WO2022166502A1 - 数据保护方法、系统、介质及电子设备 - Google Patents
数据保护方法、系统、介质及电子设备 Download PDFInfo
- Publication number
- WO2022166502A1 WO2022166502A1 PCT/CN2021/143962 CN2021143962W WO2022166502A1 WO 2022166502 A1 WO2022166502 A1 WO 2022166502A1 CN 2021143962 W CN2021143962 W CN 2021143962W WO 2022166502 A1 WO2022166502 A1 WO 2022166502A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- electronic device
- data
- maintenance mode
- maintenance
- detection
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000012423 maintenance Methods 0.000 claims abstract description 322
- 238000004891 communication Methods 0.000 claims abstract description 52
- 238000001514 detection method Methods 0.000 claims description 98
- 238000007689 inspection Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 230000001960 triggered effect Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 33
- 238000007726 management method Methods 0.000 description 22
- 238000010586 diagram Methods 0.000 description 20
- 238000012545 processing Methods 0.000 description 16
- 238000010295 mobile communication Methods 0.000 description 11
- 230000005236 sound signal Effects 0.000 description 10
- 238000012360 testing method Methods 0.000 description 9
- 238000013475 authorization Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 230000006855 networking Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000008439 repair process Effects 0.000 description 5
- 229920001621 AMOLED Polymers 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000002096 quantum dot Substances 0.000 description 2
- 230000005855 radiation Effects 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000003416 augmentation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 210000000988 bone and bone Anatomy 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Definitions
- the present application relates to the technical field of device management, and in particular, to a data protection method, system, medium and electronic device.
- the embodiments of the present application provide a data protection method for protecting data of an electronic device.
- an embodiment of the present application provides a data protection method, which is applied to a first electronic device.
- the method includes: establishing a communication connection between the first electronic device and a second electronic device, wherein the first electronic device is A trusted device of the second electronic device; detecting a first trigger condition, the first electronic device sends first data to the second electronic device, wherein the first data is used to trigger the second electronic device
- the electronic device enters service mode.
- the electronic equipment entering the maintenance mode can protect its data, and prevent the electronic equipment data from being viewed, exported or externally transmitted.
- the first electronic device when a first trigger condition is detected, sends the first data to the second electronic device to trigger the second electronic device to enter the maintenance mode, so as to trigger the first electronic device to trigger the second electronic device.
- the second electronic device enters the maintenance mode to protect the data of the first electronic device and the second electronic device, and prevent the data of the first electronic device and the second electronic device from being viewed, exported or externally transmitted.
- the first trigger condition includes: the first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode.
- the first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode, that is, the first electronic device is in a non-safe environment, and the first electronic device and the The data of the second electronic device can be easily viewed, exported or externally transmitted. For this reason, it is necessary to protect the data of the first electronic device and the second electronic device when the first electronic device networked with the second electronic device is in a non-secure environment.
- the second electronic device is triggered to enter the maintenance mode by the first electronic device, so as to protect the data of the second electronic device and prevent the second electronic device from being in an unsafe environment.
- the first trigger condition further includes that the first electronic device requests the second electronic device to provide detection authority.
- the first electronic device requests the second electronic device to provide detection authority, that is, the second electronic device will be in a non-secure environment.
- the data of the second electronic device can be easily viewed, exported or externally transmitted. It is necessary to trigger the second electronic device to enter the maintenance mode through the first electronic device, so as to protect the data of the second electronic device and prevent the second electronic device from being in an unsafe environment.
- the first trigger condition includes: the first electronic device receives an instruction input by a user to instruct the second electronic device to enter a maintenance mode.
- the user can trigger the second electronic device to enter the maintenance mode through the first electronic device based on personal needs, and realize the protection of the data of the electronic device based on the user's needs.
- entering the maintenance mode of the first electronic device includes: encrypting private data.
- entering the maintenance mode of the first electronic device includes: providing a detection authority to implement maintenance detection of the first electronic device.
- entering the maintenance mode of the first electronic device includes: providing a maintenance detection space; and opening an access authority of the maintenance detection space to a trusted device of the first electronic device.
- an embodiment of the present application provides a data protection method, which is applied to a second electronic device.
- the method includes: establishing a communication connection between the second electronic device and the first electronic device, wherein the second electronic device is A trusted device of the first electronic device; receiving first data sent by the first electronic device; entering a maintenance mode according to the first data.
- the second electronic device enters the maintenance mode according to the first data sent by the first electronic device to protect the data of the second electronic device.
- the first data includes one of the following information: the first electronic device is in a maintenance detection state, the first electronic device is in a maintenance mode, and the first electronic device enters a maintenance mode.
- the first data further includes information for requesting the second electronic device to provide detection authority.
- the first data includes information input by a user to instruct the second electronic device to enter a maintenance mode.
- the entering into the maintenance mode according to the first data includes: encrypting private data.
- the entering into the maintenance mode according to the first data further includes: providing a detection authority to implement maintenance detection on the second electronic device.
- the entering into the maintenance mode according to the first data further includes: providing a maintenance detection space; and opening the access authority of the maintenance detection space to a trusted device of the second electronic device.
- an embodiment of the present application provides a data protection system, including at least a first electronic device and a second electronic device; the first electronic device establishes a communication connection with the second electronic device, wherein the first electronic device The second electronic device is a trusted device of the first electronic device; the first electronic device sends first data to the second electronic device under a first trigger condition; the second electronic device receives the first data data; the second electronic device enters a maintenance mode according to the first data.
- an embodiment of the present application provides a data protection system, including a cloud server and at least one electronic device; the cloud server establishes a communication connection with the at least one electronic device, wherein the cloud server is the at least one electronic device.
- a trusted device of an electronic device when a first trigger condition is detected, the electronic device sends first data to the cloud server; the cloud server receives the first data; the cloud server receives the first data according to the first data Enter service mode.
- a computer-readable storage medium stores computer program code, and when the computer program code is executed by a computing device, the computing device executes the above-mentioned method.
- an electronic device in a fifth aspect, includes a processor and a memory, the memory is used to store a set of computer instructions, when the processor executes the set of computer instructions, the computing device Perform the method described above.
- the first electronic device is used to trigger the second electronic device to enter the maintenance mode, the data of the first electronic device and the second electronic device are protected, and the first electronic device or the second electronic device is prevented from being in an unsafe environment Then, the data of the first electronic device and the second electronic device are viewed, exported or externally transmitted, and the data of the first electronic device and the second electronic device are protected.
- FIG. 1 is a simplified schematic diagram of a system architecture provided by an embodiment of the present application.
- FIG. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
- FIG. 3 is a block diagram of a software structure of an electronic device in an embodiment of the present application.
- FIG. 4 is a schematic flowchart of a data protection method provided by an embodiment of the present application.
- FIG. 5a is a schematic diagram of a main interface before maintenance provided by an embodiment of the present application.
- FIG. 5b is a schematic diagram of a service application interface provided by an embodiment of the present application.
- FIG. 6a is a schematic diagram of a main interface after maintenance provided by an embodiment of the present application.
- FIG. 6b is a schematic diagram of a pre-maintenance memorandum interface provided by an embodiment of the present application.
- FIG. 6c is a schematic diagram of a post-maintenance memo interface provided by an embodiment of the present application.
- FIG. 7a is a schematic diagram of a common application accessing data in a maintenance mode according to an embodiment of the present application.
- FIG. 7b is a schematic diagram of accessing data by a maintenance mode application in a maintenance mode according to an embodiment of the present application.
- FIG. 8 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- FIG. 9 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- FIG. 10 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- FIG. 11 is a schematic diagram of a data protection scenario provided by an embodiment of the present application.
- FIG. 12 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- FIG. 13 is a schematic diagram of another data protection scenario provided by an embodiment of the present application.
- FIG. 14 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- FIG. 15 is a schematic diagram of another data protection scenario provided by an embodiment of the present application.
- FIG. 16 is a schematic diagram of a permission setting interface provided by an embodiment of the present application.
- FIG. 17 is a schematic diagram of another permission setting interface provided by an embodiment of the present application.
- FIG. 18 is a schematic diagram of another permission setting interface provided by an embodiment of the present application.
- FIG. 1 is a simplified schematic diagram of a system architecture provided by an embodiment of the present application.
- the system architecture may include a first electronic device 10 , a second electronic device 20 and a cloud server 30 .
- the first electronic device 10, the second electronic device 20 and the cloud server 30 are connected to the same network 40, where the network 40 may include a wide area network, a metropolitan area network, and a local area network.
- the first electronic device 10 and the second electronic device 20 are connected to the same local area network, specifically, the first electronic device 10 and the second electronic device 20 establish a wireless connection with the same wireless access point.
- the first electronic device 10 and the second electronic device 20 are connected to the same wireless fidelity (Wireless Fidelity, WI-FI) hotspot.
- the first electronic device 10 and the second electronic device 20 can also be connected through the Bluetooth protocol. under the same bluetooth beacon.
- the first electronic device 10 and the second electronic device 20 establish a wired connection.
- the first electronic device 10 is connected to the second electronic device 20 through a wired connection medium such as optical fiber or copper wire.
- the first electronic device 10 supports a data access protocol and can provide data as a server.
- the first electronic device 10 may be a mobile phone, a tablet computer, etc., the specific structure of which is shown in FIG. 2 and will be described in detail in the following embodiments.
- the second electronic device 20 also supports the above-mentioned data access protocol, and can access the data in the first electronic device 10 as a client.
- the second electronic device 20 may specifically be a mobile phone or a computer, and the above-mentioned computer may be a desktop computer or a notebook computer, such as a Mac notebook computer from Apple, a Windows notebook computer from companies such as Huawei, and the like.
- the first electronic device 10 and the second electronic device 20 may be connected to the cloud server 30 through the network 40, and the connection manner of the network 40 between the electronic devices and the cloud server 30 may include wired or wireless connection.
- Cloud servers are used to store data uploaded by other electronic devices.
- the first electronic device 10 or the second electronic device 20 can store its data including applications, program parameters, files, etc. on the cloud server 30 , and the first electronic device 10 or the second electronic device 20 can also download and store from the cloud server 30 Data on cloud server 30.
- the cloud server 30 may include Huawei Cloud, Amazon, Facebook Cloud, Tencent Cloud, Baidu Cloud, and the like.
- the above system architecture includes at least two electronic devices, and the first electronic device 10 and the second electronic device 20 communicate with each other. Or in some cases, the above-mentioned system architecture only includes electronic devices and cloud server 30, wherein the number of electronic devices is not less than one.
- the first electronic device 10 or the second electronic device 20 may be a portable electronic device that also includes other functions such as a personal digital assistant and/or a music player function, such as a wearable device with a wireless communication function (such as smart watches), etc.
- the portable electronic device described above may also be other portable electronic devices, such as a laptop computer (Laptop) or the like with a touch-sensitive surface (eg, a touch panel).
- the above-mentioned first electronic device 10 may not be a portable electronic device, but a desktop computer, a digital camera, a speaker, a smart screen, a car machine, or the like.
- FIG. 2 taking the electronic device as a mobile phone as an example.
- the mobile phone shown in FIG. 2 is only an example and does not constitute a limitation on the mobile phone.
- the mobile phone may have more or fewer parts.
- FIG. 2 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
- the electronic device may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2.
- Mobile communication module 150 wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone jack 170D, sensor module 180, camera 193, display screen 194, etc.
- the structures illustrated in the embodiments of the present invention do not constitute a specific limitation on the electronic device.
- the electronic device may include more or less components than shown, or some components may be combined, or some components may be split, or different component arrangements.
- the illustrated components may be implemented in hardware, software, or a combination of software and hardware.
- the processor 110 may include one or more processing units, for example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (neural-network processing unit, NPU), etc. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.
- application processor application processor, AP
- modem processor graphics processor
- ISP image signal processor
- controller video codec
- digital signal processor digital signal processor
- baseband processor baseband processor
- neural-network processing unit neural-network processing unit
- a memory may also be provided in the processor 110 for storing instructions and data.
- the memory in processor 110 is cache memory. This memory may hold instructions or data that have just been used or recycled by the processor 110 . If the processor 110 needs to use the instruction or data again, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby increasing the efficiency of the system.
- the processor 110 may include one or more interfaces.
- the interface may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous transceiver (universal asynchronous transmitter) receiver/transmitter, UART) interface, mobile industry processor interface (MIPI), general-purpose input/output (GPIO) interface, subscriber identity module (SIM) interface, and / or universal serial bus (universal serial bus, USB) interface, etc.
- I2C integrated circuit
- I2S integrated circuit built-in audio
- PCM pulse code modulation
- PCM pulse code modulation
- UART universal asynchronous transceiver
- MIPI mobile industry processor interface
- GPIO general-purpose input/output
- SIM subscriber identity module
- USB universal serial bus
- the charging management module 140 is used to receive charging input from the charger.
- the charger may be a wireless charger or a wired charger.
- the charging management module 140 may receive charging input from the wired charger through the USB interface 130 .
- the charging management module 140 may receive wireless charging input through a wireless charging coil of the electronic device. While the charging management module 140 charges the battery 142 , it can also supply power to the electronic device through the power management module 141 .
- the power management module 141 is used for connecting the battery 142 , the charging management module 140 and the processor 110 .
- the power management module 141 receives input from the battery 142 and/or the charging management module 140, and supplies power to the processor 110, the internal memory 121, the display screen 194, the camera 193, and the wireless communication module 160.
- the power management module 141 can also be used to monitor parameters such as battery capacity, battery cycle times, battery health status (leakage, impedance).
- the power management module 141 may also be provided in the processor 110 .
- the power management module 141 and the charging management module 140 may also be provided in the same device.
- the wireless communication function of the electronic device can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modulation and demodulation processor, the baseband processor, and the like.
- Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals.
- Each antenna in an electronic device can be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization.
- the antenna 1 can be multiplexed into a diversity antenna of the wireless local area network.
- the antenna may be used in conjunction with a tuning switch.
- the mobile communication module 150 can provide a wireless communication solution including 2G/3G/4G/5G etc. applied on the electronic device.
- the mobile communication module 150 may include one or more filters, switches, power amplifiers, low noise amplifiers (LNAs), and the like.
- the mobile communication module 150 can receive electromagnetic waves from the antenna 1, filter and amplify the received electromagnetic waves, and transmit them to the modulation and demodulation processor for demodulation.
- the mobile communication module 150 can also amplify the signal modulated by the modulation and demodulation processor, and then turn it into an electromagnetic wave for radiation through the antenna 1 .
- at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110.
- at least part of the functional modules of the mobile communication module 150 may be provided in the same device as at least part of the modules of the processor 110 .
- the modem processor may include a modulator and a demodulator.
- the modulator is used to modulate the low frequency baseband signal to be sent into a medium and high frequency signal.
- the demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. Then the demodulator transmits the demodulated low-frequency baseband signal to the baseband processor for processing.
- the low frequency baseband signal is processed by the baseband processor and passed to the application processor.
- the application processor outputs sound signals through audio devices (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or videos through the display screen 194 .
- the modem processor may be a stand-alone device.
- the modem processor may be independent of the processor 110, and may be provided in the same device as the mobile communication module 150 or other functional modules.
- the wireless communication module 160 can provide applications on electronic devices including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), Bluetooth (BT), global navigation satellite systems ( global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions.
- WLAN wireless local area networks
- BT Bluetooth
- GNSS global navigation satellite systems
- frequency modulation frequency modulation, FM
- NFC near field communication technology
- infrared technology infrared, IR
- the wireless communication module 160 may be one or more devices integrating one or more communication processing modules.
- the wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 .
- the wireless communication module 160 can also receive the signal to be sent from the processor 110 , perform frequency modulation on it, amplify it, and convert it into electromagnetic waves for radiation through the antenna
- the antenna 1 of the electronic device is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the electronic device can communicate with the network and other devices through wireless communication technology.
- the wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC , FM, and/or IR technology, etc.
- the GNSS may include global positioning system (global positioning system, GPS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou navigation satellite system (beidou navigation satellite system, BDS), quasi-zenith satellite system (quasi satellite system) -zenith satellite system, QZSS) and/or satellite based augmentation systems (SBAS).
- global positioning system global positioning system, GPS
- global navigation satellite system global navigation satellite system, GLONASS
- Beidou navigation satellite system beidou navigation satellite system, BDS
- quasi-zenith satellite system quadsi satellite system
- QZSS quasi-zenith satellite system
- SBAS satellite based augmentation systems
- the electronic device realizes the display function through the GPU, the display screen 194, and the application processor.
