[go: up one dir, main page]

CN106778313A - A data verification method and device - Google Patents

A data verification method and device Download PDF

Info

Publication number
CN106778313A
CN106778313A CN201611265363.3A CN201611265363A CN106778313A CN 106778313 A CN106778313 A CN 106778313A CN 201611265363 A CN201611265363 A CN 201611265363A CN 106778313 A CN106778313 A CN 106778313A
Authority
CN
China
Prior art keywords
data
storage area
dedicated processor
terminal
isolated storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611265363.3A
Other languages
Chinese (zh)
Inventor
白剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201611265363.3A priority Critical patent/CN106778313A/en
Publication of CN106778313A publication Critical patent/CN106778313A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a data verification method and a device, wherein the data verification method comprises the following steps: the special processor receives a verification request, wherein the verification request carries first data needing to be verified; the special processor acquires second data from the isolated memory area, wherein the data stored in the isolated memory area is data with the importance degree greater than a preset threshold value; the dedicated processor matching the first data with the second data; and if the matching is consistent, the special processor returns the indication information that the verification is passed. By adopting the invention, the safety of the important data of the user can be effectively ensured by storing the important information in the isolated storage area.

Description

一种数据验证方法及装置A data verification method and device

技术领域technical field

本发明涉及通信网络技术领域,尤其涉及一种数据验证方法及装置。The invention relates to the technical field of communication networks, in particular to a data verification method and device.

背景技术Background technique

日常生活中,终端的使用非常广泛,用户可以在终端安装各种应用,从而实现各种功能,比如各种导航软件、各种购物软件、各种即时通讯应用等等。随着终端使用的更加开放化,各种不法分子也容易利用终端使用的开放化,利用黑客技术盗取一些重要信息,因此用户在使用终端的过程中,对终端的安全性也存在各种担忧。In daily life, terminals are widely used. Users can install various applications on the terminal to realize various functions, such as various navigation software, various shopping software, various instant messaging applications, and so on. With the openness of terminal use, various criminals can easily take advantage of the openness of terminal use and use hacking techniques to steal some important information. Therefore, users also have various concerns about the security of the terminal when using the terminal. .

比如我们会设置开机密码,开机指纹以及开机图案等等,对于这些重要的信息,若一旦被黑客攻击,则会造成重要信息泄露,别人就可以操控自己的手机,盗取手机中的大量隐私信息。For example, we will set power-on passwords, power-on fingerprints, and power-on patterns, etc. For these important information, if hackers attack, important information will be leaked, and others can control their mobile phones and steal a lot of private information in the mobile phone .

发明内容Contents of the invention

本发明实施例提供一种数据验证方法及装置,通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。Embodiments of the present invention provide a data verification method and device, which can effectively ensure the security of important user data by storing important information in an isolated storage area.

本发明实施例第一方面提供一种数据验证方法,应用于终端,所述终端包括隔离存储区和专用处理器,所述隔离存储区的访问权限仅限于所述专用处理器,其可包括:The first aspect of the embodiments of the present invention provides a data verification method, which is applied to a terminal. The terminal includes an isolated storage area and a dedicated processor. The access authority of the isolated storage area is limited to the dedicated processor, which may include:

所述专用处理器接收验证请求,所述验证请求中携带需要验证的第一数据;The dedicated processor receives a verification request, and the verification request carries first data to be verified;

所述专用处理器从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;The dedicated processor acquires second data from the isolated storage area, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold;

所述专用处理器将所述第一数据与所述第二数据进行匹配;the special purpose processor matches the first data with the second data;

若匹配一致,则所述专用处理器返回验证通过的指示信息。If the matches are consistent, the dedicated processor returns indication information that the verification is passed.

本发明实施例第二方面提供一种数据验证装置,应用于终端的专用处理器,所述终端还包括隔离存储区,所述隔离存储区的访问权限仅限于所述专用处理器,其可包括:The second aspect of the embodiment of the present invention provides a data verification device, which is applied to a dedicated processor of a terminal. The terminal also includes an isolated storage area, and the access right of the isolated storage area is limited to the dedicated processor, which may include :

接收单元,用于接收验证请求,所述验证请求中携带需要验证的第一数据;a receiving unit, configured to receive a verification request, where the verification request carries first data to be verified;

获取单元,用于从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;An acquisition unit, configured to acquire second data from the isolated storage area, where the data stored in the isolated storage area is data whose importance is greater than a preset threshold;

匹配单元,用于将所述第一数据与所述第二数据进行匹配;a matching unit, configured to match the first data with the second data;

返回单元,用于若所述第一数据与所述第二数据匹配一致,则所述专用处理器返回验证通过的指示信息。A returning unit, configured to return, by the dedicated processor, indication information of passing the verification if the first data matches the second data.

本发明实施例中,终端包括隔离存储区和专用处理器,该隔离存储区的访问权限仅限于专用处理器,隔离存储区中存储的数据为重要度大于预设阈值的数据,专用处理器对验证请求中携带的需要验证的第一数据进行验证时,从隔离存储区中获取第二数据,并将第一数据与第二数据进行匹配,若匹配一致,则返回验证通过的指示信息。这种方式通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。In the embodiment of the present invention, the terminal includes an isolated storage area and a dedicated processor, the access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold. When verifying the first data that needs to be verified carried in the verification request, the second data is obtained from the isolated storage area, and the first data is matched with the second data, and if the matching is consistent, an indication message that the verification is passed is returned. This method can effectively ensure the security of important user data by storing important information in an isolated storage area.

附图说明Description of drawings

为了更清楚地说明本发明实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are some embodiments of the present invention. Ordinary technicians can also obtain other drawings based on these drawings on the premise of not paying creative work.

图1是本发明实施例提供的数据验证方法的第一实施例流程示意图;Fig. 1 is a schematic flow chart of the first embodiment of the data verification method provided by the embodiment of the present invention;

图2是本发明实施例提供的数据验证方法的第二实施例流程示意图;Fig. 2 is a schematic flow chart of the second embodiment of the data verification method provided by the embodiment of the present invention;

图3是本发明实施例提供的数据验证方法的第三实施例流程示意图;Fig. 3 is a schematic flow chart of the third embodiment of the data verification method provided by the embodiment of the present invention;

图4是本发明实施例提供的一种终端内部架构图;FIG. 4 is a diagram of an internal architecture of a terminal provided by an embodiment of the present invention;

图5是本发明实施例提供的一种数据验证装置的结构示意图;Fig. 5 is a schematic structural diagram of a data verification device provided by an embodiment of the present invention;

图6是本发明实施例提供的另一种数据验证装置的结构示意图。Fig. 6 is a schematic structural diagram of another data verification device provided by an embodiment of the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

本发明的说明书和权利要求书及所述附图中的术语“第一”、“第二”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second" and the like in the description and claims of the present invention and the drawings are used to distinguish different objects, rather than to describe a specific order. Furthermore, the terms "include" and "have", as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally further includes For other steps or units inherent in these processes, methods, products or apparatuses.

