Disclosure of Invention
In view of the defects in the prior art, an object of the embodiments of the present invention is to provide a method and a system for controlling an authority of a terminal device, which can overcome the above problems or at least partially solve the above problems.
In order to achieve the above object, an embodiment of the present invention provides an authority control method for a terminal device, where the terminal device is provided with an SIM card and a first non-contact communication module, and the first non-contact communication module is in communication with the SIM card, and the authority control method includes the following steps:
(1) before the terminal equipment limits the area, the access control equipment of the limited area carries out non-contact communication with the SIM card through the first non-contact communication module, and the authority mark bit of the SIM card is modified into a first state;
the permission mark bit is a mark which is preset in the SIM card and is used for marking whether the terminal equipment enters a restricted area, and the first state is used for marking that the terminal equipment already enters the restricted area;
(2) the SIM card acquires the state of the authority mark bit according to a preset time interval, copies and stores the network access authentication data in the authentication standard file to a preset authentication backup file when the authority mark bit is in the first state, and deletes the network access authentication data in the authentication standard file;
(3) and the SIM card sends a device restarting command to the terminal device, and the terminal device completes automatic restarting of the device according to the restarting command.
Further, the method for controlling the authority of the terminal device as described above further includes:
(4) after the terminal equipment leaves the restricted area, the access control equipment performs non-contact communication with the SIM card through the first non-contact communication module, and modifies the authority mark bit of the SIM card into a second state; the second state is used for identifying that the terminal equipment leaves the limited area;
(5) the SIM card acquires the state of the authority mark bit according to a preset time interval, and copies and writes the network access authentication data in the authentication backup file into an authentication standard file when the authority mark bit is in the second state;
(6) and the SIM card sends a device restarting command to the terminal device, and the terminal device completes automatic restarting of the device according to the restarting command.
Further, according to the method for controlling the authority of the terminal device, the first contactless communication module is arranged in an SIM card, and the SIM card is a SIMpass card.
Further, in the above method for controlling authority of a terminal device, when the SIM card deletes the network access authentication data in the authentication standard file, the method further includes: the SIM card sets the states of the short message file and the telephone file as unreadable states; the unreadable state refers to that when the SIM card receives a short message reading command or a phone book reading command of the terminal equipment, preset data is returned to the terminal equipment as response data;
when the SIM card copies the network access authentication data in the authentication backup file into the authentication standard file, the method further includes: the SIM card sets the states of the short message file and the telephone file thereof to be readable.
Further, as described above, the method for controlling the authority of the terminal device, where the SIM card obtains the state of the authority flag bit according to the preset time interval, includes:
the terminal equipment sends a general file state query command STATUS to the SIM card according to the preset time interval;
and the SIM card returns corresponding card state data to the terminal equipment according to the general file state query command STATUS and queries the state of the authority identification position of the SIM card.
The embodiment of the invention also discloses a permission control system of the terminal equipment, which comprises the terminal equipment and the entrance guard equipment for limiting the area; the access control device comprises a main control chip and a second non-contact communication module, wherein the main control chip and the SIM are in non-contact communication through the second non-contact communication module and the first non-contact communication module;
the main control chip is used for carrying out non-contact communication with the SIM card through the second non-contact communication module and the first non-contact communication module before the terminal equipment limits the area, and modifying the authority mark bit of the SIM card into a first state; the permission mark bit is an identifier which is preset in the SIM card and is used for identifying whether the terminal equipment enters a restricted area, and the first state is used for identifying that the terminal equipment already enters the restricted area;
the SIM card includes:
the authority marking bit state query module is used for acquiring the state of the authority marking bit according to a preset time interval;
the authentication data modification module is used for copying and storing the network access authentication data in the authentication standard file of the SIM card into a preset authentication backup file and deleting the network access authentication data in the authentication standard file when the authority mark bit is in the first state;
the restarting command sending module is used for sending a device restarting command to the terminal device after the state of the authority marking bit is modified;
and the terminal equipment completes the automatic equipment restart according to the equipment restart command sent by the SIM card.
Further, in the above authority control system for a terminal device, the main control chip is further configured to perform non-contact communication with the SIM card through the second non-contact communication module and the first non-contact communication module after the terminal device leaves the restricted area, and modify the authority flag bit of the SIM card to a second state; the second state is used for identifying that the terminal equipment leaves the limited area;
the authentication data modification module is further configured to copy and write the network access authentication data in the authentication backup file of the SIM card into the authentication standard file when the permission flag bit is in the second state.
Further, according to the authority control system of the terminal device, the first contactless communication module is disposed in an SIM card, and the SIM card is an SIMpass card.
Further, as to the authority control system of the terminal device, the SIM card further includes:
the text file control module is used for setting the states of the short message file and the telephone file of the SIM card to be unreadable when the SIM card deletes the network access authentication data in the authentication standard file, and setting the states of the short message file and the telephone file to be readable when the SIM card copies and writes the network access authentication data in the authentication backup file into the authentication standard file; the unreadable state refers to that the SIM card returns preset data serving as response data to the terminal equipment when receiving a short message reading command or a phone book reading command of the terminal equipment.
Further, in the above authority control system of a terminal device, the terminal device is further configured to send a general file STATUS query command STATUS to the SIM card according to the preset time interval;
and the authority mark bit state query module is used for querying the state of the authority mark bit of the SIM card when corresponding card state data is returned to the terminal equipment according to the general file state query command STATUS.
The invention has the beneficial effects that: according to the authority control method and system provided by the embodiment of the invention, the entrance guard equipment is arranged outside the restricted area, the entrance guard equipment modifies the preset authority identification position in the SIM card in a non-communication mode, and modifies the authentication standard file of the SIM card according to the state of the identification position, so that the control of the network access authority of the SIM card is realized, the information in the specific restricted area cannot be sent out by the terminal equipment through the network, and the scheme can accurately realize the authority control only on the terminal equipment in the restricted area without influencing the network access authority of the terminal equipment outside the restricted area. In addition, in another embodiment of the invention, the safe control of short message reading and phone book reading in the SIM card of the terminal equipment can be further realized, the control of the authority of the terminal equipment is more comprehensively realized, the practical application requirement is better met, the scheme is simple to realize, and the cost is low.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 shows a schematic structural diagram of an authority control system of a terminal device provided in an implementation of the present invention, and as can be seen from the diagram, the system mainly includes two major parts, namely a terminal device 100 and an access control device 200, wherein the terminal device 100 is provided with a SIM card 110 and a first contactless communication module 120, the first contactless communication module 120 is connected to and communicates with the SIM card 110, the access control device 200 includes a main control chip 210 and a second contactless communication module 220, and the main control chip 210 and the SIM110 perform contactless communication through the second contactless communication module 220 and the first contactless communication module 120.
In this embodiment, the main control chip 210 is configured to perform non-contact communication with the SIM card 110 through the second non-contact communication module 220 and the first non-contact communication module 120 before the terminal device 100 enters the restricted area, and modify the permission flag bit of the SIM card 110 into the first state; the permission flag bit is an identifier preset in the SIM card 110 and used for identifying whether the terminal device 100 enters a restricted area, and the first state is used for identifying that the terminal device 100 has entered the restricted area.
The SIM card 110 includes an authority flag bit status query module 111, an authentication data modification module 112, and a restart command transmission module 113. Wherein:
the permission flag bit state query module 111 is configured to obtain a state of a permission flag bit thereof at a preset time interval;
the authentication data modification module 112 is configured to copy and store the network access authentication data in the authentication standard file of the SIM card into a preset authentication backup file when the permission flag bit is in the first state, and delete the network access authentication data in the authentication standard file;
a restart command sending module 113, configured to send a device restart command to the terminal device after the state of the permission flag bit is modified;
and the terminal equipment 100 completes the automatic equipment restart according to the equipment restart command sent by the SIM card.
In the authority control system in this embodiment, before the terminal device enters the restricted area, the authority flag bit of the SIM card is modified in a non-contact communication manner through the access control device, and after the authority flag bit identifies that the device has entered the restricted area, the SIM card copies the authentication data in the authentication standard file to the authentication backup file, and deletes the network access authentication data in the standard file, and then controls the terminal device to complete automatic restart.
The restricted area is set according to actual needs, and generally refers to an area in a company unit, which needs to enter internet access security control. By adopting the scheme provided by the embodiment, through setting the access control equipment in the restricted area, the access control of the personnel to the terminal equipment is conveniently realized before the personnel enter the restricted area through the access control, the information in the restricted area can not be sent out through the network by the terminal equipment, and the scheme can accurately realize the access control only to the terminal equipment in the restricted area without influencing the access authority of the terminal equipment outside the restricted area.
In practical application, for a mobile phone, the SIM card may restart the background of the mobile phone by sending an active command refresh to the terminal device, and re-enter the booting process.
The terminal device 100 includes, but is not limited to, a mobile phone, such as a wearable device that may also have a web call, such as a smart watch having a SIM card and a contactless communication function.
In practical applications, the first contactless communication module 120 and the SIM card 110 may be an integral body, or may be two separate parts, and considering the size of the terminal device, the integral design is preferred, that is, the first contactless communication module 120 is disposed in the SIM card 110, and in this case, the SIM card 110 may directly use an SIMpass card.
In order to ensure that the terminal device 100 can normally operate after the terminal device 100 leaves the restricted area, in an example of the present invention, the main control chip 210 is further configured to perform non-contact communication with the SIM card through the second non-contact communication module and the first non-contact communication module after the terminal device leaves the restricted area, and modify the permission flag bit of the SIM card to a second state; the second state is used for identifying that the terminal equipment leaves the limited area;
the authentication data modification module 220 is further configured to copy and write the network access authentication data in the authentication backup file of the SIM card into the authentication standard file when the permission flag bit is in the second state.
At this time, since the state of the permission flag bit of the SIM card is modified, the restart command sending module 113 also sends a device restart command to the terminal device 100, and the terminal device 100 completes automatic restart of the device according to the device restart command sent by the SIM card, and when the device is restarted, since the network access authentication data in the network access authentication standard file has been rewritten, the terminal device 100 can complete a normal network access authentication procedure and resume normal communication.
In order to achieve further control of the terminal device authority for better practical security requirements, in an embodiment of the present invention, the SIM card 110 may further include a text file control module 114, as shown in fig. 2. Wherein:
the text file control module 114 is configured to set the states of the short message file and the phone file of the SIM card to an unreadable state when deleting the network access authentication data in the authentication standard file, and set the states of the short message file and the phone file of the SIM card to a readable state when copying and writing the network access authentication data in the authentication backup file of the SIM card into the authentication standard file; the unreadable state refers to that the SIM card returns preset data serving as response data to the terminal equipment when receiving a short message reading command or a phone book reading command of the terminal equipment.
By the scheme, the terminal device 100 can be prohibited from reading the phone book and the short messages in the SIM card, and the operable authority of the terminal device can be further controlled.
In an embodiment of the present invention, the terminal device 100 is further configured to send a general file STATUS query command STATUS to the SIM card 110 according to the preset time interval;
at this time, the authority flag bit STATUS query module 111 is configured to query the STATUS of the authority flag bit of the SIM card when corresponding card STATUS data is returned to the terminal device according to the general file STATUS query command STATUS.
The general file STATUS query command STATUS may be used to obtain a STATUS of a general file selected in the SIM card, where the neutral command is used by the terminal device to periodically query and activate the SIM card so as to know whether the SIM card is to send a certain command, and the command is used at any time, for example, for a mobile phone, the mobile phone generally scans a STATUS of the SIM card every 30 seconds, in this embodiment, when the SIM card receives the command sent by the terminal device, the SIM card may query an authority flag bit of the terminal device in addition to normally returning the card STATUS to the terminal device, that is, the command for querying the SIM STATUS of the terminal device is simultaneously used as a trigger command for querying the authority flag bit of the SIM card, so as to trigger the SIM card to complete querying the authority flag bit of the terminal device. The preset time interval may be set as required, such as 30 seconds, but may also be other times.
Fig. 3 shows a flowchart of an authorization control method for a terminal device according to an embodiment of the present invention, and as can be seen from the diagram, the authorization control method may include the following steps:
step S100: before the terminal equipment limits the area, the access control equipment modifies the permission mark bit of an SIM card in the terminal equipment into a state of entering the limited area;
in this embodiment, the terminal device is provided with an SIM card and a first non-contact communication module, the first non-contact communication module is in communication with the SIM card, the access control device performs non-contact communication with the SIM card through a second non-contact communication module of the access control device and the first non-contact communication module, and before the terminal device enters the restricted area, the permission flag bit of the SIM card is modified to a first state; the permission mark bit is an identifier which is preset in the SIM card and used for identifying whether the terminal equipment enters a restricted area, and the first state is used for identifying that the terminal equipment already enters the restricted area. For example, the state of the permission flag bit may be 0 or 1, with 1 as the first state identifying that the device has entered the restricted area, 0 as the second state hereinafter identifying that the device has left the restricted area, and the second state may be the default state value.
In practical applications, the first contactless communication module is preferably disposed in a SIM card, in which case, the SIM card can directly select a SIMpass card. The terminal equipment includes but is not limited to a mobile phone and the like.
Step S200: when the authority mark bit is in a limited area state, the SIM card copies and stores the network access authentication data into a preset authentication backup file, and deletes the network access authentication data in the authentication standard file;
the SIM card acquires the state of the authority mark bit according to a preset time interval, copies and stores the network access authentication data in the authentication standard file to a preset authentication backup file when the state of the authority mark bit changes, such as when the authority mark bit changes from a second state to a first state, and deletes the network access authentication data in the authentication standard file. The preset time interval can be set according to actual needs. The authentication standard file refers to a default file used for storing network access authentication data in the SIM card. The network access authentication data comprises a network access authentication key Ki and the like.
In an embodiment of the present invention, a specific way for the SIM card to obtain the state of the permission flag bit according to the preset time interval is as follows:
the terminal equipment sends a general file state query command STATUS to the SIM card according to the preset time interval;
and the SIM card returns corresponding card state data to the terminal equipment according to the general file state query command STATUS and queries the state of the authority identification bit.
It should be noted that, in actual operation, the step of copying and storing the network access authentication data in the preset authentication backup file by the SIM card may be performed only when the terminal device enters the restricted area for the first time, so that when the terminal device enters the restricted area later, the network access authentication data already exists in the authentication backup file, and at this time, only the step of deleting the network access authentication data in the authentication standard file may be performed.
In practical application, in order to better control the operation authority of the terminal device, in an embodiment of the present invention, when the SIM card deletes the network access authentication data in the authentication standard file, the method may further include:
the SIM card sets the states of the short message file and the telephone document file to be unreadable; the unreadable state refers to that when the SIM card receives a short message reading command or a telephone book reading command of the terminal equipment, the SIM card returns preset data serving as response data to the terminal equipment.
Step S300: and the SIM card sends a device restarting command to the terminal device, and the terminal device completes automatic restarting of the device according to the restarting command.
The SIM card copies and stores the network access authentication data into a preset authentication backup file, and after deleting the network access authentication data in the authentication standard file, the SIM card sends a restart command to the terminal equipment, and the terminal equipment completes background automatic restart according to the command.
In an embodiment of the present invention, as shown in fig. 4, the method for controlling the authority further includes:
step S400: after the terminal equipment leaves the restricted area, the access control equipment modifies the permission mark bit of the SIM card into a state of leaving the restricted area;
when the terminal equipment leaves the restricted area, the access control equipment and the SIM card carry out non-contact communication through the first non-contact communication module and the second non-contact communication module, and the authority mark bit of the SIM card is modified into a second state; the second state is used for identifying that the terminal equipment leaves the limited area.
Step S500: the SIM card acquires the state of an authority mark bit, and when the authority mark bit is in a state of leaving a restricted area, the SIM card copies authentication network access data into an authentication standard file;
step S600: and the SIM card sends a device restarting command to the terminal equipment, and the terminal equipment completes automatic restarting of the equipment according to the restarting command.
The SIM card acquires the state of the authority mark bit according to a preset time interval, and copies and writes the network access authentication data in the authentication backup file into an authentication standard file when the state of the authority mark bit changes, such as the authority mark bit changes from a first state to a second state. Namely, when the terminal device leaves the limited area, the authentication data is rewritten into the authentication standard file, at this time, the SIM card sends a device restart command to the terminal device, the terminal device restarts the device according to the restart command, and the network access authentication data is stored in the authentication standard file at this time, so that the terminal device can recover normal communication.
If the short message file and the telephone file of the SIM card are subjected to authority control when the device enters the restricted area, and at this time, the SIM card copies the authentication network access data to the authentication standard file, the method may further include: the SIM card sets the states of the short message file and the telephone file as readable states.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
It will be understood by those skilled in the art that all or part of the implementation of the above-described apparatus embodiments may be implemented in hardware, or implemented as software modules running on one or more pieces of hardware, and all or part of the steps of the method embodiments may be implemented by a program instructing the relevant hardware. It will be appreciated by persons skilled in the art that the method and apparatus of the present invention is not limited to the examples described in the specific embodiments, and that the specific descriptions above are for purposes of illustration only and are not intended to limit the invention. Other embodiments will be apparent to those skilled in the art from the following detailed description, which is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.