- the GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor.
- the GPU is used to perform mathematical and geometric calculations for graphics rendering.
- Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.
- Display screen 194 is used to display images, videos, and the like.
- Display screen 194 includes a display panel.
- the display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode or an active-matrix organic light-emitting diode (active-matrix organic light).
- LED diode AMOLED
- flexible light-emitting diode flexible light-emitting diode (flex light-emitting diode, FLED), Miniled, MicroLed, Micro-oLed, quantum dot light-emitting diode (quantum dot light emitting diodes, QLED) and so on.
- the electronic device may include 1 or N display screens 194 , where N is a positive integer greater than 1.
- the electronic device can realize the shooting function through the ISP, the camera 193, the video codec, the GPU, the display screen 194 and the application processor.
- the ISP is used to process the data fed back by the camera 193 .
- the shutter is opened, the light is transmitted to the camera photosensitive element through the lens, the light signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye.
- ISP can also perform algorithm optimization on image noise, brightness, and skin tone.
- ISP can also optimize the exposure, color temperature and other parameters of the shooting scene.
- the ISP may be provided in the camera 193 .
- Camera 193 is used to capture still images or video.
- the object is projected through the lens to generate an optical image onto the photosensitive element.
- the photosensitive element may be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor.
- CMOS complementary metal-oxide-semiconductor
- the photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal.
- the ISP outputs the digital image signal to the DSP for processing.
- DSP converts digital image signals into standard RGB, YUV and other formats of image signals.
- the electronic device may include 1 or N cameras 193 , where N is a positive integer greater than 1.
- a digital signal processor is used to process digital signals, in addition to processing digital image signals, it can also process other digital signals. For example, when the electronic device selects the frequency point, the digital signal processor is used to perform Fourier transform on the frequency point energy, etc.
- Video codecs are used to compress or decompress digital video.
- An electronic device may support one or more video codecs.
- the electronic device can play or record videos in various encoding formats, such as: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4 and so on.
- MPEG moving picture experts group
- MPEG2 moving picture experts group
- MPEG3 MPEG4
- MPEG4 moving picture experts group
- the external memory interface 120 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device.
- the external memory card communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example to save files like music, video etc in external memory card.
- Internal memory 121 may be used to store one or more computer programs including instructions.
- the processor 110 may execute the above-mentioned instructions stored in the internal memory 121, thereby causing the electronic device to execute the screen projection display method provided in some embodiments of the present application, as well as various functional applications and data processing.
- the internal memory 121 may include a storage program area and a storage data area.
- the stored program area may store the operating system; the stored program area may also store one or more application programs (such as gallery, contacts, etc.) and the like.
- the storage data area can store data (such as photos, contacts, etc.) created during the use of the electronic device.
- the internal memory 121 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, universal flash storage (UFS), and the like.
- the processor 110 executes the instructions stored in the internal memory 121 and/or the instructions stored in the memory provided in the processor, so that the electronic device performs the screen projection provided in the embodiments of the present application methods, as well as various functional applications and data processing.
- the electronic device can implement audio functions through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone jack 170D, and the application processor. Such as music playback, recording, etc.
- the audio module 170 is used for converting digital audio information into analog audio signal output, and also for converting analog audio input into digital audio signal. Audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be provided in the processor 110 , or some functional modules of the audio module 170 may be provided in the processor 110 .
- Speaker 170A also referred to as a "speaker" is used to convert audio electrical signals into sound signals. The electronic device can listen to music through speaker 170A, or listen to hands-free calls.
- the receiver 170B also referred to as "earpiece” is used to convert audio electrical signals into sound signals.
- the voice can be received by placing the receiver 170B close to the human ear.
- Microphone 170C also known as “microphone” and “microphone” is used to convert sound signals into electrical signals.
- the user can make a sound through the human mouth close to the microphone 170C, and input the sound signal into the microphone 170C.
- the electronic device may be provided with one or more microphones 170C. In other embodiments, the electronic device may be provided with two microphones 170C, which can implement a noise reduction function in addition to collecting sound signals.
- the electronic device may further be provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions.
- the earphone jack 170D is used to connect wired earphones.
- the earphone interface 170D may be the USB interface 130, or may be a 3.5mm open mobile terminal platform (OMTP) standard interface, a cellular telecommunications industry association of the USA (CTIA) standard interface.
- OMTP open mobile terminal platform
- CTIA cellular telecommunications industry association of the USA
- the sensor module 180 may include a pressure sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a distance sensor, a proximity light sensor, a fingerprint sensor, a temperature sensor, a touch sensor, an ambient light sensor, a bone conduction sensor, and the like.
- the touch sensor can be arranged on the display screen, and the touch screen is composed of the touch sensor and the display screen, also called "touch screen”.
- the above electronic device may also include one or more components such as a button, a motor, an indicator, and a SIM card interface, which are not limited in this embodiment of the present application.
- the software system of the electronic device may adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture.
- the embodiments of the present application take an Android system with a layered architecture as an example to exemplarily describe the software structure of an electronic device.
- FIG. 3 is a block diagram of a software structure of an electronic device in an embodiment of the present application.
- the layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate with each other through software interfaces.
- the Android system is divided into four layers, which are, from top to bottom, an application layer, an application framework layer, an Android runtime (Android runtime) and a system library, and a kernel layer.
- the application layer can include a series of application packages.
- the application package may include applications such as camera, gallery, calendar, call, map, navigation, WLAN, Bluetooth, music, video, short message, and services.
- the application layer is mainly responsible for the presentation of the Settings UI, and the above-mentioned Settings UI can be used for the user to set the data data protection function of the electronic device. For example, users can turn on or off the data protection function in the Settings UI.
- the application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer.
- the application framework layer includes some predefined functions.
- the application framework layer may include window managers, content providers, view systems, telephony managers, resource managers, notification managers, and the like.
- a window manager is used to manage window programs.
- the window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, take screenshots, etc.
- Content providers are used to store and retrieve data and make these data accessible to applications.
- the data may include video, images, audio, calls made and received, browsing history and bookmarks, phone book, etc.
- the view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. View systems can be used to build applications.
- the display interface may include one or more views.
- the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.
- the phone manager is used to provide the communication function of the electronic device. For example, the management of call status (including connecting, hanging up, etc.).
- the resource manager provides various resources for the application, such as localization strings, icons, pictures, layout files, video files and so on.
- the notification manager enables applications to display notification information in the status bar, which can be used to convey notification-type messages, and can disappear automatically after a brief pause without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc.
- the notification manager can also display notifications in the status bar at the top of the system in the form of graphs or scroll bar text, such as notifications of applications running in the background, and notifications on the screen in the form of dialog windows. For example, text information is prompted in the status bar, a prompt sound is issued, the electronic device vibrates, and the indicator light flashes.
- the data protection function can be implemented as a function of the electronic device, or can be implemented as a sub-function of the original data protection in the electronic device, for example, the data protection function can be implemented as a sub-function of the service application function of Huawei mobile phones , or as a function of the maintenance mode function of Huawei mobile phones.
- Android Runtime includes core libraries and a virtual machine. Android runtime is responsible for scheduling and management of the Android system.
- the core library consists of two parts: one is the function functions that the java language needs to call, and the other is the core library of Android.
- the application layer and the application framework layer run in virtual machines.
- the virtual machine executes the java files of the application layer and the application framework layer as binary files.
- the virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, safety and exception management, and garbage collection.
- a system library can include multiple functional modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc.
- the Surface Manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
- the media library supports playback and recording of a variety of commonly used audio and video formats, as well as still image files.
- the media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
- the 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing.
- 2D graphics engine is a drawing engine for 2D drawing.
- the kernel layer is the layer between hardware and software.
- the kernel layer contains at least display drivers, camera drivers, audio drivers, and sensor drivers.
- the corresponding hardware interrupt is sent to the kernel layer.
- the kernel layer processes touch operations into raw input events (including touch coordinates, timestamps of touch operations, etc.). Raw input events are stored at the kernel layer.
- the application framework layer obtains the original input event from the kernel layer, and identifies the control corresponding to the input event. Taking the touch operation as a touch click operation and the control corresponding to the click operation being the control of the service application icon, the service application invokes the interface of the application framework layer, starts the service application, and provides the user with a data protection function.
- FIG. 3 is only a schematic example; the software structure of the electronic device provided by the embodiments of the present application may also adopt other software architectures, such as The software architecture of Linux or other operating systems.
- this application proposes a data protection method for protecting the private data of an electronic device.
- Other personnel can operate the electronic device and use the original functions of the electronic device, but the private data in the electronic device is safely isolated. Others cannot access the user's private data in the electronic device.
- FIG. 4 is a schematic flowchart of a data protection method provided by an embodiment of the present application.
- the method can be applied to an electronic device or a cloud server, and the method includes:
- Step S40 Receive first data for indicating entering the maintenance mode.
- the electronic device or the cloud server may receive first data from other electronic devices, where the first data is used to trigger the electronic device or cloud server that has received the first data to enter the maintenance mode. If the first electronic device receives the first data from the second electronic device when the first electronic device is communicatively connected to the second electronic device, the first electronic device enters the maintenance mode according to the received first data.
- the cloud server When the cloud server is in communication connection with the first electronic device, the cloud server receives the first data sent from the first electronic device, and the cloud server enters the maintenance mode according to the received first data. That is, the electronic device or the cloud server may receive the first data sent from other electronic devices in the network, where the other electronic devices in the network may include the electronic device and the cloud server.
- the electronic device or the cloud server can also directly receive the first data input from the user, such as the first data input through the UI interface, then the electronic device or the cloud server enters the maintenance mode according to the received first data , which is not specifically limited in this application.
- the electronic device is a mobile phone, and the mobile phone receives the first data input from the user.
- the main interface of the mobile phone is the first main interface 12 , as shown in FIG.
- the status bar 11 may include the operator's name (for example, China Mobile), time, signal strength, and current remaining power.
- the first main interface 12 includes applications, and these applications include embedded applications and downloadable applications.
- the first main interface 12 includes a calendar icon 501, a clock icon 502, a service icon 503, a mailbox icon 504, chat software icon 505, memo icon 506, and so on.
- the Dock bar 13 includes commonly used applications, such as a phone icon 507 , an information icon 508 and a camera icon 509 .
- the service application presents the service application interface, as shown in FIG. 5b, including the status bar 11 and the service application interface 14.
- the status bar 11 is similar to FIG. 5a, and here No longer.
- the service application interface 14 includes corresponding service function icons, such as a door-to-door service icon 513 , an eco-friendly recycling icon 523 and a maintenance mode icon 533 .
- the first data includes information used to instruct a certain electronic device to enter a maintenance mode.
- Step S41 Enter the maintenance mode according to the first data, and encrypt the private data.
- Privacy data is determined, and then a secure encryption algorithm is used to encrypt the determined privacy data, so as to realize all-round isolation of the privacy data.
- Private data can be related to user personal privacy, such as user personal information, or user sensitive data. Private data can be understood as the data recorded by the user's operations on a new electronic device.
- the privacy data includes but is not limited to applications downloaded by users or data generated by users using applications, such as third-party software downloaded by users, or data entered by users on third-party software, or data generated by users on embedded applications Input data, or data received by users through third-party software, or data received by users through embedded applications, etc.
- the privacy data includes application programs downloaded by the user, such as payment software, social software, and photography and beautification software
- the privacy data includes data generated by the user using third-party applications, such as chat records on social software, Take pictures or videos taken by users on the beautification software.
- the privacy data includes the data generated by the user using the embedded application, such as pictures or videos on the local photo album of the mobile phone, mail data on the mail, data recorded on the memo, contact information recorded on the address book and records on the recording. voice, etc.
- the algorithms for encrypting the determined privacy data include but are not limited to AES256, RSA1024, etc., which are not specifically limited in the present application.
- Step S42 Save the privacy data and initialize the interface to factory settings.
- the electronic device when the electronic device enters the maintenance mode, the electronic device can encrypt the private data and save it in a preset storage space, or save the private data in a preset storage space.
- the preset storage space in the electronic device cannot be accessed, and the interface of the electronic device is "initialized" to the factory settings, that is, the relevant privacy data is hidden and cannot be accessed through the interface of the electronic device. Enter the preset storage space, and then cannot obtain private data through application access. That is, after the interface of the electronic device is initialized, the private data is hidden from display, the downloaded application is hidden and cannot be accessed, and the data recorded on the embedded application is also hidden from display.
- the preset storage space in the electronic device will be released, the private data saved in the preset storage space can be restored, and the interface of the electronic device is also restored to the electronic device entering the maintenance mode. Before, users could obtain private data through the application.
- the first main interface 12 before the mobile phone enters the maintenance mode is shown in Fig. 5a.
- the main interface of the mobile phone is the second main interface 15, and the second main interface 15 is shown in FIG. 6a.
- the original mailbox icon 504 and chat software icon 505 on the first main interface 12 are not displayed on the second main interface 15, the mailbox and chat software applications are hidden, and the user cannot find the downloaded application software by operating the mobile phone .
- the first main interface 12 is originally set with a wallpaper, and after entering the maintenance mode, the wallpaper on the second main interface 15 is initialized to the wallpaper of the mobile phone when it leaves the factory.
- the data that the user operates on the embedded application will also be hidden.
- Some note information recorded by the user on the memo as shown in FIG. 6a, the user clicks the memo icon 506 on the second main interface 15 to enter the memo application.
- the mobile phone does not enter the maintenance mode.
- the application interface of the memo on the mobile phone is the memo first application interface 16 , and corresponding note information is displayed in the memo first application interface 16 .
- the application interface of the memo is the second memo application interface 17 , and the note information will also be hidden in the second memo application interface 17 .
- the user saves picture or video information in the gallery, and after the mobile phone enters the maintenance mode, the data originally saved to the gallery by the user is hidden, and the picture or video cannot be viewed.
- Step S43 Provide inspection authority to implement maintenance inspection of the electronic device.
- a detection authority may also be provided for the detection device, so that the detection device can detect the electronic device and realize maintenance and detection of the electronic device.
- Detection permissions include but are not limited to device detection interface permissions, device node access permissions, and log storage area access permissions.
- the interface of the electronic device can be tested by providing the permission to detect the interface, so as to detect the interaction points between other external systems and the electronic device system and between various subsystems inside the electronic device system.
- the device node access authority can be provided to access the device in the electronic device, the device represented by the device node can be determined through the device node, and the device can be detected.
- Providing access rights to the log storage area can provide access rights to the public log area of the electronic device to obtain relevant log information.
- a corresponding application in the maintenance mode may be that the data protection function of the present application is implemented as a sub-function of the service application function in FIG. 5a, such as "maintenance mode". It is also possible to implement the data protection function of the present application as an application, for example, as a "maintenance mode" application, and the corresponding application in the maintenance mode can be a third-party software or an embedded application.
- the maintenance mode application When the user clicks the maintenance mode application, the public log area can be accessed through the maintenance mode application.
- the camera permission needs to be provided to the detection device, so that the detection personnel can control the detection device to detect the function of the camera of the electronic device.
- Step S44 Provide a maintenance detection space and open the access authority of the maintenance detection space to trusted devices of the electronic device.
- the electronic device when the electronic device needs to be detected, the electronic device may also provide a maintenance and detection space, and a new space, ie a maintenance and detection space, is applied for in the storage area of the electronic device, and the maintenance and detection space can be used in the storage area of the electronic device.
- the maintenance detection data is stored during maintenance detection, and the data generated in the maintenance mode is stored in the maintenance detection space.
- Step S45 Provide a maintenance mode space for caching data of the currently running application.
- a maintenance mode space is provided so that after the electronic device enters the maintenance mode, the content of the currently running application can also be cached in the maintenance mode space middle.
- the automatic Generate a file directory in the maintenance mode create a path of the maintenance mode, point to the maintenance mode space, to read the database and playlist information from the maintenance mode space, and directly read the content of the application in the maintenance mode, where the application can be Video playback application, so that after entering the maintenance mode, you can continue to play the corresponding video.
- the steps performed in entering the maintenance mode include but are not limited to the above steps and sequences.
- the execution steps may be appropriately adjusted or the corresponding steps may be appropriately reduced. It can be understood that the above steps can also be performed when in the maintenance mode.
- Fig. 7a is a scenario in which a common application accesses data after the mobile phone enters the maintenance mode.
- the application can access the maintenance detection space.