在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本发明的至少一个实施例中。在说明书中的各个位置展示该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present invention. The presentation of this phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are independent or alternative embodiments mutually exclusive of other embodiments. It is understood explicitly and implicitly by those skilled in the art that the embodiments described herein can be combined with other embodiments.

本发明实施例所描述的终端可以包括智能手机(如Android手机、iOS手机、Windows Phone手机等)、平板电脑、掌上电脑、笔记本电脑、移动互联网设备(MID,MobileInternet Devices)或穿戴式设备等,上述终端仅是举例,而非穷举,包含但不限于上述终端。The terminal described in the embodiment of the present invention may include a smart phone (such as an Android phone, an iOS phone, a Windows Phone, etc.), a tablet computer, a palmtop computer, a notebook computer, a mobile Internet device (MID, MobileInternet Devices) or a wearable device, etc. The above-mentioned terminals are only examples, not exhaustive, including but not limited to the above-mentioned terminals.

下面将结合图1至图6对本发明实施例提供的数据验证方法及装置进行具体描述。The data verification method and device provided by the embodiments of the present invention will be specifically described below with reference to FIG. 1 to FIG. 6 .

请参照图1,是本发明实施例提供的数据验证方法的第一实施例流程示意图。本实施例中所描述的数据验证方法应用于终端,所述终端包括隔离存储区和专用处理器,所述隔离存储区的访问权限仅限于所述专用处理器,如图所示,本发明实施例的数据验证方法包括步骤:Please refer to FIG. 1 , which is a schematic flowchart of the first embodiment of the data verification method provided by the embodiment of the present invention. The data verification method described in this embodiment is applied to a terminal. The terminal includes an isolated storage area and a dedicated processor. The access authority of the isolated storage area is limited to the dedicated processor. As shown in the figure, the present invention implements The example data validation method includes steps:

S101,所述专用处理器接收验证请求,所述验证请求中携带需要验证的第一数据;S101. The dedicated processor receives a verification request, where the verification request carries first data to be verified;

本发明实施例中,专用处理器可以为在终端新增的一个处理器,该专用处理器的处理性能不作特别要求,比如可以是普通的处理器。该专用处理器仅仅处理特定的验证请求,比如,终端的解锁验证、支付验证等等。In the embodiment of the present invention, the dedicated processor may be a newly added processor in the terminal, and the processing performance of the dedicated processor is not specifically required, for example, it may be a common processor. The dedicated processor only handles specific verification requests, such as terminal unlock verification, payment verification, and the like.

该专用处理器可以与特定的预设硬件资源连接,即仅仅接收该预设硬件资源所发送的验证请求,该预设硬件资源可以包括但不限于终端屏幕,终端的指纹读取区等等。The dedicated processor may be connected with a specific preset hardware resource, that is, only receive the verification request sent by the preset hardware resource, and the preset hardware resource may include but not limited to a terminal screen, a fingerprint reading area of a terminal, and the like.

专用处理器接收验证请求,该验证请求中携带需要进行验证的第一数据,第一数据可以是用户通过预设硬件资源输入的数据,比如,该第一数据可以是指纹信息,或者该第一数据可以是输入密码,或者该第一数据可以是用户在终端屏幕的滑动轨迹等。The dedicated processor receives the verification request, and the verification request carries the first data that needs to be verified. The first data may be data input by the user through preset hardware resources. For example, the first data may be fingerprint information, or the first The data may be an input password, or the first data may be a user's sliding track on the terminal screen or the like.

S102,所述专用处理器从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;S102. The dedicated processor acquires second data from the isolated storage area, where the data stored in the isolated storage area is data whose importance is greater than a preset threshold;

本发明实施例中,隔离存储区是终端新增的存储区,该隔离存储区仅仅存储重要度大于预设阈值的数据,比如,用户在终端设置的开机密码,用户设置的解锁图形,解锁密码,用户预先录制的解锁指纹等等。如果这些重要度大于预设阈值的数据被黑客盗用了,则可能造成比较重大的损失。In the embodiment of the present invention, the isolated storage area is a newly added storage area of the terminal, and the isolated storage area only stores data whose importance is greater than a preset threshold, for example, the power-on password set by the user on the terminal, the unlock pattern set by the user, and the unlock password , the user's pre-recorded unlock fingerprints, etc. If the data whose importance is greater than the preset threshold is misappropriated by hackers, it may cause relatively significant losses.

本发明实施例中将所有重要度大于预设阈值的数据存储在隔离存储区中,除专用处理器外,终端中的其它应用或者其它任何硬件资源均无法访问该隔离存储区。In the embodiment of the present invention, all data whose importance is greater than a preset threshold is stored in an isolated storage area, and other applications or any other hardware resources in the terminal cannot access the isolated storage area except for a dedicated processor.

当专用处理器接收到需要验证的第一数据后,即从隔离存储区中获取第二数据,具体可选的,获取方式可以是,专用处理器获取该第一数据的标识,隔离存储区在存储数据时,为每一个数据分配一个唯一标识,用于标识该数据的类型,比如,该数据为解锁密码类型或者开机密码类型,或者是解锁指纹类型等等。专用处理器从隔离存储区中获取与第一数据的标识匹配的第二数据。After the dedicated processor receives the first data that needs to be verified, it obtains the second data from the isolated storage area. Specifically, the acquisition method may be that the dedicated processor acquires the identification of the first data, and the isolated storage area is in the When storing data, assign a unique identifier to each data to identify the type of the data, for example, the data is an unlock password type or a power-on password type, or an unlock fingerprint type, and the like. A dedicated processor retrieves second data matching the identification of the first data from the isolated storage area.

S103,所述专用处理器将所述第一数据与所述第二数据进行匹配;S103. The dedicated processor matches the first data with the second data;

本发明实施例中,专用处理器将第一数据与第二数据进行匹配,比如,若该第一数据为指纹数据,则专用处理器可以将所获取的指纹数据与隔离存储区中所存储的指纹数据进行匹配。需要说明的是,若该第一数据为图形,则专用处理器可以将所获取的图形与所存储的图形进行比对匹配。In the embodiment of the present invention, the dedicated processor matches the first data with the second data. For example, if the first data is fingerprint data, the dedicated processor can match the acquired fingerprint data with the fingerprint data stored in the isolated storage area. fingerprint data for matching. It should be noted that, if the first data is a graphic, the dedicated processor can compare and match the acquired graphic with the stored graphic.

S104,若匹配一致,则所述专用处理器返回验证通过的指示信息。S104. If the matches are consistent, the dedicated processor returns indication information that the verification is passed.

