[go: up one dir, main page]

WO2019090702A1 - Procédé et dispositif de protection de sécurité de terminal - Google Patents

Procédé et dispositif de protection de sécurité de terminal Download PDF

Info

Publication number
WO2019090702A1
WO2019090702A1 PCT/CN2017/110479 CN2017110479W WO2019090702A1 WO 2019090702 A1 WO2019090702 A1 WO 2019090702A1 CN 2017110479 W CN2017110479 W CN 2017110479W WO 2019090702 A1 WO2019090702 A1 WO 2019090702A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
security
security information
mode
security mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/110479
Other languages
English (en)
Chinese (zh)
Inventor
涂永峰
龙水平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201780096669.7A priority Critical patent/CN111316269A/zh
Priority to PCT/CN2017/110479 priority patent/WO2019090702A1/fr
Publication of WO2019090702A1 publication Critical patent/WO2019090702A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present application relates to the field of communications, and in particular, to a security protection method and apparatus for a terminal.
  • the terminal can store various information of the user, such as contact information, financial information, work materials, personal privacy, and the like.
  • information of the user such as contact information, financial information, work materials, personal privacy, and the like.
  • the terminal leaves the user (such as lost, swimming, or bathing).
  • the terminal faces a variety of risks (such as the lock screen password is cracked, the message Being eavesdropped, etc.).
  • the information of the terminal can be remotely destroyed. It is also possible to set more complicated security information for the terminal and cooperate with the fingerprint password to improve the security of the terminal. However, using the above method may result in a large loss of information. At the same time, the risk of the terminal being cracked cannot be completely eliminated.
  • the embodiments of the present invention provide a security protection method and device for a terminal.
  • the terminal By enabling the terminal to enter a security mode, the security performance of the terminal when the user is in control is improved, and the information loss risk of the terminal is reduced.
  • an embodiment of the present invention provides a method for securing a terminal, which is used to protect terminal information security, and includes the following steps:
  • the terminal detects a first operation of the user, the first operation is for causing the terminal to enter a security mode; the security mode includes at least one of the following options: the terminal enters a screen lock state, in a first time period The screen cannot be unlocked, the terminal cannot perform a shutdown or restart operation; the terminal does not allow the flight mode to be activated; and the terminal is powered off, and the power-on operation is not allowed in the second time period. Therefore, the terminal can effectively ensure the security of the terminal under the control of the user in the security mode, thereby greatly reducing the security risk.
  • the method further includes: when the terminal enters a screen lock state for a time greater than or equal to a first threshold, the terminal automatically enters the security mode.
  • the method further includes: verifying the first security information before the terminal enters the security mode; the first security information includes at least one of the following options: a number, a graphic Password, and biometrics.
  • the method further includes: the first operation includes at least one of the following: a voice, a specific gesture, selecting a touch button, and operating a physical button.
  • the method further includes: in the security mode, at least one of a software function or a hardware function of the terminal is disabled.
  • the method further includes: the terminal device can be according to user requirements The user can set the protection of the security risks that the user pays attention to. In this way, the terminal security can be enhanced, the efficiency is improved, and the user is personalized.
  • the method further includes: the terminal detects a second operation, and the terminal exits the security mode.
  • the method further includes: before exiting the security mode, the terminal verifies the second security information, where the second security information is different from the first security information; the second security The information includes at least one of the following options: numbers, graphical passwords, and biometrics.
  • the second security information has a higher operational authority than the first security information, and the second security information needs to be verified when the terminal is powered on during the second time period. The implementation manner can effectively improve the security of the terminal, and can also facilitate the operation of the user.
  • the method further includes: if the terminal performs the operation prohibited in the security mode during the first time period or the second time period, the second verification is required. Security Information.
  • the method further includes: if the terminal does not set the second security information, the operation of the terminal in the security mode is prohibited.
  • the method further includes: before entering the security mode, the terminal verifies the first security information, otherwise the security mode cannot be entered.
  • the method further includes: the terminal may preset a time point, and when the preset time point is reached, the terminal automatically enters a security mode, and the terminal may also be improved in this manner.
  • Equipment security may be used to improve the terminal's performance of the terminal.
  • the method further includes: the terminal has an intelligent mode, and the terminal may enter the security mode according to the smart mode state, so that the flexibility of the terminal security protection may be improved.
  • the method further includes: the terminal recording the security log in the security mode, so that the user can query any event in the security mode to improve security.
  • the method further includes: when the terminal detects an abnormality, the terminal sends information to the matched terminal, and the user may process in time to reduce the loss.
  • an embodiment of the present invention provides a terminal, including: a detecting module, configured to detect a first operation of a user, where the first operation is used to enter the security mode; the security mode includes the following At least one of the options: the terminal enters a screen lock state, the screen cannot be unlocked during the first time period, the terminal cannot perform a shutdown or restart operation; the terminal does not allow the flight mode to be activated; and, the terminal Shutdown, the boot operation is not allowed during the second time period.
  • the terminal further includes: a verification module, configured to verify the first security information; the first security information includes at least one of the following options: a number, a graphic password, and a biometric.
  • the terminal further includes: a prohibiting module, configured to disable at least one of a software function or a hardware function of the terminal.
  • an embodiment of the present invention provides a terminal, including: one or more processors; one or more memories, where one or more computer programs are stored in the one or more memories, the one or more The computer program includes instructions that, when executed by the one or more processors, cause the terminal to perform any of the methods described in the first aspect above.
  • an embodiment of the present invention provides a computer program product including instructions, when the computer program
  • the serial product when run on an electronic device, causes the electronic device to perform the method described in the first aspect above.
  • an embodiment of the present invention provides a computer readable storage medium, including instructions, when the instruction is run on an electronic device, causing the electronic device to perform the method described in the first aspect above.
  • an embodiment of the present invention further provides a data processing system, including a module for performing the methods provided by the foregoing first aspect.
  • the solution provided by the present invention has better security performance, more applicable scenarios, and higher degree of personalization. If the user can customize the settings according to their own needs, the security risks that need to be concerned, and the software and hardware functions required for the restrictions.
  • the user can set a safe shutdown time to ensure that the terminal cannot be turned on after the user leaves for a period of time. At the same time, the user can also set a safe shutdown password. After the security shutdown state is completed or after the end, only the security shutdown password verification succeeds, the terminal can boot normally.
  • FIG. 1 is a block diagram showing a partial structure of a terminal according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for a terminal to enter a security mode according to an embodiment of the present invention
  • FIG. 3(a) is a flowchart of a method for a terminal to activate a security mode according to an embodiment of the present invention
  • FIG. 3(b) is a schematic diagram of a special gesture activation security mode according to an embodiment of the present invention.
  • FIG. 3(c) is a schematic diagram of a lock screen of a terminal in a secure mode according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for a self-activation security mode of a terminal according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a method for detecting an abnormality of a terminal according to an embodiment of the present invention
  • FIG. 6 is a flowchart of a method for shutting down a terminal in a secure mode according to an embodiment of the present invention
  • FIG. 6(b) is a schematic diagram of a shutdown interface in a secure mode according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a method for determining whether a user configures second security information according to an embodiment of the present invention
  • FIG. 8 is a flowchart of a method for verifying second security information in a terminal security mode shutdown according to an embodiment of the present invention
  • FIG. 9 is a flowchart of a method for setting a second time period according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of a method for booting in a second time period according to an embodiment of the present invention.
  • FIG. 11 is a block diagram of a terminal according to an embodiment of the present invention.