- the common application refers to an application other than the maintenance mode application among the applications on the mobile phone after the electronic device enters the maintenance mode.
- Figure 7b is a scenario where the maintenance mode application accesses data after the mobile phone enters the maintenance mode.
- the maintenance mode application cannot access the private data stored in the mobile phone owner, but the maintenance mode application can access the maintenance detection space and log storage content in the area. That is, after entering the maintenance mode, when the operator operates the electronic device, he cannot access the owner's private data through ordinary applications, but can access the maintenance detection space through ordinary applications.
- the relevant data of the camera is stored in the maintenance and inspection space.
- the log storage area is also accessible for service mode applications.
- the private data is encrypted and stored in the preset storage space, and the private data cannot be accessed through external commands. For example, the adb command cannot be used to obtain pictures or videos. Wait.
- Embodiment 1 The data protection method of Embodiment 1 will be described in detail below with reference to specific application scenarios.
- the user sends the mobile phone with a faulty camera for repair.
- the maintenance personnel repair the mobile phone
- the user's private data cannot be viewed.
- the mobile phone provides device detection interface permissions, device node access permissions, and log storage area access permissions. Maintenance personnel can test the camera. After repairing the mobile phone, the user exits the maintenance mode, and the data in the mobile phone is restored. The user can use the mobile phone normally and access Privacy Data.
- the user gives his tablet to a friend to play, but the user does not want the friend to see his personal privacy data, then the user can set the tablet to maintenance mode, then the user's friend cannot access the user's personal privacy data, but can.
- the tablet for example, you can use the applications in it normally, such as phone calls, text messages, calendars, cameras, etc., but you cannot access the data of the application, such as the information received and sent by the user through the SMS application.
- you can also re-download the application and use it, such as re-downloading the chat software, but there is no data in the chat software.
- the tablet plays the video normally.
- the data corresponding to the video is cached in the maintenance mode space, and the relevant database and playlist information are read from the maintenance mode space, and the video can still be played normally.
- the user device exits the maintenance mode the hidden data of the tablet is restored, and the private data can be accessed through the app.
- the interconnection between electronic devices can access data obtained from one electronic device to another electronic device. For example, when a communication connection is established between the mobile phone and the tablet, and the mobile phone can access the data of the tablet, when the mobile phone is sent for maintenance, even if the mobile phone enters the maintenance mode, the maintenance personnel can obtain the data on the tablet through the mobile phone.
- this application proposes another data protection method for protecting the privacy data of electronic devices in the network.
- Other personnel can operate and use an electronic device, but the electronic device and other electronic devices networked with the electronic device are The private data of the network is securely isolated, and other personnel cannot access the private data of users in other electronic devices in the network.
- FIG. 8 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- the method can be applied to an electronic device or a cloud server, and the method includes:
- Step S81 The first electronic device sends a connection request to the second electronic device.
- the first electronic device may include a terminal device or a cloud device
- the second electronic device may include a terminal device or a cloud device, such as a cloud server.
- the connection request may include device information and account information of the first electronic device.
- the number of electronic devices networked with the first electronic device is not specifically limited, for example, a third electronic device and a cloud server may also be included.
- Step S82 The second electronic device responds to the connection request, and the first electronic device establishes a communication connection with the second electronic device.
- the second electronic device verifies the account information in the connection request to determine whether the first electronic device is an electronic device of the same account, and if it is an electronic device of the same account, it is determined that the first electronic device is an electronic device of the same account.
- An electronic device is a trusted device of the second electronic device. After verifying the account information, the second electronic device returns the information of successful verification to the first electronic device, and the first electronic device establishes a communication connection with the second electronic device.
- the second electronic device fails to verify the account information
- the second electronic device returns verification failure information to the first electronic device, and the first electronic device fails to establish a communication connection with the second electronic device.
- the first electronic device establishes a communication connection with the second electronic device, that is, the communication connection includes after the first electronic device and the second electronic device are authenticated successfully. established communication connection.
- the electronic devices of the same account are mutually trusted devices, and the trusted devices may also include electronic devices that pass the verification after user authorization.
- a communication connection can be established between trusted devices. If a certain electronic device and another electronic device are not mutually trusted devices, the connection between the two electronic devices is disconnected.
- connection manner between the first electronic device and the second electronic device includes wired connection or wireless connection.
- establishing a communication connection between the first electronic device and the second electronic device is not limited to the first electronic device sending a connection request to the second electronic device, but also the second electronic device sending a connection request to the first electronic device , the following steps can be performed after the communication is connected.
- Step S83 Detecting the first trigger condition, the first electronic device sends first data to the second electronic device, wherein the first data is used to trigger the second electronic device to enter the maintenance mode.
- the first electronic device sends the first data to the second electronic device.
- the first trigger condition includes that the first electronic device is in a maintenance detection state, or the first electronic device is in a maintenance mode, or the first electronic device enters a maintenance mode.
- the first data is used to trigger the second electronic device to enter the maintenance mode, and the first data may include the following information: the first electronic device enters the maintenance mode, or the first electronic device is currently in the maintenance mode, or the first electronic device is in the maintenance mode.
- An electronic device is currently in a maintenance detection state, wherein the first electronic device is currently in a maintenance detection state, that is, the first device is under maintenance detection by the detection device.
- the first electronic device sends the first data to the second electronic device to notify the current state of the second electronic device, for example, the first electronic device enters the maintenance mode, or the first electronic device currently In the maintenance mode, or the first electronic device is currently in a maintenance detection state, etc., to trigger the second electronic device to enter the maintenance mode.
- Step S84 The second electronic device enters the maintenance mode according to the first data.
- the second electronic device enters the maintenance mode after receiving the first data.
- the second electronic device obtains information that the first electronic device enters the maintenance mode from the first data
- the second electronic device enters the maintenance mode.
- the second electronic device obtains information that the first electronic device is in the maintenance mode from the first data
- the second electronic device enters the maintenance mode.
- the second electronic device obtains from the first data that the first electronic device is currently under maintenance detection
- the second electronic device enters the maintenance mode.
- the first electronic device is in the maintenance mode.
- the electronic device sends the first data to the second electronic device, and the second electronic device receives the first data sent by the first electronic device, and the second electronic device is triggered to enter the maintenance mode. That is, when the second electronic device is in the maintenance mode, or the first electronic device is in the maintenance detection state, or the first electronic device enters the maintenance mode, based on the interconnection between the electronic devices Intercommunication, the second electronic device is also triggered to enter the maintenance mode after receiving the first data, so as to protect the data of the second electronic device.
- the first electronic device is in the maintenance mode, or the first electronic device enters the maintenance mode, or the first electronic device is currently undergoing maintenance testing, the first electronic device is in an unsafe environment, and the first electronic device is in a non-safe environment.
- the electronic device sends the first data to the electronic device that is networked with it, and the electronic device that is networked with it automatically enters the maintenance mode after receiving the first data, and performs the steps of the above-mentioned first embodiment to protect the network with the first electronic device. data in other electronic devices.
- Step S85 Detecting a second trigger condition, the first electronic device sends second data to the second electronic device, where the second data is used to trigger the second electronic device to exit the maintenance mode.
- the second trigger condition includes that the first electronic device currently exits the maintenance mode, or the first electronic device currently exits the maintenance detection.
- the second data may include the following information: the first electronic device currently exits the maintenance mode, or the first electronic device currently exits the maintenance detection.
- the first electronic device sends second data to the second electronic device to notify the current state of the second electronic device, for example, the first electronic device currently exits the maintenance mode, or the first electronic device Currently exiting maintenance detection, etc., to trigger the second electronic device to exit the maintenance mode.
- Step S86 the second electronic device exits the maintenance mode according to the second data.
- the second electronic device when the second electronic device obtains information that the first electronic device exits the maintenance mode from the second data, the second electronic device exits the maintenance mode. Or, when the second electronic device obtains the information that the first electronic device exits the maintenance detection from the second data, the second electronic device exits the maintenance mode. That is, when the second electronic device exits the maintenance mode, or the first electronic device exits maintenance detection, the second electronic device is triggered to exit the maintenance mode.
- the second electronic device when the first electronic device is in a non-secure environment (the first electronic device is currently in a maintenance mode, or the first electronic device is being inspected for maintenance, or the first electronic device enters a maintenance mode) , the second electronic device can enter the maintenance mode according to the first data of the first electronic device to protect the data of the second electronic device and avoid leaking the private data in the second electronic device through the communication connection with the first electronic device.
- the first electronic device exits the maintenance state
- the first electronic device is in a safe environment (the first electronic device exits the maintenance mode, or the first electronic device exits the maintenance detection), and the second electronic device follows according to the first electronic device. After sending the second data, the second electronic device also exits the maintenance mode to ensure that the second electronic device can be used normally.
- FIG. 9 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- Step S91 After the TV device is started up, the network is formed.
- the network connection is disconnected after the TV device is turned off, and when the TV device is started, the TV device will request to establish a connection to perform networking.
- Step S92 The TV device detects that the mobile phone in the network is in the maintenance mode.
- the mobile phone after the TV device sends a connection request to the mobile phone, it is known that the mobile phone is in the maintenance mode after receiving the first data sent by the mobile phone.
- Step S93 The TV device determines whether to continue networking.
- the TV device determines whether to continue networking according to the user's instruction, and the TV device may display a prompt "The mobile phone in the network is in maintenance mode, whether it is necessary to continue networking". When the user clicks "No”, the TV device stops networking, and the process ends.
- Step S94 The television equipment continues to network, and enters the maintenance mode after receiving the first data.
- the TV device continues to network, and the mobile phone detects that the TV device is networked, and sends the first data to the TV device.
- the television equipment is networked, the first data sent by the mobile phone is received, and the television equipment enters the maintenance mode according to the first data.
- Step S95 the television device receives the second data.
- the mobile phone after the repair of the mobile phone is completed, the mobile phone will broadcast the second data, and the TV device will receive the second data.
- Step S96 the TV device exits the maintenance mode.
- the TV device exits the maintenance mode according to the second data sent by the mobile phone.
- the communication connection of multiple devices is not limited to the communication connection of the above-mentioned two electronic devices, and the first electronic device can also transmit the first data and/or the second data by broadcasting to inform the first electronic device that the current status is maintenance. state, so that other devices networked with the first electronic device also enter the maintenance mode.
- FIG. 10 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- the method is applied to an electronic device or a cloud server, and the method includes:
- Step S101 The first electronic device broadcasts its connection request to the second electronic device, the third electronic device and the cloud server.
- the number of electronic devices networked with the first electronic device is not specifically limited, and the connection request may include device information and account information of the first electronic device.
- Step S102 The second electronic device, the third electronic device and the cloud server respond to the connection request, and the second electronic device, the third electronic device and the cloud server all establish a communication connection with the first electronic device.
- the second electronic device, the third electronic device and the cloud server verify the account information in the connection request to determine whether the first electronic device is an electronic device of the same account, so as to determine whether the first electronic device is an electronic device of the same account. Whether the electronic device is a trusted device.
- the first electronic device establishes a communication connection with the second electronic device, and the third electronic device and the cloud server establish a communication connection with the first electronic device similarly. Repeat.
- Step S103 Detecting the first trigger condition, the first electronic device sends first data to the second electronic device, the third electronic device and the cloud server, where the first data is used to trigger the second electronic device, the third electronic device and the cloud server The server enters maintenance mode.
- Step S104 The second electronic device, the third electronic device and the cloud server all enter the maintenance mode according to the first data.
- Step S105 Detecting the second trigger condition, the first electronic device sends second data to the second electronic device, the third electronic device and the cloud server, where the second data is used to trigger the second electronic device, the third electronic device and the cloud server The server is out of service.
- Step S106 The second electronic device, the third electronic device and the cloud server all exit the maintenance mode according to the second data.
- Embodiment 3 The data protection method of Embodiment 3 will be described in detail below in combination with specific application scenarios.
- the user's mobile phone establishes a communication connection with the tablet and the cloud server, and the data of the cloud server can be accessed through the mobile phone and tablet. Based on the interconnection, the mobile phone and the tablet can mutually access data.
- the user sends the faulty mobile phone for repair.
- the maintenance personnel can input commands, such as adb commands, to the tablet and cloud server through the detection channel between the detection device and the mobile phone, and let the mobile phone go to the tablet and cloud server. Specify the directory to get the data out.
- the user sets the mobile phone to maintenance mode, and the maintenance personnel may not be able to obtain the private data in the mobile phone.
- the mobile phone broadcasts the first data to the tablet and cloud server in the network to inform the tablet and cloud server in the network that the mobile phone is currently in maintenance mode.
- both the tablet and the cloud server automatically enter the maintenance mode.
- the cloud server applies for a new space as the maintenance and inspection space, so that the mobile phone and tablet can access the maintenance and inspection space, and the tablet can also apply for a new space as the maintenance and inspection space, so that the mobile phone can access the maintenance and inspection space.
- Maintenance personnel cannot obtain the private data of the tablet networked with the mobile phone and the cloud server through the mobile phone.
- the mobile phone After the mobile phone is repaired, the user takes the repaired mobile phone and exits the mobile phone from maintenance mode, then the mobile phone broadcasts its second data to the tablet and cloud server, informing the tablet and cloud server in the network that the mobile phone is currently out of maintenance mode, and both the tablet and the cloud server are out of maintenance mode. Exiting the maintenance mode according to the second data, the devices in the mobile phone network can communicate and access data normally.
- the tablet and cloud server can release the applied maintenance testing space, and the tablet can also display a prompt to prompt the user whether to save the data in the maintenance testing space.
- the inventor finds that in some scenarios, collaborative detection between multiple devices and joint problem diagnosis of multiple devices are required. At this time, there is a possibility of data leakage. If there is a problem with the screen function, it is necessary to detect the screen projection function of the mobile phone and the smart screen at the same time to determine the problem. At this time, it is necessary to communicate and connect the mobile phone and the smart screen, and at the same time detect the screen projection function of the mobile phone and the smart screen. Based on the interconnection between the mobile phone and the smart screen, data can be accessed between the mobile phone and the smart screen, and remote communication can be performed. The user takes the mobile phone to the maintenance personnel for maintenance, and the maintenance personnel can remotely detect the smart screen through the mobile phone. mode, but the smart screen is not in data protection state.
- the present application proposes another data protection method, which is used to protect the privacy data of electronic devices in the network in the multi-device joint problem diagnosis, and other personnel cannot access the privacy data of users in the electronic devices in the network.
- FIG. 12 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- the method is applied to an electronic device or a cloud server, and the method includes:
- Step S120 The first electronic device establishes a communication connection with a second electronic device, wherein the second electronic device is a trusted device of the first electronic device.
- Step S121 The first electronic device receives the first data sent by the second electronic device, where the first data is used to trigger the first electronic device to enter the maintenance mode.
- the second electronic device detects a first trigger condition, the second electronic device sends first data to the first electronic device, and the first trigger condition includes that the second electronic device is in a maintenance detection state, Either the second electronic device is in the maintenance mode, or the second electronic device enters the maintenance mode, and the first trigger condition further includes that the second electronic device requests the first electronic device to provide detection authority . That is, when the second electronic device is in a maintenance detection state, and the second electronic device requests the first electronic device to provide a detection right, the second electronic device sends the first data. Or, when the second electronic device is in the maintenance mode, and the second electronic device requests the first electronic device to provide detection authority, the second electronic device sends the first data. Or, when the second electronic device enters the maintenance mode, and the second electronic device requests the first electronic device to provide detection authority, the second electronic device sends the first data.
- the second electronic device requests the first electronic device to provide the first electronic device with detection authority, so that the detection device can perform maintenance detection on the first electronic device, or the detection device can perform maintenance detection on the first electronic device through the second electronic device.
- the electronic device performs maintenance detection on the first electronic device.
- Step S122 the first electronic device enters a maintenance mode according to the first data.
- the second electronic device sends a first data packet to the first electronic device, so that the first electronic device can receive the first data.
- the first electronic device parses the first data packet, and returns the information to the second electronic device as follows:
- the first electronic device parses that the command format is maintenance mode and the interaction type is detection request, it requests the first electronic device to provide detection authority, the first electronic device switches to maintenance mode, and returns a command to the second electronic device to inform The second electronic device is ready to enter the maintenance mode of the first electronic device.
- Embodiment 2 and Embodiment 4 are similar in that, when other electronic devices in the network are in the maintenance detection state or in the maintenance mode or enter the maintenance mode, the first data sent by the electronic device in the network is received. , so as to switch to the maintenance mode according to the first data.