本发明实施例中,若第一数据与第二数据匹配一致,则专用处理器返回验证通过的指示信息,需要说明的是,该专用处理器可以与终端的通用处理器建立通信连接。专用处理器可以通过该通信连接向通用处理器返回验证通过的指示信息,以触发通用处理器执行相应的操作,比如进行开机,解锁。In the embodiment of the present invention, if the first data matches the second data, the special processor returns the indication information that the verification is passed. It should be noted that the special processor can establish a communication connection with the general processor of the terminal. The special-purpose processor can return the indication information of passing the verification to the general-purpose processor through the communication connection, so as to trigger the general-purpose processor to perform corresponding operations, such as starting up and unlocking.

可选的,第一数据与第二数据进行匹配时,若匹配率达到90%以上,则可以认为第一数据与第二数据匹配一致。Optionally, when the first data is matched with the second data, if the matching rate reaches more than 90%, it can be considered that the first data and the second data are consistent.

本发明实施例中,终端包括隔离存储区和专用处理器,该隔离存储区的访问权限仅限于专用处理器,隔离存储区中存储的数据为重要度大于预设阈值的数据,专用处理器对验证请求中携带的需要验证的第一数据进行验证时,从隔离存储区中获取第二数据,并将第一数据与第二数据进行匹配,若匹配一致,则返回验证通过的指示信息。这种方式通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。In the embodiment of the present invention, the terminal includes an isolated storage area and a dedicated processor, the access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold. When verifying the first data that needs to be verified carried in the verification request, the second data is obtained from the isolated storage area, and the first data is matched with the second data, and if the matching is consistent, an indication message that the verification is passed is returned. This method can effectively ensure the security of important user data by storing important information in an isolated storage area.

请参照图2,是本发明实施例提供的数据验证方法的第二实施例流程示意图。本实施例中所描述的数据验证方法应用于终端,所述终端包括隔离存储区和专用处理器,所述隔离存储区的访问权限仅限于所述专用处理器,如图所示,本发明实施例的数据验证方法包括步骤:Please refer to FIG. 2 , which is a schematic flowchart of the second embodiment of the data verification method provided by the embodiment of the present invention. The data verification method described in this embodiment is applied to a terminal. The terminal includes an isolated storage area and a dedicated processor. The access authority of the isolated storage area is limited to the dedicated processor. As shown in the figure, the present invention implements The example data validation method includes steps:

S201,所述专用处理器接收验证请求,所述验证请求中携带需要验证的第一数据;S201. The dedicated processor receives a verification request, where the verification request carries first data to be verified;

S202,所述专用处理器判断所述第一数据是否携带预设标识,所述预设标识用于标识所述第一数据为所述专用处理器所处理的数据;S202. The dedicated processor determines whether the first data carries a preset identifier, and the preset identifier is used to identify that the first data is data processed by the dedicated processor;

在一个实施例中,该专用处理器可以建立与终端的通用处理器之间的通信连接,通用处理器处理终端所有的验证,当通用处理器处理到包含重要安全信息的验证时,比如,对终端的解锁验证,则将该验证请求中的第一数据打上预设标识,并发送至专用处理器,专利处理器接收到验证请求时,首先判断该第一数据是否携带预设标识。In one embodiment, the special-purpose processor can establish a communication connection with the general-purpose processor of the terminal, and the general-purpose processor handles all verifications of the terminal. For terminal unlocking verification, the first data in the verification request is marked with a preset logo and sent to a dedicated processor. When the patented processor receives the verification request, it first judges whether the first data carries a preset logo.

S203,若所述第一数据携带所述预设标识,所述专用处理器确定所述第一数据所属的目标类型;S203. If the first data carries the preset identifier, the dedicated processor determines the target type to which the first data belongs;

在一个实施例中,若该第一数据携带预设标识,则说明该第一数据的验证是由专用处理器进行处理。专用处理器确定第一数据所属的目标类型,目标类型可以包括但不限于字符串类型(比如是验证密码)、图形类型(比如解锁图案)、以及指纹类型。In one embodiment, if the first data carries a preset identifier, it means that the verification of the first data is processed by a dedicated processor. The dedicated processor determines the object type to which the first data belongs, and the object type may include but not limited to a character string type (such as a verification password), a graphic type (such as an unlocking pattern), and a fingerprint type.

S204,所述专用处理器从所述隔离存储区中获取与所述目标类型对应的第二数据。S204. The dedicated processor acquires second data corresponding to the target type from the isolated storage area.

在一个实施例中,专用处理器从隔离存储区中获取与该目标类型对应的第二数据,需要说明的是,隔离存储区中可以根据数据所属类型分类存储。In an embodiment, the dedicated processor obtains the second data corresponding to the target type from the isolated storage area. It should be noted that the isolated storage area can be classified and stored according to the type of the data.

S205,所述专用处理器将所述第一数据与所述第二数据进行匹配;S205. The dedicated processor matches the first data with the second data;

S206,若匹配一致,则所述专用处理器返回验证通过的指示信息。S206. If the match is consistent, the dedicated processor returns the indication information that the verification is passed.

本发明实施例中,终端包括隔离存储区和专用处理器,该隔离存储区的访问权限仅限于专用处理器,隔离存储区中存储的数据为重要度大于预设阈值的数据,专用处理器对验证请求中携带的需要验证的第一数据进行验证时,从隔离存储区中获取第二数据,并将第一数据与第二数据进行匹配,若匹配一致,则返回验证通过的指示信息。这种方式通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。In the embodiment of the present invention, the terminal includes an isolated storage area and a dedicated processor, the access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold. When verifying the first data that needs to be verified carried in the verification request, the second data is obtained from the isolated storage area, and the first data is matched with the second data, and if the matching is consistent, an indication message that the verification is passed is returned. This method can effectively ensure the security of important user data by storing important information in an isolated storage area.

请参照图3,是本发明实施例提供的数据验证方法的第三实施例流程示意图。本实施例中所描述的数据验证方法应用于终端,所述终端包括隔离存储区和专用处理器,所述隔离存储区的访问权限仅限于所述专用处理器,如图所示,本发明实施例的数据验证方法包括步骤:Please refer to FIG. 3 , which is a schematic flowchart of the third embodiment of the data verification method provided by the embodiment of the present invention. The data verification method described in this embodiment is applied to a terminal. The terminal includes an isolated storage area and a dedicated processor. The access authority of the isolated storage area is limited to the dedicated processor. As shown in the figure, the present invention implements The example data validation method includes steps:

S301,所述专用处理器接收所述预设硬件资源的验证请求,所述验证请求为所述终端处于预设状态,所述预设硬件资源检测到用户的操作行为时所发送,所述验证请求中的所述第一数据包括所述操作行为数据。S301. The dedicated processor receives a verification request of the preset hardware resource, the verification request is sent when the terminal is in a preset state and the preset hardware resource detects an operation behavior of a user, and the verification The first data in the request includes the operation behavior data.

