[go: up one dir, main page]

CN1863350A - A method for hierarchical management of intelligent mobile terminal users - Google Patents

A method for hierarchical management of intelligent mobile terminal users Download PDF

Info

Publication number
CN1863350A
CN1863350A CNA2005100691778A CN200510069177A CN1863350A CN 1863350 A CN1863350 A CN 1863350A CN A2005100691778 A CNA2005100691778 A CN A2005100691778A CN 200510069177 A CN200510069177 A CN 200510069177A CN 1863350 A CN1863350 A CN 1863350A
Authority
CN
China
Prior art keywords
user
mobile terminal
users
smart mobile
advanced
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2005100691778A
Other languages
Chinese (zh)
Other versions
CN100407831C (en
Inventor
李栎
芦东昕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2005100691778A priority Critical patent/CN100407831C/en
Publication of CN1863350A publication Critical patent/CN1863350A/en
Application granted granted Critical
Publication of CN100407831C publication Critical patent/CN100407831C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to a method for hierarchical management of intelligent mobile terminal users, which at least sets safety authority as a general user and a high-level user; the general user can only perform the basic call function provided by the intelligent mobile terminal, cannot check privacy data and use advanced operation, and can be used as the user with the lowest security level of the terminal without inputting password authentication; the advanced user can use advanced operation on the intelligent mobile terminal except all functions of a common user, and must perform identity authentication on the advanced user; the method comprises the following steps: the intelligent mobile terminal is a common user by default when the intelligent terminal is started; and when the user needs to enter a high-level user, the user identity authentication is activated by selecting a corresponding function menu from the menu of the intelligent mobile terminal. The method of the invention gives the authority to the users of the intelligent mobile terminal in a grading way, thus meeting the basic use of the users and improving the safety of the intelligent mobile terminal.

Description

一种智能移动终端用户分级管理的方法A method for hierarchical management of intelligent mobile terminal users

技术领域technical field

本发明涉及一种移动终端用户管理方法,尤其涉及移动通信领域智能移动终端根据安全级别设定不同级别的多个用户,从而提高智能移动终端使用的安全性的方法。The invention relates to a mobile terminal user management method, in particular to a method for setting a plurality of users of different levels in an intelligent mobile terminal according to security levels in the field of mobile communication, thereby improving the security of the intelligent mobile terminal.

背景技术Background technique

智能移动终端(如智能手机,以下简称智能移动终端)是在具有基本移动通信语音通话功能的基础上,增加了个人数字助理(PDA,Personal DigitalAssistants)等商务功能的智能移动终端设备。随着智能移动终端技术和通信网络技术的发展,智能移动终端能够完成的功能越来越丰富,整合了日程表、邮件处理、网络浏览、办公文档处理等商务功能,甚至有些保密性要求较高的商务文档(如Word文档、PowerPoint文档等)都在智能移动终端中存储和使用,例如有些智能移动终端配有专用数据线可以直接与投影仪连接,将保存在智能移动终端里的幻灯片文档用投影仪显示出来。随着智能移动终端的重要商务功能的增加,用户的对智能移动终端使用的安全性也提出了更高的要求。Smart mobile terminals (such as smart phones, hereinafter referred to as smart mobile terminals) are smart mobile terminal devices that have added business functions such as personal digital assistants (PDA, Personal Digital Assistants) on the basis of basic mobile communication voice call functions. With the development of smart mobile terminal technology and communication network technology, smart mobile terminals can perform more and more functions, integrating business functions such as calendar, mail processing, web browsing, and office document processing, and even some with high confidentiality requirements All business documents (such as Word documents, PowerPoint documents, etc.) are stored and used in smart mobile terminals. Displayed with a projector. With the increase of important business functions of smart mobile terminals, users have higher requirements on the security of smart mobile terminals.

目前大多数智能移动终端在使用时不需要用户的身份认证,只要插入有效的SIM卡、STK卡或其它移动通信用户识别卡,任何人都可以开机使用该智能移动终端设备。At present, most smart mobile terminals do not need user's identity authentication when in use, as long as an effective SIM card, STK card or other mobile communication subscriber identification cards are inserted, anyone can turn on the smart mobile terminal equipment.

现有技术中包括专利也试图解决智能移动终端的用户管理安全问题。有些智能移动终端,如Dopod 515智能手机等,已经可以通过设置“启用电话锁定”功能,使用户在使用智能移动终端设备时需要输入口令,从而提高了安全性。有些智能移动终端,如海尔彩智星1000B手机等,可以通过设定口令将手机中的短信、通话记录、通讯录联系人等加密保存,以更好地保护个人隐私。西门子、三星、三菱等公司都已经生产出具有指纹识别功能的手机,持机人在拨电话时将手指放在指纹感应器处,手机即能辨认出该指纹是否与事先输入的手机机主指纹样本一致。一旦不同,持机人则无法打出,手机可借此避免被他人盗用。Patents in the prior art also attempt to solve the user management security problem of smart mobile terminals. Some smart mobile terminals, such as the Dopod 515 smart phone, can already set the "Enable Phone Lock" function, so that users need to enter a password when using the smart mobile terminal device, thereby improving security. Some smart mobile terminals, such as Haier Caizhixing 1000B mobile phone, etc., can encrypt and store text messages, call records, contacts in the mobile phone, etc. in the mobile phone by setting a password, so as to better protect personal privacy. Siemens, Samsung, Mitsubishi and other companies have already produced mobile phones with fingerprint recognition function. When the phone holder puts his finger on the fingerprint sensor when making a call, the mobile phone can identify whether the fingerprint is consistent with the fingerprint of the mobile phone owner input in advance. The samples agree. Once it is different, the phone holder can't call out, and the phone can avoid being stolen by others.