- the difference between Embodiment 4 and Embodiment 2 and Embodiment 3 is that in addition to the information on the status of the second electronic device in the network, the first data also includes information requesting the first electronic device to provide detection authority, that is, the information in the network is included.
- the first electronic device When the second electronic device is in the maintenance detection state or in the maintenance mode or enters the maintenance mode, the first electronic device receives the first data of the second electronic device, and according to the first data knows that the second electronic device is in the maintenance detection state or in the maintenance mode Or enter the maintenance mode, and the second electronic device requests the first electronic device to provide detection authority, and the first electronic device enters the maintenance mode.
- the mobile phone and the smart screen are networked, the user sends the faulty mobile phone to the maintenance personnel for maintenance, the mobile phone enters the maintenance mode, the smart screen receives the broadcast information sent by the mobile phone, and knows that the mobile phone is in the maintenance mode, but the smart screen still Not entering service mode.
- the mobile phone receives the detection command sent from the detection device, and the mobile phone determines whether to detect the smart screen in the network according to the detection command.
- the detection device obtains the detection result of the mobile phone.
- the mobile phone sends the first data to the smart screen, the first data includes that the mobile phone is in maintenance mode and requests the smart screen to provide detection permission, and the smart screen obtains according to the first data that the mobile phone is in maintenance mode, and If the mobile phone requires the smart screen to provide detection permission, the smart screen will enter the maintenance mode.
- the smart screen detects that the application is currently running, applies for a memory space, that is, the memory space in maintenance mode, and caches the current application list and other data in the memory space in maintenance mode. Copy information such as playlists to the maintenance mode space to encrypt private data.
- the smart screen can also display a prompt to inform the user that the maintenance mode is about to be entered.
- the detection device remotely detects the smart screen through the mobile phone, and the content cached by the smart screen can continue to be played.
- the smart screen sends the test results to the mobile phone, and the mobile phone collects the test results of the smart screen and sends both the test results of the mobile phone and the smart screen to the testing device.
- the smart screen prompts the user to complete the access, and will automatically exit the maintenance mode.
- the first data received by the above-mentioned electronic device and used to indicate entering the maintenance mode may come from the user's direct settings on the electronic device or may be data sent from other electronic devices, and the data sent from other electronic devices may include data sent by other electronic devices.
- the first data automatically sent when the first trigger condition is satisfied may also include the first data sent by the user to another electronic device through one electronic device.
- the present application proposes another data protection method, by dynamically authorizing multiple devices in the network, so that the electronic device enters the maintenance mode according to the user's instruction.
- FIG. 14 is a schematic flowchart of another data protection method provided by an embodiment of the present application.
- the method is applied to a first electronic device, and the method includes:
- Step S141 Receive a first input command input by a user.
- the first input command may include a password, fingerprint information, gesture password, face information, etc., and the first input command is used to verify whether the user is the owner of the first electronic device.
- Step S142 Determine whether the current user is the host according to the first input command.
- the password matches the pre-stored password
- the fingerprint information matches the pre-stored fingerprint information
- the gesture password matches the pre-stored gesture password
- the current user is the host.
- the face information matches the pre-stored face information, it is determined that the current user is the machine owner.
- Step S143 If yes, obtain the master control authority, wherein the master control authority is used to set the authority of other electronic devices in the network.
- the first electronic device when the current user is the owner, the first electronic device obtains the master control authority, and the first electronic device is the master control device, that is, the user can set the authority of other electronic devices in the network through the master control device.
- Step S144 Receive a second input instruction input by the user.
- the second input command is used to indicate the electronic device to be set and its corresponding permission, including the ID of the electronic device to be set and the permission corresponding to the electronic device.
- Step S145 Send the corresponding permission setting information to the second electronic device according to the second input instruction, so that the second electronic device sets its permission according to the permission setting information.
- the first electronic device and the second electronic device are devices that log in with the same account
- the second electronic device is a trusted device of the first electronic device
- the first electronic device establishes communication with the second electronic device connect.
- the first electronic device and the second electronic device may not be devices of the same account, and the second electronic device may be a trusted device authorized and verified by the user.
- the user inputs a second input command through the first electronic device, where the second input command is used to instruct the permission of the second electronic device to be set to the maintenance mode, that is, the first electronic device receives the user input
- the instruction instructing the second electronic device to enter the maintenance mode the first electronic device sends data to the second electronic device to trigger the second electronic device to enter the maintenance mode.
- the user sends the mobile phone for maintenance, but forgets to set the mobile phone to enter the maintenance mode.
- the device that the user can currently use is the tablet, the user enters the first input command on the tablet, and the tablet verifies that the current user is the owner.
- the permissions of other electronic devices in the network are set according to the second input command input by the user.
- the user inputs a second input command to the tablet, which is used to set the authority of the mobile phone with the same login account as the maintenance mode, then the second input command is a maintenance setting instruction, and the tablet receives the maintenance setting instruction input by the user, wherein the maintenance setting The instruction is used to instruct the mobile phone to enter the maintenance mode, and the tablet sends first data to the mobile phone according to the maintenance setting instruction, so that the mobile phone enters the maintenance mode according to the first data.
- the master control device can also set the authority of the non-login account device in the network.
- the mobile phone, the watch and the smart screen are devices with the same login account.
- the mobile phone, the watch and the smart screen interact with each other. is a trusted device.
- the maintenance personnel use a different login account to check the watch on the device computer.
- the computer sends a connection request to the mobile phone, and a prompt appears on the interface of the mobile phone, whether to access the computer.
- the permission setting interface 18 shown in Figure 16 is presented.
- the permission setting interface 18 includes a status bar 11, an account number Information, device list of login account, device level, non-login device, connected device list, accessible devices including corresponding accessible devices selection box 19 and temporary permissions including corresponding temporary permissions selection box 20 .
- the status bar 11 may include time, signal strength, and current remaining power, and the like.
- the account information is the user's login account name such as "Zhang San".
- the login device list shows the devices logged in to the same account and the device level of the device.
- the devices currently logged in to the same account include mobile phones, watches, and smart screens.
- the device level of the mobile phone is the main control device, and the devices of the watch and smart screen.
- Class is slave device.