可选的,所述预设硬件资源包括终端屏幕,所述验证请求为所述终端处于锁屏状态,所述终端屏幕检测到用户的滑动轨迹或者验证码输入行为时所发送;或者,Optionally, the preset hardware resource includes a terminal screen, and the verification request is sent when the terminal screen detects the user's sliding track or verification code input behavior when the terminal is in a locked screen state; or,

所述预设硬件资源包括终端的指纹读取区,所述验证请求为所述终端处于锁屏状态或者支付状态,所述指纹读取区检测到用户的指纹输入行为时所发送。The preset hardware resource includes a fingerprint reading area of the terminal, and the verification request is sent when the terminal is in a lock screen state or a payment state, and the fingerprint reading area detects a user's fingerprint input behavior.

本发明实施例中,如图4所示,专用处理器仅仅与预设硬件资源建立通信连接,即是专用处理器仅仅处理来自预设硬件资源的验证请求,而专用处理器与隔离存储区建立通信连接。In the embodiment of the present invention, as shown in Figure 4, the dedicated processor only establishes a communication connection with the preset hardware resource, that is, the dedicated processor only processes the verification request from the preset hardware resource, and the dedicated processor establishes a communication connection with the isolated storage area. communication connection.

专用处理器仅仅处理某一些特定的验证请求,比如该验证请求是终端处于预设状态(包括关机状态或者锁屏状态等)时,预设硬件资源检测到用户的操作行为时所发送,用户操作行为可以是在预设硬件资源上滑动操作,密码输入操作等等。该第一数据即是操作行为所产生的数据,比如,若用户操作行为是密码输入操作,则第一数据是所输入的密码,若用户操作行为是指纹录入操作,则第一数据是用户所录入的指纹。The dedicated processor only handles certain specific verification requests. For example, the verification request is sent when the terminal is in a preset state (including power-off state or lock-screen state, etc.), when the preset hardware resource detects the user's operation behavior, and the user's operation Behaviors can be sliding operations on preset hardware resources, password input operations, and so on. The first data is the data generated by the operation behavior. For example, if the user operation behavior is a password input operation, the first data is the input password; Enrolled fingerprints.

可选的,当终端处于锁屏状态时,用户输入解锁密码,终端屏幕向专用处理器发送验证请求,该验证请求中携带用户输入的解锁密码,专用处理器将该解锁密码与隔离存储区所存储的解锁密码进行匹配,若匹配一致,则该专用处理器向终端屏幕返回验证通过的指示信息。Optionally, when the terminal is in the locked screen state, the user enters the unlock password, and the terminal screen sends a verification request to the dedicated processor, the verification request carries the unlock password entered by the user, and the dedicated processor combines the unlock password with the unlock password stored in the isolated storage area. The stored unlocking passwords are matched, and if the matches are consistent, the dedicated processor returns an indication message that the verification is passed to the terminal screen.

S302,所述专用处理器从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;S302. The dedicated processor acquires second data from the isolated storage area, where the data stored in the isolated storage area is data whose importance is greater than a preset threshold;

S303,所述专用处理器将所述第一数据与所述第二数据进行匹配;S303. The dedicated processor matches the first data with the second data;

S304,若匹配一致,则所述专用处理器返回验证通过的指示信息。S304. If the match is consistent, the dedicated processor returns the indication information that the verification is passed.

本发明实施例步骤S302~S304请参照图1的实施例步骤S102~S104,在此不再赘述。For the steps S302-S304 in the embodiment of the present invention, please refer to the steps S102-S104 in the embodiment of FIG. 1 , which will not be repeated here.

本发明实施例中,终端包括隔离存储区和专用处理器,该隔离存储区的访问权限仅限于专用处理器,隔离存储区中存储的数据为重要度大于预设阈值的数据,专用处理器对验证请求中携带的需要验证的第一数据进行验证时,从隔离存储区中获取第二数据,并将第一数据与第二数据进行匹配,若匹配一致,则返回验证通过的指示信息。这种方式通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。In the embodiment of the present invention, the terminal includes an isolated storage area and a dedicated processor, the access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold. When verifying the first data that needs to be verified carried in the verification request, the second data is obtained from the isolated storage area, and the first data is matched with the second data, and if the matching is consistent, an indication message that the verification is passed is returned. This method can effectively ensure the security of important user data by storing important information in an isolated storage area.

请参照图5,是本发明实施例提供的数据验证装置的结构示意图。本发明实施例所描述的数据验证装置应用于终端的专用处理器,所述终端还包括隔离存储区,所述隔离存储区的访问权限仅限于所述专用处理器,如图所示,本发明实施例的数据验证装置包括接收单元10、获取单元11、匹配单元12以及返回单元13;Please refer to FIG. 5 , which is a schematic structural diagram of a data verification device provided by an embodiment of the present invention. The data verification device described in the embodiment of the present invention is applied to a dedicated processor of a terminal. The terminal also includes an isolated storage area, and the access authority of the isolated storage area is limited to the dedicated processor. As shown in the figure, the present invention The data verification device of the embodiment includes a receiving unit 10, an acquiring unit 11, a matching unit 12, and a returning unit 13;

接收单元10,用于接收验证请求,所述验证请求中携带需要验证的第一数据;The receiving unit 10 is configured to receive a verification request, wherein the verification request carries first data to be verified;

本发明实施例中,专用处理器可以为在终端新增的一个处理器,该专用处理器的处理性能不作特别要求,比如可以是普通的处理器。该专用处理器仅仅处理特定的验证请求,比如,终端的解锁验证、支付验证等等。In the embodiment of the present invention, the dedicated processor may be a newly added processor in the terminal, and the processing performance of the dedicated processor is not specifically required, for example, it may be a common processor. The dedicated processor only handles specific verification requests, such as terminal unlock verification, payment verification, and the like.

该专用处理器可以与特定的预设硬件资源连接,即仅仅接收该预设硬件资源所发送的验证请求,该预设硬件资源可以包括但不限于终端屏幕,终端的指纹读取区等等。The dedicated processor may be connected with a specific preset hardware resource, that is, only receive the verification request sent by the preset hardware resource, and the preset hardware resource may include but not limited to a terminal screen, a fingerprint reading area of a terminal, and the like.

专用处理器接收验证请求,该验证请求中携带需要进行验证的第一数据,第一数据可以是用户通过预设硬件资源输入的数据,比如,该第一数据可以是指纹信息,或者该第一数据可以是输入密码,或者该第一数据可以是用户在终端屏幕的滑动轨迹等。The dedicated processor receives the verification request, and the verification request carries the first data that needs to be verified. The first data may be data input by the user through preset hardware resources. For example, the first data may be fingerprint information, or the first The data may be an input password, or the first data may be a user's sliding track on the terminal screen or the like.