中国专利CN 1172509C提供了一种采用通用串行总线(USB,Universal SerialBus)接口的用户识别模块,中国专利CN 1477890A(公开日2004年2月25日)提供了一种利用手机中的只读存储器保存密码,并通过密码设定来完成手机号码的加密存储。西门子公司的一项中国专利(CN 1535530A)提出了在移动电话中设有三个存储器单元,第一个存储器单元用于存储用户识别信息,第二个存储器单元用于存储使用者识别信息,第三个存储器单元用于存储使用者的个人信息;移动电话用户输入识别信息如果和存储的用户识别信息相符,则移动电话可以登录进移动无线电网络,但不能访问使用者的个人信息,至少包括以下一项信息:电话簿、地址簿、信用卡号码、口令和/或保密数字;移动电话用户输入识别信息如果和存储的使用者识别信息相符,则可以访问使用者的个人信息。Chinese patent CN 1172509C provides a kind of user identification module that adopts Universal Serial Bus (USB, Universal Serial Bus) interface, and Chinese patent CN 1477890A (disclosure date on February 25, 2004) provides a kind of using the read-only memory in the mobile phone Save the password, and complete the encrypted storage of the mobile phone number through the password setting. A Chinese patent (CN 1535530A) of Siemens Corporation proposes to be provided with three memory units in the mobile phone, the first memory unit is used for storing user identification information, the second memory unit is used for storing user identification information, and the third memory unit is used for storing user identification information. A memory unit is used to store the user's personal information; if the identification information entered by the mobile phone user matches the stored user identification information, the mobile phone can log into the mobile radio network, but cannot access the user's personal information, including at least one of the following Items of information: phone book, address book, credit card numbers, passwords and/or secret numbers; mobile phone user input identifying information that matches stored user identifying information, allowing access to the user's personal information.

这些现有技术虽然在一定程度上提高了智能移动终端的安全性,但是仍然存在着以下一些安全问题:Although these existing technologies have improved the security of smart mobile terminals to a certain extent, there are still some security problems as follows:

(1)由于一个智能移动终端一般只有一个用户或角色,而且该用户或角色具有智能移动终端的所有权限,可以使用智能移动终端提供的所有功能,因而存在着用户误操作而导致智能移动终端系统数据被破坏的风险。西门子公司的专利虽然有用户和使用者两种角色,但也仅仅保护了使用者的个人信息的隐私性,对于目前的智能移动终端来说,需要保护的不仅仅是使用者的个人信息。(1) Since a smart mobile terminal generally has only one user or role, and this user or role has all the permissions of the smart mobile terminal, and can use all the functions provided by the smart mobile terminal, there are user misoperations that may lead to the failure of the smart mobile terminal system. Risk of data corruption. Although Siemens' patent has two roles of user and user, it only protects the privacy of the user's personal information. For current smart mobile terminals, it is not only the user's personal information that needs to be protected.

(2)如果智能移动终端的所有者将该智能移动终端借给其他人使用,必然要将用户认证信息,如口令,也告诉使用者,这样就等于把该智能移动终端的所有操作权限交给了其他人,因而一些隐私可能被泄漏,如短信记录、通话记录、通讯录联系人等信息,或者是保存在智能移动终端中的重要商务文档,还可能被借用的人在不被该智能移动终端所有者许可的情况进行上网浏览、发送彩信、使用商务办公软件等费用较高的操作,或者被借用的人有意或无意地更改系统设置导致智能移动终端不能正常使用。(2) If the owner of the smart mobile terminal lends the smart mobile terminal to other people to use, he must also tell the user the user authentication information, such as the password, which is equivalent to handing over all the operating rights of the smart mobile terminal to the user. Therefore, some privacy may be leaked, such as SMS records, call records, contacts in the address book and other information, or important business documents stored in the smart mobile terminal, and may also be borrowed by the person who is not authorized by the smart mobile terminal. Browsing the Internet, sending MMS, using business office software and other expensive operations with the permission of the terminal owner, or the borrower intentionally or unintentionally changes the system settings, resulting in the malfunction of the smart mobile terminal.

(3)有些智能移动终端虽然可以通过设置,使用户在使用智能移动终端设备时需要输入口令,但设置信息和口令都保存在智能移动终端的内存中,当按照一定的操作步骤将该智能移动终端“硬启动”,即恢复出厂状态时,这些信息将全部丢失,智能移动终端又回到不需要输入口令即可使用的状态。(3) Although some smart mobile terminals can be set so that users need to input passwords when using smart mobile terminal equipment, the setting information and passwords are all stored in the memory of the smart mobile terminal. When the terminal is "hard-started", that is, when the factory state is restored, all these information will be lost, and the smart mobile terminal will return to the state where it can be used without entering a password.

因此,现有技术存在一定缺陷,而有待于改进和发展。Therefore, there are certain defects in the prior art, and need to be improved and developed.

发明内容Contents of the invention

本发明的目的是提供一种智能移动终端用户分级管理的方法,针对现有智能移动终端用户管理安全性较差的缺点,提供一种安全性更高的智能移动终端用户管理方法,提出一种智能移动终端用户分级管理方法,对智能移动终端用户根据权限和获得的服务分成若干级别的多个用户,从低到高的不同安全级别的用户给与不同的权限,可以获得智能移动终端提供的不同范围的服务,低安全级别用户不能进行高安全级别的操作,以此来提高智能移动终端使用的安全性。The purpose of the present invention is to provide a method for hierarchical management of intelligent mobile terminal users, aiming at the disadvantages of poor management security of existing intelligent mobile terminal users, to provide a more secure intelligent mobile terminal user management method, and to propose a The intelligent mobile terminal user hierarchical management method divides the intelligent mobile terminal users into several levels of users according to the authority and the services obtained, and gives different authority to users of different security levels from low to high, and can obtain the services provided by the intelligent mobile terminal. For different ranges of services, users with low security levels cannot perform operations with high security levels, so as to improve the security of smart mobile terminals.

本发明的技术方案如下:Technical scheme of the present invention is as follows:

一种智能移动终端用户分级管理的方法,其对所述智能移动终端的使用者进行分类设置,将安全权限至少设置为一般用户和高级用户;A method for hierarchical management of intelligent mobile terminal users, which classifies and sets the users of the intelligent mobile terminal, and sets the security authority to at least general users and advanced users;

一般用户,只能进行智能移动终端提供的通话基本功能,不能进行查看隐私性数据和使用高级操作,作为终端的最低安全级别的用户,一般用户无需输入口令认证即可使用;Ordinary users can only perform the basic call functions provided by the smart mobile terminal, but cannot view private data and use advanced operations. As users with the lowest security level of the terminal, ordinary users can use it without entering password authentication;

高级用户,除具有一般用户的所有功能外,可使用智能移动终端上的高级操作,并对高级用户须身份认证;Advanced users, in addition to having all the functions of ordinary users, can use advanced operations on smart mobile terminals, and identity authentication is required for advanced users;

所述方法包括:The methods include:

所述智能移动终端智开机启动时默认是一般用户;当用户需要进入高级用户时,通过智能移动终端菜单中选择相应功能菜单激活用户身份认证。When the smart mobile terminal is started, the default is a general user; when the user needs to enter the advanced user, the user identity authentication is activated by selecting the corresponding function menu in the menu of the smart mobile terminal.

所述的方法,其中,所述智能移动终端上还设置有管理用户,除具有高级用户所有终端使用上的功能外,还对该智能移动终端提供所有的维护和管理功能;The method described above, wherein, the smart mobile terminal is also provided with a management user, which provides all maintenance and management functions for the smart mobile terminal in addition to the functions used by advanced users on all terminals;

当用户需要进入高级用户角色时,通过智能移动终端菜单中选择相应功能菜单激活用户身份认证。When the user needs to enter the advanced user role, the user identity authentication is activated by selecting the corresponding function menu in the menu of the smart mobile terminal.

所述的方法,其中,所述管理用户采用双因子身份认证,同时输入口令和硬件数据接口的电子钥匙认证或者指纹认证。The method described above, wherein the management user adopts two-factor identity authentication and simultaneously inputs password and electronic key authentication or fingerprint authentication of the hardware data interface.

所述的方法,其中,所述智能移动终端中设置有存储用户信息、口令信息的非易失性安全存储器,以使所述智能移动终端在关机、掉电情况下这些信息不丢失。The method described above, wherein the smart mobile terminal is provided with a non-volatile safety memory for storing user information and password information, so that these information will not be lost when the smart mobile terminal is turned off or powered off.

所述的方法,其中,所述用户身份认证不一致时将信息写入一日志文件中。The method, wherein, when the user identity authentication is inconsistent, information is written into a log file.

本发明的有益效果是:本发明所提供的一种智能移动终端用户分级管理的方法,通过对智能移动终端的用户分级给予权限,这样满足了用户的基本使用,又提高了智能移动终端的安全性;另外,用户角色、口令和对应权限等数据存储在智能移动终端内非易失性安全存储器中,保证了在智能移动终端没电或“硬启动”恢复到出厂状态时,用户管理的相关设置不会改变,本发明与现有技术相比,提高了智能移动终端使用的安全性和方便性。The beneficial effects of the present invention are: the method for hierarchical management of intelligent mobile terminal users provided by the present invention, by granting authority to the user of the intelligent mobile terminal according to the classification, this satisfies the basic use of the user and improves the security of the intelligent mobile terminal In addition, data such as user roles, passwords, and corresponding permissions are stored in the non-volatile security memory in the smart mobile terminal, which ensures that when the smart mobile terminal is out of power or "hard-started" and returns to the factory state, relevant user management The setting will not be changed, and compared with the prior art, the present invention improves the safety and convenience of using the intelligent mobile terminal.

附图说明Description of drawings

图1是本发明方法的智能移动终端和配套电子钥匙的示意图;Fig. 1 is the schematic diagram of the intelligent mobile terminal of the inventive method and supporting electronic key;

图2是本发明的一般用户进入高级用户或管理用户的流程图;Fig. 2 is the flow chart of general user of the present invention entering advanced user or management user;

图3是本发明的高级用户或管理用户返回一般用户的流程图。Fig. 3 is a flow chart of returning a senior user or a management user to a general user in the present invention.

具体实施方式Detailed ways

以下结合附图,将对本发明的各较佳实施例加以详细描述。Various preferred embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

安全领域有个原则,最少的服务+最小的权限=最大的安全。本发明正是基于这样的原则,其核心思想是:提出一种智能移动终端用户分级管理方法,对智能移动终端用户根据权限和获得的服务分成若干级别的多个用户,从低到高的不同安全级别的用户给与不同的权限,可以获得智能移动终端提供的不同范围的服务,低安全级别用户不能进行高安全级别的操作,以此来提高智能移动终端使用的安全性。There is a principle in the security field, the least service + the least authority = the greatest security. The present invention is based on such a principle, and its core idea is: to propose a hierarchical management method for intelligent mobile terminal users, which divides intelligent mobile terminal users into several levels of users according to the authority and the services obtained, and the difference from low to high Security-level users are given different permissions to obtain different ranges of services provided by smart mobile terminals, and low-security-level users cannot perform high-security-level operations, thereby improving the security of smart mobile terminals.

为了方便说明,不失一般性,下面举例但不限于将智能移动终端用户分为一般用户、高级用户和管理用户。For the convenience of description without loss of generality, the following examples, but not limited to, classify smart mobile terminal users into general users, advanced users and management users.

一般用户,只能进行智能移动终端提供的通话基本功能,不能进行其它操作,如收发短信,也不能查看通讯录联系人、短信记录、通话记录等隐私性数据,不能使用彩信、浏览器上网等功能。这些隐私信息和高级功能在一般用户状态下可以加密存放或隐藏。作为终端的最低安全级别的用户,无需输入口令认证即可使用。Ordinary users can only perform basic call functions provided by smart mobile terminals, and cannot perform other operations, such as sending and receiving text messages, nor can they view private data such as contacts in the address book, SMS records, call records, etc. Function. These private information and advanced functions can be encrypted and stored or hidden in the general user state. As a user with the lowest security level of the terminal, it can be used without entering a password for authentication.

高级用户,除了具有一般用户的所有功能外,可以使用智能移动终端上的高级服务功能,如收发短信、彩信,通过浏览器上WAP网或GPRS网,使用日程表、任务、备忘录、商务办公软件等PDA的功能等。由于高级用户安全级别较高,需要一定的身份认证手段进行控制,比如用户进入高级用户角色时需要输入口令,或使用其它身份认证方式。Advanced users, in addition to all the functions of general users, can use advanced service functions on smart mobile terminals, such as sending and receiving short messages, multimedia messages, accessing WAP network or GPRS network through browsers, using schedules, tasks, memos, business office software Wait for the function of PDA and so on. Due to the high security level of advanced users, certain identity authentication means are required for control. For example, users need to enter a password or use other identity authentication methods when entering an advanced user role.

管理用户,除了具有高级用户所有终端使用上的功能外,还有该智能移动终端提供的所有的维护和管理的功能,是安全级别最高、权限最大的用户,可以进行智能移动终端参数设置和网络设置,系统软件的下载和更新,通过红外线、蓝牙或USB数据线与计算机同步数据。由于安全级别最高,要有比高级用户更强的身份认证手段,可以采用双因子认证,即除了输入口令,还需要有硬件,如连接智能移动终端数据接口(如USB接口或其它接口)的电子钥匙,或者是指纹等个人生物特征。管理用户主要实现对智能移动终端的管理维护功能,因为智能移动终端采用了开放性商用操作系统,可能需要系统升级等维护管理操作,这一点不同于传统手机,因此专门设一个管理用户对于智能移动终端来说是必要的。Management users, in addition to the functions of all terminals used by advanced users, also have all the maintenance and management functions provided by the smart mobile terminal. It is the user with the highest security level and the greatest authority. It can set the parameters of the smart mobile terminal and network Setting, downloading and updating of system software, synchronizing data with computer via infrared, bluetooth or USB data cable. Due to the highest level of security, there must be a stronger identity authentication method than advanced users. Two-factor authentication can be used. Keys, or personal biometrics such as fingerprints. The management user mainly realizes the management and maintenance function of the smart mobile terminal, because the smart mobile terminal adopts an open commercial operating system, which may require maintenance and management operations such as system upgrades, which is different from traditional mobile phones, so a management user is specially set up for smart mobile terminals. It is necessary for the terminal.

智能移动终端开机启动时默认是一般用户角色,可以满足用户的基本使用。当用户需要进入高级用户角色时,通过智能移动终端菜单中选择相应功能菜单激活用户身份认证,比如是采用口令认证方式,则智能移动终端要求输入高级用户口令,用户输入口令,智能移动终端内部软件将用户输入的口令与智能移动终端内存储的高级用户口令比对,如果一致则进入高级用户角色状态,如果不一致则仍然保持一般用户状态,给出口令错误的提示,并可选地将该操作信息记录到智能移动终端系统日志中,方便以后查询。When the smart mobile terminal starts up, it defaults to a general user role, which can satisfy the basic use of the user. When the user needs to enter the advanced user role, select the corresponding function menu in the smart mobile terminal menu to activate user identity authentication. For example, if the password authentication method is adopted, the smart mobile terminal requires the input of the advanced user password. Compare the password entered by the user with the advanced user password stored in the smart mobile terminal, if they are consistent, enter the advanced user role state, if not, then maintain the general user state, give a password error prompt, and optionally perform The information is recorded in the system log of the smart mobile terminal, which is convenient for future inquiries.

同样原理,如果用户需要进入管理用户角色时,通过智能移动终端菜单中选择相应功能菜单激活用户身份认证,比如是采用USB接口的电子钥匙和用户口令的双因子认证方式,则要求用户先插入电子钥匙,然后输入用户口令。这时用户需要首先插入电子钥匙,如果智能移动终端检测到了电子钥匙,提示用户输入口令,智能移动终端内部软件将用户输入的口令与智能移动终端内存储的管理用户口令比对,如果一致则进入管理用户角色状态;如果智能移动终端没有检测到电子钥匙,或者检测到了电子钥匙但是用户输入的口令与智能移动终端内存储的管理用户口令不一致,则仍然保持当前安全级别用户状态,给出相应的错误提示,并可选地将该操作信息记录到系统日志中,方便以后查询。In the same principle, if the user needs to enter the management user role, he can activate the user identity authentication by selecting the corresponding function menu in the menu of the smart mobile terminal. key, and then enter the user password. At this time, the user needs to insert the electronic key first. If the smart mobile terminal detects the electronic key, it will prompt the user to enter the password. The internal software of the smart mobile terminal will compare the password entered by the user with the management user password stored in the smart mobile terminal. If they are consistent, enter Management user role status; if the electronic key is not detected by the smart mobile terminal, or if the electronic key is detected but the password entered by the user is inconsistent with the management user password stored in the smart mobile terminal, the current security level user status is still maintained, and the corresponding Error prompt, and optionally record the operation information in the system log for later query.

为了进一步提高安全性,用户角色、口令信息可存储在智能移动终端中的非易失性安全存储器中,保证智能移动终端在关机、掉电情况下这些信息不丢失。In order to further improve security, user role and password information can be stored in the non-volatile safety memory in the smart mobile terminal to ensure that these information will not be lost when the smart mobile terminal is turned off or powered off.

如图1所示的本发明实施例是将智能移动终端用户分为一般用户、高级用户和管理用户。一般用户,只能进行智能移动终端提供的通话基本功能,不能进行其它操作,特别是不能查看涉及智能移动终端所有者隐私的信息,如通讯录联系人、短信记录、通话记录等;高级用户,除了具有一般用户的所有功能外,再增加一些终端使用上的高级功能,保证智能移动终端所有者可以享用所有应用服务;管理用户,除了具有高级用户所有终端使用上的功能外,还有该智能移动终端提供的所有的维护和管理的功能。In the embodiment of the present invention shown in FIG. 1 , smart mobile terminal users are divided into general users, advanced users and management users. Ordinary users can only perform the basic call functions provided by the smart mobile terminal, and cannot perform other operations, especially cannot view information related to the privacy of the owner of the smart mobile terminal, such as contacts in the address book, SMS records, call records, etc.; advanced users, In addition to all the functions of general users, some advanced functions for terminal use are added to ensure that owners of smart mobile terminals can enjoy all application services; management users, in addition to having all the functions of advanced users for terminal use, also have the smart All maintenance and management functions provided by the mobile terminal.

本发明的智能移动终端在出厂时预先设定该智能移动终端的不同安全级别的用户,每个安全级别的用户可以进行的操作,高级用户和管理用户的口令等,这些信息都可以存储在智能移动终端内部的非易失性安全存储器中。如果需要USB接口的电子钥匙进行管理用户身份认证,智能移动终端出厂时还需要配套相应的电子钥匙,电子钥匙中存储用于管理用户身份认证的数据。When the intelligent mobile terminal of the present invention leaves the factory, the users of different security levels of the intelligent mobile terminal, the operations that users of each security level can perform, the passwords of advanced users and management users, etc., can all be stored in the intelligent mobile terminal. in the non-volatile secure memory inside the mobile terminal. If an electronic key with a USB interface is required to manage user identity authentication, the smart mobile terminal also needs to be matched with a corresponding electronic key when it leaves the factory, and the data for managing user identity authentication is stored in the electronic key.

智能移动终端在用户开机使用时默认进入一般用户状态;在用户希望进行更高安全级别操作的时候可以通过输入口令的身份认证方式进入高级用户;如果用户希望进行最高安全级别操作的时候可以通过插入USB接口的电子钥匙并且输入口令的双因子身份认证方式进入管理用户状态;进行完高级操作后,为了安全考虑,用户退出高级用户或管理用户状态,返回一般用户状态。The smart mobile terminal enters the general user status by default when the user turns it on; when the user wants to operate at a higher security level, he can enter the advanced user through the identity authentication method of entering a password; if the user wants to operate at the highest security level, he can insert The electronic key of the USB interface and the two-factor identity authentication method of entering the password enter the management user state; after performing advanced operations, for safety reasons, the user exits the advanced user or management user state and returns to the general user state.