- Computers and tablets are included in the list of connected devices in non-logged in devices. There is a selection box at the corresponding accessible devices of the computer and tablet, and the user can operate the selection box to determine the accessible devices of the computer and tablet. There is a selection box at the temporary permission corresponding to the computer and tablet, and the user can operate the selection box to determine the temporary permission of the computer and tablet.
- the devices that the user can access from the computer include watches, the temporary permissions corresponding to the user's computer include maintenance mode access, the devices that the user can access from the tablet include smart screens, and the temporary permissions corresponding to the user's tablet include normal access. , please also refer to Figure 18.
- the computer obtains the authorization certificate sent by the mobile phone the computer can access the watch, and it is accessed in maintenance mode.
- the computer sends a connection request to the watch
- the connection request includes the authorization certificate
- the watch parses the authorization certificate, and obtains the maintenance mode access permission of the computer in the connection request
- the watch enters the watch according to the maintenance mode access permission of the computer.
- the watch responds to the connection request and sends data to the computer to inform it that it is ready for access, and the watch establishes a communication connection with the computer.
- the computer sends the first data to the watch, the watch responds to the detection request type after receiving the first data, the watch provides the detection authority, and sends the detection result to the computer after the detection is completed.
- the mobile phone After the computer completes the detection, the user cancels the authorization of the computer on the mobile phone, the mobile phone notifies the watch to exit the maintenance mode, and the watch exits the maintenance mode.
- the access settings and access methods of the tablet are similar to those of the computer, and will not be repeated here. If the device accessible to the tablet is a smart screen, and the temporary permission is normal access, the tablet can communicate with the smart screen normally, and data can be shared between the tablet and the smart screen.
- the first electronic device may send first data to other electronic devices networked with it, where the first data is used to instruct other electronic devices networked with it to enter maintenance mode, so that other electronic devices networked with it can enter the maintenance mode under the control of the user.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Medical Informatics (AREA)
- Telephone Function (AREA)
Abstract
本申请实施例公开一种数据保护方法、系统、介质及电子设备,属于通信技术领域,在本申请实施例中,第一电子设备与第二电子设备建立通信连接,其中,所述第一电子设备为所述第二电子设备的可信设备;检测到第一触发条件,所述第一电子设备向所述第二电子设备发送第一数据,所述第一数据用于触发第二电子设备进入维修模式。采用本申请的实施例,通过第一电子设备触发第二电子设备进入维修模式,保护电子设备的数据。
Description
本申请要求于2021年02月04日提交中国专利局、申请号为202110158831.1,发明名称为“数据保护方法、系统、介质及电子设备”的中国专利的优先权,其全部内容通过引用结合在本申请中。
本申请涉及设备管理技术领域,特别是涉及一种数据保护方法、系统、介质及电子设备。
电子设备的使用在日常生活中占据越来越重要的地位,以手机设备为例,可以承载着大量的用户个人数据,例如,即时聊天记录、照片、通信录、视频、录音、日程记录、行程记录等。电子设备维修,或电子设备外借等场景下,电子设备中的数据均容易查看、导出或外传。
发明内容
本申请实施例提供一种数据保护方法,用于保护电子设备的数据。
第一方面,本申请实施例提供了一种数据保护方法,应用于第一电子设备,所述方法包括:第一电子设备与第二电子设备建立通信连接,其中,所述第一电子设备为所述第二电子设备的可信设备;检测到第一触发条件,所述第一电子设备向所述第二电子设备发送第一数据,其中,所述第一数据用于触发所述第二电子设备进入维修模式。其中,进入维修模式的电子设备可以保护其数据,避免该电子设备数据被查看、导出或外传。
在本申请实施例中,检测到第一触发条件,所述第一电子设备向所述第二电子设备发送第一数据,以触发第二电子设备进入维修模式,实现通过第一电子设备触发第二电子设备进入维修模式,保护第一电子设备和第二电子设备的数据,避免第一电子设备和第二电子设备的数据被查看、导出或外传。
可选地,所述第一触发条件包括:所述第一电子设备处于维修检测状态,或所述第一电子设备处于维修模式,或所述第一电子设备进入维修模式。其中,所述第一电子设备处于维修检测状态,或所述第一电子设备处于维修模式,或所述第一电子设备进入维修模式,即第一电子设备处于非安全环境,第一电子设备与第二电子设备的数据容易被查看、导出或外传。为此,需要在与第二电子设备组网连接的第一电子设备处于非安全环境时,将第一电子设备与第二电子设备的数据保护起来。通过第一电子设备触发第二电子设备进入维修模式,保护第二电子设备的数据,避免第二电子设备处于非安全环境。
可选地,所述第一触发条件还包括所述第一电子设备请求所述第二电子设备提供检测权限。其中,第一电子设备请求第二电子设备提供检测权限,即第二电子设备将处于非安全环境,在第二电子设备检测中,第二电子设备的数据容易被查看、导出或外传,为此需要通过第一电子设备触发第二电子设备进入维修模式,保护第二电子设备的数据,避免第二电子设 备处于非安全环境。
可选地,所述第一触发条件包括:所述第一电子设备接收到用户输入的指示所述第二电子设备进入维修模式的指令。其中,用户可以基于个人需求,通过第一电子设备触发第二电子设备进入维修模式,基于用户的需求,实现对电子设备数据的保护。
可选地,所述第一电子设备进入维修模式包括:加密隐私数据。
可选地,所述第一电子设备进入维修模式包括:提供检测权限,以实现对所述第一电子设备的维修检测。
可选地,所述第一电子设备进入维修模式包括:提供维修检测空间;向所述第一电子设备的可信设备开放所述维修检测空间的访问权限。
第二方面,本申请实施例提供了一种数据保护方法,应用于第二电子设备,所述方法包括:第二电子设备与第一电子设备建立通信连接,其中,所述第二电子设备为所述第一电子设备的可信设备;接收所述第一电子设备发送的第一数据;根据所述第一数据进入维修模式。第二电子设备根据第一电子设备发送的第一数据进入维修模式,保护第二电子设备的数据。
可选地,所述第一数据包括以下信息之一:所述第一电子设备处于维修检测状态,所述第一电子设备处于维修模式,所述第一电子设备进入维修模式。
可选地,所述第一数据还包括用于请求所述第二电子设备提供检测权限的信息。
可选地,所述第一数据包括用户输入的用于指示所述第二电子设备进入维修模式的信息。
可选地,所述根据所述第一数据进入维修模式包括:加密隐私数据。
可选地,所述根据所述第一数据进入维修模式还包括:提供检测权限,以实现对所述第二电子设备的维修检测。
可选地,所述根据所述第一数据进入维修模式还包括:提供维修检测空间;向所述第二电子设备的可信设备开放所述维修检测空间的访问权限。
第三方面,本申请实施例提供了一种数据保护系统,至少包括第一电子设备和第二电子设备;所述第一电子设备与所述第二电子设备建立通信连接,其中,所述第二电子设备为所述第一电子设备的可信设备;所述第一电子设备在第一触发条件下向所述第二电子设备发送第一数据;所述第二电子设备接收所述第一数据;所述第二电子设备根据所述第一数据进入维修模式。
第四方面,本申请实施例提供了一种数据保护系统,包括云服务器和至少一个电子设备;所述云服务器与所述至少一个电子设备建立通信连接,其中,所述云服务器为所述至少一个电子设备的可信设备;检测到第一触发条件,所述电子设备向所述云服务器发送第一数据;所述云服务器接收所述第一数据;所述云服务器根据所述第一数据进入维修模式。
第五方面,提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序代码,当所述计算机程序代码被计算设备执行时,所述计算设备执行上述所述的方法。
第五方面,提供了一种电子设备,所述电子设备包括处理器和存储器,所述存储器用于存储一组计算机指令,当所述处理器执行所述一组计算机指令时,所述计算设备执行上述所述的方法。
上述第二方面、第三方面、第四方面和第五方面所获得的技术效果与第一方面中对应的技术手段获得的技术效果近似,在这里不再赘述。
本申请提供的技术方案带来的有益效果至少包括:
在本申请实施例中,实现通过第一电子设备触发第二电子设备进入维修模式,保护第一 电子设备和第二电子设备的数据,避免在第一电子设备或第二电子设备处于非安全环境下,第一电子设备和第二电子设备的数据被查看、导出或外传,保护第一电子设备和第二电子设备的数据。
图1为本申请实施例提供的一种系统架构的简化示意图。
图2为本申请实施例提供的一种电子设备的结构示意图。
图3为本申请实施例中电子设备的软件结构框图。
图4为本申请实施例提供的一种数据保护方法流程示意图。
图5a为本申请实施例提供的一种维修前主界面示意图。
图5b为本申请实施例提供的一种服务应用界面示意图。
图6a为本申请实施例提供的一种维修后主界面示意图。
图6b为本申请实施例提供的一种维修前备忘录界面示意图。
图6c为本申请实施例提供的一种维修后备忘录界面示意图。
图7a为本申请实施例提供的一种维修模式下普通应用访问数据的示意图。
图7b为本申请实施例提供的一种维修模式下维修模式应用访问数据的示意图。
图8为本申请实施例提供的另一种数据保护方法流程示意图。
图9为本申请实施例提供的另一种数据保护方法流程示意图。
图10为本申请实施例提供的另一种数据保护方法流程示意图。
图11为本申请实施例提供的一种数据保护场景示意图。
图12为本申请实施例提供的另一种数据保护方法流程示意图。
图13为本申请实施例提供的另一种数据保护场景示意图。
图14为本申请实施例提供的另一种数据保护方法流程示意图。
图15为本申请实施例提供的另一种数据保护场景示意图。
图16为本申请实施例提供的权限设置界面示意图。
图17为本申请实施例提供的另一种权限设置界面示意图。
图18为本申请实施例提供的另一种权限设置界面示意图。
需要说明的是,本申请中“至少一个”是指一个或者多个,“多个”是指两个或多于两个。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A,B可以是单数或者复数。本申请的说明书和权利要求书及附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不是用于描述特定的顺序或先后次序。
将理解的是,当元件(例如,第一元件)被称为“(可操作地或通信地)耦合到另一元件(例如,第二元件)”或“连接到”另一元件时,其可以直接与/耦合到或连接到另一元件或可以存在介入元件(例如,第三元件)。相反,当元件(例如,第一元件)被称为“直接耦合到”或“直接连接到”另一元件(例如,第二元件)时,应该理解的是,不存在介入元件(例如,第三元件)。
请参考图1,图1为本申请实施例提供的一种系统架构的简化示意图。如图1所示, 该系统架构可以包括第一电子设备10、第二电子设备20和云服务器30。第一电子设备10、第二电子设备20和云服务器30接入在同一个网络40,其中该网络40可以包括广域网、城域网、局域网。其中,第一电子设备10与第二电子设备20接入在同一个局域网,具体可以为:第一电子设备10和第二电子设备20与同一无线接入点建立无线连接。例如,第一电子设备10与第二电子设备20接入同一个无线保真(Wireless Fidelity,WI-FI)热点,再例如第一电子设备10和第二电子设备20也可以通过蓝牙协议接入同一个蓝牙信标下。第一电子设备10和第二电子设备20建立有线连接。例如,第一电子设备10通过有线连接介质如光纤或铜线等连接第二电子设备20。
其中,第一电子设备10支持数据访问协议,可以作为服务端提供数据。示例性地,第一电子设备10可以是手机、平板电脑等,其具体结构如图2所示,在以下实施例中将具体描述。第二电子设备20也支持上述数据访问协议,可以作为客户端访问第一电子设备10中的数据。在一些实施例中,第二电子设备20具体可以为手机、电脑,上述电脑可以为台式电脑,也可以为笔记本电脑,如苹果公司的Mac笔记本电脑、华为等公司的Windows笔记本电脑等。
其中,第一电子设备10和第二电子设备20可以通过网络40连接云服务器30,电子设备与云服务器30的网络40连接方式可以包括有线或无线连接。云服务器用于存储其他电子设备上传的数据。第一电子设备10或第二电子设备20可以将其数据包括应用、程序参数、文件等存储在云服务器30上,第一电子设备10或第二电子设备20也可以从云服务器30上下载存储在云服务器30上的数据。云服务器30可以包括华为云、亚马逊、阿里云、腾讯云、百度云等。
可以理解,在某些情形下上述系统架构中至少包括两个电子设备,第一电子设备10与第二电子设备20之间相互通信。或在某些情形下上述系统架构仅包括电子设备和云服务器30,其中电子设备的数量不少于一个。
在本申请一些实施例中,第一电子设备10或第二电子设备20可以是还包含其它功能诸如个人数字助理和/或音乐播放器功能的便携式电子设备,诸如具备无线通讯功能的可穿戴设备(如智能手表)等。上述便携式电子设备也可以是其它便携式电子设备,诸如具有触敏表面(例如触控面板)的膝上型计算机(Laptop)等。还应当理解的是,在本申请其他一些实施例中,上述第一电子设备10也可以不是便携式电子设备,而是台式计算机、数码相机、音箱、智慧屏或车机等。
请参考图2,以电子设备为手机为例,本领域技术人员可以理解,图2所示的手机仅仅是一个范例,并不构成对手机的限定,手机可以具有比图中所示的更多或更少的部件。
示例性地,图2为本申请实施例提供的一种电子设备的结构示意图。
其中,电子设备可以包括处理器110,外部存储器接口120,内部存储器121,通用串行总线(universal serial bus,USB)接口130,充电管理模块140,电源管理模块141,电池142,天线1,天线2,移动通信模块150,无线通信模块160,音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,传感器模块180,摄像头193,显示屏194等。
可以理解的是,本发明实施例示意的结构并不构成对电子设备的具体限定。在本申请另一些实施例中,电子设备可以包括比图示更多或更少的部件,或者组合某些部件, 或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。
处理器110可以包括一个或多个处理单元,例如:处理器110可以包括应用处理器(application processor,AP),调制解调处理器,图形处理器(graphics processing unit,GPU),图像信号处理器(image signal processor,ISP),控制器,视频编解码器,数字信号处理器(digital signal processor,DSP),基带处理器,和/或神经网络处理器(neural-network processing unit,NPU)等。其中,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。
处理器110中还可以设置存储器,用于存储指令和数据。在一些实施例中,处理器110中的存储器为高速缓冲存储器。该存储器可以保存处理器110刚用过或循环使用的指令或数据。如果处理器110需要再次使用该指令或数据,可从所述存储器中直接调用。避免了重复存取,减少了处理器110的等待时间,因而提高了系统的效率。
在一些实施例中,处理器110可以包括一个或多个接口。接口可以包括集成电路(inter-integrated circuit,I2C)接口,集成电路内置音频(inter-integrated circuit sound,I2S)接口,脉冲编码调制(pulse code modulation,PCM)接口,通用异步收发传输器(universal asynchronous receiver/transmitter,UART)接口,移动产业处理器接口(mobile industry processor interface,MIPI),通用输入输出(general-purpose input/output,GPIO)接口,用户标识模块(subscriber identity module,SIM)接口,和/或通用串行总线(universal serial bus,USB)接口等。
充电管理模块140用于从充电器接收充电输入。其中,充电器可以是无线充电器,也可以是有线充电器。在一些有线充电的实施例中,充电管理模块140可以通过USB接口130接收有线充电器的充电输入。在一些无线充电的实施例中,充电管理模块140可以通过电子设备的无线充电线圈接收无线充电输入。充电管理模块140为电池142充电的同时,还可以通过电源管理模块141为电子设备供电。
电源管理模块141用于连接电池142,充电管理模块140与处理器110。电源管理模块141接收电池142和/或充电管理模块140的输入,为处理器110,内部存储器121,显示屏194,摄像头193,和无线通信模块160等供电。电源管理模块141还可以用于监测电池容量,电池循环次数,电池健康状态(漏电,阻抗)等参数。在其他一些实施例中,电源管理模块141也可以设置于处理器110中。在另一些实施例中,电源管理模块141和充电管理模块140也可以设置于同一个器件中。