可选的,所述专用处理器与终端的预设硬件资源建立连接;Optionally, the dedicated processor establishes a connection with preset hardware resources of the terminal;

所述接收单元10具体用于接收所述预设硬件资源的验证请求,所述验证请求为所述终端处于预设状态,所述预设硬件资源检测到用户的操作行为时所发送,所述验证请求中的所述第一数据包括所述操作行为数据。The receiving unit 10 is specifically configured to receive a verification request of the preset hardware resource, the verification request is sent when the terminal is in a preset state and the preset hardware resource detects an operation behavior of the user, the The first data in the verification request includes the operation behavior data.

可选的,所述预设硬件资源包括终端屏幕,所述验证请求为所述终端处于锁屏状态,所述终端屏幕检测到用户的滑动轨迹或者验证码输入行为时所发送;或者,Optionally, the preset hardware resource includes a terminal screen, and the verification request is sent when the terminal screen detects the user's sliding track or verification code input behavior when the terminal is in a locked screen state; or,

所述预设硬件资源包括终端的指纹读取区,所述验证请求为所述终端处于锁屏状态或者支付状态,所述指纹读取区检测到用户的指纹输入行为时所发送。The preset hardware resource includes a fingerprint reading area of the terminal, and the verification request is sent when the terminal is in a lock screen state or a payment state, and the fingerprint reading area detects a user's fingerprint input behavior.

本发明实施例中,如图4所示,专用处理器仅仅与预设硬件资源建立通信连接,即是专用处理器仅仅处理来自预设硬件资源的验证请求,而专用处理器与隔离存储区建立通信连接。In the embodiment of the present invention, as shown in Figure 4, the dedicated processor only establishes a communication connection with the preset hardware resource, that is, the dedicated processor only processes the verification request from the preset hardware resource, and the dedicated processor establishes a communication connection with the isolated storage area. communication connection.

专用处理器仅仅处理某一些特定的验证请求,比如该验证请求是终端处于预设状态(包括关机状态或者锁屏状态等)时,预设硬件资源检测到用户的操作行为时所发送,用户操作行为可以是在预设硬件资源上滑动操作,密码输入操作等等。该第一数据即是操作行为所产生的数据,比如,若用户操作行为是密码输入操作,则第一数据是所输入的密码,若用户操作行为是指纹录入操作,则第一数据是用户所录入的指纹。The dedicated processor only handles certain specific verification requests. For example, the verification request is sent when the terminal is in a preset state (including power-off state or lock-screen state, etc.), when the preset hardware resource detects the user's operation behavior, and the user's operation Behaviors can be sliding operations on preset hardware resources, password input operations, and so on. The first data is the data generated by the operation behavior. For example, if the user operation behavior is a password input operation, the first data is the input password; Enrolled fingerprints.

可选的,当终端处于锁屏状态时,用户输入解锁密码,终端屏幕向专用处理器发送验证请求,该验证请求中携带用户输入的解锁密码,专用处理器将该解锁密码与隔离存储区所存储的解锁密码进行匹配,若匹配一致,则该专用处理器向终端屏幕返回验证通过的指示信息。Optionally, when the terminal is in the locked screen state, the user enters the unlock password, and the terminal screen sends a verification request to the dedicated processor, the verification request carries the unlock password entered by the user, and the dedicated processor combines the unlock password with the unlock password stored in the isolated storage area. The stored unlocking passwords are matched, and if the matches are consistent, the dedicated processor returns an indication message that the verification is passed to the terminal screen.

获取单元11,用于从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;An acquisition unit 11, configured to acquire second data from the isolated storage area, where the data stored in the isolated storage area is data whose importance is greater than a preset threshold;

本发明实施例中,隔离存储区是终端新增的存储区,该隔离存储区仅仅存储重要度大于预设阈值的数据,比如,用户在终端设置的开机密码,用户设置的解锁图形,解锁密码,用户预先录制的解锁指纹等等。如果这些重要度大于预设阈值的数据被黑客盗用了,则可能造成比较重大的损失。In the embodiment of the present invention, the isolated storage area is a newly added storage area of the terminal, and the isolated storage area only stores data whose importance is greater than a preset threshold, for example, the power-on password set by the user on the terminal, the unlock pattern set by the user, and the unlock password , the user's pre-recorded unlock fingerprints, etc. If the data whose importance is greater than the preset threshold is misappropriated by hackers, it may cause relatively significant losses.

本发明实施例中将所有重要度大于预设阈值的数据存储在隔离存储区中,除专用处理器外,终端中的其它应用或者其它任何硬件资源均无法访问该隔离存储区。In the embodiment of the present invention, all data whose importance is greater than a preset threshold is stored in an isolated storage area, and other applications or any other hardware resources in the terminal cannot access the isolated storage area except for a dedicated processor.

当专用处理器接收到需要验证的第一数据后,即从隔离存储区中获取第二数据,具体可选的,获取方式可以是,专用处理器获取该第一数据的标识,隔离存储区在存储数据时,为每一个数据分配一个唯一标识,用于标识该数据的类型,比如,该数据为解锁密码类型或者开机密码类型,或者是解锁指纹类型等等。专用处理器从隔离存储区中获取与第一数据的标识匹配的第二数据。After the dedicated processor receives the first data that needs to be verified, it obtains the second data from the isolated storage area. Specifically, the acquisition method may be that the dedicated processor acquires the identification of the first data, and the isolated storage area is in the When storing data, assign a unique identifier to each data to identify the type of the data, for example, the data is an unlock password type or a power-on password type, or an unlock fingerprint type, and the like. A dedicated processor retrieves second data matching the identification of the first data from the isolated storage area.

匹配单元12,用于将所述第一数据与所述第二数据进行匹配;a matching unit 12, configured to match the first data with the second data;

本发明实施例中,专用处理器将第一数据与第二数据进行匹配,比如,若该第一数据为指纹数据,则专用处理器可以将所获取的指纹数据与隔离存储区中所存储的指纹数据进行匹配。需要说明的是,若该第一数据为图形,则专用处理器可以将所获取的图形与所存储的图形进行比对匹配。In the embodiment of the present invention, the dedicated processor matches the first data with the second data. For example, if the first data is fingerprint data, the dedicated processor can match the acquired fingerprint data with the fingerprint data stored in the isolated storage area. fingerprint data for matching. It should be noted that, if the first data is a graphic, the dedicated processor can compare and match the acquired graphic with the stored graphic.

返回单元13,用于若所述第一数据与所述第二数据匹配一致,则所述专用处理器返回验证通过的指示信息。The return unit 13 is configured to return the indication information that the verification is passed if the first data matches the second data.

本发明实施例中,若第一数据与第二数据匹配一致,则专用处理器返回验证通过的指示信息,需要说明的是,该专用处理器可以与终端的通用处理器建立通信连接。专用处理器可以通过该通信连接向通用处理器返回验证通过的指示信息,以触发通用处理器执行相应的操作,比如进行开机,解锁。In the embodiment of the present invention, if the first data matches the second data, the special processor returns the indication information that the verification is passed. It should be noted that the special processor can establish a communication connection with the general processor of the terminal. The special-purpose processor can return the indication information of passing the verification to the general-purpose processor through the communication connection, so as to trigger the general-purpose processor to perform corresponding operations, such as starting up and unlocking.