用户从一般用户状态进入高级用户状态或管理用户状态的流程如图2所示,用户从高级用户状态或管理用户状态退出返回一般用户状态的流程如图3所示。通过以下步骤方法来实现:Figure 2 shows the process for a user to enter a power user state or a management user state from a general user state, and Figure 3 shows the process for a user to exit from a power user state or a management user state to return to a general user state. This is achieved through the following steps:

1.如图2所示,用户打开智能移动终端的电源开关,智能移动终端启动后进入一般用户状态,用户可以进行通话操作;1. As shown in Figure 2, the user turns on the power switch of the smart mobile terminal, and the smart mobile terminal enters the general user state after startup, and the user can perform call operations;

2.如果用户希望进行收发短信和彩信,增加联系人,或使用商务办公软件等高级操作,用户选择智能移动终端菜单中具有“进入高级用户状态”功能的菜单,智能移动终端弹出要求输入口令的界面,用户输入口令,智能移动终端内部软件将用户输入的口令与存储在非易失性安全存储器中的高级用户口令比对,如果一致,则智能移动终端内部软件将当前用户角色修改为高级用户状态,如果不一致则仍然保持一般用户状态,给出口令错误的提示,并可选地将该操作信息记录到智能移动终端系统日志中,方便以后查询。2. If the user wants to perform advanced operations such as sending and receiving text messages and multimedia messages, adding contacts, or using business office software, the user selects the menu with the function of "entering advanced user status" in the menu of the smart mobile terminal, and the smart mobile terminal pops up a message asking for a password. interface, the user enters the password, and the internal software of the smart mobile terminal compares the password entered by the user with the advanced user password stored in the non-volatile safety memory. If the status is inconsistent, it will still maintain the general user status, give a prompt that the password is wrong, and optionally record the operation information in the system log of the smart mobile terminal, so as to facilitate future inquiries.

3.如果用户希望进行智能移动终端参数设置、网络设置、系统软件升级等最高级操作,用户选择智能移动终端菜单中具有“进入管理用户状态”功能的菜单,智能移动终端弹出要求输入插入电子钥匙并输入用户口令的界面,用户插入电子钥匙,并输入口令,智能移动终端内部软件检测电子钥匙,并与电子钥匙进行数据交换,检查电子钥匙的有效性;如果没有检测到电子钥匙或者电子钥匙无效,则给出相应提示,并将信息记录到智能移动终端系统日志中,对当前用户状态不作修改;如果确认电子钥匙有效,再将用户输入的口令与存储在非易失性安全存储器中的管理用户口令比对,如果不一致则给出相应提示,并将信息记录到智能移动终端系统日志中,对当前用户状态不作修改;如果一致,则智能移动终端内部软件将当前用户角色修改为管理用户状态。3. If the user wants to perform the highest-level operations such as intelligent mobile terminal parameter setting, network setting, system software upgrade, etc., the user selects the menu with the function of "entering the management user state" in the intelligent mobile terminal menu, and the intelligent mobile terminal pops up asking to input and insert the electronic key And input the user password interface, the user inserts the electronic key and enters the password, the internal software of the smart mobile terminal detects the electronic key, and exchanges data with the electronic key to check the validity of the electronic key; if the electronic key is not detected or the electronic key is invalid , then a corresponding prompt will be given, and the information will be recorded in the system log of the smart mobile terminal, and the current user status will not be modified; if the electronic key is confirmed to be valid, the password entered by the user will be compared with the management key stored in the non-volatile safety memory. Comparing the user passwords, if they are inconsistent, a corresponding prompt will be given, and the information will be recorded in the system log of the smart mobile terminal, and the current user status will not be modified; if they are consistent, the internal software of the smart mobile terminal will modify the current user role to manage the user status .

4.如图3所示,如果用户处于高级用户状态,进行完操作后,选择智能移动终端菜单中具有“退出高级用户状态”功能的菜单,智能移动终端内部软件将当前用户角色修改为一般用户状态。4. As shown in Figure 3, if the user is in the advanced user status, after completing the operation, select the menu with the function of "exit advanced user status" in the menu of the smart mobile terminal, and the internal software of the smart mobile terminal will change the current user role to a general user state.

5.如图3所示,如果用户处于管理用户状态,进行完操作后,选择智能移动终端菜单中具有“退出管理用户状态”功能的菜单,智能移动终端内部软件将当前用户角色修改为一般用户状态。5. As shown in Figure 3, if the user is in the management user state, after the operation, select the menu with the function of "exit management user status" in the menu of the smart mobile terminal, and the internal software of the smart mobile terminal will change the current user role to a general user state.

综上,本发明方法通过对智能移动终端的用户分级给予权限,这样满足了用户的基本使用,又提高了智能移动终端的安全性;另外,用户角色、口令和对应权限等数据存储在智能移动终端内非易失性安全存储器中,保证了在智能移动终端没电或“硬启动”恢复到出厂状态时,用户管理的相关设置不会改变,本发明与现有技术相比,提高了智能移动终端使用的安全性和方便性。To sum up, the method of the present invention grants permissions to users of smart mobile terminals by grading, which satisfies the basic use of users and improves the security of smart mobile terminals; in addition, data such as user roles, passwords, and corresponding permissions are stored in the smart mobile terminal. In the non-volatile safety memory in the terminal, it is ensured that when the intelligent mobile terminal is out of power or "hard-started" and returns to the factory state, the relevant settings of user management will not be changed. Compared with the prior art, the present invention improves the intelligence The safety and convenience of mobile terminal use.

应当理解的是,本发明上述针对较佳实施例的描述比较具体,并不能因此而理解为对本发明专利保护范围的限制,本发明的专利保护范围应以所附权利要求为准。It should be understood that the above description of the preferred embodiments of the present invention is more specific, and should not be construed as limiting the scope of the patent protection of the present invention. The scope of patent protection of the present invention should be based on the appended claims.

Claims (5)

1、一种智能移动终端用户分级管理的方法,其对所述智能移动终端的使用者进行分类设置,将安全权限至少设置为一般用户和高级用户;1. A method for hierarchical management of smart mobile terminal users, which classifies and sets the users of the smart mobile terminal, and sets security permissions to at least general users and advanced users; 一般用户,只能进行智能移动终端提供的通话基本功能,不能进行查看隐私性数据和使用高级操作,作为终端的最低安全级别的用户,一般用户无需输入口令认证即可使用;Ordinary users can only perform the basic call functions provided by the smart mobile terminal, but cannot view private data and use advanced operations. As users with the lowest security level of the terminal, ordinary users can use it without entering password authentication; 高级用户,除具有一般用户的所有功能外,可使用智能移动终端上的高级操作,并对高级用户须身份认证;Advanced users, in addition to having all the functions of ordinary users, can use advanced operations on smart mobile terminals, and identity authentication is required for advanced users; 所述方法包括:The methods include: 所述智能移动终端智开机启动时默认是一般用户;当用户需要进入高级用户时,通过智能移动终端菜单中选择相应功能菜单激活用户身份认证。When the smart mobile terminal is started, the default is a general user; when the user needs to enter the advanced user, the user identity authentication is activated by selecting the corresponding function menu in the menu of the smart mobile terminal. 2、根据权利要求1所述的方法,其特征在于,所述智能移动终端上还设置有管理用户,除具有高级用户所有终端使用上的功能外,还对该智能移动终端提供所有的维护和管理功能;2. The method according to claim 1, characterized in that, the intelligent mobile terminal is also provided with a management user, which provides all maintenance and management functions; 当用户需要进入高级用户角色时,通过智能移动终端菜单中选择相应功能菜单激活用户身份认证。When the user needs to enter the advanced user role, the user identity authentication is activated by selecting the corresponding function menu in the menu of the smart mobile terminal. 3、根据权利要求2所述的方法,其特征在于,所述管理用户采用双因子身份认证,同时输入口令和硬件数据接口的电子钥匙认证或者指纹认证。3. The method according to claim 2, wherein the management user adopts two-factor identity authentication, and simultaneously inputs password and electronic key authentication or fingerprint authentication of the hardware data interface. 4、根据权利要求1~3任意权项所述的方法,其特征在于,所述智能移动终端中设置有存储用户信息、口令信息的非易失性安全存储器,以使所述智能移动终端在关机、掉电情况下这些信息不丢失。4. The method according to any one of claims 1-3, characterized in that the smart mobile terminal is provided with a non-volatile safety memory for storing user information and password information, so that the smart mobile terminal can These information will not be lost in case of shutdown or power failure. 5、根据权利要求2或3所述的方法,其特征在于,所述用户身份认证不一致时将信息写入一日志文件中。5. The method according to claim 2 or 3, characterized in that, when the user identity authentication is inconsistent, information is written into a log file.
CN2005100691778A 2005-05-12 2005-05-12 A method for hierarchical management of intelligent mobile terminal users Expired - Fee Related CN100407831C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2005100691778A CN100407831C (en) 2005-05-12 2005-05-12 A method for hierarchical management of intelligent mobile terminal users

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2005100691778A CN100407831C (en) 2005-05-12 2005-05-12 A method for hierarchical management of intelligent mobile terminal users

Publications (2)

Publication Number Publication Date
CN1863350A true CN1863350A (en) 2006-11-15
CN100407831C CN100407831C (en) 2008-07-30

Family

ID=37390652

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2005100691778A Expired - Fee Related CN100407831C (en) 2005-05-12 2005-05-12 A method for hierarchical management of intelligent mobile terminal users

Country Status (1)

Country Link
CN (1) CN100407831C (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217399B (en) * 2007-12-29 2010-08-04 华为终端有限公司 Data card background system and its operation method
CN101917513A (en) * 2010-08-02 2010-12-15 中兴通讯股份有限公司 Method and device for implementing graded display of privacy information
CN102905020A (en) * 2012-09-25 2013-01-30 东莞宇龙通信科技有限公司 Processing method of mobile terminal data information and mobile terminal
CN102957804A (en) * 2012-11-16 2013-03-06 深圳桑菲消费通信有限公司 Multi-account application cell phone and use method thereof
CN102044099B (en) * 2009-10-21 2013-03-20 张小鹏 Universal identity representation and operation control system
CN103108082A (en) * 2013-01-24 2013-05-15 北京航空航天大学 Smartphone multi-user mode permission management method and smartphone multi-user mode permission management system
CN103164264A (en) * 2011-12-16 2013-06-19 中兴通讯股份有限公司 Application program manager and application program management method and access method
CN103793636A (en) * 2012-11-01 2014-05-14 华为技术有限公司 Equipment and method for protecting privacy thereof
CN101309478B (en) * 2008-06-25 2014-11-19 宇龙计算机通信科技(深圳)有限公司 Method for mobile terminal data access
CN110266666A (en) * 2019-06-05 2019-09-20 瀚云科技有限公司 A kind of method for managing security and system based on industry internet
CN110765439A (en) * 2018-08-17 2020-02-07 哈尔滨安天科技集团股份有限公司 Method, device and storage medium for encrypting and authenticating mobile storage

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514635A (en) * 2003-04-29 2004-07-21 叶丰平 Method of realizing mobile electronic business using finger print intelligence terminal and intelligent hand set
CN100359427C (en) * 2005-04-06 2008-01-02 杭州波导软件有限公司 Method for realizing classification management of use right of mobile terminal user

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217399B (en) * 2007-12-29 2010-08-04 华为终端有限公司 Data card background system and its operation method
CN101309478B (en) * 2008-06-25 2014-11-19 宇龙计算机通信科技(深圳)有限公司 Method for mobile terminal data access
CN102044099B (en) * 2009-10-21 2013-03-20 张小鹏 Universal identity representation and operation control system
CN101917513B (en) * 2010-08-02 2014-07-16 中兴通讯股份有限公司 Method and device for implementing graded display of privacy information
CN101917513A (en) * 2010-08-02 2010-12-15 中兴通讯股份有限公司 Method and device for implementing graded display of privacy information
CN103164264B (en) * 2011-12-16 2016-03-30 中兴通讯股份有限公司 Application manager, application management method and access method
CN103164264A (en) * 2011-12-16 2013-06-19 中兴通讯股份有限公司 Application program manager and application program management method and access method
WO2013086798A1 (en) * 2011-12-16 2013-06-20 中兴通讯股份有限公司 Application manager, application management method and access method
CN102905020B (en) * 2012-09-25 2015-07-22 东莞宇龙通信科技有限公司 Processing method of mobile terminal data information and mobile terminal
CN102905020A (en) * 2012-09-25 2013-01-30 东莞宇龙通信科技有限公司 Processing method of mobile terminal data information and mobile terminal
CN103793636A (en) * 2012-11-01 2014-05-14 华为技术有限公司 Equipment and method for protecting privacy thereof
CN103793636B (en) * 2012-11-01 2017-12-22 华为技术有限公司 A kind of method of equipment and protection equipment privacy
CN102957804A (en) * 2012-11-16 2013-03-06 深圳桑菲消费通信有限公司 Multi-account application cell phone and use method thereof
CN103108082B (en) * 2013-01-24 2014-06-04 北京航空航天大学 Smartphone multi-user mode permission management method and smartphone multi-user mode permission management system
CN103108082A (en) * 2013-01-24 2013-05-15 北京航空航天大学 Smartphone multi-user mode permission management method and smartphone multi-user mode permission management system
CN110765439A (en) * 2018-08-17 2020-02-07 哈尔滨安天科技集团股份有限公司 Method, device and storage medium for encrypting and authenticating mobile storage
CN110266666A (en) * 2019-06-05 2019-09-20 瀚云科技有限公司 A kind of method for managing security and system based on industry internet

Also Published As

Publication number Publication date
CN100407831C (en) 2008-07-30

Similar Documents

Publication Publication Date Title
US9659164B2 (en) Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device
KR101438869B1 (en) Systems and methods for accessing a tamperproof storage device in a wireless communication device using biometric data
US8327450B2 (en) Digital safety deposit box
US8218734B2 (en) Messaging with a locked communication device
US20090270126A1 (en) Mobile terminal having anti-theft function and anti-theft method
CN101917513B (en) Method and device for implementing graded display of privacy information
US20080320577A1 (en) Personal Token With Parental Control
US20060136219A1 (en) User authentication by combining speaker verification and reverse turing test
US20150169858A1 (en) Pluggable authentication mechanism for mobile device applications
CN101296457A (en) Screen operation method and device
US20090097718A1 (en) Digital camera with fingerprint identification function
WO2017143879A1 (en) File permission management method and device
CN1585325A (en) Zoned based security administration for data items
CN1487763A (en) Method for Ensuring Security of Mobile Communication Terminal
EP1980049A1 (en) Wireless authentication
CN1353365A (en) Use method of safety cipher in nonsafety programming environment
CN1764884A (en) Be used to authorize device to the visit of electronic equipment
CN100407831C (en) A method for hierarchical management of intelligent mobile terminal users
CN106022039A (en) Secure storage system and storage method of electronic information
CN101309478B (en) Method for mobile terminal data access
Sikder et al. A survey on android security: development and deployment hindrance and best practices
GB2598130A (en) Controlled data access
CN1968467A (en) Mobile terminal and terminal user information protection method
US6993330B2 (en) Method and apparatus for remotely performing tasks in a wireless personal digital assistant
CN110766850A (en) Visitor information management method, access control system, server and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080730

Termination date: 20190512