电子设备的无线通信功能可以通过天线1,天线2,移动通信模块150,无线通信模块160,调制解调处理器以及基带处理器等实现。
天线1和天线2用于发射和接收电磁波信号。电子设备中的每个天线可用于覆盖单个或多个通信频带。不同的天线还可以复用,以提高天线的利用率。例如:可以将天线1复用为无线局域网的分集天线。在另外一些实施例中,天线可以和调谐开关结合使用。
移动通信模块150可以提供应用在电子设备上的包括2G/3G/4G/5G等无线通信的解决方案。移动通信模块150可以包括一个或多个滤波器,开关,功率放大器,低噪声放大器(low noise amplifier,LNA)等。移动通信模块150可以由天线1接收电磁波,并对接收的电磁波进行滤波,放大等处理,传送至调制解调处理器进行解调。移动通信模块150还可以对经调制解调处理器调制后的信号放大,经天线1转为电磁波辐射出去。在一些 实施例中,移动通信模块150的至少部分功能模块可以被设置于处理器110中。在一些实施例中,移动通信模块150的至少部分功能模块可以与处理器110的至少部分模块被设置在同一个器件中。
调制解调处理器可以包括调制器和解调器。其中,调制器用于将待发送的低频基带信号调制成中高频信号。解调器用于将接收的电磁波信号解调为低频基带信号。随后解调器将解调得到的低频基带信号传送至基带处理器处理。低频基带信号经基带处理器处理后,被传递给应用处理器。应用处理器通过音频设备(不限于扬声器170A,受话器170B等)输出声音信号,或通过显示屏194显示图像或视频。在一些实施例中,调制解调处理器可以是独立的器件。在另一些实施例中,调制解调处理器可以独立于处理器110,与移动通信模块150或其他功能模块设置在同一个器件中。
无线通信模块160可以提供应用在电子设备上的包括无线局域网(wirelesslocal area networks,WLAN)(如无线保真(wireless fidelity,Wi-Fi)网络),蓝牙(Bluetooth,BT),全球导航卫星系统(global navigation satellite system,GNSS),调频(frequency modulation,FM),近距离无线通信技术(near field communication,NFC),红外技术(infrared,IR)等无线通信的解决方案。无线通信模块160可以是集成一个或多个通信处理模块的一个或多个器件。无线通信模块160经由天线2接收电磁波,将电磁波信号调频以及滤波处理,将处理后的信号发送到处理器110。无线通信模块160还可以从处理器110接收待发送的信号,对其进行调频,放大,经天线2转为电磁波辐射出去。
在一些实施例中,电子设备的天线1和移动通信模块150耦合,天线2和无线通信模块160耦合,使得电子设备可以通过无线通信技术与网络以及其他设备通信。所述无线通信技术可以包括全球移动通讯系统(global system for mobile communications,GSM),通用分组无线服务(general packet radio service,GPRS),码分多址接入(code division multiple access,CDMA),宽带码分多址(wideband code division multiple access,WCDMA),时分码分多址(time-division code division multiple access,TD-SCDMA),长期演进(long term evolution,LTE),BT,GNSS,WLAN,NFC,FM,和/或IR技术等。所述GNSS可以包括全球卫星定位系统(global positioning system,GPS),全球导航卫星系统(global navigation satellite system,GLONASS),北斗卫星导航系统(beidou navigation satellite system,BDS),准天顶卫星系统(quasi-zenith satellite system,QZSS)和/或星基增强系统(satellite based augmentation systems,SBAS)。
电子设备通过GPU,显示屏194,以及应用处理器等实现显示功能。GPU为图像处理的微处理器,连接显示屏194和应用处理器。GPU用于执行数学和几何计算,用于图形渲染。处理器110可包括一个或多个GPU,其执行程序指令以生成或改变显示信息。
显示屏194用于显示图像,视频等。显示屏194包括显示面板。显示面板可以采用液晶显示屏(liquid crystal display,LCD),有机发光二极管(organic light-emitting diode,OLED),有源矩阵有机发光二极体或主动矩阵有机发光二极体(active-matrix organic light emitting diode的,AMOLED),柔性发光二极管(flex light-emitting diode,FLED),Miniled,MicroLed,Micro-oLed,量子点发光二极管(quantum dot light emitting diodes,QLED)等。在一些实施例中,电子设备可以包括1个或N个显示屏194,N为大于1的正整数。
电子设备可以通过ISP,摄像头193,视频编解码器,GPU,显示屏194以及应用处理器等实现拍摄功能。ISP用于处理摄像头193反馈的数据。例如,拍照时,打开快门, 光线通过镜头被传递到摄像头感光元件上,光信号转换为电信号,摄像头感光元件将所述电信号传递给ISP处理,转化为肉眼可见的图像。ISP还可以对图像的噪点,亮度,肤色进行算法优化。ISP还可以对拍摄场景的曝光,色温等参数优化。在一些实施例中,ISP可以设置在摄像头193中。
摄像头193用于捕获静态图像或视频。物体通过镜头生成光学图像投射到感光元件。感光元件可以是电荷耦合器件(charge coupled device,CCD)或互补金属氧化物半导体(complementary metal-oxide-semiconductor,CMOS)光电晶体管。感光元件把光信号转换成电信号,之后将电信号传递给ISP转换成数字图像信号。ISP将数字图像信号输出到DSP加工处理。DSP将数字图像信号转换成标准的RGB,YUV等格式的图像信号。在一些实施例中,电子设备可以包括1个或N个摄像头193,N为大于1的正整数。
数字信号处理器用于处理数字信号,除了可以处理数字图像信号,还可以处理其他数字信号。例如,当电子设备在频点选择时,数字信号处理器用于对频点能量进行傅里叶变换等。
视频编解码器用于对数字视频压缩或解压缩。电子设备可以支持一种或多种视频编解码器。这样,电子设备可以播放或录制多种编码格式的视频,例如:动态图像专家组(moving picture experts group,MPEG)1,MPEG2,MPEG3,MPEG4等。
外部存储器接口120可以用于连接外部存储卡,例如Micro SD卡,实现扩展电子设备的存储能力。外部存储卡通过外部存储器接口120与处理器110通信,实现数据存储功能。例如将音乐,视频等文件保存在外部存储卡中。
内部存储器121可以用于存储一个或多个计算机程序,该一个或多个计算机程序包括指令。处理器110可以通过运行存储在内部存储器121的上述指令,从而使得电子设备执行本申请一些实施例中所提供的投屏显示方法,以及各种功能应用和数据处理等。内部存储器121可以包括存储程序区和存储数据区。其中,存储程序区可存储操作系统;该存储程序区还可以存储一个或多个应用程序(比如图库、联系人等)等。存储数据区可存储电子设备使用过程中所创建的数据(比如照片,联系人等)等。此外,内部存储器121可以包括高速随机存取存储器,还可以包括非易失性存储器,例如一个或多个磁盘存储器件,闪存器件,通用闪存存储器(universal flash storage,UFS)等。在另一些实施例中,处理器110通过运行存储在内部存储器121的指令,和/或存储在设置于处理器中的存储器的指令,来使得电子设备执行本申请实施例中提供的投屏显示方法,以及各种功能应用和数据处理。
电子设备可以通过音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,以及应用处理器等实现音频功能。例如音乐播放,录音等。音频模块170用于将数字音频信息转换成模拟音频信号输出,也用于将模拟音频输入转换为数字音频信号。音频模块170还可以用于对音频信号编码和解码。在一些实施例中,音频模块170可以设置于处理器110中,或将音频模块170的部分功能模块设置于处理器110中。扬声器170A,也称“喇叭”,用于将音频电信号转换为声音信号。电子设备可以通过扬声器170A收听音乐,或收听免提通话。受话器170B,也称“听筒”,用于将音频电信号转换成声音信号。当电子设备接听电话或语音信息时,可以通过将受话器170B靠近人耳接听语音。克风170C,也称“话筒”,“传声器”,用于将声音信号转换为电信号。当拨打电话或发送语音信息时,用户可以通过人嘴靠近麦克风170C发声,将声音信号输入 到麦克风170C。电子设备可以设置一个或多个麦克风170C。在另一些实施例中,电子设备可以设置两个麦克风170C,除了采集声音信号,还可以实现降噪功能。在另一些实施例中,电子设备还可以设置三个,四个或更多麦克风170C,实现采集声音信号,降噪,还可以识别声音来源,实现定向录音功能等。耳机接口170D用于连接有线耳机。耳机接口170D可以是USB接口130,也可以是3.5mm的开放移动电子设备平台(open mobile terminal platform,OMTP)标准接口,美国蜂窝电信工业协会(cellular telecommunications industry association of the USA,CTIA)标准接口。
传感器模块180可以包括压力传感器,陀螺仪传感器,气压传感器,磁传感器,加速度传感器,距离传感器,接近光传感器,指纹传感器,温度传感器,触摸传感器,环境光传感器,骨传导传感器等。触摸传感器可以设置于显示屏,由触摸传感器与显示屏组成触摸屏,也称“触控屏”。
另外,上述电子设备中还可以包括按键、马达、指示器以及SIM卡接口等一种或多种部件,本申请实施例对此不做任何限制。
电子设备的软件系统可以采用分层架构,事件驱动架构,微核架构,微服务架构,或云架构。本申请实施例以分层架构的Android系统为例,示例性说明电子设备的软件结构。
请参阅图3,图3为本申请实施例中电子设备的软件结构框图。
分层架构将软件分成若干个层,每一层都有清晰的角色和分工。层与层之间通过软件接口通信。在一些实施例中,将Android系统分为四层,从上至下分别为应用程序层,应用程序框架层,安卓运行时(Android runtime)和系统库,以及内核层。
应用程序层可以包括一系列应用程序包。如图3所示,应用程序包可以包括相机,图库,日历,通话,地图,导航,WLAN,蓝牙,音乐,视频,短信息、服务等应用程序。
在本申请一些实施例中,应用程序层主要负责Settings UI的呈现,上述Settings UI可以用于用户设置电子设备的数据数据保护功能。例如,用户可以在Settings UI中进行数据保护功能的开启或关闭设置。
应用程序框架层为应用程序层的应用程序提供应用编程接口(application programming interface,API)和编程框架。应用程序框架层包括一些预先定义的函数。
如图3所示,应用程序框架层可以包括窗口管理器,内容提供器,视图系统,电话管理器,资源管理器,通知管理器等。
窗口管理器用于管理窗口程序。窗口管理器可以获取显示屏大小,判断是否有状态栏,锁定屏幕,截取屏幕等。
内容提供器用来存放和获取数据,并使这些数据可以被应用程序访问。所述数据可以包括视频,图像,音频,拨打和接听的电话,浏览历史和书签,电话簿等。
视图系统包括可视控件,例如显示文字的控件,显示图片的控件等。视图系统可用于构建应用程序。显示界面可以包括一个或多个视图。例如,包括短信通知图标的显示界面,可以包括显示文字的视图以及显示图片的视图。
电话管理器用于提供电子设备的通信功能。例如通话状态的管理(包括接通,挂断等)。
资源管理器为应用程序提供各种资源,比如本地化字符串,图标,图片,布局文件,视频文件等等。
通知管理器使应用程序可以在状态栏中显示通知信息,可以用于传达告知类型的消息,可以短暂停留后自动消失,无需用户交互。比如通知管理器被用于告知下载完成,消息提醒等。通知管理器还可以是以图表或者滚动条文本形式出现在系统顶部状态栏的通知,例如后台运行的应用程序的通知,还可以是以对话窗口形式出现在屏幕上的通知。例如在状态栏提示文本信息,发出提示音,电子设备振动,指示灯闪烁等。
在本申请实施例中,数据保护功能可以作为电子设备的一个功能实现,也可以作为电子设备中原有数据保护的一个子功能实现,如数据保护功能作为华为手机的服务应用功能的一个子功能实现,或作为华为手机的维修模式功能的一个功能实现。
Android Runtime包括核心库和虚拟机。Android runtime负责安卓系统的调度和管理。
核心库包含两部分:一部分是java语言需要调用的功能函数,另一部分是安卓的核心库。
应用程序层和应用程序框架层运行在虚拟机中。虚拟机将应用程序层和应用程序框架层的java文件执行为二进制文件。虚拟机用于执行对象生命周期的管理,堆栈管理,线程管理,安全和异常的管理,以及垃圾回收等功能。
系统库可以包括多个功能模块。例如:表面管理器(surface manager),媒体库(Media Libraries),三维图形处理库(例如:OpenGL ES),2D图形引擎(例如:SGL)等。表面管理器用于对显示子系统进行管理,并且为多个应用程序提供了2D和3D图层的融合。媒体库支持多种常用的音频,视频格式回放和录制,以及静态图像文件等。媒体库可以支持多种音视频编码格式,例如:MPEG4,H.264,MP3,AAC,AMR,JPG,PNG等。三维图形处理库用于实现三维图形绘图,图像渲染,合成,和图层处理等。2D图形引擎是2D绘图的绘图引擎。
内核层是硬件和软件之间的层。内核层至少包含显示驱动,摄像头驱动,音频驱动,传感器驱动。
下面结合捕获拍照场景,示例性说明电子设备软件以及硬件的工作流程。
当触摸传感器接收到触摸操作,相应的硬件中断被发给内核层。内核层将触摸操作加工成原始输入事件(包括触摸坐标,触摸操作的时间戳等信息)。原始输入事件被存储在内核层。应用程序框架层从内核层获取原始输入事件,识别该输入事件所对应的控件。以该触摸操作是触摸单击操作,该单击操作所对应的控件为服务应用图标的控件为例,服务应用调用应用框架层的接口,启动服务应用,为用户提供数据保护功能。
在现有技术中,当电子设备出现故障,用户将电子设备送去维修人员处进行维修,此时维修人员需要向用户索取相应的密码如开机密码来解锁该电子设备,在解锁该电子设备后,维修人员可以获取到该电子设备中的隐私数据,如查看聊天记录、导出图库中的图片等,造成用户个人隐私数据泄露。或是,在某些情形下,用户的电子设备被其它人员使用时,其它人员也可以获取到该电子设备中的隐私数据如聊天记录等。
为此,本申请提出一种数据保护方法,用于保护电子设备的隐私数据,其他人员可以操作该电子设备,使用该电子设备的原有功能,但是该电子设备中的隐私数据被安全隔离,其他人员无法访问获取该电子设备中用户的隐私数据。
实施例一
请参阅图4,图4为本申请实施例提供的一种数据保护方法流程示意图。所述方法可以应用于电子设备或云服务器,所述方法包括:
步骤S40:接收用于指示进入维修模式的第一数据。
在本申请实施例中,所述电子设备或所述云服务器可以接收来自其他电子设备的第一数据,其中,所述第一数据用于触发接收到该第一数据的电子设备或云服务器进入维修模式。如第一电子设备与第二电子设备通信连接时,第一电子设备接收来自第二电子设备的第一数据,则该第一电子设备根据接收到的第一数据进入维修模式。所述云服务器与第一电子设备通信连接时,所述云服务器接收来自该第一电子设备发送的第一数据,则云服务器根据接收到的第一数据进入维修模式。即电子设备或云服务器可以接收来自组网内其他电子设备发送的第一数据,其中来自组网内其他电子设备可以包括电子设备和云服务器。所述电子设备或所述云服务器也可以直接接收来自用户输入的第一数据,如通过UI界面输入的第一数据,则该电子设备或所述云服务器根据接收到的第一数据进入维修模式,本申请对此不做具体限定。
示例性地,以所述电子设备为手机,手机接收来自用户输入的第一数据。未进入维修模式前,手机的主界面为第一主界面12,如图5a,手机的界面包括状态栏11、第一主界面12及Dock栏13。状态栏11中可以包括运营商的名称(例如中国移动)、时间、信号强度和当前的剩余电量等。第一主界面12上包括应用程序,这些应用程序包括嵌入式应用程序及可下载应用程序,如图5a所示,第一主界面12上包括日历图标501、时钟图标502、服务图标503、邮箱图标504、聊天软件图标505和备忘录图标506等。Dock栏13中包括常用的应用程序的,如电话图标507、信息图标508及相机图标509。
用户点击第一主界面12上的服务图标503,进入服务应用,所述服务应用呈现服务应用界面,如图5b,包括状态栏11和服务应用界面14,状态栏11和图5a相似,在此不再赘述。服务应用界面14上包括相应的服务功能图标,如上门服务图标513、环保回收图标523和维修模式图标533。用户点击维修模式图标533,用户输入指示手机进入维修模式的指令,即向手机输入触发手机进入维修模式的第一数据,手机接收到第一数据后,进入维修模式。在本申请实施例中,所述第一数据包括用于指示某一电子设备进入维修模式的信息。
步骤S41:根据所述第一数据进入维修模式,加密隐私数据。
在本申请实施例中,确定隐私数据,然后使用安全的加密算法对所确定的隐私数据进行加密,以实现隐私数据的全方面隔离。隐私数据可以为涉及到用户个人隐私,如用户个人信息,或用户敏感数据。隐私数据可以理解为用户在一台新电子设备上进行操作所记录的数据。所述隐私数据包括但不限于用户下载的应用程序或用户使用应用程序所产生的数据,如用户下载的第三方软件,或用户在第三方软件上输入的数据,或用户在嵌入式应用程序上输入的数据、或用户通过第三方软件接收到的数据、或用户通过嵌入式应用程序接收到的数据等。
示例性地,所述隐私数据包括用户下载的应用程序,如支付软件、社交软件、拍摄美化软件,所述隐私数据包括用户使用第三方应用程序所产生的数据,如社交软件上的聊天记录、拍摄美化软件上的用户所拍摄的图片或视频等。所述隐私数据包括用户使用嵌入式应用程序所产生的数据,如手机本地相册上的图片或视频、邮件上的邮件资料、 备忘录上记录的数据、通讯录上记录的联系人信息及录音上记录的语音等。
在本申请实施例中,对确定的隐私数据进行加密的算法包括但不限于AES256、RSA1024等,本申请对此不做具体限定。
步骤S42:保存隐私数据并将界面初始化至出厂设置。
在本申请实施例中,在电子设备进入维修模式,电子设备可以将隐私数据加密后保存至一个预设的存储空间中,或将隐私数据保存至一个预设的存储空间中。在电子设备进入维修模式或处于维修模式,该电子设备中该预设的存储空间无法访问,并将该电子设备的界面“初始化”为出厂设置,即将相关隐私数据隐藏,无法通过电子设备的界面进入到预设的存储空间中,进而无法通过应用访问获取到隐私数据。即电子设备界面初始化后,隐私数据均被隐藏不显示、下载应用程序均被隐藏无法访问、嵌入式应用程序上记录的数据也被隐藏不显示。在电子设备退出维修模式,该电子设备中该预设的存储空间将被释放,可以将保存至该预设的存储空间的隐私数据进行恢复,电子设备的界面也恢复为电子设备为进入维修模式之前,用户又可以通过应用获取隐私数据。
示例性地,以所述电子设备为手机,手机进入维修模式前的第一主界面12如图5a。手机进入维修模式后,手机的主界面为第二主界面15,第二主界面15如图6a所示。手机进入维修模式后的第二主界面15上没有呈现第一主界面12上原有的邮箱图标504和聊天软件图标505,邮箱和聊天软件应用均被隐藏,用户操作手机无法找到下载的应用程序软件。在其中一种可能实现方式中,第一主界面12上原设置有壁纸,在进入维修模式后,第二主界面15上的壁纸被初始化为手机出厂时的壁纸。
在其中一种可能实现方式中,用户在嵌入式应用程序上操作的数据也将被隐藏。用户在备忘录上记录的一些笔记信息,如图6a,用户点击第二主界面15上的备忘录图标506进入备忘录应用。手机未进入维修模式,如图6b所示,手机上备忘录的应用界面为备忘录第一应用界面16,在备忘录第一应用界面16中显示有相应的笔记信息。在手机进入维修模式后,如图6c所示,备忘录的应用界面为备忘录第二应用界面17,在备忘录第二应用界面17中该笔记信息也将被隐藏。在其中一种可能实现方式中,用户在图库中保存有图片或视频信息,在手机进入维修模式后,用户原保存至图库上的数据均被隐藏,无法查看到图片或视频。
步骤S43:提供检测权限,以实现对所述电子设备的维修检测。