可选的,第一数据与第二数据进行匹配时,若匹配率达到90%以上,则可以认为第一数据与第二数据匹配一致。Optionally, when the first data is matched with the second data, if the matching rate reaches more than 90%, it can be considered that the first data and the second data are consistent.

本发明实施例中,终端包括隔离存储区和专用处理器,该隔离存储区的访问权限仅限于专用处理器,隔离存储区中存储的数据为重要度大于预设阈值的数据,专用处理器对验证请求中携带的需要验证的第一数据进行验证时,从隔离存储区中获取第二数据,并将第一数据与第二数据进行匹配,若匹配一致,则返回验证通过的指示信息。这种方式通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。In the embodiment of the present invention, the terminal includes an isolated storage area and a dedicated processor, the access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold. When verifying the first data that needs to be verified carried in the verification request, the second data is obtained from the isolated storage area, and the first data is matched with the second data, and if the matching is consistent, an indication message that the verification is passed is returned. This method can effectively ensure the security of important user data by storing important information in an isolated storage area.

请参照图6,是本发明实施例提供的另一种数据验证装置的结构示意图。本发明实施例所描述的数据验证装置应用于终端的专用处理器,所述终端还包括隔离存储区,所述隔离存储区的访问权限仅限于所述专用处理器,如图所示,本发明实施例的数据验证装置包括接收单元20、判断单元21、确定单元22、获取单元23、匹配单元24以及返回单元25;Please refer to FIG. 6 , which is a schematic structural diagram of another data verification device provided by an embodiment of the present invention. The data verification device described in the embodiment of the present invention is applied to a dedicated processor of a terminal. The terminal also includes an isolated storage area, and the access authority of the isolated storage area is limited to the dedicated processor. As shown in the figure, the present invention The data verification device of the embodiment includes a receiving unit 20, a judging unit 21, a determining unit 22, an acquiring unit 23, a matching unit 24, and a returning unit 25;

接收单元20,用于接收验证请求,所述验证请求中携带需要验证的第一数据;The receiving unit 20 is configured to receive a verification request, wherein the verification request carries first data to be verified;

判断单元21,用于判断所述第一数据是否携带预设标识,所述预设标识用于标识所述第一数据为所述专用处理器所处理的数据;A judging unit 21, configured to judge whether the first data carries a preset identifier, and the preset identifier is used to identify that the first data is data processed by the dedicated processor;

在一个实施例中,该专用处理器可以建立与终端的通用处理器之间的通信连接,通用处理器处理终端所有的验证,当通用处理器处理到包含重要安全信息的验证时,比如,对终端的解锁验证,则将该验证请求中的第一数据打上预设标识,并发送至专用处理器,专利处理器接收到验证请求时,首先判断该第一数据是否携带预设标识。In one embodiment, the special-purpose processor can establish a communication connection with the general-purpose processor of the terminal, and the general-purpose processor handles all verifications of the terminal. For terminal unlocking verification, the first data in the verification request is marked with a preset logo and sent to a dedicated processor. When the patented processor receives the verification request, it first judges whether the first data carries a preset logo.

确定单元22,用于若所述第一数据携带所述预设标识,确定所述第一数据所属的目标类型;A determining unit 22, configured to determine the target type to which the first data belongs if the first data carries the preset identifier;

在一个实施例中,若该第一数据携带预设标识,则说明该第一数据的验证是由专用处理器进行处理。专用处理器确定第一数据所属的目标类型,目标类型可以包括但不限于字符串类型(比如是验证密码)、图形类型(比如解锁图案)、以及指纹类型。In one embodiment, if the first data carries a preset identifier, it means that the verification of the first data is processed by a dedicated processor. The dedicated processor determines the object type to which the first data belongs, and the object type may include but not limited to a character string type (such as a verification password), a graphic type (such as an unlocking pattern), and a fingerprint type.

所述获取单元23具体用于从所述隔离存储区中获取与所述目标类型对应的第二数据。The acquiring unit 23 is specifically configured to acquire second data corresponding to the target type from the isolated storage area.

在一个实施例中,专用处理器从隔离存储区中获取与该目标类型对应的第二数据,需要说明的是,隔离存储区中可以根据数据所属类型分类存储。In an embodiment, the dedicated processor obtains the second data corresponding to the target type from the isolated storage area. It should be noted that the isolated storage area can be classified and stored according to the type of the data.

匹配单元24,用于将所述第一数据与所述第二数据进行匹配;a matching unit 24, configured to match the first data with the second data;

返回单元25,用于若所述第一数据与所述第二数据匹配一致,则所述专用处理器返回验证通过的指示信息。The return unit 25 is configured to return, by the dedicated processor, indication information of passing the verification if the first data matches the second data.

本发明实施例中,终端包括隔离存储区和专用处理器,该隔离存储区的访问权限仅限于专用处理器,隔离存储区中存储的数据为重要度大于预设阈值的数据,专用处理器对验证请求中携带的需要验证的第一数据进行验证时,从隔离存储区中获取第二数据,并将第一数据与第二数据进行匹配,若匹配一致,则返回验证通过的指示信息。这种方式通过将重要信息存储在隔离存储区中,可以有效保证用户重要数据的安全性。In the embodiment of the present invention, the terminal includes an isolated storage area and a dedicated processor, the access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold. When verifying the first data that needs to be verified carried in the verification request, the second data is obtained from the isolated storage area, and the first data is matched with the second data, and if the matching is consistent, an indication message that the verification is passed is returned. This method can effectively ensure the security of important user data by storing important information in an isolated storage area.

本发明实施例还提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时包括上述方法实施例中记载的任何一种数据验证方法的部分或全部步骤。An embodiment of the present invention also provides a computer storage medium, wherein the computer storage medium can store a program, and when the program is executed, some or all steps of any data verification method described in the above method embodiments are included.

尽管在此结合各实施例对本发明进行了描述,然而,在实施所要求保护的本发明过程中,本领域技术人员通过查看所述附图、公开内容、以及所附权利要求书,可理解并实现所述公开实施例的其他变化。在权利要求中,“包括”(comprising)一词不排除其他组成部分或步骤,“一”或“一个”不排除多个的情况。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施,但这并不表示这些措施不能组合起来产生良好的效果。Although the present invention has been described in conjunction with various embodiments herein, in the process of implementing the claimed invention, those skilled in the art can understand and Other variations of the disclosed embodiments are implemented. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that these measures cannot be combined to advantage.

本领域技术人员应明白,本发明的实施例可提供为方法、装置(设备)、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。计算机程序存储/分布在合适的介质中,与其它硬件一起提供或作为硬件的一部分,也可以采用其他分布形式,如通过Internet或其它有线或无线电信系统。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, devices (devices), or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. The computer program is stored/distributed on suitable media, supplied with or as part of other hardware, and may also take other forms of distribution, such as via the Internet or other wired or wireless telecommunication systems.

本发明是参照本发明实施例的方法、装置(设备)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, apparatus (device) and computer program products according to embodiments of the present invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

尽管结合具体特征及其实施例对本发明进行了描述,显而易见的,在不脱离本发明的精神和范围的情况下,可对其进行各种修改和组合。相应地,本说明书和附图仅仅是所附权利要求所界定的本发明的示例性说明,且视为已覆盖本发明范围内的任意和所有修改、变化、组合或等同物。显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Although the invention has been described in conjunction with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made therein without departing from the spirit and scope of the invention. Accordingly, the specification and drawings are merely illustrative of the invention as defined by the appended claims and are deemed to cover any and all modifications, variations, combinations or equivalents within the scope of the invention. Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (13)

1.一种数据验证方法,应用于终端,所述终端包括隔离存储区和专用处理器,所述隔离存储区的访问权限仅限于所述专用处理器,其特征在于,包括:1. A data verification method applied to a terminal, the terminal comprising an isolated storage area and a dedicated processor, the access authority of the isolated storage area being limited to the dedicated processor, characterized in that it comprises: 所述专用处理器接收验证请求,所述验证请求中携带需要验证的第一数据;The dedicated processor receives a verification request, and the verification request carries first data to be verified; 所述专用处理器从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;The dedicated processor acquires second data from the isolated storage area, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold; 所述专用处理器将所述第一数据与所述第二数据进行匹配;the special purpose processor matches the first data with the second data; 若匹配一致,则所述专用处理器返回验证通过的指示信息。If the matches are consistent, the dedicated processor returns indication information that the verification is passed. 2.如权利要求1所述的方法,其特征在于,所述专用处理器从所述隔离存储区中获取第二数据之前,还包括:2. The method according to claim 1, wherein, before the special processor obtains the second data from the isolated storage area, further comprising: 所述专用处理器判断所述第一数据是否携带预设标识,所述预设标识用于标识所述第一数据为所述专用处理器所处理的数据;The dedicated processor determines whether the first data carries a preset identifier, and the preset identifier is used to identify that the first data is data processed by the dedicated processor; 若所述第一数据携带所述预设标识,所述专用处理器执行从所述隔离存储区中获取第二数据的步骤。If the first data carries the preset identifier, the dedicated processor executes the step of acquiring second data from the isolated storage area. 3.如权利要求1或2所述的方法,其特征在于,所述专用处理器从所述隔离存储区中获取第二数据之前,还包括:3. The method according to claim 1 or 2, wherein before the special-purpose processor obtains the second data from the isolated storage area, further comprising: 所述专用处理器确定所述第一数据所属的目标类型;the dedicated processor determines the object type to which the first data belongs; 所述专用处理器从所述隔离存储区中获取第二数据,包括:The dedicated processor obtains second data from the isolated storage area, including: 所述专用处理器从所述隔离存储区中获取与所述目标类型对应的第二数据。The dedicated processor retrieves second data corresponding to the target type from the isolated storage area. 4.如权利要求3所述的方法,其特征在于,所述目标类型包括字符串类型、图形类型、指纹类型中的任意一种。4. The method according to claim 3, wherein the target type includes any one of a character string type, a graphic type, and a fingerprint type. 5.如权利要求1所述的方法,其特征在于,所述专用处理器与终端的预设硬件资源建立连接;5. The method according to claim 1, wherein the dedicated processor establishes a connection with a preset hardware resource of the terminal; 所述专用处理器接收验证请求,包括:The dedicated processor receives a verification request comprising: 所述专用处理器接收所述预设硬件资源的验证请求,所述验证请求为所述终端处于预设状态,所述预设硬件资源检测到用户的操作行为时所发送,所述验证请求中的所述第一数据包括所述操作行为数据。The dedicated processor receives the verification request of the preset hardware resource, the verification request is sent when the terminal is in a preset state, and the preset hardware resource detects an operation behavior of the user, and the verification request includes The first data includes the operation behavior data. 6.如权利要求5所述的方法,其特征在于,所述预设硬件资源包括终端屏幕,所述验证请求为所述终端处于锁屏状态,所述终端屏幕检测到用户的滑动轨迹或者验证码输入行为时所发送;或者,6. The method according to claim 5, wherein the preset hardware resources include a terminal screen, the verification request is that the terminal is in a locked screen state, and the terminal screen detects a user's sliding track or verifies sent when the code is entered; or, 所述预设硬件资源包括终端的指纹读取区,所述验证请求为所述终端处于锁屏状态或者支付状态,所述指纹读取区检测到用户的指纹输入行为时所发送。The preset hardware resource includes a fingerprint reading area of the terminal, and the verification request is sent when the terminal is in a lock screen state or a payment state, and the fingerprint reading area detects a user's fingerprint input behavior. 7.一种数据验证装置,应用于终端的专用处理器,所述终端还包括隔离存储区,所述隔离存储区的访问权限仅限于所述专用处理器,其特征在于,包括:7. A data verification device, applied to a dedicated processor of a terminal, the terminal also includes an isolated storage area, the access authority of the isolated storage area is limited to the dedicated processor, characterized in that it includes: 接收单元,用于接收验证请求,所述验证请求中携带需要验证的第一数据;a receiving unit, configured to receive a verification request, where the verification request carries first data to be verified; 获取单元,用于从所述隔离存储区中获取第二数据,所述隔离存储区中存储的数据为重要度大于预设阈值的数据;An acquisition unit, configured to acquire second data from the isolated storage area, where the data stored in the isolated storage area is data whose importance is greater than a preset threshold; 匹配单元,用于将所述第一数据与所述第二数据进行匹配;a matching unit, configured to match the first data with the second data; 返回单元,用于若所述第一数据与所述第二数据匹配一致,则所述专用处理器返回验证通过的指示信息。A returning unit, configured to return, by the dedicated processor, indication information of passing the verification if the first data matches the second data. 8.如权利要求7所述的装置,其特征在于,所述装置还包括:8. The device of claim 7, further comprising: 判断单元,用于判断所述第一数据是否携带预设标识,所述预设标识用于标识所述第一数据为所述专用处理器所处理的数据;a judging unit, configured to judge whether the first data carries a preset identifier, and the preset identifier is used to identify that the first data is data processed by the dedicated processor; 所述获取单元具体用于若所述第一数据携带所述预设标识,从所述隔离存储区中获取第二数据。The obtaining unit is specifically configured to obtain the second data from the isolated storage area if the first data carries the preset identifier. 9.如权利要求7或8所述的装置,其特征在于,所述装置还包括:9. The device according to claim 7 or 8, wherein the device further comprises: 确定单元,用于确定所述第一数据所属的目标类型;a determining unit, configured to determine the target type to which the first data belongs; 所述获取单元具体用于从所述隔离存储区中获取与所述目标类型对应的第二数据。The acquiring unit is specifically configured to acquire second data corresponding to the target type from the isolated storage area. 10.如权利要求9所述的装置,其特征在于,所述目标类型包括字符串类型、图形类型、指纹类型中的任意一种。10. The device according to claim 9, wherein the target type includes any one of a character string type, a graphic type, and a fingerprint type. 11.如权利要求7所述的装置,其特征在于,所述专用处理器与终端的预设硬件资源建立连接;11. The device according to claim 7, wherein the dedicated processor establishes a connection with preset hardware resources of the terminal; 所述接收单元具体用于接收所述预设硬件资源的验证请求,所述验证请求为所述终端处于预设状态,所述预设硬件资源检测到用户的操作行为时所发送,所述验证请求中的所述第一数据包括所述操作行为数据。The receiving unit is specifically configured to receive a verification request of the preset hardware resource, the verification request is sent when the terminal is in a preset state and the preset hardware resource detects an operation behavior of a user, and the verification request is The first data in the request includes the operation behavior data. 12.如权利要求11所述的装置,其特征在于,所述预设硬件资源包括终端屏幕,所述验证请求为所述终端处于锁屏状态,所述终端屏幕检测到用户的滑动轨迹或者验证码输入行为时所发送;或者,12. The device according to claim 11, wherein the preset hardware resources include a terminal screen, the verification request is that the terminal is in a locked screen state, and the terminal screen detects a user's sliding track or verifies sent when the code is entered; or, 所述预设硬件资源包括终端的指纹读取区,所述验证请求为所述终端处于锁屏状态或者支付状态,所述指纹读取区检测到用户的指纹输入行为时所发送。The preset hardware resource includes a fingerprint reading area of the terminal, and the verification request is sent when the terminal is in a lock screen state or a payment state, and the fingerprint reading area detects a user's fingerprint input behavior. 13.一种终端,其特征在于,包括普通存储区、隔离存储区、专用处理器以及通用处理器,所述专用处理器和所述通用处理器均具有访问所述普通存储区的权限,所述隔离存储区的访问权限仅限于所述专用处理器,所述隔离存储区中存储的数据为重要度大于预设阈值的数据。13. A terminal, characterized in that it includes a common storage area, an isolated storage area, a special-purpose processor and a general-purpose processor, and both the special-purpose processor and the general-purpose processor have permission to access the common storage area, so The access authority of the isolated storage area is limited to the dedicated processor, and the data stored in the isolated storage area is data whose importance is greater than a preset threshold.
CN201611265363.3A 2016-12-30 2016-12-30 A data verification method and device Pending CN106778313A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611265363.3A CN106778313A (en) 2016-12-30 2016-12-30 A data verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611265363.3A CN106778313A (en) 2016-12-30 2016-12-30 A data verification method and device

Publications (1)

Publication Number Publication Date
CN106778313A true CN106778313A (en) 2017-05-31

Family

ID=58951395

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611265363.3A Pending CN106778313A (en) 2016-12-30 2016-12-30 A data verification method and device

Country Status (1)

Country Link
CN (1) CN106778313A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114968135A (en) * 2022-03-11 2022-08-30 珠海艾派克微电子有限公司 Authentication method, chip, host and replaceable accessory

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2361416A1 (en) * 2008-11-10 2011-08-31 Walletex Microelectronics Ltd. Secure storage device
CN103531200A (en) * 2013-10-29 2014-01-22 宇龙计算机通信科技(深圳)有限公司 Voice unlocking method and terminal
CN103544599A (en) * 2012-07-09 2014-01-29 马克西姆综合产品公司 Embedded secure element for authentication, storage and transaction within a mobile terminal
CN204066119U (en) * 2013-09-09 2014-12-31 苹果公司 A kind of system comprising biometric sensor device
US20150113617A1 (en) * 2013-10-23 2015-04-23 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
CN105867792A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Methods and apparatuses for unlocking touch screen and updating screen-locking interface of touch screen
CN106027257A (en) * 2016-05-05 2016-10-12 北京元心科技有限公司 Method and system for securely performing identity authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2361416A1 (en) * 2008-11-10 2011-08-31 Walletex Microelectronics Ltd. Secure storage device
CN103544599A (en) * 2012-07-09 2014-01-29 马克西姆综合产品公司 Embedded secure element for authentication, storage and transaction within a mobile terminal
CN204066119U (en) * 2013-09-09 2014-12-31 苹果公司 A kind of system comprising biometric sensor device
US20150113617A1 (en) * 2013-10-23 2015-04-23 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
CN103531200A (en) * 2013-10-29 2014-01-22 宇龙计算机通信科技(深圳)有限公司 Voice unlocking method and terminal
CN105867792A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Methods and apparatuses for unlocking touch screen and updating screen-locking interface of touch screen
CN106027257A (en) * 2016-05-05 2016-10-12 北京元心科技有限公司 Method and system for securely performing identity authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114968135A (en) * 2022-03-11 2022-08-30 珠海艾派克微电子有限公司 Authentication method, chip, host and replaceable accessory

Similar Documents

Publication Publication Date Title
KR102307665B1 (en) identity authentication
US11704134B2 (en) Device locator disable authentication
JP6882254B2 (en) Safety verification methods based on biological characteristics, client terminals, and servers
US9769154B2 (en) Passcode operating system, passcode apparatus, and super-passcode generating method
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
CN105934751B (en) Data erasure for target devices
CN105553928B (en) A communication method, device and system based on biometric identification
EP3206329B1 (en) Security check method, device, terminal and server
CN108683667B (en) Account protection method, device, system and storage medium
CN108462700B (en) Background server, terminal device, safety early warning method suitable for face recognition and storage medium
CN108093392A (en) A kind of method, mobile terminal and storage medium for unlocking SIM card
JP5568696B1 (en) Password management system and program for password management system
US9894062B2 (en) Object management for external off-host authentication processing systems
US20190138707A1 (en) System and method for facilitating authentication via a short-range wireless token
CN106534102A (en) Device access method and device and electronic device
HK1213706A1 (en) Method for processing password, server and system
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN106648583B (en) Information processing method and terminal
EP3336734B1 (en) Fingerprint information secure call method, apparatus, and mobile terminal
CN105825149A (en) Switching method for multi-operation system and terminal equipment
CN106203100A (en) A kind of integrity checking method and device
US9977907B2 (en) Encryption processing method and device for application, and terminal
CN114615067A (en) Group operation method, group operation device, electronic device and readable storage medium
US20200401679A1 (en) Method and system for preventing unauthorized computer processing
CN106161365B (en) Data processing method and device and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531