  • first, second, third, etc. may be used to describe various messages, requests, and terminals in the embodiments of the present invention, these messages, requests, and terminals should not be limited to these terms. These terms are only used to Messages, requests, and terminals are distinguished from one another.
  • a first terminal may also be referred to as a second terminal without departing from the scope of the embodiments of the present invention.
  • the second terminal may also be referred to as a first terminal.
  • the security protection method provided by the embodiment of the present invention is used to protect terminal information security.
  • the terminal can be, for example, a mobile phone, a tablet computer, a laptop computer, a digital camera, a personal digital assistant (PDA), a navigation device, a mobile Internet device (MID), or a wearable device. .
  • PDA personal digital assistant
  • MID mobile Internet device
  • FIG. 1 is a block diagram showing a partial structure of a terminal according to an embodiment of the present invention.
  • the terminal is described by taking the mobile phone 100 as an example.
  • the mobile phone 100 includes: a radio frequency (RF) circuit 110, a power source 120, a processor 130, a memory 140, an input unit 150, a display unit 160, a sensor 170, and audio.
  • the circuit 180 and a component such as a wireless fidelity (Wi-Fi) module 190.
  • Wi-Fi wireless fidelity
  • the components of the mobile phone 100 will be specifically described below with reference to FIG. 1 :
  • the RF circuit 110 can be used to send and receive information or to receive and transmit signals during a call.
  • the RF circuit 110 may send downlink data received from the base station to the processor 130 for processing, and send the uplink data to the base station.
  • RF circuits include, but are not limited to, RF chips, antennas, at least one amplifier, transceiver, coupler, Low Noise Amplifier (LNA), duplexer, RF switch, and the like.
  • LNA Low Noise Amplifier
  • RF circuitry 110 can also communicate wirelessly with networks and other devices.
  • the wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CodeDivision). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.
  • GSM Global System of Mobile communication
  • GPRS General Packet Radio Service
  • the memory 140 can be used to store software programs and modules, and the processor 130 executes various functional applications and data processing of the mobile phone 100 by running software programs and modules stored in the memory 140.
  • the memory 140 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the mobile phone 100 (such as audio data, phone book, etc.) and the like.
  • memory 140 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the memory 140 can also store a knowledge base, a tag library, and an algorithm library.
  • the input unit 150 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the handset 100.
  • the input unit 150 may include a touch panel 151 and other input devices 152.
  • the touch panel 151 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 151 or near the touch panel 151. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 151 may include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 130 is provided and can receive commands from the processor 130 and execute them. In addition, resistive, capacitive, infrared, and table can be used.
  • the touch panel 151 is implemented in various types such as surface acoustic waves.
  • the input unit 150 may also include other input devices 152.
  • other input devices 152 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 160 can be used to display information input by the user or information provided to the user and various menus of the mobile phone 100.
  • the display unit 160 may include a display panel 161.
  • the display panel 161 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 151 can cover the display panel 161. When the touch panel 151 detects a touch operation on or near the touch panel 151, the touch panel 151 transmits to the processor 130 to determine the type of the touch event, and then the processor 130 according to the touch event. The type provides a corresponding visual output on display panel 161.
  • the touch panel 151 and the display panel 161 are two independent components to implement the input and input functions of the mobile phone 100 in FIG. 1, in some embodiments, the touch panel 151 may be integrated with the display panel 161. The input and output functions of the mobile phone 100 are implemented.
  • the handset 100 can also include at least one type of sensor 170, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 161 according to the brightness of the ambient light, and the proximity sensor may close the display panel 161 when the mobile phone 100 moves to the ear. / or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping).
  • the mobile phone 100 can also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, and the like, and will not be described herein.
  • the audio circuit 180, the speaker 181, and the microphone 182 can provide an audio interface between the user and the handset 100.
  • the audio circuit 180 can transmit the converted electrical data of the received audio data to the speaker 181 for conversion to the sound signal output by the speaker 181; on the other hand, the microphone 182 converts the collected sound signal into an electrical signal by the audio circuit 180. After receiving, it is converted into audio data, and then the audio data is output to the RF circuit 110 for transmission to, for example, another mobile phone, or the audio data is output to the memory 140 for further processing.
  • Wi-Fi is a short-range wireless transmission technology.
  • the mobile phone 100 can help users to send and receive emails, browse web pages, and access streaming media through the Wi-Fi module 190, which provides users with wireless broadband Internet access.
  • FIG. 1 shows the Wi-Fi module 190, it can be understood that it does not belong to the essential configuration of the mobile phone 100, and may be omitted as needed within the scope of not changing the essence of the invention.
  • the processor 130 is the control center of the handset 100, which connects various portions of the entire handset using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 140, and recalling data stored in the memory 140, The various functions and processing data of the mobile phone 100 are executed, thereby realizing various services based on the mobile phone.
  • the processor 130 may include one or more processing units; preferably, the processor 130 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 130.
  • the processor 130 may execute program instructions stored in the memory 140 to implement the method shown in the following embodiments.
  • the mobile phone 100 also includes a power source 120 (such as a battery) that supplies power to various components, and the power source can pass through the power tube.
  • the system is logically coupled to the processor 130 to manage functions such as charging, discharging, and power consumption through a power management system.
  • the mobile phone 100 may further include a camera, a Bluetooth module, and the like, and details are not described herein.
  • the embodiment of the present invention provides a method for security protection of a terminal. As shown in FIG. 2, the method in this embodiment includes:
  • Step 201 The terminal detects the first operation
  • Step 202 verifies the first security information, and the terminal enters a security mode.
  • Step 203 after the terminal enters the security mode, detecting the second operation
  • Step 204 if the time to enter the security mode exceeds the first time period, the process proceeds to step 205; if the time to enter the security mode is within the first time period, the process proceeds to step 206;
  • Step 205 the terminal outputs the exit security mode
  • Step 206 The terminal inputs the second security information, and exits the security mode after the verification succeeds.
  • the execution subject of the embodiment of the present invention is a terminal, and the terminal includes an electronic device having communication capability, such as a smart phone, a tablet computer, and a navigation device.
  • an electronic device having communication capability such as a smart phone, a tablet computer, and a navigation device.
  • the first operation described in step 201 includes at least one of the following options: voice, specific gesture, selection of touch button, and operation of physical button.
  • voice and specific gestures can be preset by the terminal or can be customized by the user.
  • the physical button can be operated as a single button or a combination of buttons.
  • the touch button can be a virtual button on the display of the terminal.
  • the user simultaneously presses the power button and volume button of the terminal, and the terminal enters a safe mode.
  • the first security information in step 202 includes at least one of the following options: a number, a graphic password, and a biometric (including but not limited to fingerprint, iris recognition, face recognition) At least one of them.
  • the first security information is used to verify that the terminal enters a security mode. For example, when the terminal detects the first operation, the user is required to input a fingerprint, and when the fingerprint verification is correct, the terminal enters a screen lock state.
  • the first time period may be a certain length of time, for example, 10 minutes.
  • the terminal After the terminal enters the security mode for more than 10 minutes, after receiving the instruction to exit the security mode, the terminal exits. Safe mode. If the terminal enters the security mode for less than 10 minutes, after receiving the instruction to exit the security mode, the terminal needs to successfully verify the second security information before exiting the security mode.
  • the first time period may also be a specific time period, for example, a time period of 14:10 to 14:30, after receiving the instruction to exit the security mode, if the current time is At 14:35, the terminal exits the security mode. After receiving the instruction to exit the security mode, if the current time is 14:20, the terminal needs to successfully verify the second security information before exiting the security mode.
  • the security mode described in step 201 includes at least one of the following options: the terminal enters a screen lock state, and in the first time period, the screen cannot be unlocked, and the terminal cannot Perform a shutdown or restart operation; or do not allow to start the flight mode; or do not allow the power on operation during the second time period.
  • the second time period may be a certain length of time, or may be a specific time period, and the second time period may be the same as or different from the first time period.
  • the security mode further includes that at least one of a software function or a hardware function of the terminal is disabled.
  • the restriction software function includes, but is not limited to, the terminal cannot change the mute setting (including mute, vibration, or normal volume), cannot use any payment software, turn off the lock screen camera and camera function, and the like.
  • the limiting hardware functions include, but are not limited to, turning off the communication module, the GPS/Beidou satellite positioning module, not performing the mobile network location area update or the different system switching, and prohibiting the automatic connection of the open Wi-Fi hotspot or the saved Wi-Fi hotspot saved by itself. Turn off the mobile network data service function, close the audio interface, close the SD card interface, and turn off the Universal Serial Bus (USB) or other data line interface.
  • USB Universal Serial Bus
  • the terminal is in a secure mode to enhance security risk protection by disabling software and hardware functions.
  • the security risks include, but are not limited to, the flight mode of the third-party activated terminal, shutdown or restart (which may result in the terminal not being in the network, unable to call in), and the third party resets the terminal to the vibration or normal volume (when the call is incoming)
  • the vibration or ringing is regarded as an interference.
  • the third party uses Near Field Communication (NFC) to repeatedly charge the card.
  • NFC Near Field Communication
  • the terminal may set a risk option to select when configuring the security mode information, and the risk option may include the risks described in the foregoing embodiments, such as property risk, communication risk, and the like.
  • the second security information in step 204 is different from the first security information, and the second security information includes at least one of the following options: a number, a graphic password, and a biometric.
  • the second security information is used by the terminal to exit the security mode.
  • the second security information has a higher operational authority, and can enable the terminal to exit the security mode in advance.
  • the terminal has a record security log function in the security mode, where the security log record content includes, but is not limited to, operations and abnormalities of the terminal.
  • the security log is stored in the terminal and can be viewed by a user.
  • the security log may be customized by a user, including but not limited to a SIM/SD card being pulled out, the terminal repeatedly unlocking, reading, copying or sending out sensitive information, installing software .
  • FIG. 3(a) is a specific example of the first operation provided on the basis of the foregoing step 201.
  • the method steps include:
  • Step 301 The user clicks the security mode switch on the screen or draws a specific gesture on the terminal screen, and sends instruction information for activating the security mode to the terminal;
  • Step 302 the terminal determines whether to set the first security information, if the setting jumps to step 304, if not set, then jump to step 303;
  • Step 303 If the first security information is not set, the user is required to configure the first security information, and the terminal enters the security mode after configuring the first security information.
  • step 304 the terminal directly enters a security mode.
  • the terminal acquires a specific gesture drawn by the user on the screen of the terminal in step 301, when the specific gesture is the same as the specific gesture stored in the terminal, The terminal enters safe mode.
  • the specific gesture of the activation security mode may also be changed by the user through the operating system, and when the new specific gesture is successfully set, the original specific gesture is invalid.
  • the user may also choose not to set the first security information, and after detecting the first operation of the user, the terminal directly enters the security mode.
  • FIG. 3(b) is a flowchart of an implementation method for activating a security mode using a specific gesture according to another embodiment of the present invention.
  • the terminal presents an interface 305, and the interface 305 is in a screen unlock state.
  • the terminal receives activation security.
  • the mode command the terminal enters the security mode.
  • the interface 307 presented by the terminal is that the terminal enters a screen lock state in the security mode.
  • FIG. 4 is a flowchart of a self-activation method of a terminal security mode according to another embodiment of the present invention. As shown in FIG. 4, the method in this embodiment includes:
  • Step 401 the terminal enters a screen lock state
  • Step 402 The time when the terminal screen is locked is greater than or equal to the first threshold
  • step 403 the terminal enters a security mode.
  • the first threshold in step 402 is set by the terminal, and when the time to enter the screen lock state is greater than or equal to the first threshold, the terminal activates itself and enters a safe mode state. .
  • the terminal when the screen locking time reaches the first threshold, the terminal needs to input security information for verification before entering the security mode.
  • FIG. 5 is a flowchart of a method for detecting an interface anomaly according to another embodiment of the present invention. As shown in FIG. 5, the method in this embodiment includes:
  • Step 501 The terminal matches another terminal.
  • Step 502 after entering the security mode, detecting that an abnormality occurs on the interface;
  • Step 503 The terminal sends notification information to the matched terminal.
  • the terminal in step 501 of this embodiment includes, but is not limited to, a mobile phone, a tablet computer, a smart wearable device, and the like.
  • the method for configuring the matching terminal in this embodiment includes pre-storing the identifier of the configured terminal in the terminal to implement matching.
  • the identifier includes, but is not limited to, a telephone number or an International Mobile Subscriber Identification Number (IMSI)/International Mobile Equipment Identity (IMEI).
  • IMSI International Mobile Subscriber Identification Number
  • IMEI International Mobile Equipment Identity
  • the terminal matching method further includes performing, by using a wireless communication manner such as Bluetooth, Wi-Fi, or NFC. Further, the terminal can match one or more other terminals.
  • a wireless communication manner such as Bluetooth, Wi-Fi, or NFC.
  • the terminal turns on Bluetooth and pairs with another terminal, and the two terminals complete the matching.
  • the notification information includes, but is not limited to, an abnormal code, location information, and time information.
  • the notification is immediately sent.
  • the information is sent to the matching terminal, for example, by using a short message or a data service, and the user can immediately report the lost SIM card after receiving the notification information, or recover the mobile phone as much as possible according to the notification information.
  • the terminal in the security mode, when the terminal detects that a USB device is inserted, the terminal immediately sends the notification information to the matching terminal.
  • the terminal may be associated with a software or network platform account, an email account, and in the secure mode, when the terminal detects an abnormality, sending the notification information to the corresponding account.
  • the manner in which the terminal sends the notification information to the matching terminal includes, but is not limited to, a short message, and the message is sent through social software or instant messaging software, and the email is sent.
  • the terminal in the security mode, when the terminal detects that the interface part is damaged or modified, the terminal sends notification information to the matching terminal.
  • the terminal in the security mode, records all the detected interface abnormalities into the security log, and the recorded content includes but is not limited to the abnormal type, the time when the abnormality occurs, and the location information.
  • the embodiment of the present invention provides a terminal shutdown method in a security mode. As shown in FIG. 6(a), the method in this embodiment includes:
  • Step 601 the terminal sets a second time period
  • Step 602 The terminal detects a first operation
  • step 603 the terminal is shut down, and the booting operation is not allowed in the second time period
  • Step 604 reaches a second period of time, and the terminal can normally perform power on/off.
  • the second time period may be preset when the terminal is shipped from the factory or manually set by the user. Specifically, if the user does not set the second time period when the user is turned off, the terminal prompts the user to perform the setting before the shutdown operation.
  • FIG. 6(b) is a schematic diagram of a specific operation interface for shutting down in the safe mode.
  • 605 is a power button
  • 606 is a terminal entering a flight mode option
  • 607 is a terminal entering a mute option
  • 608 is a terminal.
  • Terminal restart option 609 is the shutdown option
  • 610 is the shutdown option in safe mode.
  • the terminal detects that the power button 605 is pressed or pressed or other physical buttons are pressed in combination, and after reaching the preset time of the terminal, the terminal presents the image shown in FIG. 6(b). In the interface shown, after the user clicks the safe shutdown option 610, the terminal enters the safe mode and shuts down.
  • FIG. 7 provides a specific method for determining whether the user configures the first security information in the security mode, the user is shut down.
  • the method includes:
  • Step 701 The terminal detects the first operation, where the first operation may be a click security shutdown option 610, and the terminal receives an instruction to initiate a safe shutdown.
  • Step 702 The terminal determines whether the first security information is set.
  • Step 703 The security information is not set, and the terminal requires the user to configure the first security information.
  • step 704 the terminal is powered off.
  • FIG. 8 provides a method for requiring the first security information verification to perform shutdown.
  • the method includes:
  • Step 801 the terminal detects the first operation, and the first operation may be a click security shutdown option 610, at which time the terminal receives an instruction to initiate a safe shutdown;
  • Step 802 Verify the first security information, and if the verification fails, re-enter the verification;
  • Step 803 verifying that the first security information is correct, and the terminal is powered off.
  • the security information input limit may be set. After the input error exceeds a certain limit, the terminal enters a locked state, and when the locked state limited time is reached, the terminal may perform a re-operation.
  • FIG. 9 provides a terminal security protection method.
  • the method includes:
  • Step 901 in the security mode, the terminal is powered off
  • Step 902 it is determined whether the time when the terminal enters the safe shutdown state is in the second time period, if the second time period jumps to step 904, if not in the second time period, the process proceeds to step 903;
  • Step 903 exiting the safe shutdown mode, and the terminal may perform a booting operation when receiving the booting instruction
  • Step 904 the terminal is not allowed to perform a booting operation and maintain a safe shutdown state
  • the terminal sets a timer to set a safe shutdown time.
  • the timer does not overflow, and the power-on signal cannot be sent, only after the second time period is reached.
  • the timer overflows, the power-on signal can be sent normally, and the terminal can be powered on normally.
  • FIG. 10 provides a method for the user to boot in the second time period.
  • the method includes:
  • Step 1001 The terminal receives a booting instruction within a second time period
  • Step 1002 Verify the second security information. If the verification is incorrect, go to step 1003. If the verification is correct, go to step 1005.
  • Step 1003 When the second security information is incorrect and does not exceed the limited number of times, the process jumps to step 1002. If the number of times exceeds the limit, the process jumps to step 1004.
  • step 1004 the terminal continues to be in the security mode and prohibits the booting operation
  • step 1005 the terminal exits the security mode, and the terminal starts up normally.
  • step 1004 if the user verifies that the second security information is incorrect more than a certain number of times (for example, three times), the terminal screen is locked and the power-on operation is no longer accepted.
  • the embodiment of the present invention provides a terminal 1100.
  • the terminal 1100 includes a detection module 1101, a verification module 1102, and a prohibition module 1103.
  • the detecting module 1101 is configured to detect a first operation and a second operation of the user, where the first operation is used to enter the security mode, and the second operation is used to enable the terminal to exit the security mode; 1102.
  • the first security information and the second security information are used for verification.
  • the prohibition module 1103 is configured to disable at least one of a software function or a hardware function of the terminal.
  • the detection and detection module 1101 is connected to the verification module 1102.
  • the verification module 1102 responds to request the user to perform security information verification.
  • the forbidden module 1103, in the security mode prohibits the terminal from being shut down or restarted during the first time period; in the second time period, prohibiting the When the terminal security information error exceeds a certain threshold, the prohibition module 1103 locks the terminal and prohibits the operation.
  • the embodiment of the present invention further provides a computer storage medium for storing the computer software instructions used in the foregoing method and apparatus for implementing terminal security protection shown in FIG. 1-11, which is configured to perform the foregoing method embodiment. code.
  • the embodiment of the invention also provides a computer program product.
  • the computer program product includes computer software instructions that are loadable by a processor to implement the methods of the above method embodiments.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • the functions described herein can be implemented in hardware, software, firmware, or any combination thereof.
  • the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a general purpose or special purpose computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention concerne le domaine des terminaux et en particulier, un procédé de protection de sécurité de terminal. Dans le procédé de protection de sécurité de terminal, des informations de mode sécurisé sont configurées en fonction de risques potentiels par rapport au terminal, et le mode sécurisé du terminal est établi selon les informations de mode sécurisé configurées. Le procédé de protection de sécurité de terminal comprend un procédé de mise hors tension sécurisée, c'est-à-dire, le réglage d'une période de mise hors tension sécurisée pendant laquelle le terminal n'accepte pas d'opérations de mise en marche. Grâce à la solution fournie par la présente invention, il est possible d'assurer efficacement la sécurité des terminaux dans les cas où le terminal est hors du contrôle de l'utilisateur.
PCT/CN2017/110479 2017-11-10 2017-11-10 Procédé et dispositif de protection de sécurité de terminal Ceased WO2019090702A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780096669.7A CN111316269A (zh) 2017-11-10 2017-11-10 一种终端的安全保护方法及装置
PCT/CN2017/110479 WO2019090702A1 (fr) 2017-11-10 2017-11-10 Procédé et dispositif de protection de sécurité de terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/110479 WO2019090702A1 (fr) 2017-11-10 2017-11-10 Procédé et dispositif de protection de sécurité de terminal

Publications (1)

Publication Number Publication Date
WO2019090702A1 true WO2019090702A1 (fr) 2019-05-16

Family

ID=66437433

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/110479 Ceased WO2019090702A1 (fr) 2017-11-10 2017-11-10 Procédé et dispositif de protection de sécurité de terminal

Country Status (2)

Country Link
CN (1) CN111316269A (fr)
WO (1) WO2019090702A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116193018A (zh) * 2022-12-08 2023-05-30 中国联合网络通信集团有限公司 安全策略的执行方法、装置、设备及存储介质

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220147636A1 (en) * 2020-11-12 2022-05-12 Crowdstrike, Inc. Zero-touch security sensor updates
CN117376880A (zh) * 2022-06-30 2024-01-09 华为技术有限公司 安全业务的切换方法及终端
CN115767025B (zh) * 2022-11-10 2024-01-23 合芯科技有限公司 防止数据泄露的方法、装置、电子设备和存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140274376A1 (en) * 2013-03-15 2014-09-18 Zynga Inc. Systems and methods of providing parental controls for game content
CN104182707A (zh) * 2014-08-12 2014-12-03 广东欧珀移动通信有限公司 一种手持智能移动终端防盗的方法及装置
CN105701394A (zh) * 2014-11-24 2016-06-22 比亚迪股份有限公司 防沉迷方法及终端
CN105736433A (zh) * 2014-12-10 2016-07-06 中国长城计算机深圳股份有限公司 一种风扇控制方法、装置及终端

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222517A (zh) * 2007-12-21 2008-07-16 深圳市赛格导航科技股份有限公司 一种移动通信终端防盗方法及移动通信终端
CN105120102B (zh) * 2015-09-06 2018-07-20 郓小明 用于移动终端的智能隐形定位防盗装置以及移动终端

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140274376A1 (en) * 2013-03-15 2014-09-18 Zynga Inc. Systems and methods of providing parental controls for game content
CN104182707A (zh) * 2014-08-12 2014-12-03 广东欧珀移动通信有限公司 一种手持智能移动终端防盗的方法及装置
CN105701394A (zh) * 2014-11-24 2016-06-22 比亚迪股份有限公司 防沉迷方法及终端
CN105736433A (zh) * 2014-12-10 2016-07-06 中国长城计算机深圳股份有限公司 一种风扇控制方法、装置及终端

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116193018A (zh) * 2022-12-08 2023-05-30 中国联合网络通信集团有限公司 安全策略的执行方法、装置、设备及存储介质
CN116193018B (zh) * 2022-12-08 2024-10-18 中国联合网络通信集团有限公司 安全策略的执行方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN111316269A (zh) 2020-06-19

Similar Documents

Publication Publication Date Title
US11269981B2 (en) Information displaying method for terminal device and terminal device
CN112560001B (zh) 离线管理应用程序使用时间的方法、及终端设备
CN107025395B (zh) 一种指纹识别方法及移动终端
CN106778175B (zh) 一种界面锁定方法、装置和终端设备
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
KR20150046766A (ko) 단말기의 잠금 해제 처리방법, 장치, 단말기 장치, 프로그램 및 기록매체
WO2019011109A1 (fr) Procédé de commande d'autorisation et produit associé
US11176228B2 (en) Application interface display method, apparatus, and terminal, and storage medium
CN106599641A (zh) 一种限制终端锁定的方法、装置和终端
JP7148045B2 (ja) 認証ウィンドウ表示方法、端末、コンピュータ可読記憶媒体及びコンピュータプログラム
CN106845211A (zh) 移动终端及其应用启动方法及装置
WO2018049893A1 (fr) Procédé de transmission de données, et dispositif terminal
WO2016192511A1 (fr) Procédé et appareil permettant de supprimer à distance des informations
CN106534324A (zh) 一种数据共享方法及云服务器
CN106803027A (zh) 应用功能入口启动方法、装置及移动终端
CN108156537B (zh) 一种移动终端的远程操作方法及移动终端
WO2019090702A1 (fr) Procédé et dispositif de protection de sécurité de terminal
CN107609407A (zh) 一种用户终端中信息安全的保护方法及装置
TW201826158A (zh) 顯示資料的方法、裝置和終端
US10764038B2 (en) Method and apparatus for generating terminal key
CN107423598B (zh) 一种解锁控制方法及移动终端
CN106778297B (zh) 应用程序的运行方法、装置及移动终端
CN106878548A (zh) 移动终端远程控制方法、装置和移动终端
CN107577931A (zh) 权限控制方法及相关产品
CN106339630B (zh) 一种冻结应用的方法、装置以及终端

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17931252

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17931252

Country of ref document: EP

Kind code of ref document: A1