在本申请实施例中,在需要检测该电子设备时,还可以为检测设备提供检测权限,以使得检测设备可以检测该电子设备,实现对该电子设备的维修检测。检测权限包括但不限于器件检测接口权限、器件节点访问权限、日志存储区域访问权限。示例性地,提供检测接口权限可以对所述电子设备的接口进行接口测试,以检测外部其它系统与电子设备系统之间以及电子设备系统内部各个子系统之间的交互点。提供器件节点访问权限可以对电子设备中的器件进行访问,通过器件节点确定器件节点所代表的器件,并对该器件进行检测。提供日志存储区域访问权限可以提供电子设备公共日志区域的访问权限,获取相关的日志信息。对公共日志区域设置访问控制权限,如维修模式下有对应的应用可以有公共日志区域的访问控制权限。维修模式下有对应的应用可以为,将本申请的数据保护功能作为图5a中服务应用功能的一个子功能实现,如“维修模式”。也可以为将本申请的数据保护功能作为一个应用程序实现,如实现为“维修模式”应用,该维修模式下对应的应用可以作为第三方软件或嵌入式应用程序。示例性地,电子设备上有“维 修模式应用”,对维修模式应用的用户ID(User ID,UID)或组ID(Group ID,GID)进行权限的设置,如允许维修模式应用GID=1000_127的应用访问公共日志区域。用户点击维修模式应用,则可以通过该维修模式应用访问公共日志区域。
示例性地,在需要检测该电子设备的摄像头是否能拍摄时,就需要向检测设备提供摄像头的权限,以便检测人员可以操控检测设备检测该电子设备的摄像头的功能。
步骤S44:提供维修检测空间并向所述电子设备的可信设备开放所述维修检测空间的访问权限。
在本申请实施例中,在需要检测该电子设备时,该电子设备还可以提供维修检测空间,在该电子设备的存储区域申请一个新空间,即维修检测空间,该维修检测空间可以用于在维修检测时存储维修检测的数据,将维修模式下的所产生的数据存储在维修检测空间中。
步骤S45:提供维修模式空间,用于缓存当前运行应用的数据。
在本申请实施例中,在需要缓存电子设备当前正在运行的应用的内容时,提供一个维修模式空间以在电子设备进入维修模式后,还可以将当前正在运行应用的内容缓存在该维修模式空间中。具体地,检测到当前电子设备中有正在运行的应用,申请另一个新的内存空间,即维修模式空间,将当前正在运行应用的内容缓存至该维修模式空间,以在进入维修模式后,自动生成维修模式下文件目录,创建一个维修模式的路径,指向所述维修模式空间,以从维修模式空间读取数据库、播放列表信息,在维修模式下直接读取应用的内容,其中该应用可以为视频播放应用,以在进入维修模式后,还可以继续播放相应视频。
可以理解,进入维修模式执行的步骤包括但不限于上述的步骤和顺序,在某些场景下可以适当调整执行步骤,也可以适当减少相应的步骤。可以理解,在处于维修模式时,也可以执行上述步骤。
请一并参阅图7a和图7b,图7a是手机进入维修模式后,普通应用访问数据的一个场景,在该场景下,短信应用不能访问手机机主中存储的短信信息等数据,但是该短信应用可以访问维修检测空间。其中,该普通应用指电子设备进入维修模式后,手机上的应用程序中除了维修模式应用之外的应用。图7b是手机进入维修模式后,维修模式应用访问数据的一个场景,在该场景下,维修模式应用不能访问手机机主中存储的隐私数据,但是该维修模式应用可以访问维修检测空间和日志存储区域内的内容。即,在进入维修模式后,操作者在操作该电子设备时,不能通过普通应用访问到机主的隐私数据,但是可以通过普通应用访问维修检测空间,例如对于摄像应用,可以将检测到的关于摄像头的相关数据存储至维修检测空间。对于维修模式应用还可以访问日志存储区域。如图7a和图7b所示,在手机进入维修模式后,将隐私数据加密并存储在预设的存储空间,通过外部的命令也无法访问到隐私数据,如无法通过adb命令去获取图片或视频等。
下面将结合具体应用场景对实施例一的数据保护方法进行详细的说明。
第一种场景,用户将摄像头出现故障的手机送去维修,用户点击手机上的维修模式应用,则手机进入维修模式,手机上的用户的隐私数据被隐藏,维修人员在对手机进行维修的时候无法查看到用户的隐私数据。但是手机提供器件检测接口权限、器件节点访问权限、日志存储区域访问权限,维修人员可以对摄像头进行检测,修好手机后,用户退出维修模式,手机中的数据恢复,用户可以正常使用该手机并访问隐私数据。
第二种场景,用户将自己的平板给朋友玩,但是用户不想朋友看到其的个人隐私数据,则用户可以设置平板为维修模式,则用户的朋友无法访问到用户的个人隐私数据,但可以操作使用该平板,如可以正常使用其中的应用,电话、短信、日历、摄像等,但无法访问到该应用的数据,如无法访问到用户通过短信应用接收和发送的信息。在维修模式下还可以重新下载应用并使用,如重新下载聊天软件,但是该聊天软件不存在数据。平板在进入维修模式之前正常播放视频,进入维修模式后,将该视频对应的数据缓存在维修模式空间,从维修模式空间读取相关数据库和播放列表信息,依然可以正常播放视频。用户设备退出维修模式后,平板隐藏的数据恢复,又可以通过应用访问隐私数据。
发明人在实施本申请实施例时,发现上述的数据保护仅实现了对单个电子设备的数据保护,在多设备全场景下,在一个电子设备与另一个电子设备建立通信连接后,即实现两个电子设备之间的互联互通,可以通过一个电子设备访问获取到另一个电子设备的数据。例如,在手机与平板建立了通信连接,手机可以访问平板的数据,则在手机送去维修时,即使手机进入了维修模式,但是维修人员可以通过手机获取到平板上的数据。
为此,本申请提出另一种数据保护方法,用于保护组网内电子设备的隐私数据,其他人员可以操作使用一个电子设备,但是该电子设备以及与该电子设备组网的其它电子设备中的隐私数据被安全隔离,其他人员无法访问获取组网内其他电子设备中用户的隐私数据。
实施例二
请参阅图8,图8为本申请实施例提供的另一种数据保护方法流程示意图。所述方法可以应用于电子设备或云服务器,所述方法包括:
步骤S81:第一电子设备向第二电子设备发送连接请求。
在本申请实施例中,所述第一电子设备可以包括终端设备或云端设备,所述第二电子设备可以包括终端设备或云端设备,云端设备如云服务器。所述连接请求中可以包括第一电子设备的设备信息和账号信息。
可以理解,对与第一电子设备组网的电子设备的数量不做具体限定,如还可以包括第三电子设备与云服务器等。
步骤S82:第二电子设备响应连接请求,第一电子设备与第二电子设备建立通信连接。
在本申请实施例中,所述第二电子设备对连接请求中的账号信息进行验证,以确定所述第一电子设备是否为同一账号的电子设备,在为同一账号的电子设备即确定该第一电子设备为第二电子设备的可信设备。第二电子设备验证账号信息验证后,返回验证成功的信息给第一电子设备,第一电子设备与第二电子设备建立通信连接。在第二电子设备验证账号信息失败时,第二电子设备向第一电子设备返回验证失败的信息,第一电子设备与第二电子设备建立通信连接失败。
可以理解,第二电子设备为第一电子设备的可信设备,则第一电子设备与第二电子设备建立通信连接,即该通信连接包括第一电子设备与第二电子设备进行鉴权成功后建立的通信连接。
在本申请实施例中,同一账号的电子设备相互之间为可信设备,可信设备还可以包括用户授权后进行验证通过的电子设备。可信设备之间可以建立通信连接,在某一电子设备与另一电子设备之间不互为可信设备,则两个电子设备之间的连接断开。
在本申请实施例中,第一电子设备与第二电子设备连接方式包括有线连接或无线连接。
在本申请实施例中,第一电子设备与第二电子设备建立通信连接,不限于第一电子设备向第二电子设备发送连接请求,还可以是第二电子设备向第一电子设备发送连接请求,在通信连接后即可进行下述步骤。
步骤S83:检测到第一触发条件,第一电子设备向第二电子设备发送第一数据,其中所述第一数据用于触发第二电子设备进入维修模式。
在本申请实施例中,在第一电子设备与第二电子设备鉴权成功后,第一电子设备检测到第一触发条件后,第一电子设备向第二电子设备发送第一数据。其中所述第一触发条件包括第一电子设备处于维修检测状态,或第一电子设备处于维修模式,或第一电子设备进入维修模式。第一数据用于触发第二电子设备进入维修模式,第一数据可以包括如下信息:所述第一电子设备进入维修模式,或,所述第一电子设备当前处于维修模式,或,所述第一电子设备当前处于维修检测状态,其中第一电子设备当前处于维修检测状态即第一设备正被检测设备维修检测中。
在本申请实施例中,第一电子设备向第二电子设备发送第一数据,告知第二电子设备当前的状态,如所述第一电子设备进入维修模式,或,所述第一电子设备当前处于维修模式,或,所述第一电子设备当前处于维修检测状态等,以触发第二电子设备进入维修模式。
步骤S84:第二电子设备根据所述第一数据进入维修模式。
在本申请实施例中,所述第二电子设备接收到第一数据后进入维修模式。在第二电子设备从第一数据中获得第一电子设备进入维修模式的信息时,第二电子设备进入维修模式。或,在第二电子设备从第一数据中获得第一电子设备处于维修模式的信息时,第二电子设备进入维修模式。或,在第二电子设备从第一数据中获得第一电子设备当前处于维修检测中时,第二电子设备进入维修模式。在本申请实施例中,在所述第一电子设备当前处于维修模式,或,所述第一电子设备当前处于维修检测中时,或,所述第一电子设备进入维修模式,所述第一电子设备即向第二电子设备发送第一数据,所述第二电子设备接收到第一电子设备发送的第一数据,则所述第二电子设备被触发进入维修模式。即所述第二电子设备在所述第一电子设备处于维修模式,或所述第一电子设备处于维修检测状态时,或,所述第一电子设备进入维修模式,基于电子设备之间的互联互通,所述第二电子设备接收到第一数据后也被触发进入维修模式,以保护所述第二电子设备的数据。
可以理解,所述第一电子设备处于维修模式,或第一电子设备进入维修模式,或所述第一电子设备当前处于维修检测中,第一电子设备处于一个非安全环境下,所述第一电子设备即向与其组网的电子设备发送第一数据,与其组网的电子设备接收到第一数据后自动进入维修模式,执行上述实施例一的步骤,以保护与第一电子设备组网的其它电子设备中的数据。
步骤S85:检测到第二触发条件,第一电子设备向第二电子设备发送第二数据,其中所述第二数据用于触发第二电子设备退出维修模式。
在本申请实施例中,所述第二触发条件包括所述第一电子设备当前退出维修模式,或,所述第一电子设备当前退出维修检测。第二数据可以包括如下信息:所述第一电子 设备当前退出维修模式,或,所述第一电子设备当前退出维修检测。
在本申请实施例中,第一电子设备向第二电子设备发送第二数据,告知第二电子设备当前的状态,如所述第一电子设备当前退出维修模式,或,所述第一电子设备当前退出维修检测等,以触发第二电子设备退出维修模式。
步骤S86:所述第二电子设备根据所述第二数据退出维修模式。
在本申请实施例中,在第二电子设备从第二数据中获得第一电子设备退出维修模式的信息时,第二电子设备退出维修模式。或,在第二电子设备从第二数据中获得第一电子设备退出维修检测的信息时,第二电子设备退出维修模式。即所述第二电子设备在所述第一电子设备退出维修模式,或所述第一电子设备退出维修检测时,所述第二电子设备被触发退出维修模式。
在本申请实施例中,在第一电子设备处于一个非安全环境下(第一电子设备当前处于维修模式,或,第一电子设备正被维修检测中,或,第一电子设备进入维修模式),第二电子设备可以根据第一电子设备的第一数据进入维修模式,保护第二电子设备的数据,避免通过与第一电子设备的通信连接泄露第二电子设备中的隐私数据。在第一电子设备退出维修状态时,第一电子设备处于一个安全环境下(第一电子设备退出处于维修模式,或,第一电子设备退出维修检测),第二电子设备跟根据第一电子设备发送的第二数据,第二电子设备也退出维修模式,保证第二电子设备可以正常使用。
下面将结合具体应用场景对实施例二的数据保护方法进行详细的说明。
请参阅图9,图9为本申请实施例提供的另一种数据保护方法流程示意图。
步骤S91:电视设备启动开机后组网。
在本申请实施例中,电视设备关机后断开网络连接,在电视设备启动,电视设备会请求建立连接,进行组网。
步骤S92:电视设备检测到组网内手机正在处于维修模式。
在本申请实施例中,在电视设备向手机发送连接请求后,接收到手机发送的第一数据得知手机正处于维修模式。
步骤S93:电视设备判断是否继续组网。
在本申请实施例中电视设备根据用户的指令判断是否继续组网,电视设备可以出现提示“网内手机正处于维修模式,是否需要继续组网”。在用户点击“否”时,则电视设备停止组网,结束流程。
步骤S94:电视设备继续组网,接收第一数据进入维修模式。
在本申请实施例中在用户点击“是”时,则电视设备继续组网,手机检测到电视设备组网,向电视设备发送第一数据。电视设备组网即接收到手机发送的第一数据,则电视设备根据第一数据进入维修模式。
步骤S95:电视设备接收第二数据。
在本申请实施例中,手机维修完成,手机会广播第二数据,电视设备接收到第二数据。
步骤S96:电视设备退出维修模式。
步骤在本申请实施例中,电视设备根据手机发送的第二数据退出维修模式。
可以理解,多设备的通信连接不限于上述的两个电子设备的通信连接,第一电子设备还可以通过广播的方式传输第一数据和/或第二数据,告知第一电子设备当前状态为维 修状态,进而使得与第一电子设备组网的其他设备也进入维修模式。
实施例三
请参阅图10,图10为本申请实施例提供的另一种数据保护方法流程示意图。所述方法应用于电子设备或云服务器,所述方法包括:
步骤S101:第一电子设备向第二电子设备、第三电子设备和云服务器广播其连接请求。
在本申请实施例中,对与第一电子设备组网的电子设备的数量不做具体限定,所述连接请求中可以包括第一电子设备的设备信息和账号信息。
步骤S102:第二电子设备、第三电子设备和云服务器响应该连接请求,第二电子设备、第三电子设备和云服务器均与第一电子设备建立通信连接。
在本申请实施例中,第二电子设备、第三电子设备和云服务器对连接请求中的账号信息进行验证,以确定所述第一电子设备是否为同一账号的电子设备,以此确定第一电子设备是否为可信设备。在第一电子设备为第二电子设备的可信设备时,第一电子设备与第二电子设备建立通信连接,第三电子设备和云服务器与第一电子设备建立通信连接也类似,在此不再赘述。
步骤S103:检测到第一触发条件,第一电子设备向第二电子设备、第三电子设备和云服务器发送第一数据,其中第一数据用于触发第二电子设备、第三电子设备和云服务器进入维修模式。
步骤S104:第二电子设备、第三电子设备和云服务器均根据所述第一数据进入维修模式。
步骤S105:检测到第二触发条件,第一电子设备向第二电子设备、第三电子设备和云服务器发送第二数据,其中第二数据用于触发第二电子设备、第三电子设备和云服务器退出维修。
步骤S106:第二电子设备、第三电子设备和云服务器均根据第二数据退出维修模式。
下面将结合具体应用场景对实施例三的数据保护方法进行详细的说明。
请参阅图11,用户的手机与平板及云服务器建立通信连接,可以通过手机以及平板访问云服务器的数据,基于互联互通,手机与平板之间可以相互访问数据。
组网内的手机出现故障,用户将故障的手机送去维修,维修人员可以通过检测设备与手机之间的检测通道向平板以及云服务器输入命令,如adb命令,让手机去平板以及云服务器的指定目录将数据获取出来。
请参阅图11,用户将手机设置为维修模式,维修人员可能无法获取手机中的隐私数据。
手机向与其组网的平板以及云服务器广播第一数据,告知组网内的平板与云服务器手机当前处于维修模式,平板以及云服务器接收到手机的广播信息后,平板以及云服务器均自动进入维修模式,云服务器申请一个新的空间作为维修检测空间,以便手机和平板可以访问该维修检测空间,平板也可以申请一个新的空间作为维修检测空间,以便手机访问该维修检测空间。维修人员无法通过手机获取与手机组网的平板以及云服务器的隐私数据。在手机修好后,用户取到修好的手机将手机退出维修模式,则手机向平板及云服务器广播其第二数据,告知组网内的平板与云服务器手机当前退出维修模式,平板和云服务器均根据所述第二数据退出维修模式,手机组网内的设备可以正常通信访问数 据。平板和云服务器可以将申请的维修检测空间释放,平板还可以出现提示,以提示用户是否保存维修检测空间中的数据。
在本申请实施例中,在组网内的某一电子设备处于维修模式,或该电子设备进入维修模式,或正在被维修状态,组网内的其他电子设备及云服务器均会自动进入维修模式,由此实现对组网内电子设备的数据保护。
发明人在实施本申请实施例时,发现在某些场景下多设备之间需要进行协同检测、多设备联合问题诊断,此时会存在数据泄露的可能,例如,手机与智慧屏之间的投屏功能出现问题,需要同时检测手机与智慧屏的投屏功能,以确定问题。此时需要将手机与智慧屏进行通信连接,同时检测手机与智慧屏的投屏功能。基于手机与智慧屏之间互联互通,手机与智慧屏之间可以相互访问数据,可以进行远程通信,用户将手机拿去给维修人员进行维修,维修人员通过手机远程检测智慧屏,即使手机进入维修模式,但智慧屏未处于数据保护状态。
为此,本申请提出另一种数据保护方法,在多设备联合问题诊断中用于保护组网内电子设备的隐私数据,其他人员无法访问获取网内电子设备中用户的隐私数据。
实施例四
请参阅图12,图12为本申请实施例提供的另一种数据保护方法流程示意图。所述方法应用于电子设备或云服务器,所述方法包括:
步骤S120:第一电子设备与第二电子设备建立通信连接,其中,所述第二电子设备为所述第一电子设备的可信设备。
步骤S121:第一电子设备接收第二电子设备发送的第一数据,其中第一数据用于触发第一电子设备进入维修模式。
在本申请实施例中,第二电子设备检测到第一触发条件,第二电子设备向第一电子设备发送第一数据,该第一触发条件包括在所述第二电子设备处于维修检测状态,或所述第二电子设备处于维修模式,或所述第二电子设备进入维修模式中的任一种,该第一触发条件还包括所述第二电子设备请求所述第一电子设备提供检测权限。即在所述第二电子设备处于维修检测状态,且所述第二电子设备请求所述第一电子设备提供检测权,则第二电子设备发送第一数据。或,在所述第二电子设备处于维修模式,且所述第二电子设备请求所述第一电子设备提供检测权限,则第二电子设备发送第一数据。或,在所述第二电子设备进入维修模式,且所述第二电子设备请求所述第一电子设备提供检测权限,则第二电子设备发送第一数据。
在本申请实施例中,所述第二电子设备向第一电子设备请求所述第一电子设备提供检测权限,以便检测设备可以对该第一电子设备进行维修检测,或该检测设备通过第二电子设备对第一电子设备进行维修检测。
步骤S122:所述第一电子设备根据所述第一数据进入维修模式。
在其中一种可能实现方式中,所述第二电子设备向所述第一电子设备发送第一数据包,以便第一电子设备可以接收到第一数据。
示例性,给出一种第一数据包部分结构的示意,如下:
{
交互类型:检测请求(diagRequest)
当前模式:维修模式(uid127)
}
相应地,第一电子设备对第一数据包进行解析,向第二电子设备返回的信息如下:
{
交互类型:检测请求(diagRequest)
当前模式:维修模式(uid127)
访问状态:就绪(ready)
}
在第一电子设备解析到命令格式为维修模式,且交互类型为检测请求时,即请求第一电子设备提供检测权限,第一电子设备切换到维修模式,并向第二电子设备返回命令,告知第二电子设备该第一电子设备进入维修模式就绪。
实施例二、实施例三及实施例四相同点在于,在组网内的其他电子设备处于维修检测状态或处于维修模式或进入维修模式时,接收组网内的该电子设备发送的第一数据,以根据该第一数据切换至维修模式。实施例四与实施例二、实施例三的区别在于,第一数据中除了组网内第二电子设备状态的信息外还包括请求第一电子设备提供检测权限的信息,即在组网内的第二电子设备处于维修检测状态或处于维修模式或进入维修模式时,第一电子设备接收第二电子设备的第一数据,根据第一数据得知第二电子设备处于维修检测状态或处于维修模式或进入维修模式,且第二电子设备请求第一电子设备提供检测权限,所述第一电子设备进入维修模式。
下面将结合具体应用场景对实施例四的数据保护方法进行详细的说明。
请参阅图13,手机与智慧屏组网,用户将故障的手机送去维修人员进行维修,手机进入维修模式,智慧屏接收到手机发送的广播信息,得知手机处于维修模式,但智慧屏还未进入维修模式。手机接收来自检测设备发送的检测命令,手机根据检测命令判断是否检测组网内的智慧屏,如果不需要检测组网内的智慧屏,手机响应检测设备的检测命令,向检测设备发送检测结果,检测设备获取手机的检测结果。当需要检测组网内的智慧屏时,手机向智慧屏发送第一数据,该第一数据包括手机处于维修模式且请求智慧屏提供检测权限,智慧屏根据第一数据得到手机处于维修模式,且手机要求智慧屏提供检测权限,则智慧屏将进入维修模式。智慧屏检测到当前正在运行应用,申请一个内存空间,即维修模式的内存空间,将当前应用的列表等数据缓存至维修模式的内存空间,如爱奇艺正在播放,将爱奇艺的数据库、播放列表等信息拷贝到维修模式空间,对隐私数据进行加密。智慧屏还可以出现提示告知用户即将进入维修模式。检测设备通过手机远程检测智慧屏,智慧屏缓存的内容可以继续播放。检测结束,智慧屏将检测结果发送给手机,手机收集智慧屏的检测结果并将手机和智慧屏的检测结果均发送给检测设备。在维修结束,智慧屏提示用户访问完毕,将自动退出维修模式。
上述电子设备接收用于指示进入维修模式的第一数据可以来自用户在电子设备的直接设置还可以是来自其他电子设备的发送的数据,在来自其他电子设备发送的数据中可以包括由其他电子设备在满足第一触发条件下自动发送的第一数据,也可以包括用户通过一电子设备向另一电子设备发送的第一数据。
