticates the identity of the current user, and the embodiment of the present application does not impose any limitation on this.
例如,终端可以将包含敏感数据较多的应用设置为敏感等级较高的第一应用,将包含敏感数据较少的应用设置为敏感等级较低的第二应用。For example, the terminal may set an application that includes more sensitive data to the first application with higher sensitivity level, and an application that includes less sensitive data to the second application with lower sensitivity level.
那么,当检测到非法用户请求访问第一应用时,由于第一应用中包含敏感数据较多,因此,终端可通过多种身份认证方式识别当前用户是否为合法用户,例如,要求用户同时进行人脸识别和虹膜识别。相应的,当检测到非法用户请求访问第二应用时,由于第二应用中包含敏感数据较少,因此,终端可仅通过一种身份认证方式,例如认证用户指纹的方式,识别当前用户是否为合法用户。Then, when an illegal user is requested to access the first application, since the first application contains more sensitive data, the terminal can identify whether the current user is a legitimate user by using multiple identity authentication methods, for example, requiring the user to simultaneously perform the user. Face recognition and iris recognition. Correspondingly, when detecting that the illegal user requests access to the second application, since the second application contains less sensitive data, the terminal can identify whether the current user is the current one or only through an identity authentication method, such as authenticating the user's fingerprint. Legal user.
为详细阐述本申请实施例提供的数据访问方法,本申请提供了多种实现方式以实现图5-图6所示的拒绝非法用户访问敏感数据的功能。To clarify the data access method provided by the embodiment of the present application, the present application provides various implementation manners to implement the function of rejecting unauthorized users to access sensitive data as shown in FIG. 5-6.
在一种可能的实现方式中,如图7所示,当终端解锁屏幕后,可触发终端执行两个操作,一是触发终端将加密区域中的密钥保存至内核320可直接访问的缓存区域中,二是触发终端对当前用户的身份进行实时认证。In a possible implementation manner, as shown in FIG. 7, after the terminal unlocks the screen, the terminal may be triggered to perform two operations. First, the triggering terminal saves the key in the encrypted area to a cache area directly accessible by the kernel 320. The second is to trigger the terminal to perform real-time authentication on the identity of the current user.
示例性的,在获取用于解密敏感数据的密钥时,终端可根据解锁时用户输入的身份认证信息获取访问加密区域的校验信息,进而使用该校验信息从终端存储器的加密区域中复制开机时已生成的密钥,并将该密钥保存至存储器的缓存区域中,以便需要访问敏感数据的敏感应用请求内核访问缓存区域中的密钥对敏感数据解密。Exemplarily, when acquiring the key for decrypting the sensitive data, the terminal may obtain the verification information of the access encryption area according to the identity authentication information input by the user when unlocking, and then use the verification information to copy from the encrypted area of the terminal memory. The key that was generated at boot time and saved to the cache area of the memory so that sensitive applications that need to access sensitive data request the key in the kernel access cache area to decrypt sensitive data.
示例性的,在对当前用户的身份进行实时认证时,终端可基于用户在终端上的行为模式(user behavioral pattern)对当前用户的身份进行认证。例如,终端可以收集合法用户在一段时间内的用户行为(例如,点击屏幕的频率、幅度,使用各应用的频率、时间,持握终端的姿态、移动的速度或加速度等参数),通过机器学习、人工智能等算法学习和判断合法用户的行为特征(例如,触屏压力、移动的加速度等)。这样,当屏幕解锁后,终端可收集当前用户的用户行为,如果当前用户的用户行为与合法用户的行为特征匹配,则可确定当前用户为合法用户,否则,可确定当前用户为非法用户。Exemplarily, when real-time authentication is performed on the identity of the current user, the terminal can authenticate the identity of the current user based on the user behavioral pattern of the user. For example, the terminal can collect user behaviors of legitimate users over a period of time (eg, frequency, amplitude of tapping the screen, frequency of use of each application, time, posture of the holding terminal, speed of movement or acceleration, etc.), through machine learning Algorithms such as artificial intelligence learn and judge the behavior characteristics of legitimate users (for example, touch screen pressure, moving acceleration, etc.). In this way, after the screen is unlocked, the terminal can collect the user behavior of the current user. If the user behavior of the current user matches the behavior of the legitimate user, the current user can be determined to be a legitimate user. Otherwise, the current user can be determined to be an illegal user.
当然,终端对当前用户的身份进行实时认证可以是周期性或非周期性的,本申请实施例对此不做任何限制。Of course, the real-time authentication of the identity of the current user by the terminal may be periodic or non-periodic, and the embodiment of the present application does not impose any limitation on this.
那么,一旦终端确定出当前用户为非法用户时,为了避免非法用户触发敏感应用使用缓存区域内的密钥访问敏感数据,终端可删除该缓存区域内存储的密钥。这样,终端检测到非法用户访问敏感数据的请求时,例如,上述非法用户Tom请求打开敏感应用“邮件”503时,由于敏感应用无法获取到有效的密钥解密该敏感数据,从而使得上述访问敏感数据的请求失败。Then, once the terminal determines that the current user is an illegal user, the terminal may delete the key stored in the cache area in order to prevent the illegal user from triggering the sensitive application to use the key in the cache area to access the sensitive data. In this way, when the terminal detects the request of the illegal user to access the sensitive data, for example, when the illegal user Tom requests to open the sensitive application "mail" 503, the sensitive application cannot obtain a valid key to decrypt the sensitive data, thereby making the access sensitive. The request for data failed.
在另一种可能的实现方式中,当终端解锁屏幕后,与图7类似的,可触发终端执行两个操作,一是触发终端将加密区域中的密钥保存至内核320可直接访问的缓存区域中,二是触发终端对当前用户的身份进行实时认证。In another possible implementation manner, after the terminal unlocks the screen, similar to FIG. 7, the terminal may be triggered to perform two operations. First, the trigger terminal saves the key in the encrypted area to the cache that the kernel 320 can directly access. In the area, the second is to trigger the terminal to perform real-time authentication on the identity of the current user.
不同的是,如图8所示,当终端确定当前用户为非法用户后,不会立即删除缓存 区域内存储的用于解密敏感数据的密钥。因为非法用户在操作终端时不一定会访问终端内的敏感数据,例如,非法用户Tom借用合法用户Sam的终端打电话时,一般不会查看Sam的邮件等敏感数据。The difference is that, as shown in FIG. 8, when the terminal determines that the current user is an illegal user, the key stored in the cache area for decrypting sensitive data is not immediately deleted. Because the illegal user does not necessarily access the sensitive data in the terminal when operating the terminal. For example, when the illegal user Tom borrows the terminal of the legitimate user Sam, the sensitive data such as Sam's mail is generally not viewed.
因此,确定当前用户为非法用户后不一定会造成泄露用户敏感数据的威胁,因此,终端可以在接收到请求访问敏感数据的请求时,查询最近一次对当前用户的身份认证结果。如果该身份认证结果显示当前用户为非法用户,则终端可删除缓存区域内存储的密钥。Therefore, determining that the current user is an illegal user does not necessarily cause a threat of leaking sensitive data of the user. Therefore, the terminal can query the identity authentication result of the current user when receiving the request for accessing the sensitive data. If the identity authentication result indicates that the current user is an illegal user, the terminal may delete the key stored in the cache area.
这样,请求访问敏感数据的敏感应用无法获取到有效的密钥解密该敏感数据,从而使得上述访问敏感数据的请求失败。In this way, a sensitive application requesting access to sensitive data cannot obtain a valid key to decrypt the sensitive data, thereby causing the above request to access sensitive data to fail.
也就是说,当终端检测到访问敏感数据的请求,且判断出当前用户为非法用户时,会触发终端删除缓存区域内存储的密钥,这样终端不会频繁删除缓存区域中的密钥。那么,在非法用户使用终端却没有访问敏感数据的场景下,缓存区域中仍保留敏感数据的密钥,这样后续合法用户在终端上请求访问敏感数据时,无需对其身份进行身份认证,并在认证通过后重新将加密区的密码拷贝到缓存区域。That is, when the terminal detects the request for accessing the sensitive data and determines that the current user is an illegal user, the terminal is triggered to delete the key stored in the cache area, so that the terminal does not frequently delete the key in the cache area. Then, in the scenario where the illegal user uses the terminal but does not access the sensitive data, the key of the sensitive data is still retained in the cache area, so that the subsequent legitimate user does not need to authenticate the identity when requesting access to the sensitive data on the terminal, and After the authentication is passed, the password of the encryption area is copied to the cache area.
在另一种可能的实现方式中,当屏幕解锁后,终端无需对当前用户的身份进行实时认证,而是当检测到用户请求访问敏感数据时,再触发终端对当前用户的身份进行认证,从而降低因实时身份认证导致的大量电量消耗。In another possible implementation manner, after the screen is unlocked, the terminal does not need to perform real-time authentication on the identity of the current user, but when the user is requested to access the sensitive data, the terminal is triggered to authenticate the identity of the current user, thereby Reduce the amount of power consumed due to real-time identity authentication.
在另一种可能的实现方式中,当屏幕解锁后,终端无需对当前用户的身份进行实时认证,而是当检测到用户请求访问敏感数据时,再触发终端对当前用户的身份进行认证,从而降低因实时身份认证导致的大量电量消耗。In another possible implementation manner, after the screen is unlocked, the terminal does not need to perform real-time authentication on the identity of the current user, but when the user is requested to access the sensitive data, the terminal is triggered to authenticate the identity of the current user, thereby Reduce the amount of power consumed due to real-time identity authentication.
如图9所示,屏幕解锁后,可终端根据解锁时用户输入的身份认证信息获取访问加密区域的校验信息,并使用该校验信息从加密区域获取用于解密敏感数据的密钥,进而将密钥存储至缓存区域中。后续,当终端检测到用户请求访问敏感数据时,例如,上述用户Tom打开敏感应用“邮件”503时,可触发终端对当前用户Tom的身份进行认证。As shown in FIG. 9, after the screen is unlocked, the terminal obtains the verification information of the access encryption area according to the identity authentication information input by the user when unlocking, and uses the verification information to obtain a key for decrypting the sensitive data from the encryption area, and further Store the key in the cache area. Subsequently, when the terminal detects that the user requests to access the sensitive data, for example, when the user Tom opens the sensitive application "mail" 503, the terminal may be triggered to authenticate the identity of the current user Tom.
那么,如果当前用户为非法用户,则终端可删除缓存区域内存储的密钥。这样,敏感应用请求访问敏感数据时,内核无法获取到有效的密钥解密该敏感数据,从而使得上述访问敏感数据的请求失败。Then, if the current user is an illegal user, the terminal can delete the key stored in the cache area. Thus, when a sensitive application requests access to sensitive data, the kernel cannot obtain a valid key to decrypt the sensitive data, thereby causing the above request to access sensitive data to fail.
相应的,如果当前用户为合法用户,则终端可从缓存区域中获取解密敏感数据的密钥,进而使用该密钥访问被加密的敏感数据。Correspondingly, if the current user is a legitimate user, the terminal can obtain a key for decrypting sensitive data from the cache area, and then use the key to access the encrypted sensitive data.
在另一种可能的实现方式中,由于屏幕解锁后并不能够确认操作终端的用户为合法用户,因此,终端解锁屏幕与终端将敏感数据的密钥存储至缓存区域这两件事情之间可以不具有关联关系。In another possible implementation manner, since the user of the operation terminal is not confirmed as a legitimate user after the screen is unlocked, the terminal unlocking screen and the terminal storing the key of the sensitive data to the cache area may be Does not have an association.
如图10所示,当屏幕解锁后,可触发终端对当前用户的身份进行实时认证,那么,当终端检测到用户请求访问敏感数据时,终端可根据最近一次得到的身份认证结果确认当前用户为合法用户或非法用户。As shown in FIG. 10, when the screen is unlocked, the terminal can be triggered to perform real-time authentication on the identity of the current user. Then, when the terminal detects that the user requests access to the sensitive data, the terminal can confirm the current user according to the identity authentication result obtained last time. Legal or illegal user.
如果当前用户为合法用户,则终端可要求用户输入身份认证信息,进而根据该身 份认证信息获取访问加密区域的校验信息,以便使用该校验信息从加密区域获取用于解密敏感数据的密钥,并将密钥存储至缓存区域中。这样,终端可使用该密钥可访问到被加密的敏感数据。If the current user is a legitimate user, the terminal may require the user to input the identity authentication information, and then obtain the verification information of the access encryption area according to the identity authentication information, so as to obtain the key used to decrypt the sensitive data from the encryption area by using the verification information. And store the key in the cache area. In this way, the terminal can use the key to access the encrypted sensitive data.
如果当前用户为非法用户,则如图6所示,终端可提示当前用户重新认证身份。如果身份验证通过,则终端可使用相应的校验信息从加密区域获取用于解密敏感数据的密钥以访问敏感数据,否则,终端不会对上述访问敏感数据的请求做出响应,避免合法用户的敏感数据被非法用户泄露。If the current user is an illegal user, as shown in FIG. 6, the terminal may prompt the current user to re-authenticate the identity. If the authentication is passed, the terminal may use the corresponding verification information to obtain a key for decrypting the sensitive data from the encryption area to access the sensitive data. Otherwise, the terminal does not respond to the request for accessing the sensitive data, and avoids the legitimate user. Sensitive data is leaked by illegal users.
进一步地,在图10所示的敏感数据的访问方法中,如果终端支持对用户身份进行实时认证,那么,在息屏或黑屏状态下终端也可根据用户握持终端的方式等用户行为认证当前用户的身份。因此,上述敏感数据的访问方法不需要依赖于屏幕处于解锁状态这一条件。Further, in the method for accessing sensitive data shown in FIG. 10, if the terminal supports real-time authentication of the user identity, the terminal may also authenticate the current user behavior according to the manner in which the user holds the terminal in the state of the information screen or the black screen. The identity of the user. Therefore, the above method of accessing sensitive data does not need to depend on the condition that the screen is in an unlocked state.
也就是说,无论终端的屏幕是否处于解锁状态,终端均可对当前用户的身份进行实时认证,例如,当屏幕被点亮时,可触发终端开始对当前用户的身份进行实时认证。那么,当终端确定当前用户为合法用户,或者,终端确定出当前用户为合法用户,且检测到合法用户请求访问敏感数据时,可触发终端将加密区域中的密钥保存至内核320可直接访问的缓存区域中。That is to say, regardless of whether the screen of the terminal is in the unlocked state, the terminal can perform real-time authentication on the identity of the current user. For example, when the screen is lit, the terminal can be triggered to start real-time authentication of the identity of the current user. Then, when the terminal determines that the current user is a legitimate user, or the terminal determines that the current user is a legitimate user, and detects that the legitimate user requests to access the sensitive data, the terminal may be triggered to save the key in the encrypted area to the kernel 320 for direct access. In the cache area.
相应的,当终端确定当前用户为非法用户,或者,终端确定出当前用户为非法用户,且检测到非法用户请求访问敏感数据时,可触发终端删除缓存区域中的密钥,并提示当前用户重新认证身份。Correspondingly, when the terminal determines that the current user is an illegal user, or the terminal determines that the current user is an illegal user, and detects that the illegal user requests to access the sensitive data, the terminal may be triggered to delete the key in the cache area, and prompt the current user to re-create the key. Certified identity.
当然,如果在预设时间内均未接收到合法用户和/或非法用户输入的操作,终端也可以删除缓存区域中的密钥,例如,在屏幕息屏或黑屏后的预设时间内未接收到合法用户和/或非法用户输入的操作时,触发终端删除缓存区域中的密钥,避免恶意程序通过缓存区域中的密钥自动访问用户的敏感数据。Of course, if the operation input by the legal user and/or the illegal user is not received within the preset time, the terminal may also delete the key in the cache area, for example, the preset time is not received after the screen screen or the black screen. When an operation is entered by a legitimate user and/or an illegal user, the terminal is triggered to delete the key in the cache area, so that the malicious program can automatically access the sensitive data of the user through the key in the cache area.
需要说明的是,以上多种可能的实现方式仅为示例性的说明,本领域技术人员可根据实际经验或实际应用场景对终端拒绝非法用户访问敏感数据的方式进行设置,本申请实施例对此不做任何限制。It should be noted that the foregoing various possible implementation manners are only exemplary descriptions, and those skilled in the art may set the manner in which the terminal refuses to access the sensitive data by the illegal user according to the actual experience or the actual application scenario. Do not make any restrictions.
另外,上述实施例中均以终端拒绝非法用户访问敏感应用为例,阐述终端拒绝非法用户访问敏感数据的具体实现方式。可以理解的是,终端也可以通过拒绝非法用户访问敏感应用中涉及敏感数据的某个功能、某项服务或者某个窗口等方式,实现拒绝非法用户访问敏感数据的目的。In addition, in the above embodiment, the terminal refuses to access the sensitive application by the illegal user as an example, and describes a specific implementation manner in which the terminal refuses to access the sensitive data by the illegal user. It can be understood that the terminal can also refuse to access the sensitive data by the illegal user by denying the illegal user access to a certain function, a service or a window involving sensitive data in the sensitive application.
示例性的,如图11所示,敏感应用“微信”中包含用户敏感数据的窗口为:与好友聊天时的聊天窗口。那么,在屏幕解锁后非法用户Tom仍可打开“微信”应用,进而,当终端检测到非法用户Tom请求打开某一窗口时,例如,非法用户Tom点击图11中与Sara的聊天窗口时,由于该请求中包含聊天窗口的标识(例如,窗口的activity name),因此终端可确定该窗口的类型为涉及敏感数据的聊天窗口。Exemplarily, as shown in FIG. 11, the window of the sensitive application "WeChat" containing user sensitive data is: a chat window when chatting with a friend. Then, after the screen is unlocked, the illegal user Tom can still open the "WeChat" application, and then, when the terminal detects that the illegal user Tom requests to open a certain window, for example, the illegal user Tom clicks on the chat window with Sara in FIG. The request contains the identity of the chat window (eg, the activity name of the window), so the terminal can determine that the type of the window is a chat window involving sensitive data.
此时,终端可屏蔽非法用户Tom该请求打开与Sara的聊天窗口这一操作,例如,删除缓存区域中敏感数据的密钥等。同时,仍如图11所示,终端可显示对当前用户进行进一步身份认证的提示801。如果身份验证通过,则终端可响应打开与Sara的聊天 窗口这一操作,显示与Sara的聊天窗口。At this time, the terminal can block the operation of the illegal user Tom to open the chat window with Sara, for example, deleting the key of the sensitive data in the cache area, and the like. At the same time, as shown in FIG. 11, the terminal may display a prompt 801 for further identity authentication of the current user. If the authentication is passed, the terminal can display a chat window with Sara in response to opening the chat window with Sara.
进一步地,在对当前用户进行身份认证时,可以使用多种身份认证方式认证当前用户的身份。如图12所示,终端可提示用户同时进行人脸识别和指纹识别以验证身份。这是因为,当终端被非法用户盗抢后,非法用户获取到合法用户的多个身份验证信息的概率较小,因此使用多种身份认证方式可以降低因非法用户盗取合法用户的身份验证信息而导致敏感数据泄露的几率。Further, when authenticating the current user, multiple identity authentication methods may be used to authenticate the identity of the current user. As shown in FIG. 12, the terminal may prompt the user to perform face recognition and fingerprint recognition simultaneously to verify the identity. This is because, after the terminal is stolen by an illegal user, the probability that the illegal user obtains multiple authentication information of the legitimate user is small. Therefore, using multiple identity authentication methods can reduce the identity verification information of the legitimate user by stealing the legitimate user. The chance of leaking sensitive data.
又或者,除了拒绝非法用户访问敏感应用、拒绝非法用户访问敏感应用中涉及敏感数据的某个功能、某项服务或者某个窗口之外,终端还可以通过对敏感数据进行掩码处理拒绝非法用户访问敏感数据本身。Or, in addition to denying an illegal user access to a sensitive application, denying an illegal user access to a function of a sensitive application, a service, or a certain window, the terminal may also reject the illegal user by masking the sensitive data. Access sensitive data itself.
示例性的,如图13A所示,敏感应用“微信”中包含的敏感数据为电话号码“130-3292-0112”。那么,当检测到非法用户Tom请求打开包含该敏感数据的聊天窗口时,终端可对敏感数据“130-3292-0112”进行掩码处理,显示掩码处理后的敏感数据901,即“***-****-****”。这样,仍如图13A所示,终端虽然打开了包含敏感数据的聊天窗口,但聊天窗口内的敏感数据已经经过掩码处理被匿名化,使得非法用户无法获取真实的敏感数据,从而避免合法用户的敏感数据被非法用户泄露。Exemplarily, as shown in FIG. 13A, the sensitive data contained in the sensitive application "WeChat" is the telephone number "130-3292-0112". Then, when detecting that the illegal user Tom requests to open the chat window containing the sensitive data, the terminal may perform mask processing on the sensitive data "130-3292-0112" to display the masked sensitive data 901, that is, "** *-****-****". In this way, as shown in FIG. 13A, although the terminal opens the chat window containing the sensitive data, the sensitive data in the chat window has been anonymized by the mask processing, so that the illegal user cannot obtain the real sensitive data, thereby avoiding the legitimate user. Sensitive data is leaked by illegal users.
示例性的,终端在存储名称为“8月报表”的Word文件时将该Word文件标记为敏感数据,并且使用一定加密算法存储该Word文件。那么,当检测出当前用户为非法用户时,终端可删除缓存区域中用于解密该Word文件的密钥。此时,如图13B所示,终端在显示该Word文件902时可使用一定的加密形式隐藏该Word文件902的相关信息。当检测到非法用户Tom请求打开该Word文件902时,由于终端无法获取到Word文件902的密钥,因此“微信”应用无法获取到解密后的Word文件902。此时,仍如图13B所示,终端可通过验证开机密码等身份认证方式进一步确定当前用户是否具有访问Word文件902的权限。Exemplarily, the terminal marks the Word file as sensitive data when storing the Word file named "August Report", and stores the Word file using a certain encryption algorithm. Then, when it is detected that the current user is an illegal user, the terminal may delete the key in the cache area for decrypting the Word file. At this time, as shown in FIG. 13B, the terminal can hide the related information of the Word file 902 using a certain encryption form when displaying the Word file 902. When it is detected that the illegal user Tom requests to open the Word file 902, since the terminal cannot obtain the key of the Word file 902, the "WeChat" application cannot acquire the decrypted Word file 902. At this time, as shown in FIG. 13B, the terminal can further determine whether the current user has the right to access the Word file 902 by verifying the identity authentication manner such as the power-on password.
另外,本申请实施例中终端可通过多种方法显示终端被非法用户操作的提示。如图14中的(a)所示,终端可通过文字提示用户:当前操作终端的用户为非法用户;又或者,如图14中的(b)所示,终端可通过强制关机或强制关闭包含敏感数据的敏感应用等方式,提示用户:当前操作终端的用户为非法用户;又或者,如图14中的(c)所示,终端检测到当前操作终端的用户为非法用户时,还可进一步设置向非法用户开放访问敏感数据的权限。In addition, in the embodiment of the present application, the terminal may display a prompt that the terminal is operated by an illegal user by using various methods. As shown in (a) of FIG. 14, the terminal may prompt the user by text: the user currently operating the terminal is an illegal user; or, as shown in (b) of FIG. 14, the terminal may be forced to shut down or forcibly closed. The method of the sensitive application of the sensitive data prompts the user that the user of the current operation terminal is an illegal user; or, as shown in (c) of FIG. 14, when the terminal detects that the user of the current operation terminal is an illegal user, the terminal may further Set permissions to open access to sensitive data to unauthorized users.
需要说明的是,终端提示终端被非法用户操作的时机可以是在终端确定当前用户为非法用户时触发的,也可以是在终端确定非法用户请求访问合法用户的敏感数据时触发的,本申请实施例对此不做任何限制。It should be noted that the timing at which the terminal prompts the terminal to be operated by the illegal user may be triggered when the terminal determines that the current user is an illegal user, or may be triggered when the terminal determines that the illegal user requests to access the sensitive data of the legal user. There are no restrictions on this.
进一步地,如果当前操作终端的非法用户希望获取访问敏感数据的权限,例如,当终端检测到非法用户点击图14中的(c)所示的设置选项时,终端可进入向非法用户开放访问敏感数据权限的设置界面。Further, if the illegal user currently operating the terminal desires to obtain the right to access the sensitive data, for example, when the terminal detects that the illegal user clicks the setting option shown in (c) of FIG. 14, the terminal may enter the access sensitive to the illegal user. Data permission setting interface.
示例性的,如图15中的(a)所示,在向非法用户开放访问敏感数据的权限时,首先需要获取该终端的合法用户的授权,例如,可通过输入合法用户的指纹、检测合法用户的人脸特征等方式获取合法用户的授权。进而,如图15中的(b)所示,可进一步设置允许非法用户访问敏感数据的时间限制,例如设置在20分钟内允许非法用户 访问上述敏感数据。Exemplarily, as shown in (a) of FIG. 15 , when opening the right to access sensitive data to an illegal user, it is first necessary to obtain authorization of a legitimate user of the terminal, for example, by inputting a fingerprint of the legal user, and detecting the legality. The user's face features and other methods obtain the authorization of the legitimate user. Further, as shown in (b) of Fig. 15, a time limit for allowing an unauthorized user to access sensitive data can be further set, for example, setting an illegal user to access the above sensitive data within 20 minutes.
那么,在合法用户授权的这20分钟内,非法用户具有访问上述敏感数据的权限,此时终端可停止对当前用户进行身份认证,以降低终端的功耗。相应的,当时间超过合法用户授权的20分钟后,终端可删除缓存区域中存储的用于解密敏感数据的密钥,使得非法用户无法继续使用该密钥访问敏感数据。Then, within 20 minutes of the authorized user authorization, the illegal user has the right to access the above sensitive data, and the terminal can stop the identity authentication of the current user to reduce the power consumption of the terminal. Correspondingly, after the time exceeds the authorized user's authorization for 20 minutes, the terminal may delete the key stored in the cache area for decrypting the sensitive data, so that the illegal user cannot continue to use the key to access the sensitive data.
又或者,当时间超过合法用户授权的20分钟后,终端可进一步对当前用户的身份进行身份认证,如果当前用户已经从非法用户转变为合法用户,则终端无需删除缓存区域中存储的密钥,否则,如果当前用户仍为非法用户,则终端可删除缓存区域中存储的密钥,使得非法用户无法继续使用该密钥访问敏感数据。Or, after the time exceeds the authorized user's authorization for 20 minutes, the terminal may further authenticate the identity of the current user. If the current user has changed from the illegal user to the legitimate user, the terminal does not need to delete the key stored in the cache area. Otherwise, if the current user is still an illegal user, the terminal may delete the key stored in the cache area, so that the illegal user cannot continue to use the key to access the sensitive data.
进一步地,当终端检测到操作终端的用户从非法用户转变为合法用户时,例如,如图16所示,非法用户Tom操作终端一段时间后将终端交给其合法用户Sam使用,此时,终端基于Sam的用户行为可确定当前用户为合法用户。那么,由于终端检测到非法用户Tom操作终端时已经将访问敏感数据的密钥从缓存区域中删除,因此,终端此时可自动从存储器的加密区域中再次复制该密钥至缓存区域,从而恢复合法用户Sam访问敏感数据的权限,且无需合法用户Sam再次进行身份认证。同时,如图16所示,终端可提示用户已经恢复合法用户对敏感数据的访问权限,合法用户可使用该密钥访问其敏感数据。Further, when the terminal detects that the user of the operation terminal changes from the illegal user to the legal user, for example, as shown in FIG. 16, the illegal user Tom operates the terminal for a period of time and then hands the terminal to its legitimate user Sam for use. Sam-based user behavior determines that the current user is a legitimate user. Then, the terminal has deleted the key for accessing the sensitive data from the cache area when the terminal detects that the illegal user Tom operates the terminal, so the terminal can automatically copy the key to the cache area from the encrypted area of the memory at this time, thereby recovering. The legitimate user Sam has access to sensitive data, and does not need the legitimate user Sam to perform identity authentication again. At the same time, as shown in FIG. 16, the terminal may prompt the user to restore the access rights of the legitimate user to the sensitive data, and the legitimate user may use the key to access the sensitive data.
当然,如图17所示,用户可以在终端的设置界面中打开控件1001,以开启对上述敏感数据的访问保护功能。进一步地,终端开启该保护功能后,用户可以进一步设置哪些应用或应用中的哪些功能运行时生成的数据为敏感数据,那么后续检测到用户请求打开这些应用或这些功能时,可通过上述实施例中的数据访问方法对敏感数据进行保护;另外,用户还可以设置非法用户访问上述敏感数据时的具体验证方式,以及将哪些用户作为具有访问上述敏感数据权限的合法用户等。Of course, as shown in FIG. 17, the user can open the control 1001 in the setting interface of the terminal to enable the access protection function for the above sensitive data. Further, after the terminal enables the protection function, the user may further set which applications or which functions of the application are generated when the data is sensitive data, and then the subsequent detection of the user request to open the applications or the functions may be performed by the foregoing embodiment. The data access method protects sensitive data. In addition, the user can also set the specific authentication method when the illegal user accesses the above sensitive data, and which users are used as legitimate users with access to the above sensitive data.
示例性的,如图18中的(a)所示,在设置具体的敏感数据时,可以以应用为粒度设置至少一个应用为敏感应用。那么,后续终端检测到非法用户访问用户设置的敏感应用时,可通过上述实施例中提供的数据访问方法拒绝非法用户访问加密的敏感数据。当然,用户也可按照应用中的窗口类型、服务类型或数据类型等方式设置具体的敏感数据,当用户针对窗口类型,服务类型进行设置时,终端识别被设置的这类型窗口或服务所需访问的数据,将其设置为敏感数据。本申请实施例对如何设置敏感数据不做任何限制。Exemplarily, as shown in (a) of FIG. 18, when setting specific sensitive data, at least one application may be set as a sensitive application with an application granularity. Then, when the subsequent terminal detects that the illegal user accesses the sensitive application set by the user, the unauthorized user can be denied access to the encrypted sensitive data by using the data access method provided in the foregoing embodiment. Of course, the user can also set specific sensitive data according to the window type, service type or data type in the application. When the user sets the window type and service type, the terminal recognizes the required access of the type window or service that is set. Data, set it to sensitive data. The embodiment of the present application does not impose any restrictions on how to set sensitive data.
示例性的,如图18中的(b)所示,在设置具体的验证方式时,用户可以设置一项或多项验证方式验证请求访问敏感数据的用户的身份。当用户设置了多项验证方式时,如果终端检测到非法用户访问上述敏感数据,则用户需要通过已设置的每一项验证方式后才能访问该敏感数据。Exemplarily, as shown in (b) of FIG. 18, when setting a specific verification mode, the user can set one or more verification methods to verify the identity of the user requesting access to the sensitive data. When the user sets multiple authentication modes, if the terminal detects that the illegal user accesses the sensitive data, the user needs to pass each authentication mode that has been set to access the sensitive data.
另外,当用户在图17-图18所示的设置界面中设置上述敏感数据的各项保护功能时,终端也可对当前用户的身份进行认证。如果当前用户为非法用户,则终端可禁止该非法用户对上述敏感数据的各项保护功能进行设置。也就是说,只有合法用户对上述敏感数据的各项保护功能进行设置时,该设置才会生效,这样可以避免非法用户通 过修改上述设置选项获得访问敏感数据的权限。In addition, when the user sets various protection functions of the above sensitive data in the setting interface shown in FIG. 17 to FIG. 18, the terminal can also authenticate the identity of the current user. If the current user is an illegal user, the terminal may prohibit the illegal user from setting various protection functions of the sensitive data. In other words, this setting takes effect only when a legitimate user sets the protection functions of the above sensitive data. This prevents unauthorized users from gaining access to sensitive data by modifying the above setting options.
在本申请中,当终端解锁屏幕后,可基于用户在终端上的用户行为等方式继续对当前用户进行身份认证。那么,在本申请的另一些实施方式中,终端还可以根据当前用户的身份认证结果确定对其存储器中不同数据或应用的访问权限。In the present application, after the terminal unlocks the screen, the current user may continue to be authenticated based on the user's behavior on the terminal. Then, in other implementation manners of the present application, the terminal may further determine access rights to different data or applications in the memory according to the identity authentication result of the current user.
示例性的,如图19所示,当终端检测出当前用户为合法用户时,可设置终端对其存储的所有数据(例如,敏感数据和非敏感数据)均具有访问权限。而当终端检测出当前用户为非法用户时,可设置终端仅对其存储的非敏感数据具有访问权限,即此时终端无法读取到已存储的敏感数据。Exemplarily, as shown in FIG. 19, when the terminal detects that the current user is a legitimate user, the terminal may set the terminal to have access to all data (for example, sensitive data and non-sensitive data) stored by the terminal. When the terminal detects that the current user is an illegal user, the terminal can only set the terminal to have access rights to the non-sensitive data stored therein, that is, the terminal cannot read the stored sensitive data at this time.
那么,如图20A所示,终端在存储名称为“8月报表”的Word文件时将该Word文件标记为敏感数据。后续,当合法用户Sam打开包含该敏感数据的聊天记录时,由于终端此时对所有敏感数据均具有访问权限,因此,终端可通过获取该Word文件的密钥,显示解密后的Word文件。相应的,当非法用户Tom打开包含上述敏感数据的聊天记录时,由于终端此时仅对非敏感数据具有访问权限,即终端无法感知到上述Word文件,因此,终端在显示与Sara的聊天记录时不包括该Word文件。Then, as shown in FIG. 20A, the terminal marks the Word file as sensitive data when storing a Word file named "August Report". Subsequently, when the legitimate user Sam opens the chat record containing the sensitive data, since the terminal has access rights to all sensitive data at this time, the terminal can display the decrypted Word file by acquiring the key of the Word file. Correspondingly, when the illegal user Tom opens the chat record containing the above sensitive data, since the terminal has only access rights to the non-sensitive data at this time, that is, the terminal cannot perceive the Word file, the terminal displays the chat record with Sara. Does not include the Word file.
又或者,终端还可以应用为粒度设置终端的访问权限。例如,当终端检测出当前用户为合法用户时,可设置终端对敏感应用和非敏感应用均具有访问权限。而当终端检测出当前用户为非法用户时,可设置终端仅对无需访问敏感数据的非敏感应用具有访问权限。Alternatively, the terminal can also be applied as a granularity to set the access rights of the terminal. For example, when the terminal detects that the current user is a legitimate user, the terminal can be set to have access rights to both the sensitive application and the non-sensitive application. When the terminal detects that the current user is an illegal user, the terminal can be set to have access only to non-sensitive applications that do not need to access sensitive data.
那么,如图20B所示,“联系人”、“短消息”以及“邮件”三个应用在运行时需要访问用户的敏感数据,因此可将这三个应用设置为敏感应用。后续,当合法用户Sam操作终端时,由于终端此时对所有应用均具有访问权限,因此,终端可在桌面上显示已安装的所有应用的图标。相应的,当非法用户Tom操作终端时,由于终端此时仅对非敏感应用具有访问权限,因此,终端在显示桌面时无法获取到敏感应用的相关信息,也无法显示敏感应用的图标。Then, as shown in FIG. 20B, the three applications "contact", "short message", and "mail" need to access the user's sensitive data at runtime, so these three applications can be set as sensitive applications. Subsequently, when the legitimate user Sam operates the terminal, since the terminal has access rights to all applications at this time, the terminal can display icons of all installed applications on the desktop. Correspondingly, when the illegitimate user operates the terminal, the terminal has access to the non-sensitive application at this time. Therefore, the terminal cannot obtain related information of the sensitive application when displaying the desktop, and cannot display the icon of the sensitive application.
可以理解的是,上述终端等为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本申请实施例能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请实施例的范围。It can be understood that, in order to implement the above functions, the above terminal and the like include hardware structures and/or software modules corresponding to each function. Those skilled in the art will readily appreciate that the embodiments of the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the embodiments of the present application.
本申请实施例可以根据上述方法示例对上述终端等进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present application may perform the division of the function modules on the terminal or the like according to the foregoing method example. For example, each function module may be divided according to each function, or two or more functions may be integrated into one processing module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present application is schematic, and is only a logical function division, and the actual implementation may have another division manner.
在采用对应各个功能划分各个功能模块的情况下,图21示出了上述实施例中所涉及的终端的一种可能的结构示意图,该终端包括:认证单元2101、获取单元2102、响 应单元2103、删除单元2104以及显示单元2105。FIG. 21 is a schematic diagram showing a possible structure of a terminal involved in the foregoing embodiment, where the terminal includes: an authentication unit 2101, an obtaining unit 2102, a response unit 2103, and The unit 2104 and the display unit 2105 are deleted.
在一种可能的实现方式中,认证单元2101,用于自动对操作终端的当前用户进行身份认证;获取单元2102,用于获取敏感应用访问敏感数据的请求,该敏感数据已使用密钥被加密,该敏感应用为运行时需要访问该敏感数据的应用;响应单元2103,用于向该敏感应用提供访问结果,其中,当该身份认证的结果为该当前用户为非法用户时,该访问结果中不包该含敏感数据。In a possible implementation, the authentication unit 2101 is configured to automatically perform identity authentication on the current user of the operation terminal, and the obtaining unit 2102 is configured to obtain a request for sensitive application to access sensitive data, where the sensitive data is encrypted by using a key. The sensitive application is an application that needs to access the sensitive data at the runtime; the response unit 2103 is configured to provide an access result to the sensitive application, where, when the result of the identity authentication is that the current user is an illegal user, the access result is Does not include this sensitive data.
进一步地,当身份认证的结果为该当前用户为非法用户时,删除单元2104用于删除用于解密该敏感数据的该密钥。Further, when the result of the identity authentication is that the current user is an illegal user, the deleting unit 2104 is configured to delete the key used to decrypt the sensitive data.
进一步地,获取单元2102还用于:在终端开机时,生成用于解锁该敏感数据的该密钥;将该密钥存储在受加密算法保护的加密区域。Further, the obtaining unit 2102 is further configured to: when the terminal is powered on, generate the key for unlocking the sensitive data; store the key in an encrypted area protected by an encryption algorithm.
进一步地,获取单元2102还用于:在终端的屏幕解锁时,获取校验信息,该校验信息与屏幕解锁时终端获取的身份认证信息相关联,或者,该校验信息为终端预先设置的;使用该校验信息将该加密区域中存储的该密钥保存至缓存区域中。Further, the obtaining unit 2102 is further configured to: when the screen of the terminal is unlocked, acquire verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or the verification information is preset by the terminal. The key stored in the encrypted area is saved to the cache area using the check information.
进一步地,获取单元2102还用于:若该身份认证的结果为该当前用户为合法用户,则获取校验信息,该校验信息与屏幕解锁时终端获取的身份认证信息相关联,或者,该校验信息为终端预先设置的;使用该校验信息将该加密区域中存储的该密钥保存至缓存区域中。Further, the obtaining unit 2102 is further configured to: if the result of the identity authentication is that the current user is a legitimate user, obtain verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or The verification information is preset by the terminal; the verification key is used to save the key stored in the encryption area to the cache area.
此时,删除单元2104具体用于删除该缓存区域中存储的该密钥。At this time, the deleting unit 2104 is specifically configured to delete the key stored in the cache area.
进一步地,获取单元2102具体用于:若检测到该当前用户打开该敏感应用的操作,则获取到该敏感应用访问该敏感数据的请求;或者;若检测到该当前用户打开该敏感应用中目标应用界面的操作,则获取到该敏感应用访问该敏感数据的请求,该目标应用界面为包含该敏感数据的应用界面。Further, the obtaining unit 2102 is specifically configured to: if detecting that the current user opens the sensitive application, acquiring a request for the sensitive application to access the sensitive data; or; if detecting that the current user opens the target in the sensitive application The operation of the application interface obtains a request for the sensitive application to access the sensitive data, and the target application interface is an application interface that includes the sensitive data.
进一步地,认证单元2101具体用于:自动获取当前用户操作终端时的用户行为;通过对比该用户行为与预先存储的合法用户的行为特征,认证该当前用户的身份。Further, the authentication unit 2101 is specifically configured to: automatically acquire the user behavior when the current user operates the terminal; and authenticate the identity of the current user by comparing the behavior of the user with the behavior characteristics of the pre-stored legal user.
进一步地,显示单元2105用于显示不包含该敏感数据的第一界面。Further, the display unit 2105 is configured to display a first interface that does not include the sensitive data.
进一步地,当第一界面中包括向非法用户开放访问权限的提示时,该获取单元2102还用于:获取合法用户对开放非法用户访问权限的授权;获取该非法用户访问该敏感数据的有效时长。Further, when the first interface includes a prompt for opening the access right to the unauthorized user, the obtaining unit 2102 is further configured to: obtain the authorization of the legal user to open the unauthorized user access authority; and obtain the effective duration of the illegal user accessing the sensitive data. .
进一步地,显示单元2105还用于:在该有效时长内,若检测到非法用户请求访问该敏感数据,则显示包含该敏感数据的第二界面;当超出该有效时长后,若检测到非法用户请求访问该敏感数据,则显示不包含该敏感数据的第一界面。Further, the display unit 2105 is further configured to display, during the valid duration, a second interface that includes the sensitive data, if an illegal user is requested to access the sensitive data, and if an illegal user is detected after the valid duration is exceeded Requesting access to the sensitive data displays a first interface that does not contain the sensitive data.
在另一种可能的实现方式中,认证单元2101,用于自动对操作终端的当前用户进行身份认证;显示单元2105,用于:若该身份认证的结果为该当前用户为非法用户,则显示第一界面,第一界面不包含该敏感数据或运行时需要访问该敏感数据的敏感应用;若该身份认证的结果为该当前用户为合法用户,则显示第二界面,第二界面包含该敏感数据或运行时需要访问该敏感数据的敏感应用。In another possible implementation, the authentication unit 2101 is configured to automatically perform identity authentication on the current user of the operation terminal, and the display unit 2105 is configured to: if the result of the identity authentication is that the current user is an illegal user, display The first interface, the first interface does not include the sensitive data or a sensitive application that needs to access the sensitive data at runtime; if the result of the identity authentication is that the current user is a legitimate user, the second interface is displayed, and the second interface includes the sensitive Sensitive applications that require access to sensitive data at the data or runtime.
其中,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。All the related content of the steps involved in the foregoing method embodiments may be referred to the functional descriptions of the corresponding functional modules, and details are not described herein again.
在采用集成的单元的情况下,如图22所示,示出了上述实施例中所涉及的终端的 一种可能的结构示意图,包括处理模块2201、存储模块2202、输出模块2203以及输入模块2204。In the case of the integrated unit, as shown in FIG. 22, a possible structural diagram of the terminal involved in the foregoing embodiment is shown, including a processing module 2201, a storage module 2202, an output module 2203, and an input module 2204. .
其中,处理模块2201用于对终端的动作进行控制管理。输入模块2204用于支持终端与用户之间的信息交互。存储模块2202用于保存终端的程序代码和数据。输出模块2204用于输出由用户输入的信息或提供给用户的信息以及终端的各种菜单。The processing module 2201 is configured to control and manage the action of the terminal. The input module 2204 is configured to support information interaction between the terminal and the user. The storage module 2202 is configured to save program codes and data of the terminal. The output module 2204 is for outputting information input by the user or information provided to the user and various menus of the terminal.
示例性的,处理模块2201可与上述认证单元2101、响应单元2103以及删除单元2104的功能对应,输出模块2203可与上述显示单元2105的功能对应,输入模块2204可与上述获取单元2102的功能对应。Exemplarily, the processing module 2201 can correspond to the functions of the foregoing authentication unit 2101, the response unit 2103, and the deletion unit 2104, the output module 2203 can correspond to the function of the display unit 2105, and the input module 2204 can correspond to the function of the obtaining unit 2102. .
具体的,处理模块2201可以是处理器或控制器,例如可以是中央处理器(Central Processing Unit,CPU),GPU,通用处理器,数字信号处理器(Digital Signal Processor,DSP),专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。Specifically, the processing module 2201 may be a processor or a controller, such as a central processing unit (CPU), a GPU, a general-purpose processor, a digital signal processor (DSP), and an application specific integrated circuit ( Application-Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
存储模块2202可以是存储器,该存储器可以包括高速随机存取存储器(RAM),还可以包括非易失存储器,例如磁盘存储器件、闪存器件或其他易失性固态存储器件等。The storage module 2202 may be a memory, which may include a high speed random access memory (RAM), and may also include a nonvolatile memory such as a magnetic disk storage device, a flash memory device, or other volatile solid state storage device.
输出模块2203可以为显示器、扬声器或者耳机等,以显示器举例,具体可以采用液晶显示器、有机发光二极管等形式来配置显示器。另外,显示器上还可以集成触控板,用于采集在其上或附近的触摸事件,并将采集到的触摸信息发送给其他器件(例如处理器等)。The output module 2203 can be a display, a speaker or a headphone, etc., and is exemplified by a display. Specifically, the display can be configured in the form of a liquid crystal display, an organic light emitting diode or the like. In addition, a touch panel can be integrated on the display for collecting touch events on or near the display, and transmitting the collected touch information to other devices (such as a processor, etc.).
输入模块2204可以是触摸屏、收发电路、蓝牙装置、Wi-Fi装置、外设接口等用于接收用户输入的输入设备。The input module 2204 can be a touch screen, a transceiver circuit, a Bluetooth device, a Wi-Fi device, a peripheral interface, or the like for inputting user input.
当处理模块2201为处理器120,存储模块2202为存储器130,输出模块2203为显示模块160,输入模块2204为用户输入模块150时,本申请实施例所提供的终端可以为图1所示的手机100。When the processing module 2201 is the processor 120, the storage module 2202 is the memory 130, the output module 2203 is the display module 160, and the input module 2204 is the user input module 150, the terminal provided by the embodiment of the present application may be the mobile phone shown in FIG. 100.
在上述实施例中,可以全部或部分的通过软件,硬件,固件或者其任意组合来实现。当使用软件程序实现时,可以全部或部分地以计算机程序产品的形式出现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。该可用介质可以是磁性介质,(例如,软盘,硬盘、磁带)、光介质(例如,DVD)或者半导体介质(例如固态硬盘Solid State  Disk(SSD))等。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented using a software program, it may occur in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media. The usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a solid state disk (SSD)).
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何在本申请揭露的技术范围内的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The foregoing is only a specific embodiment of the present application, but the scope of protection of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. . Therefore, the scope of protection of the present application should be determined by the scope of the claims.

Claims (27)

  1. 一种数据访问方法,其特征在于,包括:A data access method, comprising:
    所述终端自动对操作所述终端的当前用户进行身份认证;The terminal automatically performs identity authentication on a current user who operates the terminal;
    所述终端获取敏感应用访问敏感数据的请求,所述敏感数据已使用密钥被加密,所述敏感应用为运行时需要访问所述敏感数据的应用;Receiving, by the terminal, a request for accessing sensitive data by a sensitive application, where the sensitive data is encrypted by using a key, where the sensitive application is an application that needs to access the sensitive data at runtime;
    响应于所述请求,所述终端向所述敏感应用提供访问结果,其中,当所述身份认证的结果为所述当前用户为非法用户时,所述访问结果中不包所述含敏感数据。In response to the request, the terminal provides an access result to the sensitive application, wherein when the result of the identity authentication is that the current user is an illegal user, the sensitive data is not included in the access result.
  2. 根据权利要求1所述的方法,其特征在于,在所述终端自动对操作所述终端的当前用户进行身份认证之后,且在所述终端获取敏感应用访问敏感数据的请求之前,还包括:The method according to claim 1, wherein after the terminal automatically performs identity authentication on the current user of the terminal, and before the terminal obtains the request for the sensitive application to access the sensitive data, the method further includes:
    若所述身份认证的结果为所述当前用户为非法用户,则所述终端删除用于解密所述敏感数据的所述密钥。If the result of the identity authentication is that the current user is an illegal user, the terminal deletes the key used to decrypt the sensitive data.
  3. 根据权利要求1所述的方法,其特征在于,在所述终端获取敏感应用访问敏感数据的请求之后,且在所述终端向所述敏感应用提供第一访问结果之前,还包括:The method according to claim 1, wherein after the terminal obtains the request for the sensitive application to access the sensitive data, and before the terminal provides the first access result to the sensitive application, the method further includes:
    若所述身份认证的结果为所述当前用户为非法用户,则所述终端删除用于解密所述敏感数据的所述密钥。If the result of the identity authentication is that the current user is an illegal user, the terminal deletes the key used to decrypt the sensitive data.
  4. 根据权利要求1-3中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 3, wherein the method further comprises:
    在所述终端开机时,所述终端生成用于解锁所述敏感数据的所述密钥;When the terminal is powered on, the terminal generates the key for unlocking the sensitive data;
    所述终端将所述密钥存储在受加密算法保护的加密区域。The terminal stores the key in an encrypted area protected by an encryption algorithm.
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method of claim 4, wherein the method further comprises:
    在所述终端的屏幕解锁时,所述终端获取校验信息,所述校验信息与屏幕解锁时所述终端获取的身份认证信息相关联,或者,所述校验信息为所述终端预先设置的;When the screen of the terminal is unlocked, the terminal acquires verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or the verification information is preset by the terminal. of;
    所述终端使用所述校验信息将所述加密区域中存储的所述密钥保存至缓存区域中。The terminal saves the key stored in the encrypted area to a cache area using the verification information.
  6. 根据权利要求4所述的方法,其特征在于,在所述终端自动对操作所述终端的当前用户进行身份认证之后,还包括:The method according to claim 4, further comprising: after the terminal automatically performs identity authentication on the current user operating the terminal,
    若所述身份认证的结果为所述当前用户为合法用户,则所述终端获取校验信息,所述校验信息与屏幕解锁时所述终端获取的身份认证信息相关联,或者,所述校验信息为所述终端预先设置的;If the result of the identity authentication is that the current user is a legitimate user, the terminal acquires verification information, where the verification information is associated with the identity authentication information acquired by the terminal when the screen is unlocked, or the school The verification information is preset for the terminal;
    所述终端使用所述校验信息将所述加密区域中存储的所述密钥保存至缓存区域中。The terminal saves the key stored in the encrypted area to a cache area using the verification information.
  7. 根据权利要求5或6所述的方法,其特征在于,所述终端删除用于解密所述敏感数据的所述密钥,包括:The method according to claim 5 or 6, wherein the deleting the key for decrypting the sensitive data by the terminal comprises:
    所述终端删除所述缓存区域中存储的所述密钥。The terminal deletes the key stored in the cache area.
  8. 根据权利要求1-7中任一项所述的方法,其特征在于,所述终端获取敏感应用访问敏感数据的请求,包括:The method according to any one of claims 1 to 7, wherein the terminal acquires a request for a sensitive application to access sensitive data, including:
    若检测到所述当前用户打开所述敏感应用的操作,则所述终端获取到所述敏感应用访问所述敏感数据的请求;或者;If the operation of the sensitive application is detected by the current user, the terminal acquires a request for the sensitive application to access the sensitive data; or
    若检测到所述当前用户打开所述敏感应用中目标应用界面的操作,则所述终端获取到所述敏感应用访问所述敏感数据的请求,所述目标应用界面为包含所述敏感数据的应用界面。If the operation of the target application interface in the sensitive application is detected, the terminal acquires a request for the sensitive application to access the sensitive data, where the target application interface is an application that includes the sensitive data. interface.
  9. 根据权利要求1-8中任一项所述的方法,其特征在于,所述终端自动对操作所述终端的当前用户进行身份认证,包括:The method according to any one of claims 1 to 8, wherein the terminal automatically performs identity authentication on a current user who operates the terminal, including:
    所述终端自动获取当前用户操作所述终端时的用户行为;The terminal automatically acquires a user behavior when the current user operates the terminal;
    所述终端通过对比所述用户行为与预先存储的合法用户的行为特征,认证所述当前用户的身份。The terminal authenticates the identity of the current user by comparing the behavior of the user with the behavior characteristics of a pre-stored legitimate user.
  10. 根据权利要求1-9中任一项所述的方法,其特征在于,在所述终端向所述敏感应用提供访问结果之后,还包括:The method according to any one of claims 1 to 9, wherein after the terminal provides the access result to the sensitive application, the method further includes:
    所述终端显示不包含所述敏感数据的第一界面。The terminal displays a first interface that does not include the sensitive data.
  11. 根据权利要求10所述的方法,其特征在于,所述第一界面中包括访问请求无效的提示、输入身份认证信息的提示、经过掩码处理后的所述敏感数据或向非法用户开放访问权限的提示。The method according to claim 10, wherein the first interface includes a prompt for invalid access request, a prompt for inputting identity authentication information, the masked processed sensitive data, or opening access rights to an illegal user. Tips.
  12. 根据权利要求11所述的方法,其特征在于,当所述第一界面中包括向非法用户开放访问权限的提示时,The method according to claim 11, wherein when the first interface includes a prompt for opening an access right to an illegal user,
    在所述终端显示不包含所述敏感数据的第一界面之后,还包括:After the terminal displays the first interface that does not include the sensitive data, the method further includes:
    所述终端获取合法用户对开放非法用户访问权限的授权;The terminal acquires an authorization of a legitimate user to open an unauthorized user access right;
    所述终端获取所述非法用户访问所述敏感数据的有效时长。The terminal acquires an effective duration of the illegal user accessing the sensitive data.
  13. 根据权利要求12所述的方法,其特征在于,在所述终端获取确定所述非法用户访问所述敏感数据的有效时长之后,还包括:The method according to claim 12, further comprising: after the terminal obtains the effective duration of determining that the unauthorized user accesses the sensitive data, the method further includes:
    在所述有效时长内,若检测到非法用户请求访问所述敏感数据,则所述终端显示包含所述敏感数据的第二界面;Within the valid duration, if an illegal user is detected to request access to the sensitive data, the terminal displays a second interface including the sensitive data;
    当超出所述有效时长后,若检测到非法用户请求访问所述敏感数据,则所述终端显示不包含所述敏感数据的第一界面。After the valid duration is exceeded, if an illegal user is detected to request access to the sensitive data, the terminal displays a first interface that does not include the sensitive data.
  14. 一种数据访问方法,其特征在于,包括:A data access method, comprising:
    终端自动对操作所述终端的当前用户进行身份认证;The terminal automatically performs identity authentication on the current user who operates the terminal;
    若所述身份认证的结果为所述当前用户为非法用户,则所述终端显示第一界面,所述第一界面不包含敏感数据或运行时需要访问所述敏感数据的敏感应用;If the result of the identity authentication is that the current user is an illegal user, the terminal displays a first interface, where the first interface does not include sensitive data or a sensitive application that needs to access the sensitive data at runtime;
    若所述身份认证的结果为所述当前用户为合法用户,则所述终端显示第二界面,所述第二界面包含所述敏感数据或运行时需要访问所述敏感数据的敏感应用。If the result of the identity authentication is that the current user is a legitimate user, the terminal displays a second interface, where the second interface includes the sensitive data or a sensitive application that needs to access the sensitive data at runtime.
  15. 一种终端,其特征在于,包括处理器,以及与所述处理器相连的存储器,其中,A terminal, comprising: a processor, and a memory connected to the processor, wherein
    所述存储器,用于:存储敏感数据,所述敏感数据已使用密钥被加密;The memory is configured to: store sensitive data, where the sensitive data has been encrypted using a key;
    所述处理器,用于:自动对操作所述终端的当前用户进行身份认证;获取敏感应用访问所述敏感数据的请求,所述敏感应用为运行时需要访问所述敏感数据的应用;响应于所述请求,向所述敏感应用提供访问结果,其中,当所述身份认证的结果为所述当前用户为非法用户时,所述访问结果中不包所述含敏感数据。The processor is configured to: automatically perform identity authentication on a current user that operates the terminal; and obtain a request for a sensitive application to access the sensitive data, where the sensitive application is an application that needs to access the sensitive data at a runtime; The request provides an access result to the sensitive application, wherein when the result of the identity authentication is that the current user is an illegal user, the sensitive data is not included in the access result.
  16. 根据权利要求15所述的终端,其特征在于,The terminal of claim 15 wherein:
    所述处理器,还用于:若所述身份认证的结果为所述当前用户为非法用户,则删除用于解密所述敏感数据的所述密钥。The processor is further configured to: if the current user is an illegal user, delete the key used to decrypt the sensitive data.
  17. 根据权利要求15或16所述的终端,其特征在于,A terminal according to claim 15 or 16, wherein
    所述处理器,还用于:在所述终端开机时,生成用于解锁所述敏感数据的所述密钥;将所述密钥存储在所述存储器中受加密算法保护的加密区域。The processor is further configured to: when the terminal is powered on, generate the key for unlocking the sensitive data; store the key in an encrypted area in the memory that is protected by an encryption algorithm.
  18. 根据权利要求17所述的终端,其特征在于,所述终端还包括与所述处理器相连的输入设备,The terminal according to claim 17, wherein said terminal further comprises an input device connected to said processor,
    所述输入设备,用于:在所述终端的屏幕解锁时,或者,在所述处理器判断出所述当前用户为合法用户时,获取校验信息,所述校验信息与屏幕解锁时所述终端获取的身份认证信息相关联,或者,所述校验信息为所述终端预先设置的;The input device is configured to: when the screen of the terminal is unlocked, or when the processor determines that the current user is a legitimate user, obtain verification information, where the verification information is when the screen is unlocked The identity authentication information acquired by the terminal is associated, or the verification information is preset by the terminal;
    所述处理器,还用于:使用所述校验信息将所述加密区域中存储的所述密钥保存至所述存储器的缓存区域中。The processor is further configured to: save the key stored in the encryption area to a cache area of the memory by using the verification information.
  19. 根据权利要求18所述的终端,其特征在于,The terminal according to claim 18, characterized in that
    所述处理器,具体用于:删除所述缓存区域中存储的所述密钥。The processor is specifically configured to: delete the key stored in the cache area.
  20. 根据权利要求18或19所述的终端,其特征在于,A terminal according to claim 18 or 19, characterized in that
    所述输入设备,还用于:接收所述当前用户打开所述敏感应用的操作,或者,接收所述当前用户打开所述敏感应用中目标应用界面的操作,所述目标应用界面为包含所述敏感数据的应用界面;The input device is further configured to: receive an operation of the current user to open the sensitive application, or receive an operation of the current user to open a target application interface in the sensitive application, where the target application interface includes the Application interface for sensitive data;
    所述处理器,具体用于:响应于所述操作,获取所述敏感应用访问所述敏感数据的请求。The processor is specifically configured to: in response to the operation, obtain a request for the sensitive application to access the sensitive data.
  21. 根据权利要求18-20中任一项所述的终端,其特征在于,A terminal according to any one of claims 18 to 20, characterized in that
    所述输入设备,还用于:自动获取当前用户操作所述终端时的用户行为;The input device is further configured to: automatically acquire a user behavior when the current user operates the terminal;
    所述处理器,具体用于:通过对比所述用户行为与预先存储的合法用户的行为特征,认证所述当前用户的身份。The processor is specifically configured to: authenticate the identity of the current user by comparing the behavior of the user with a behavior characteristic of a pre-stored legal user.
  22. 根据权利要求18-21中任一项所述的终端,其特征在于,所述终端还包括与所述处理器相连的输出设备,The terminal according to any one of claims 18 to 21, wherein the terminal further comprises an output device connected to the processor,
    所述输出设备,用于:显示不包含所述敏感数据的第一界面,所述第一界面中包括访问请求无效的提示、输入身份认证信息的提示、经过掩码处理后的所述敏感数据或向非法用户开放访问权限的提示。The output device is configured to display a first interface that does not include the sensitive data, where the first interface includes a prompt for invalid access request, a prompt for inputting identity authentication information, and the masked processed sensitive data. Or a prompt to open access to an illegal user.
  23. 根据权利要求22所述的终端,其特征在于,当所述第一界面中包括向非法用户开放访问权限的提示时,The terminal according to claim 22, wherein when the first interface includes a prompt for opening an access right to an illegal user,
    所述输入设备,还用于:获取合法用户对开放非法用户访问权限的授权;获取所述非法用户访问所述敏感数据的有效时长。The input device is further configured to: obtain an authorization of a legal user to open an unauthorized user access right; and obtain an effective duration of the illegal user accessing the sensitive data.
  24. 根据权利要求23所述的终端,其特征在于,The terminal according to claim 23, characterized in that
    所述输入设备,还用于:在所述有效时长内,检测到非法用户请求访问所述敏感数据;或者,超出所述有效时长后,检测到非法用户请求访问所述敏感数据;The input device is further configured to: during the valid duration, detecting that an illegal user requests access to the sensitive data; or, after the valid duration is exceeded, detecting that an illegal user requests access to the sensitive data;
    所述输出设备,还用于:若在所述有效时长内,检测到非法用户请求访问所述敏感数据,则显示包含所述敏感数据的第二界面;若超出所述有效时长后,检测到非法用户请求访问所述敏感数据,则显示不包含所述敏感数据的第一界面。The output device is further configured to: if an illegal user requests to access the sensitive data within the valid duration, display a second interface that includes the sensitive data; if the valid duration is exceeded, the detected When an illegal user requests access to the sensitive data, a first interface that does not include the sensitive data is displayed.
  25. 一种终端,其特征在于,包括处理器,以及与所述处理器均相连的存储器和输出设备,其中,A terminal, comprising: a processor, and a memory and an output device connected to the processor, wherein
    所述存储器,用于:存储敏感数据,所述敏感数据已使用密钥被加密;The memory is configured to: store sensitive data, where the sensitive data has been encrypted using a key;
    所述处理器,用于:自动对操作所述终端的当前用户进行身份认证;The processor is configured to: automatically perform identity authentication on a current user that operates the terminal;
    所述输出设备,用于:若所述身份认证的结果为所述当前用户为非法用户,则显示第一界面,所述第一界面不包含所述敏感数据或运行时需要访问所述敏感数据的敏感应用;若所述身份认证的结果为所述当前用户为合法用户,则显示第二界面,所述第二界面包含所述敏感数据或运行时需要访问所述敏感数据的敏感应用。The output device is configured to: if the result of the identity authentication is that the current user is an illegal user, display a first interface, where the first interface does not include the sensitive data or needs to access the sensitive data when running If the result of the identity authentication is that the current user is a legitimate user, the second interface is displayed, and the second interface includes the sensitive data or a sensitive application that needs to access the sensitive data at runtime.
  26. 一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,其特征在于,当所述指令在终端上运行时,使得所述终端执行如权利要求1-13或14中任一项所述的数据访问方法。A computer readable storage medium having stored therein instructions, wherein when the instructions are run on a terminal, causing the terminal to perform any of claims 1-13 or 14 The data access method described in the item.
  27. 一种包含指令的计算机程序产品,其特征在于,当所述计算机程序产品在终端上运行时,使得所述终端执行如权利要求1-13或14中任一项所述的数据访问方法。A computer program product comprising instructions, wherein the computer program product, when run on a terminal, causes the terminal to perform the data access method of any one of claims 1-13 or 14.
PCT/CN2017/120131 2017-12-29 2017-12-29 Data access method and device WO2019127467A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/120131 WO2019127467A1 (en) 2017-12-29 2017-12-29 Data access method and device
CN201780090948.2A CN110651270B (en) 2017-12-29 2017-12-29 Data access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/120131 WO2019127467A1 (en) 2017-12-29 2017-12-29 Data access method and device

Publications (1)

Publication Number Publication Date
WO2019127467A1 true WO2019127467A1 (en) 2019-07-04

Family

ID=67062908

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/120131 WO2019127467A1 (en) 2017-12-29 2017-12-29 Data access method and device

Country Status (2)

Country Link
CN (1) CN110651270B (en)
WO (1) WO2019127467A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113434848A (en) * 2021-07-06 2021-09-24 李瑞强 Data acquisition method and device, storage medium and electronic equipment
CN114117460A (en) * 2020-09-01 2022-03-01 鸿富锦精密电子(天津)有限公司 Data protection method and device, electronic equipment and storage medium
CN117688540A (en) * 2024-02-01 2024-03-12 杭州美创科技股份有限公司 Interface sensitive data leakage detection defense method and device and computer equipment
CN117725628A (en) * 2023-11-02 2024-03-19 北京中金国信科技有限公司 Sensitive data leakage prevention method, system, server cipher machine and storage medium

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625815B (en) * 2020-05-26 2023-09-26 牛津(海南)区块链研究院有限公司 Data transaction method and device based on trusted execution environment
US20230401300A1 (en) * 2020-09-09 2023-12-14 Huawei Technologies Co., Ltd. Data transmission method and electronic device
CN112486500B (en) * 2020-11-03 2022-10-21 杭州云嘉云计算有限公司 System authorization deployment method
CN112749408B (en) * 2020-12-29 2024-08-20 拉卡拉支付股份有限公司 Data acquisition method, device, electronic equipment, storage medium and program product
CN113934697B (en) * 2021-10-21 2022-04-08 中孚安全技术有限公司 Method and system for improving IO performance based on kernel file filtering driver
CN114489486B (en) * 2021-12-28 2023-07-14 无锡宇宁智能科技有限公司 Industry data long storage method, equipment and storage medium
CN114398653B (en) * 2022-01-13 2022-11-08 百度在线网络技术(北京)有限公司 Data processing method, device, electronic equipment and medium
CN115688071B (en) * 2022-12-29 2023-03-17 深圳市光速时代科技有限公司 Processing method and system for preventing smart watch information from being tampered

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034060A (en) * 2010-12-23 2011-04-27 东莞宇龙通信科技有限公司 Method and system for controlling operation access, and mobile terminal
CN103294941A (en) * 2012-02-22 2013-09-11 腾讯科技(深圳)有限公司 Method for accessing private space and mobile device
CN103927466A (en) * 2014-04-01 2014-07-16 可牛网络技术(北京)有限公司 Method and device for controlling mobile terminal
CN105447357A (en) * 2015-12-03 2016-03-30 上海卓易科技股份有限公司 Application processing method and terminal
CN106295423A (en) * 2015-06-29 2017-01-04 阿里巴巴集团控股有限公司 A kind of method for exhibiting data and client
CN106446634A (en) * 2016-09-26 2017-02-22 维沃移动通信有限公司 Method for privacy protection of mobile terminal and mobile terminal
CN106485121A (en) * 2016-09-29 2017-03-08 宇龙计算机通信科技(深圳)有限公司 A kind of method and device of application management

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159556B (en) * 2007-11-09 2011-01-26 清华大学 Group key server based key management method in sharing encryption file system
CA3092603C (en) * 2012-06-18 2023-01-24 Ologn Technologies Ag Secure password management systems, methods and apparatuses
CN104680053B (en) * 2013-12-03 2018-05-11 湖北海洋文化传播有限公司 To current authentication terminal holder's identity authentication method and device
TWI599903B (en) * 2014-12-31 2017-09-21 鴻海精密工業股份有限公司 Encryption and decryption system and encryption and decryption method of electronic device
US9891969B2 (en) * 2015-02-27 2018-02-13 Samsung Electronics Co., Ltd. Method and apparatus for device state based encryption key
US9900294B2 (en) * 2016-04-11 2018-02-20 Oracle International Corporation Key-based access in batch mode
CN107392001B (en) * 2016-09-09 2020-03-24 天地融科技股份有限公司 Authorization method, system and card

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034060A (en) * 2010-12-23 2011-04-27 东莞宇龙通信科技有限公司 Method and system for controlling operation access, and mobile terminal
CN103294941A (en) * 2012-02-22 2013-09-11 腾讯科技(深圳)有限公司 Method for accessing private space and mobile device
CN103927466A (en) * 2014-04-01 2014-07-16 可牛网络技术(北京)有限公司 Method and device for controlling mobile terminal
CN106295423A (en) * 2015-06-29 2017-01-04 阿里巴巴集团控股有限公司 A kind of method for exhibiting data and client
CN105447357A (en) * 2015-12-03 2016-03-30 上海卓易科技股份有限公司 Application processing method and terminal
CN106446634A (en) * 2016-09-26 2017-02-22 维沃移动通信有限公司 Method for privacy protection of mobile terminal and mobile terminal
CN106485121A (en) * 2016-09-29 2017-03-08 宇龙计算机通信科技(深圳)有限公司 A kind of method and device of application management

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114117460A (en) * 2020-09-01 2022-03-01 鸿富锦精密电子(天津)有限公司 Data protection method and device, electronic equipment and storage medium
CN113434848A (en) * 2021-07-06 2021-09-24 李瑞强 Data acquisition method and device, storage medium and electronic equipment
CN117725628A (en) * 2023-11-02 2024-03-19 北京中金国信科技有限公司 Sensitive data leakage prevention method, system, server cipher machine and storage medium
CN117688540A (en) * 2024-02-01 2024-03-12 杭州美创科技股份有限公司 Interface sensitive data leakage detection defense method and device and computer equipment
CN117688540B (en) * 2024-02-01 2024-04-19 杭州美创科技股份有限公司 Interface sensitive data leakage detection defense method and device and computer equipment

Also Published As

Publication number Publication date
CN110651270B (en) 2023-11-10
CN110651270A (en) 2020-01-03

Similar Documents

Publication Publication Date Title
WO2019127467A1 (en) Data access method and device
US12001857B2 (en) Device locator disable authentication
US10375116B2 (en) System and method to provide server control for access to mobile client data
US11212283B2 (en) Method for authentication and authorization and authentication server using the same for providing user management mechanism required by multiple applications
US8868921B2 (en) Methods and systems for authenticating users over networks
CN112513857A (en) Personalized cryptographic security access control in a trusted execution environment
US8990906B2 (en) Methods and systems for replacing shared secrets over networks
CN113141610B (en) Device theft protection by associating a device identifier with a user identifier
US11457017B2 (en) System and method of determing persistent presence of an authorized user while performing an allowed operation on an allowed resource of the system under a certain context-sensitive restriction
CN108335105B (en) Data processing method and related equipment
US11475123B2 (en) Temporary removal of software programs to secure mobile device
US10652249B2 (en) Remote locking a multi-user device to a set of users
CN115544586B (en) Secure storage method for user data, electronic device and storage medium
CN118606966A (en) Identity authentication method, device, equipment and storage medium
CN113961887A (en) System permission unlocking method and device, electronic equipment and storage medium
CN116032504A (en) Data decryption method, device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17935862

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17935862

Country of ref document: EP

Kind code of ref document: A1