在其中一种场景下,在用户将手机送去维修后发现忘记设置手机进入维修模式,此时如果重新回去设置手机进入维修模式存在不便。为此,本申请提出另一种数据保护方法,通过对组网内的多设备进行动态授权,以使得电子设备根据用户的指令进入维修模 式。
实施例五
请参阅图14,图14为本申请实施例提供的另一种数据保护方法流程示意图。所述方法应用于第一电子设备,所述方法包括:
步骤S141:接收用户输入的第一输入命令。
在本申请实施例中,所述第一输入命令可以包括密码、指纹信息、手势密码以及人脸信息等,该第一输入命令用于验证用户是否为第一电子设备的机主。
步骤S142:根据所述第一输入命令判断当前用户是否为机主。
在本申请实施例中,在所述密码符合预存的密码时,确定当前用户为机主。在指纹信息符合预存的指纹信息时,确定当前用户为机主。在手势密码符合预存的手势密码时,确定当前用户为机主。在人脸信息符合预存的人脸信息时,确定当前用户为机主。
步骤S143:若是,获取主控权限,其中,所述主控权限用于设置组网内其他电子设备的权限。
在本申请实施例中,在当前用户为机主时,第一电子设备获取主控权限,第一电子设备为主控设备,即用户可以通过主控设备设置组网内其他电子设备的权限。
步骤S144:接收用户输入的第二输入指令。
在本申请实施例中,第二输入命令用于指示要设置的电子设备和其对应权限,包括要设置的电子设备的ID以及该电子设备对应的权限等。
步骤S145:根据第二输入指令将相应的权限设置信息发送给第二电子设备,以使得所述第二电子设备根据所述权限设置信息设置其权限。
在本申请实施例中,第一电子设备与第二电子设备为同一账号进行登录的设备,该第二电子设备为第一电子设备的可信设备,第一电子设备与第二电子设备建立通信连接。第一电子设备与第二电子设备可以不为同一账号的设备,第二电子设备可以为用户授权并验证过的可信设备。
在本申请实施例中,用户通过第一电子设备输入第二输入命令,该第二输入命令用于指示将第二电子设备的权限设置为维修模式,即所述第一电子设备接收到用户输入的指示所述第二电子设备进入维修模式的指令,第一电子设备向第二电子设备发送数据,以触发第二电子设备进入维修模式。
下面将结合具体应用场景对实施例五的数据保护方法进行详细的说明。
用户将手机送去维修,但是忘记设置手机进入维修模式,用户当前能使用的设备为平板,用户在平板上输入第一输入命令,平板验证当前用户为机主,则平板获取主控权限,可以根据用户输入的第二输入命令设置组网内的其他电子设备的权限。用户向平板输入第二输入命令,用于设置同一登录账号手机的权限为维修模式,则该第二输入命令为维修设置指令,平板接收到所述用户输入的维修设置指令,其中所述维修设置指令用于指示所述手机进入维修模式,则平板根据所述维修设置指令向手机发送第一数据,以使得手机根据该第一数据进入维修模式。
在本申请实施例中,主控设备还可以设置组网内非登录账号设备的权限,请一并参阅图15,手机、手表及智慧屏为同一登录账号的设备,手机、手表及智慧屏互为可信设备。维修人员使用非同一登录账号设备电脑检测手表。电脑向手机发送连接请求,手机的界面上出现提示,是否接入该电脑,用户确定接入该电脑后呈现如图16所示的权限设 置界面18,权限设置界面18上包括状态栏11、账号信息、登录账号的设备列表、设备等级、非登录设备、已连接设备列表、可访问设备包括相应的可访问设备选择框19及临时权限包括相应的临时权限可选择框20。
状态栏11可以包括时间、信号强度和当前的剩余电量等。账号信息为用户的登录账号名称如“张三”。登录设备列表中展示的是登录同一账号的设备,以及该设备的设备等级,如当前登录同一账号的设备包括手机、手表及智慧屏,手机的设备等级为主控设备,手表及智慧屏的设备等级为从设备。非登录设备中已连接的设备列表中包括电脑和平板。电脑、平板的对应可访问设备处有个选择框,用户可以操作该选择框确定电脑、平板的可访问设备。电脑、平板对应的临时权限处有个选择框,用户可以操作该选择框确定电脑、平板的临时权限。
如图17,用户在权限设置界面18上对应电脑处点击可访问设备选择框19,弹出电脑可访问设备包括手机、手表和智慧屏,点击临时权限可选择框20,弹出相应的对应的临时权限包括维修模式访问和正常访问。用户选择电脑可以访问的设备包括手表,用户选择电脑对应的临时权限包括维修模式访问,用户选择平板可以访问的设备包括智慧屏,用户选择平板对应的临时权限包括正常访问,电脑的权限设置完成后,请一并参阅图18。电脑获得手机发送的授权证书,则电脑可以访问手表,且是以维修模式访问。即在电脑和手表建立通信连接时,电脑向手表发送连接请求,连接请求中包括授权证书,手表解析授权证书,得到连接请求中电脑的维修模式访问权限,手表根据电脑的维修模式访问权限手表进入维修模式,手表响应该连接请求,向电脑发送数据告知其已准备好可以访问,手表与电脑建立通信连接。以此类推,在电脑被授权访问更多的电子设备时,其仅需要获得手机主控设备授权就可以访问其他电子设备,避免设备同网络中,每个电子设备都需要做相互鉴权。电脑向手表发送第一数据,手表接收该第一数据后响应检测请求类型,手表提供检测权限,并在检测完毕之后发送检测结果给电脑。
电脑完成检测后,用户在手机上取消电脑的授权,手机通知手表退出维修模式,手表退出维修模式。
平板的访问设置与访问方式与电脑相似,在此不再赘述。平板可访问设备为智慧屏,且临时权限为正常访问,则平板可以正常与智慧屏进行通信连接,平板与智慧屏之间可以进行数据共享。
在本申请实施例中,第一电子设备在接收到用户输入的命令后,可以向与其组网的其他电子设备发送第一数据,该第一数据用于指示与其组网的其他电子设备进入维修模式,以使得与其组网的其他电子设备可以在用户的控制下进入维修模式。
对于本领域的技术人员而言,显然本申请不限于上述示范性实施例的细节,而且在不背离本申请的精神或基本特征的情况下,能够以其他具体形式实现本申请。因此,只要在本申请的实质精神范围之内,对以上实施例所作的适当改变和变化都应该落在本申请要求保护的范围之内。
Claims (18)
- 一种数据保护方法,其特征在于,应用于第一电子设备,所述方法包括:第一电子设备与第二电子设备建立通信连接,其中,所述第一电子设备为所述第二电子设备的可信设备;检测到第一触发条件,所述第一电子设备向所述第二电子设备发送第一数据,其中,所述第一数据用于触发所述第二电子设备进入维修模式。
- 根据权利要求1所述的方法,其特征在于,所述第一触发条件包括:所述第一电子设备处于维修检测状态,或所述第一电子设备处于维修模式,或所述第一电子设备进入维修模式。
- 根据权利要求2所述的方法,其特征在于,所述第一触发条件还包括:所述第一电子设备请求所述第二电子设备提供检测权限。
- 根据权利要求1所述的方法,其特征在于,所述第一触发条件包括:所述第一电子设备接收到用户输入的指示所述第二电子设备进入维修模式的指令。
- 根据权利要求2或3所述的方法,其特征在于,所述第一电子设备进入维修模式包括:加密隐私数据。
- 根据权利要求2或3所述的方法,其特征在于,所述第一电子设备进入维修模式包括:提供检测权限,以实现对所述第一电子设备的维修检测。
- 根据权利要求2或3所述的方法,其特征在于,所述第一电子设备进入维修模式包括:提供维修检测空间;向所述第一电子设备的可信设备开放所述维修检测空间的访问权限。
- 一种数据保护方法,其特征在于,应用于第二电子设备,所述方法包括:第二电子设备与第一电子设备建立通信连接,其中,所述第二电子设备为所述第一电子设备的可信设备;接收所述第一电子设备发送的第一数据;根据所述第一数据进入维修模式。
- 根据权利要求8所述的方法,其特征在于,所述第一数据包括以下信息之一:所述第一电子设备处于维修检测状态,所述第一电子设备处于维修模式,所述第一电子设备进入维修模式。
- 根据权利要求9所述的方法,其特征在于,所述第一数据还包括:用于请求所述第二电子设备提供检测权限的信息。
- 根据权利要求8所述的方法,其特征在于,所述第一数据包括:用户输入的用于指示所述第二电子设备进入维修模式的信息。
- 根据权利要求8-11任一项所述的方法,其特征在于,所述根据所述第一数据进入维修模式包括:加密隐私数据。
- 根据权利要求8-12任一项所述的方法,其特征在于,所述根据所述第一数据进入维修模式还包括:提供检测权限,以实现对所述第二电子设备的维修检测。
- 根据权利要求8-13任一项所述的方法,其特征在于,所述根据所述第一数据进入维修模式还包括:提供维修检测空间;向所述第二电子设备的可信设备开放所述维修检测空间的访问权限。
- 一种数据保护系统,其特征在于,至少包括第一电子设备和第二电子设备;所述第一电子设备与所述第二电子设备建立通信连接,其中,所述第二电子设备为所述第一电子设备的可信设备;检测到第一触发条件,所述第一电子设备向所述第二电子设备发送第一数据;所述第二电子设备接收所述第一数据;所述第二电子设备根据所述第一数据进入维修模式。
- 一种数据保护系统,其特征在于,包括云服务器和至少一个电子设备;所述云服务器与所述至少一个电子设备建立通信连接,其中,所述云服务器为所述至少一个电子设备的可信设备;检测到第一触发条件,所述至少一个电子设备向所述云服务器发送第一数据;所述云服务器接收所述第一数据;所述云服务器根据所述第一数据进入维修模式。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序代码,当所述计算机程序代码被计算设备执行时,所述计算设备执行上述权利要求1至14中任一项所述的方法。
- 一种电子设备,其特征在于,所述电子设备包括处理器和存储器,所述存储器用于存储一组计算机指令,当所述处理器执行所述一组计算机指令时,所述计算设备执行上述权利要求1至14中任一项所述的方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/264,248 US20240095408A1 (en) | 2021-02-04 | 2021-12-31 | Data protection method and system, medium, and electronic device |
EP21924495.1A EP4266202A4 (en) | 2021-02-04 | 2021-12-31 | DATA PROTECTION METHOD AND SYSTEM, MEDIUM AND ELECTRONIC DEVICE |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110158831.1A CN112966297B (zh) | 2021-02-04 | 2021-02-04 | 数据保护方法、系统、介质及电子设备 |
CN202110158831.1 | 2021-02-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022166502A1 true WO2022166502A1 (zh) | 2022-08-11 |
Family
ID=76274180
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/143962 WO2022166502A1 (zh) | 2021-02-04 | 2021-12-31 | 数据保护方法、系统、介质及电子设备 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240095408A1 (zh) |
EP (1) | EP4266202A4 (zh) |
CN (1) | CN112966297B (zh) |
WO (1) | WO2022166502A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112966297B (zh) * | 2021-02-04 | 2022-01-14 | 华为技术有限公司 | 数据保护方法、系统、介质及电子设备 |
CN118107496A (zh) * | 2022-11-30 | 2024-05-31 | 华为技术有限公司 | 车辆控制方法、车辆控制系统和相关设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100229220A1 (en) * | 2009-03-03 | 2010-09-09 | Grasstell Networks Llc | System and method for theft and data recovery from lost portable devices |
CN104298903A (zh) * | 2014-09-29 | 2015-01-21 | 小米科技有限责任公司 | 访问移动终端的方法及装置 |
CN107480511A (zh) * | 2016-11-02 | 2017-12-15 | 深圳市波普安创技术有限公司 | 信息安全设备的维修防篡改系统及其方法 |
CN112966297A (zh) * | 2021-02-04 | 2021-06-15 | 华为技术有限公司 | 数据保护方法、系统、介质及电子设备 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101083537B (zh) * | 2006-05-31 | 2011-10-05 | 华为技术有限公司 | 一种实现设备管理的方法、装置和系统 |
US9641486B1 (en) * | 2013-06-28 | 2017-05-02 | EMC IP Holding Company LLC | Data transfer in a data protection system |
CN103619002A (zh) * | 2013-12-16 | 2014-03-05 | 北京百纳威尔科技有限公司 | 手机远程安全保护的方法 |
US11222104B2 (en) * | 2017-01-22 | 2022-01-11 | Huawei Technologies Co., Ltd. | Verification method, mobile terminal, device, and system |
US20200250326A1 (en) * | 2017-10-25 | 2020-08-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Operation of an Electronic Device during Maintenance |
CN111066306B (zh) * | 2018-03-27 | 2022-09-16 | 华为技术有限公司 | 在局域网内共享数据的方法及电子设备 |
CN111367720A (zh) * | 2020-03-04 | 2020-07-03 | 北京字节跳动网络技术有限公司 | 数据保护方法、装置、电子设备及计算机可读存储介质 |
CN111783136B (zh) * | 2020-06-17 | 2024-07-23 | 联想(北京)有限公司 | 一种数据保护方法、装置、设备和存储介质 |
CN111949956A (zh) * | 2020-07-31 | 2020-11-17 | 华为技术有限公司 | 一种安全交互方法及装置 |
CN112035807A (zh) * | 2020-08-06 | 2020-12-04 | 珠海格力电器股份有限公司 | 对象认证方法和装置、存储介质和电子装置 |
CN112182643B (zh) * | 2020-09-07 | 2024-08-02 | 珠海格力电器股份有限公司 | 一种数据隐私保护方法、装置、电子设备及存储介质 |
CN112270015A (zh) * | 2020-10-27 | 2021-01-26 | 维沃移动通信有限公司 | 数据保护方法、装置、电子设备及可读存储介质 |
-
2021
- 2021-02-04 CN CN202110158831.1A patent/CN112966297B/zh active Active
- 2021-12-31 WO PCT/CN2021/143962 patent/WO2022166502A1/zh active Application Filing
- 2021-12-31 US US18/264,248 patent/US20240095408A1/en active Pending
- 2021-12-31 EP EP21924495.1A patent/EP4266202A4/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100229220A1 (en) * | 2009-03-03 | 2010-09-09 | Grasstell Networks Llc | System and method for theft and data recovery from lost portable devices |
CN104298903A (zh) * | 2014-09-29 | 2015-01-21 | 小米科技有限责任公司 | 访问移动终端的方法及装置 |
CN107480511A (zh) * | 2016-11-02 | 2017-12-15 | 深圳市波普安创技术有限公司 | 信息安全设备的维修防篡改系统及其方法 |
CN112966297A (zh) * | 2021-02-04 | 2021-06-15 | 华为技术有限公司 | 数据保护方法、系统、介质及电子设备 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4266202A4 |
Also Published As
Publication number | Publication date |
---|---|
CN112966297A (zh) | 2021-06-15 |
EP4266202A1 (en) | 2023-10-25 |
US20240095408A1 (en) | 2024-03-21 |
EP4266202A4 (en) | 2024-05-22 |
CN112966297B (zh) | 2022-01-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102503341B1 (ko) | 보안 서비스 삭제 방법 및 전자 장치 | |
CN113609498B (zh) | 数据保护方法及电子设备 | |
WO2020015259A1 (zh) | 一种数据备份方法及终端 | |
CN113408016B (zh) | 保存密文的方法和装置 | |
WO2022166502A1 (zh) | 数据保护方法、系统、介质及电子设备 | |
WO2021057982A1 (zh) | 应用程序的处理方法及相关产品 | |
CN115297405A (zh) | 一种音频输出方法及终端设备 | |
WO2022111469A1 (zh) | 一种文件共享方法、装置及电子设备 | |
WO2022022422A1 (zh) | 一种权限管理方法及终端设备 | |
CN114969769A (zh) | 一种访问控制方法、电子设备及系统 | |
CN110263525B (zh) | 设备配置方法及装置 | |
CN114692119A (zh) | 校验应用的方法和电子设备 | |
CN116669020B (zh) | 一种密码管理方法、系统和电子设备 | |
CN115017495B (zh) | 定时校验方法、电子设备和可读存储介质 | |
CN115017498B (zh) | 小应用程序的操作方法和电子设备 | |
CN116982042A (zh) | 灵活授权的访问控制方法、相关装置及系统 | |
CN115203716A (zh) | 权限同步方法、相关装置及系统 | |
CN116527266A (zh) | 数据归集方法及相关设备 | |
CN114968657A (zh) | 一种数据备份方法和电子设备 | |
WO2023072206A1 (zh) | 密钥迁移方法及相关设备 | |
WO2022042273A1 (zh) | 密钥使用方法及相关产品 | |
US20240316466A1 (en) | Service access method, terminal, and system | |
CN114637441A (zh) | 空间管理的方法、装置、电子设备和可读存储介质 | |
CN118797664A (zh) | 一种数据加密方法和电子设备 | |
CN117633773A (zh) | 拦截补丁的方法和电子设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21924495 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2021924495 Country of ref document: EP Effective date: 20230718 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18264248 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |