WO2015158043A1 - Method, terminal and system for protecting terminal security - Google Patents

Method, terminal and system for protecting terminal security Download PDF

Info

Publication number
WO2015158043A1
WO2015158043A1 PCT/CN2014/081281 CN2014081281W WO2015158043A1 WO 2015158043 A1 WO2015158043 A1 WO 2015158043A1 CN 2014081281 W CN2014081281 W CN 2014081281W WO 2015158043 A1 WO2015158043 A1 WO 2015158043A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
wearable device
security policy
wireless communication
field wireless
Prior art date
Application number
PCT/CN2014/081281
Other languages
French (fr)
Chinese (zh)
Inventor
刘专
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015158043A1 publication Critical patent/WO2015158043A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention relates to a security protection technology for a terminal, and in particular, to a method, a terminal, and a system for protecting security of a terminal. Background technique
  • the main purpose of the embodiments of the present invention is to provide a method, a terminal, and a system for protecting the security of a terminal, which at least solve the above problems in the prior art.
  • the terminal encrypts its own security policy to make the terminal in an encrypted state.
  • the terminal establishes a connection with the wearable device by using near field wireless communication
  • the terminal processes the security policy according to its connection state with the wearable device.
  • the terminal establishes a connection with the wearable device by using a near field wireless communication manner, including: The terminal initiates a connection request to the wearable device by using the near field wireless communication manner, and the wearable device receives the connection request initiated by the terminal by using the near field wireless communication manner, and the wearable device establishes a connection with the terminal; or
  • the wearable device initiates a connection request to the terminal through the near field wireless communication mode, and the terminal receives the connection request initiated by the wearable device by using the near field wireless communication manner, and the terminal establishes a connection with the wearable device.
  • the terminal processes the security policy according to the connection state between the terminal and the wearable device, including:
  • the terminal periodically detects the connection status with the wearable device. If the terminal is connected to the wearable device, the encryption flag of the security policy is decrypted. If the terminal and the wearable device are not connected, the security policy is encrypted. The flag location is encrypted.
  • the terminal processes the security policy according to the connection state between the terminal and the wearable device, including:
  • the terminal periodically detects the connection status with the wearable device. If the terminal is connected to the wearable device, the binding flag is set to be bound, and the encryption flag position of the security policy is decrypted according to the binding flag bit. If the terminal and the wearable device are not connected, the binding flag is unbound, and the encrypted flag position of the security policy is encrypted according to the binding flag.
  • the detecting the connection status with the wearable device includes:
  • the terminal sends a listening packet to the wearable device by using the near field wireless communication mode.
  • the terminal is connected to the wearable device;
  • the wireless communication mode receives the listening response packet returned by the wearable device, the terminal and the wearable device are in an unconnected state.
  • the method further includes:
  • the terminal reads the value of the encryption flag of the security policy.
  • the terminal determines that the security policy is currently in the decrypted state.
  • the terminal determines that the security policy is in the encrypted state. .
  • a terminal provided by the embodiment of the present invention includes: an encryption module, a near field wireless communication module, and a processing module;
  • the encryption module is configured to perform encryption processing on the security policy of the terminal, so that the terminal is in an encrypted state;
  • the near field wireless communication module is configured to establish a connection between the terminal and the wearable device by using a near field wireless communication manner
  • the processing module is configured to process a security policy according to a connection state between itself and the wearable device.
  • the near field wireless communication module is specifically configured to initiate a connection request to the wearable device by using a near field wireless communication manner or receive a connection request initiated by the wearable device by using a near field wireless communication manner, and establish a terminal and the wearable device. Connection.
  • the near field wireless communication module is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and receive a listening response packet returned by the wearable device by using a near field wireless communication manner. The result is notified to the processing module;
  • the processing module is specifically configured to: according to the notification that the near field wireless communication module receives the interception response packet, decrypt the location of the encryption flag of the security policy; according to the near field wireless communication module, the interception response packet is not received.
  • the notification, the encryption flag of the security policy is located as encrypted.
  • the near field wireless communication module is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and receive a listening response packet returned by the wearable device by using a near field wireless communication manner. The result is notified to the processing module;
  • the processing module is specifically configured to: according to the notification that the near field wireless communication module receives the listening response packet, bind the binding flag to the binding, and bind the encryption flag of the security policy according to the binding flag bit. For decryption; according to the notification that the near field wireless communication module does not receive the listening response packet, the binding flag position is unbound, and the binding flag bit is the unencrypted encryption flag position of the security policy. For encryption.
  • the encryption module is further configured to read a value of an encryption flag of the security policy.
  • the encryption flag of the security policy is decrypted, it is determined that the security policy is currently in a decrypted state; when the encryption flag of the security policy is Encryption determines that the security policy is in an encrypted state.
  • a system for protecting terminal security provided by an embodiment of the present invention, the system includes a terminal and a wearable Wearing equipment
  • the terminal is configured to encrypt and process the security policy of the user to be in an encrypted state; establish a connection with the wearable device by using the near field wireless communication method; and process the security policy according to the connection state between the terminal and the wearable device;
  • the wearable device is configured to establish a connection with the terminal by using near field wireless communication.
  • the terminal is specifically configured to periodically detect a connection state between the device and the wearable device, and if the device is in a connected state with the wearable device, decrypt the encrypted flag of the security policy; if the device itself and the wearable device If it is not connected, the encryption flag of the security policy is encrypted.
  • the terminal is specifically configured to periodically detect a connection state between the device and the wearable device. If the connection state is the connection state between the device and the wearable device, the binding flag is set to be bound, and the binding flag is The binding encrypts the encryption flag of the security policy to be decrypted; if it is not connected to the wearable device, the binding flag is unbound, and the encryption flag of the security policy is unbound according to the binding flag.
  • the location is encrypted.
  • the terminal is further configured to read a value of an encryption flag of the security policy, and when the encryption flag of the security policy is decrypted, determine that the security policy of the security policy is currently in a decrypted state; For encryption, it is determined that its security policy is in an encrypted state.
  • the embodiment of the present invention provides a method, a terminal, and a system for protecting a terminal security.
  • the terminal encrypts its own security policy to make the terminal in an encrypted state.
  • the terminal establishes a connection with the wearable device through the near field wireless communication manner.
  • the security policy is processed according to the connection state between the device and the wearable device.
  • the method is simple in operation, and the connection between the wearable device and the terminal is used to ensure the security of the terminal without cumbersome unlocking of the terminal.
  • the terminal brings convenience.
  • FIG. 1 is a schematic flow chart of a method for protecting security of a mobile terminal according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for protecting a security of a mobile phone according to a specific application example of the present invention
  • 3 is a schematic flowchart of a method for protecting a security of a mobile phone according to another specific application example of the present invention
  • FIG. 4 is a schematic structural diagram of a system for protecting security of a terminal according to an embodiment of the present invention
  • a schematic diagram of the structure of a terminal A schematic diagram of the structure of a terminal. detailed description
  • the terminal encrypts its own security policy to make the terminal in an encrypted state; the terminal establishes a connection with the wearable device through the near field wireless communication manner; and the terminal selects a security policy according to the connection state between the terminal and the wearable device. Process it.
  • FIG. 1 is a workflow diagram of a method for protecting security of a mobile terminal according to an embodiment of the present invention, where the method includes the following steps:
  • Step 101 The mobile terminal encrypts its own security policy to make the mobile terminal in an encrypted state.
  • the security policy is selected by the user according to the use of the mobile terminal by the user, and the security policy includes a screen lock, a privacy space lock, a program lock, and the like;
  • the screen locking method includes sliding lock, face recognition, pattern, PIN, and the like.
  • Privacy Space Locking can password protect images, videos, and specific files.
  • Program locking can lock an application, and the application can only be used after the user has entered the correct password.
  • the mobile terminal After the security policy is set, the mobile terminal encrypts its own security policy according to the password or locking mode set by the user, so that the mobile terminal is in an encrypted state by default, that is, the user needs to input a corresponding password or unlock mode, for example, the user.
  • the mobile terminal When you need to open the locked screen, you must first input according to the set unlock mode, and the mobile terminal will open the screen to display the content; for example, the user needs to open
  • the set password must be entered before the application opens.
  • Step 102 The mobile terminal establishes a connection with the wearable device by using a near field wireless communication manner.
  • the mobile terminal establishes a connection with the wearable device by using a near field wireless communication manner, including: the mobile terminal initiates the device to the wearable device by using the near field wireless communication method. a connection request, the wearable device receives a connection request initiated by the mobile terminal by using a near field wireless communication manner, and the wearable device establishes a connection with the mobile terminal; or
  • the wearable device initiates a connection request to the mobile terminal by using a near field wireless communication method, and the mobile terminal receives a connection request initiated by the wearable device by using a near field wireless communication manner, and the mobile terminal establishes a connection with the wearable device.
  • the initiator and the receiver that establish the connection process are not limited, and the mobile terminal initiates a connection request to the wearable device by using the near field wireless communication manner, and the wearable device receives the mobile device by using the near field wireless communication manner.
  • the connection request initiated by the terminal, the connection between the wearable device and the mobile terminal is taken as an example:
  • the user selects the near field wireless communication function of the mobile terminal and the wearable device through the input manner provided by the mobile terminal and the wearable device. If the screen of the mobile terminal is in the locked state, the user needs to unlock the screen of the mobile terminal first; After the communication function is enabled, the mobile terminal and the wearable device can discover the other party, and the mobile terminal sends a connection request to the wearable device through the near field wireless communication manner; the wearable device receives the connection request through the near field wireless communication manner, the wearable device and the mobile device The terminal establishes a connection.
  • the near field wireless communication method is a Bluetooth connection, an infrared connection, and the like.
  • the two devices establish a connection based on the near field wireless communication method as the prior art, and details are not described herein again.
  • Step 103 The mobile terminal processes the security policy according to the connection state between the mobile terminal and the wearable device.
  • the mobile terminal can periodically detect the connection status with the wearable device. If the mobile terminal is in a connected state with the wearable device, indicating that the mobile terminal is within the controllable range of the user, the encrypted flag position of the security policy is decrypted. If the mobile terminal and the wearable device are in an unconnected state, indicating that the mobile terminal is out of the controllable range of the user, the encrypted flag location of the security policy is encrypted; When the user needs to access the security policy of the mobile terminal, such as opening the screen, entering the privacy space, etc., the mobile terminal reads the value of the encryption flag of the security policy.
  • the mobile terminal determines that the security policy is currently in the The decryption state directly provides the corresponding application to the user, such as opening the screen, opening the private space, and the like, without the user having to perform the cumbersome decryption input of the security policy; if the encryption flag of the security policy is encrypted, the mobile terminal determines that the security policy is in the encrypted state. , still requires the user to decrypt the input of the security policy.
  • the mobile terminal detects the connection status with the wearable device, and the method includes: the mobile terminal sends the interception packet to the wearable device by using the near field wireless communication manner, and receives the listening response returned by the wearable device by using the near field wireless communication manner.
  • the mobile terminal is in a connected state with the wearable device; if the listening response packet returned by the wearable device is not received by the near field wireless communication mode, the mobile terminal and the wearable device are in an unconnected state;
  • the period during which the mobile terminal detects the connection state with the wearable device can be set by the user as needed, such as 5 minutes, 10 minutes.
  • FIG. 2 illustrates an embodiment of the present invention by taking a real application scenario as an example:
  • the mobile terminal uses a mobile phone as an example; the wearable device uses a smart wristband as an example; the near field wireless communication method uses Bluetooth as an example; the security policy takes a screen lock as an example, and includes the following steps:
  • Step 201 The mobile phone encrypts the screen lock of the mobile phone, so that the screen of the mobile phone is in an encrypted state;
  • the encryption of the screen lock is selected by the user in the mobile phone according to his or her own needs, and the encryption mode of the screen lock may include sliding lock, face recognition, pattern, PIN, and the like.
  • the phone screen is encrypted by default, and the phone unlocks the locked screen according to the input mode set by the user.
  • Step 202 The mobile phone establishes a connection with the smart bracelet through Bluetooth;
  • the mobile phone establishes a connection with the smart bracelet through Bluetooth, including:
  • the mobile phone initiates a connection request to the smart bracelet through the Bluetooth mode, and the smart bracelet receives the connection request initiated by the mobile phone through the Bluetooth mode, and the smart bracelet establishes a connection with the mobile phone; or
  • the smart bracelet initiates a connection request to the mobile phone through the Bluetooth mode, and the mobile phone receives the connection request initiated by the smart wristband through the Bluetooth mode, and the mobile phone establishes a connection with the smart bracelet.
  • the initiator and the receiver of the connection process are not limited, and the mobile phone initiates a connection request to the smart bracelet through the Bluetooth mode, and the smart bracelet receives the connection request initiated by the mobile phone through the Bluetooth mode, and the smart hand
  • the connection between the ring and the mobile phone is taken as an example:
  • the user selects the Bluetooth function of the mobile phone and the smart bracelet through the input mode provided by the mobile phone and the smart bracelet. If the screen terminal of the mobile phone is locked, the user needs to unlock the screen of the mobile phone first; after the Bluetooth function is turned on, the mobile phone and the smart phone The bracelet can discover the other party, and the mobile phone sends a connection request to the smart bracelet through Bluetooth; the smart bracelet receives the connection request through Bluetooth, and the smart bracelet establishes a connection with the mobile phone.
  • the two devices establish a connection based on the Bluetooth mode as the prior art, and details are not described herein again.
  • Step 203 the mobile phone determines its own connection status with the smart bracelet, if it is in the connected state, step 204 is performed; if it is in the unconnected state, step 205 is performed;
  • the mobile phone can periodically detect the connection status with the smart bracelet. If the mobile phone is connected to the smart wristband, indicating that the mobile phone is within the controllable range of the user, step 204 is performed; if the mobile phone and the smart wristband are not connected Status, indicating that the mobile phone has been out of the user's controllable range, step 205 is performed;
  • Step 204 The mobile phone locks the encrypted flag position of the screen lock, for example, setting the encryption flag bit to 0;
  • Step 205 The mobile phone sets the encrypted flag position of the screen lock to be encrypted, for example, setting the encryption flag bit to 1.
  • the mobile phone When the user needs to display the screen of the mobile phone, the mobile phone reads the value of the encrypted flag bit of the screen lock. If the encrypted flag of the screen lock is decrypted, the mobile phone determines that the screen lock is currently in the decrypted state, and directly opens the screen to the user without the user having to The cumbersome decryption input is performed on the unlock screen; if the encryption flag of the screen lock is encrypted, the mobile phone determines that the screen lock is in an encrypted state, and the user still needs to perform cumbersome decryption input when unlocking the screen.
  • the connection status of the mobile phone detection and the smart bracelet includes: the mobile phone sends a listening packet to the smart bracelet through the Bluetooth mode, and if the listening response packet returned by the smart wristband is received through the Bluetooth mode, the mobile phone and the smart bracelet Is connected; if you do not receive the soundback returned by the smart bracelet via Bluetooth If the package is included, the mobile phone and the smart bracelet are not connected.
  • the period of the connection state of the mobile phone detection and the smart bracelet can be set by the user as needed, such as
  • FIG. 3 illustrates an embodiment of the present invention by taking another real application scenario as an example:
  • the mobile terminal uses a mobile phone as an example; the wearable device uses a smart wristband as an example; the near field wireless communication method uses Bluetooth as an example; the security policy takes a screen lock as an example, and includes the following steps:
  • Steps 501 to 502 are the same as steps 201 to 202.
  • Step 503 Binding the mobile phone to the smart bracelet
  • the phone When the phone is connected to multiple wearable devices, in order to avoid the wrong operation of the phone, the phone can be bound to the smart bracelet.
  • Step 504 The mobile phone determines the connection status between the mobile phone and the smart wristband. If the mobile phone is in the connected state, the mobile phone and the smart wristband are still in the binding state, and step 505 is performed; if the mobile phone is in the unconnected state, the mobile phone and the smart wristband are In the unbound state, go to step 507.
  • Step 505 The mobile phone binds the location of the flag to the binding, such as setting the binding flag to 0;
  • Step 506 The mobile phone is bound according to the binding flag bit, and the location of the encrypted flag of the screen lock is decrypted, for example, the encryption flag bit is set to 0;
  • Step 507 The mobile phone sets the binding flag to unbound, such as setting the binding flag to 1;
  • Step 508 The mobile phone is unbound according to the binding flag bit, and the encrypted flag position of the screen lock is encrypted, for example, the encryption flag bit is set to 1.
  • the embodiment of the present invention provides a system for protecting the security of a terminal. As shown in FIG. 4, the terminal 30 and the wearable device 40 are included.
  • the terminal 30 is configured to perform encryption processing on the security policy of the user to be in an encrypted state; establish a connection with the wearable device 40 by using a near field wireless communication manner; and process the security policy according to the connection state between the terminal and the wearable device 40;
  • the wearable device 40 is configured to establish a connection with the terminal by using near field wireless communication.
  • the security policy is selected by the user in the terminal 30 according to the needs of the user, wherein the security policy includes a screen lock, a privacy space, a program lock, and the like, and the screen lock mode includes a slide lock, Face recognition, patterns, PIN, etc.
  • Privacy Space Lock allows password protection for images, videos, and other files.
  • Program locking can lock an application, and the application can only be used after entering the correct password.
  • the terminal 30 encrypts its own security policy according to the password set by the user, so that the terminal 30 is in an encrypted state by default.
  • the terminal 30 is specifically configured to initiate a connection request to the wearable device 40 by using a near field wireless communication manner to establish a connection with the wearable device 40.
  • the wearable device 40 is specifically configured to be used by the receiving terminal 30 by the near field wireless communication method. Connection request, establishing a connection with the terminal 30; or,
  • the wearable device 40 is specifically configured to initiate a connection request to the terminal 30 by using a near field wireless communication manner, and establish a connection with the terminal 30.
  • the terminal 30 is specifically configured to receive a connection request initiated by the wearable device 40 by using a near field wireless communication manner, and The wearable device 40 establishes a connection.
  • the terminal 30 is specifically configured to periodically detect the connection status between the device and the wearable device 40. If the device is in a connected state with the wearable device 40, the encrypted flag position of the security policy is decrypted; if the device itself and the wearable device 40 are not In the connection state, the encryption flag of the security policy is encrypted.
  • the terminal 30 is specifically configured to periodically detect the connection state between the device and the wearable device 40. If the connection state is in the connection state with the wearable device 40, the binding flag is set to be bound, and the binding flag is used as the binding.
  • the encryption flag of the security policy is decrypted; if it is in the unconnected state with the wearable device 40, the binding flag is unbound, and the binding flag is unencrypted.
  • the location is encrypted.
  • the terminal 30 is specifically configured to send a listening packet to the wearable device 40 by using a near field wireless communication manner, and if the listening response packet returned by the wearable device 40 is received by the near field wireless communication manner, determining that the wearable device 40 is a connection status; if the listening response packet returned by the wearable device 40 is not received by the near field wireless communication mode, determining that the wearable device 40 is in an unconnected state;
  • the wearable device 40 is further configured to send the interception response packet to the terminal 30 after receiving the interception packet sent by the terminal 30 by using the near field wireless communication method.
  • the terminal 30 is further configured to read the value of the encryption flag of the security policy.
  • the encryption flag of the security policy is decrypted, determine that the security policy of the security policy is currently in a decrypted state; when the encryption flag of the security policy is encrypted, determine Your own security policy is in an encrypted state.
  • the period in which the terminal 30 detects the connection state with the wearable device 40 can be set by the user as needed, such as 5 minutes, 10 minutes.
  • the terminal 30 includes an encryption module 31, a near field wireless communication module 32, and a processing module 33;
  • the encryption module 31 is configured to perform encryption processing on the security policy of the terminal, so that the terminal 30 is in an encrypted state;
  • the near field wireless communication module 32 is configured to establish a connection between the terminal 30 and the wearable device by using a near field wireless communication manner;
  • the processing module 33 is configured to process the security policy according to the connection state of the terminal 30 and the wearable device.
  • the near field wireless communication module 32 is specifically configured to initiate a connection request to the wearable device by using a near field wireless communication manner or receive a connection request initiated by the wearable device by using a near field wireless communication manner, and establish a connection between the terminal 30 and the wearable device;
  • the near field wireless communication module 32 is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and notify a result of receiving a response response packet returned by the wearable device by using a near field wireless communication manner. Giving the processing module;
  • the processing module 33 is specifically configured to: according to the notification that the near field wireless communication module 32 receives the interception response packet, locate the encrypted flag of the security policy as decrypted; according to the near field wireless communication module 32, the Detector is not received. Listen to the notification of the response packet and set the encryption flag of the security policy to be encrypted.
  • the near field wireless communication module 32 is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and notify a result of receiving a response response packet returned by the wearable device by using a near field wireless communication manner. Giving the processing module;
  • the processing module 33 is specifically configured to: according to the notification that the near field wireless communication module 32 receives the listening response packet, bind the binding flag to the binding, and encrypt the security policy according to the binding flag bit.
  • the flag position is decryption; according to the notification that the near field wireless communication module 32 does not receive the listening response packet, the binding flag position is unbound, and the encryption flag of the security policy is unbound according to the binding flag bit.
  • the location is encrypted.
  • the encryption module 31 is further configured to read the value of the encryption flag of the security policy.
  • the encryption flag of the security policy is decrypted, it is determined that the security policy is currently in the decrypted state;
  • the encryption flag of the security policy is encrypted, and it is determined that the security policy is in an encrypted state;
  • the encryption module 31 reads the value of the encryption flag of the security policy.
  • the encryption module 31 It is determined that the security policy is currently in the decrypted state, and directly provides the corresponding application to the user, such as opening the screen, opening the private space, and the like, without the user having to perform the cumbersome decryption input on the security policy;
  • the encryption flag of the security policy is encrypted, the encryption module 31 It is determined that the security policy is in an encrypted state, and the user still needs to decrypt the tedious input of the security policy.
  • the above encryption module 31 and processing module 33 may be implemented by hardware such as a CPU or a DSP; the near field wireless communication module 32 may be implemented by a function module such as NFC or Bluetooth.
  • the disclosed apparatus and method may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored, or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the units may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit;
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • a person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like.
  • the above-described integrated unit of the present invention may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product.
  • the computer software product is stored in a storage medium and includes a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is implemented to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a removable storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed in an embodiment of the present invention are a method, terminal and system for protecting terminal security, the method comprising: a terminal encrypts the security policy thereof to enable the terminal to be in an encrypted state; the terminal establishes a connection with a wearable device via near-field wireless communication; and the terminal processes the security policy according to the status of the connection between the terminal and the wearable device.

Description

一种保护终端安全性的方法、 终端及*** 技术领域  Method, terminal and system for protecting terminal security
本发明涉及终端的安全性保护技术,尤其涉及一种保护终端安全性的方法、 终端及***。 背景技术  The present invention relates to a security protection technology for a terminal, and in particular, to a method, a terminal, and a system for protecting security of a terminal. Background technique
为了保护用户的隐私与移动终端安全, 当前各类移动终端 (例如手机、 平 板电脑等)会设置有各类屏幕锁定方式, 例如: 滑动、 人脸识别、 图案和个人 识别密码( PIN, Personal Identification Number )等, 甚至会有用户选择将两种 或者两种以上的锁定方式结合使用。 同时, 在屏幕解锁之后, 还需要对隐私空 间、 密码保护器等应用程序(APP, Application )进行锁定。 虽然, 釆用各种锁 定方式能够很好的保证用户信息的安全性, 对用户的个人隐私进行了保护, 防 止被偷盗以及其他非法用户看到, 但是也会导致解锁过程繁瑣, 给用户正常的 使用带来不便。 发明内容  In order to protect the privacy of users and the security of mobile terminals, various types of mobile terminals (such as mobile phones, tablets, etc.) are currently provided with various screen locking methods, such as: sliding, face recognition, pattern and personal identification password (PIN, Personal Identification). Number ), etc., even users will choose to combine two or more locking methods. At the same time, after the screen is unlocked, you need to lock the application (APP, Application) such as privacy space and password protector. Although, the use of various locking methods can ensure the security of user information, protect the privacy of users, prevent theft and other illegal users from seeing, but it will also lead to cumbersome unlocking process, giving users normal It is inconvenient to use. Summary of the invention
有鉴于此,本发明实施例的主要目的在于提供一种保护终端安全性的方法、 终端及***, 至少解决了现有技术中存在的上述问题。  In view of this, the main purpose of the embodiments of the present invention is to provide a method, a terminal, and a system for protecting the security of a terminal, which at least solve the above problems in the prior art.
为达到上述目的, 本发明实施例的技术方案是这样实现的:  To achieve the above objective, the technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例提供的一种保护终端安全性的方法, 该方法包括:  A method for protecting security of a terminal provided by an embodiment of the present invention includes:
终端对自身的安全策略进行加密处理, 使终端处于加密状态;  The terminal encrypts its own security policy to make the terminal in an encrypted state.
终端通过近场无线通信方式与可穿戴设备建立连接;  The terminal establishes a connection with the wearable device by using near field wireless communication;
终端根据自身与可穿戴设备的连接状态对安全策略进行处理。  The terminal processes the security policy according to its connection state with the wearable device.
上述方案中, 所述终端通过近场无线通信方式与可穿戴设备建立连接, 包 括: 终端通过近场无线通信方式向可穿戴设备发起连接请求, 可穿戴设备通过 近场无线通信方式接收终端发起的连接请求, 可穿戴设备与终端建立连接; 或 者, In the foregoing solution, the terminal establishes a connection with the wearable device by using a near field wireless communication manner, including: The terminal initiates a connection request to the wearable device by using the near field wireless communication manner, and the wearable device receives the connection request initiated by the terminal by using the near field wireless communication manner, and the wearable device establishes a connection with the terminal; or
可穿戴设备通过近场无线通信方式向终端发起连接请求, 终端通过近场无 线通信方式接收可穿戴设备发起的连接请求, 终端与可穿戴设备建立连接。  The wearable device initiates a connection request to the terminal through the near field wireless communication mode, and the terminal receives the connection request initiated by the wearable device by using the near field wireless communication manner, and the terminal establishes a connection with the wearable device.
上述方案中, 所述终端根据自身与可穿戴设备的连接状态对安全策略进行 处理, 包括:  In the foregoing solution, the terminal processes the security policy according to the connection state between the terminal and the wearable device, including:
终端周期性检测与可穿戴设备的连接状态, 如果终端与可穿戴设备处于连 接状态, 则将安全策略的加密标志位置为解密; 如果终端与可穿戴设备处于未 连接状态, 则将安全策略的加密标志位置为加密。  The terminal periodically detects the connection status with the wearable device. If the terminal is connected to the wearable device, the encryption flag of the security policy is decrypted. If the terminal and the wearable device are not connected, the security policy is encrypted. The flag location is encrypted.
上述方案中, 所述终端根据自身与可穿戴设备的连接状态对安全策略进行 处理, 包括:  In the foregoing solution, the terminal processes the security policy according to the connection state between the terminal and the wearable device, including:
终端周期性检测与可穿戴设备的连接状态, 如果终端与可穿戴设备处于连 接状态, 则将绑定标志位置为绑定, 并根据绑定标志位为绑定将安全策略的加 密标志位置为解密; 如果终端与可穿戴设备处于未连接状态, 则将绑定标志位 置为未绑定, 并才艮据绑定标志位为未绑定将安全策略的加密标志位置为加密。  The terminal periodically detects the connection status with the wearable device. If the terminal is connected to the wearable device, the binding flag is set to be bound, and the encryption flag position of the security policy is decrypted according to the binding flag bit. If the terminal and the wearable device are not connected, the binding flag is unbound, and the encrypted flag position of the security policy is encrypted according to the binding flag.
上述方案中, 所述检测与可穿戴设备的连接状态, 包括:  In the above solution, the detecting the connection status with the wearable device includes:
终端通过近场无线通信方式向可穿戴设备发送侦听包, 当通过近场无线通 信方式收到可穿戴设备返回的侦听响应包,则终端与可穿戴设备处于连接状态; 当未通过近场无线通信方式收到可穿戴设备返回的侦听响应包, 则终端与可穿 戴设备处于未连接状态。  The terminal sends a listening packet to the wearable device by using the near field wireless communication mode. When the listening response packet returned by the wearable device is received by the near field wireless communication mode, the terminal is connected to the wearable device; When the wireless communication mode receives the listening response packet returned by the wearable device, the terminal and the wearable device are in an unconnected state.
上述方案中, 该方法进一步包括:  In the above solution, the method further includes:
终端读取安全策略的加密标志位的值, 当安全策略的加密标志位为解密, 则终端确定安全策略当前处于解密状态; 当安全策略的加密标志位为加密, 则 终端确定安全策略处于加密状态。  The terminal reads the value of the encryption flag of the security policy. When the encryption flag of the security policy is decrypted, the terminal determines that the security policy is currently in the decrypted state. When the encryption flag of the security policy is encrypted, the terminal determines that the security policy is in the encrypted state. .
本发明实施例提供的一种终端, 该终端包括: 加密模块、 近场无线通信模 块和处理模块; 其中, 所述加密模块, 用于对终端的安全策略进行加密处理, 使终端处于加密状 态; A terminal provided by the embodiment of the present invention includes: an encryption module, a near field wireless communication module, and a processing module; The encryption module is configured to perform encryption processing on the security policy of the terminal, so that the terminal is in an encrypted state;
所述近场无线通信模块, 用于通过近场无线通信方式建立终端与可穿戴设 备的连接;  The near field wireless communication module is configured to establish a connection between the terminal and the wearable device by using a near field wireless communication manner;
所述处理模块, 用于根据自身与可穿戴设备的连接状态对安全策略进行处 理。  The processing module is configured to process a security policy according to a connection state between itself and the wearable device.
上述方案中, 所述近场无线通信模块, 具体用于通过近场无线通信方式向 可穿戴设备发起连接请求或通过近场无线通信方式接收可穿戴设备发起的连接 请求, 建立终端与可穿戴设备的连接。  In the above solution, the near field wireless communication module is specifically configured to initiate a connection request to the wearable device by using a near field wireless communication manner or receive a connection request initiated by the wearable device by using a near field wireless communication manner, and establish a terminal and the wearable device. Connection.
上述方案中, 所述近场无线通信模块, 还用于通过近场无线通信方式向可 穿戴设备发送侦听包, 并将是否通过近场无线通信方式收到可穿戴设备返回的 侦听响应包的结果通知给所述处理模块;  In the above solution, the near field wireless communication module is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and receive a listening response packet returned by the wearable device by using a near field wireless communication manner. The result is notified to the processing module;
所述处理模块, 具体用于根据所述近场无线通信模块收到侦听响应包的通 知, 将安全策略的加密标志位置为解密; 根据所述近场无线通信模块未收到侦 听响应包的通知, 将安全策略的加密标志位置为加密。  The processing module is specifically configured to: according to the notification that the near field wireless communication module receives the interception response packet, decrypt the location of the encryption flag of the security policy; according to the near field wireless communication module, the interception response packet is not received. The notification, the encryption flag of the security policy is located as encrypted.
上述方案中, 所述近场无线通信模块, 还用于通过近场无线通信方式向可 穿戴设备发送侦听包, 并将是否通过近场无线通信方式收到可穿戴设备返回的 侦听响应包的结果通知给所述处理模块;  In the above solution, the near field wireless communication module is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and receive a listening response packet returned by the wearable device by using a near field wireless communication manner. The result is notified to the processing module;
所述处理模块, 具体用于根据所述近场无线通信模块收到侦听响应包的通 知, 将绑定标志位置为绑定, 并根据绑定标志位为绑定将安全策略的加密标志 位置为解密; 根据所述近场无线通信模块未收到侦听响应包的通知, 将绑定标 志位置为未绑定, 并^^据绑定标志位为未绑定将安全策略的加密标志位置为加 密。  The processing module is specifically configured to: according to the notification that the near field wireless communication module receives the listening response packet, bind the binding flag to the binding, and bind the encryption flag of the security policy according to the binding flag bit. For decryption; according to the notification that the near field wireless communication module does not receive the listening response packet, the binding flag position is unbound, and the binding flag bit is the unencrypted encryption flag position of the security policy. For encryption.
上述方案中, 所述加密模块, 进一步用于读取安全策略的加密标志位的值, 当安全策略的加密标志位为解密, 则确定安全策略当前处于解密状态; 当安全 策略的加密标志位为加密, 则确定安全策略处于加密状态。  In the above solution, the encryption module is further configured to read a value of an encryption flag of the security policy. When the encryption flag of the security policy is decrypted, it is determined that the security policy is currently in a decrypted state; when the encryption flag of the security policy is Encryption determines that the security policy is in an encrypted state.
本发明实施例提供的一种保护终端安全性的***, 该***包括终端和可穿 戴设备; A system for protecting terminal security provided by an embodiment of the present invention, the system includes a terminal and a wearable Wearing equipment
所述终端, 用于对自身的安全策略进行加密处理, 使自身处于加密状态; 通过近场无线通信方式与可穿戴设备建立连接; 根据自身与可穿戴设备的连接 状态对安全策略进行处理;  The terminal is configured to encrypt and process the security policy of the user to be in an encrypted state; establish a connection with the wearable device by using the near field wireless communication method; and process the security policy according to the connection state between the terminal and the wearable device;
所述可穿戴设备, 用于通过近场无线通信方式与终端建立连接。  The wearable device is configured to establish a connection with the terminal by using near field wireless communication.
上述方案中, 所述终端, 具体用于周期性检测自身与可穿戴设备的连接状 态, 如果自身与可穿戴设备处于连接状态, 则将安全策略的加密标志位置为解 密; 如果自身与可穿戴设备处于未连接状态, 则将安全策略的加密标志位置为 加密。  In the foregoing solution, the terminal is specifically configured to periodically detect a connection state between the device and the wearable device, and if the device is in a connected state with the wearable device, decrypt the encrypted flag of the security policy; if the device itself and the wearable device If it is not connected, the encryption flag of the security policy is encrypted.
上述方案中, 所述终端, 具体用于周期性检测自身与可穿戴设备的连接状 态, 如果自身与可穿戴设备处于连接状态, 则将绑定标志位置为绑定, 并根据 绑定标志位为绑定将安全策略的加密标志位置为解密; 如果自身与可穿戴设备 处于未连接状态, 则将绑定标志位置为未绑定, 并根据绑定标志位为未绑定将 安全策略的加密标志位置为加密。  In the foregoing solution, the terminal is specifically configured to periodically detect a connection state between the device and the wearable device. If the connection state is the connection state between the device and the wearable device, the binding flag is set to be bound, and the binding flag is The binding encrypts the encryption flag of the security policy to be decrypted; if it is not connected to the wearable device, the binding flag is unbound, and the encryption flag of the security policy is unbound according to the binding flag. The location is encrypted.
上述方案中, 所述终端, 进一步用于读取安全策略的加密标志位的值, 当 安全策略的加密标志位为解密, 则确定自身的安全策略当前处于解密状态; 当 安全策略的加密标志位为加密, 则确定自身的安全策略处于加密状态。  In the foregoing solution, the terminal is further configured to read a value of an encryption flag of the security policy, and when the encryption flag of the security policy is decrypted, determine that the security policy of the security policy is currently in a decrypted state; For encryption, it is determined that its security policy is in an encrypted state.
本发明实施例提供了一种保护终端安全性的方法、 终端及***, 终端对自 身的安全策略进行加密处理, 使终端处于加密状态; 终端通过近场无线通信方 式与可穿戴设备建立连接; 终端根据自身与可穿戴设备的连接状态对安全策略 进行处理; 本方法操作简单, 通过可穿戴设备与终端建立连接的方式, 在保证 终端安全性的同时, 无需对终端进行繁瑣的解锁,给用户使用终端带来了方便。 附图说明  The embodiment of the present invention provides a method, a terminal, and a system for protecting a terminal security. The terminal encrypts its own security policy to make the terminal in an encrypted state. The terminal establishes a connection with the wearable device through the near field wireless communication manner. The security policy is processed according to the connection state between the device and the wearable device. The method is simple in operation, and the connection between the wearable device and the terminal is used to ensure the security of the terminal without cumbersome unlocking of the terminal. The terminal brings convenience. DRAWINGS
图 1 为本发明实施例提供的一种保护移动终端安全性的方法的流程示意 图;  FIG. 1 is a schematic flow chart of a method for protecting security of a mobile terminal according to an embodiment of the present invention;
图 2为本发明一具体应用实例的保护手机安全性的方法的流程示意图; 图 3为本发明另一具体应用实例的保护手机安全性的方法的流程示意图; 图 4为本发明实施例提供的一种保护终端安全性的***的结构示意图; 图 5为本发明实施例提供的一种终端的结构示意图。 具体实施方式 2 is a schematic flowchart of a method for protecting a security of a mobile phone according to a specific application example of the present invention; 3 is a schematic flowchart of a method for protecting a security of a mobile phone according to another specific application example of the present invention; FIG. 4 is a schematic structural diagram of a system for protecting security of a terminal according to an embodiment of the present invention; A schematic diagram of the structure of a terminal. detailed description
当前可穿戴设备(智能手表、 智能眼镜以及智能手环等) 的应用越来越广 泛, 给用户带来了新的科技感体验, 同时, 由于可穿戴设备是直接穿在用户身 上、 或是整合到用户的衣服或配件的一种便携式设备, 因此, 可穿戴设备的被 盗风险比移动终端、 甚至是终端低很多, 并且便携性很好。  Current wearable devices (smart watches, smart glasses, smart bracelets, etc.) are becoming more widely used, giving users a new sense of technology experience, while wearable devices are worn directly on users, or integrated A portable device to the user's clothes or accessories, therefore, the risk of theft of the wearable device is much lower than that of the mobile terminal, or even the terminal, and the portability is good.
在本发明实施例中, 终端对自身的安全策略进行加密处理, 使终端处于加 密状态; 终端通过近场无线通信方式与可穿戴设备建立连接; 终端根据自身与 可穿戴设备的连接状态对安全策略进行处理。  In the embodiment of the present invention, the terminal encrypts its own security policy to make the terminal in an encrypted state; the terminal establishes a connection with the wearable device through the near field wireless communication manner; and the terminal selects a security policy according to the connection state between the terminal and the wearable device. Process it.
下面以移动终端为例, 通过附图及具体实施例对本发明再#支进一步的详细 说明。  Hereinafter, the mobile terminal will be taken as an example, and further details of the present invention will be described with reference to the accompanying drawings and specific embodiments.
图 1为本发明实施例提供的一种保护移动终端安全性的方法的工作流程示 意图, 该方法包括如下步骤:  FIG. 1 is a workflow diagram of a method for protecting security of a mobile terminal according to an embodiment of the present invention, where the method includes the following steps:
步骤 101、 移动终端对自身的安全策略进行加密处理, 使移动终端处于加 密状态;  Step 101: The mobile terminal encrypts its own security policy to make the mobile terminal in an encrypted state.
具体的, 安全策略是用户根据自身对移动终端的使用需要在移动终端中选 择设定的, 所述安全策略包括屏幕锁定、 隐私空间锁定、 程序锁定等;  Specifically, the security policy is selected by the user according to the use of the mobile terminal by the user, and the security policy includes a screen lock, a privacy space lock, a program lock, and the like;
其中, 屏幕锁定方式包括滑动锁定、 人脸识别、 图案、 PIN 等。 隐私空间 锁定可以对图片、 视频、 特定文件进行密码保护。 程序锁定可以对应用程序进 行加锁, 只有在用户输入正确的密码之后, 才可以使用该应用程序。  Among them, the screen locking method includes sliding lock, face recognition, pattern, PIN, and the like. Privacy Space Locking can password protect images, videos, and specific files. Program locking can lock an application, and the application can only be used after the user has entered the correct password.
设定安全策略之后, 移动终端依据用户设定的密码或锁定方式对自身的安 全策略进行加密处理, 使得移动终端默认处于加密状态, 即用户使用时需输入 相应的密码或解锁方式, 例如, 用户需要打开锁定的屏幕时, 必须先按照设定 的解锁方式进行输入, 移动终端才会打开屏幕呈现内容; 再如, 用户需要打开 加密的应用程序, 必须先输入设定的密码, 该应用程序才会打开。 After the security policy is set, the mobile terminal encrypts its own security policy according to the password or locking mode set by the user, so that the mobile terminal is in an encrypted state by default, that is, the user needs to input a corresponding password or unlock mode, for example, the user. When you need to open the locked screen, you must first input according to the set unlock mode, and the mobile terminal will open the screen to display the content; for example, the user needs to open For an encrypted application, the set password must be entered before the application opens.
步骤 102、 移动终端通过近场无线通信方式与可穿戴设备建立连接; 其中, 移动终端通过近场无线通信方式与可穿戴设备建立连接, 包括: 移动终端通过近场无线通信方式向可穿戴设备发起连接请求, 可穿戴设备 通过近场无线通信方式接收移动终端发起的连接请求, 可穿戴设备与移动终端 建立连接; 或者,  Step 102: The mobile terminal establishes a connection with the wearable device by using a near field wireless communication manner. The mobile terminal establishes a connection with the wearable device by using a near field wireless communication manner, including: the mobile terminal initiates the device to the wearable device by using the near field wireless communication method. a connection request, the wearable device receives a connection request initiated by the mobile terminal by using a near field wireless communication manner, and the wearable device establishes a connection with the mobile terminal; or
可穿戴设备通过近场无线通信方式向移动终端发起连接请求, 移动终端通 过近场无线通信方式接收可穿戴设备发起的连接请求, 移动终端与可穿戴设备 建立连接。  The wearable device initiates a connection request to the mobile terminal by using a near field wireless communication method, and the mobile terminal receives a connection request initiated by the wearable device by using a near field wireless communication manner, and the mobile terminal establishes a connection with the wearable device.
具体的, 在建立连接的过程中, 不限定建立连接流程的发起方和接收方, 以移动终端通过近场无线通信方式向可穿戴设备发起连接请求, 可穿戴设备通 过近场无线通信方式接收移动终端发起的连接请求, 可穿戴设备与移动终端建 立连接为例进行说明:  Specifically, in the process of establishing a connection, the initiator and the receiver that establish the connection process are not limited, and the mobile terminal initiates a connection request to the wearable device by using the near field wireless communication manner, and the wearable device receives the mobile device by using the near field wireless communication manner. The connection request initiated by the terminal, the connection between the wearable device and the mobile terminal is taken as an example:
用户通过移动终端和可穿戴设备提供的输入方式选择开启移动终端和可穿 戴设备的近场无线通信功能, 如果移动终端屏幕处于锁定状态, 则用户需要先 对移动终端的屏幕进行解锁; 近场无线通信功能开启后, 移动终端和可穿戴设 备能够发现对方,移动终端通过近场无线通信方式向可穿戴设备发送连接请求; 可穿戴设备通过近场无线通信方式接收到连接请求, 可穿戴设备与移动终端建 立连接。  The user selects the near field wireless communication function of the mobile terminal and the wearable device through the input manner provided by the mobile terminal and the wearable device. If the screen of the mobile terminal is in the locked state, the user needs to unlock the screen of the mobile terminal first; After the communication function is enabled, the mobile terminal and the wearable device can discover the other party, and the mobile terminal sends a connection request to the wearable device through the near field wireless communication manner; the wearable device receives the connection request through the near field wireless communication manner, the wearable device and the mobile device The terminal establishes a connection.
其中, 近场无线通信方式为蓝牙连接、 红外连接等。 两个设备基于近场无 线通信方式建立连接为现有技术, 此处不再赘述。  Among them, the near field wireless communication method is a Bluetooth connection, an infrared connection, and the like. The two devices establish a connection based on the near field wireless communication method as the prior art, and details are not described herein again.
步骤 103、 移动终端根据自身与可穿戴设备的连接状态对安全策略进行处 理;  Step 103: The mobile terminal processes the security policy according to the connection state between the mobile terminal and the wearable device.
具体的, 移动终端可以周期性检测与可穿戴设备的连接状态, 如果移动终 端与可穿戴设备处于连接状态, 表明移动终端处于用户的可控范围内, 则将安 全策略的加密标志位置为解密; 如果移动终端与可穿戴设备处于未连接状态, 表明移动终端已脱离用户的可控范围, 则将安全策略的加密标志位置为加密; 用户需要访问移动终端的安全策略时, 如打开屏幕、 进入隐私空间等, 移 动终端读取安全策略的加密标志位的值, 如果安全策略的加密标志位为解密, 则移动终端确定安全策略当前处于解密状态, 直接向用户提供相应应用, 如开 启屏幕、 打开私密空间等, 而无需用户再进行安全策略的繁瑣解密输入; 如果 安全策略的加密标志位为加密, 则移动终端确定安全策略处于加密状态, 仍需 用户对安全策略的繁瑣解密输入。 Specifically, the mobile terminal can periodically detect the connection status with the wearable device. If the mobile terminal is in a connected state with the wearable device, indicating that the mobile terminal is within the controllable range of the user, the encrypted flag position of the security policy is decrypted. If the mobile terminal and the wearable device are in an unconnected state, indicating that the mobile terminal is out of the controllable range of the user, the encrypted flag location of the security policy is encrypted; When the user needs to access the security policy of the mobile terminal, such as opening the screen, entering the privacy space, etc., the mobile terminal reads the value of the encryption flag of the security policy. If the encryption flag of the security policy is decrypted, the mobile terminal determines that the security policy is currently in the The decryption state directly provides the corresponding application to the user, such as opening the screen, opening the private space, and the like, without the user having to perform the cumbersome decryption input of the security policy; if the encryption flag of the security policy is encrypted, the mobile terminal determines that the security policy is in the encrypted state. , still requires the user to decrypt the input of the security policy.
具体的, 移动终端检测与可穿戴设备的连接状态, 包括: 移动终端通过近 场无线通信方式向可穿戴设备发送侦听包, 如果通过近场无线通信方式收到可 穿戴设备返回的侦听响应包, 则移动终端与可穿戴设备处于连接状态; 如果未 通过近场无线通信方式收到可穿戴设备返回的侦听响应包, 则移动终端与可穿 戴设备处于未连接状态;  Specifically, the mobile terminal detects the connection status with the wearable device, and the method includes: the mobile terminal sends the interception packet to the wearable device by using the near field wireless communication manner, and receives the listening response returned by the wearable device by using the near field wireless communication manner. The mobile terminal is in a connected state with the wearable device; if the listening response packet returned by the wearable device is not received by the near field wireless communication mode, the mobile terminal and the wearable device are in an unconnected state;
移动终端检测与可穿戴设备的连接状态的周期可以由用户根据需要进行设 置, 如 5分钟、 10分钟。  The period during which the mobile terminal detects the connection state with the wearable device can be set by the user as needed, such as 5 minutes, 10 minutes.
图 2以一个现实应用场景为例对本发明实施例阐述如下:  FIG. 2 illustrates an embodiment of the present invention by taking a real application scenario as an example:
其中, 移动终端以手机为例; 可穿戴设备以智能手环为例; 近场无线通信 方式以蓝牙为例; 安全策略以屏幕锁定为例, 包括以下步骤:  The mobile terminal uses a mobile phone as an example; the wearable device uses a smart wristband as an example; the near field wireless communication method uses Bluetooth as an example; the security policy takes a screen lock as an example, and includes the following steps:
步骤 201、 手机对自身的屏幕锁定进行加密处理, 使手机的屏幕处于加密 状态;  Step 201: The mobile phone encrypts the screen lock of the mobile phone, so that the screen of the mobile phone is in an encrypted state;
这里, 屏幕锁定的加密是用户根据自身需要在手机中选择设定的, 屏幕锁 定的加密方式可以包括滑动锁定、 人脸识别、 图案、 PIN等。 设定之后, 手机 屏幕默认处于加密状态,手机依据用户设定的输入方式对锁定的屏幕进行解锁。  Here, the encryption of the screen lock is selected by the user in the mobile phone according to his or her own needs, and the encryption mode of the screen lock may include sliding lock, face recognition, pattern, PIN, and the like. After setting, the phone screen is encrypted by default, and the phone unlocks the locked screen according to the input mode set by the user.
步骤 202、 手机通过蓝牙方式与智能手环建立连接;  Step 202: The mobile phone establishes a connection with the smart bracelet through Bluetooth;
这里, 手机通过蓝牙方式与智能手环建立连接, 包括:  Here, the mobile phone establishes a connection with the smart bracelet through Bluetooth, including:
手机通过蓝牙方式向智能手环发起连接请求, 智能手环通过蓝牙方式接收 手机发起的连接请求, 智能手环与手机建立连接; 或者,  The mobile phone initiates a connection request to the smart bracelet through the Bluetooth mode, and the smart bracelet receives the connection request initiated by the mobile phone through the Bluetooth mode, and the smart bracelet establishes a connection with the mobile phone; or
智能手环通过蓝牙方式向手机发起连接请求, 手机通过蓝牙方式接收智能 手环发起的连接请求, 手机与智能手环建立连接。 具体的, 在建立连接的过程中, 不限定建立连接过程的发起方和接收方, 以手机通过蓝牙方式向智能手环发起连接请求, 智能手环通过蓝牙方式接收手 机发起的连接请求, 智能手环与手机建立连接为例进行说明: The smart bracelet initiates a connection request to the mobile phone through the Bluetooth mode, and the mobile phone receives the connection request initiated by the smart wristband through the Bluetooth mode, and the mobile phone establishes a connection with the smart bracelet. Specifically, in the process of establishing a connection, the initiator and the receiver of the connection process are not limited, and the mobile phone initiates a connection request to the smart bracelet through the Bluetooth mode, and the smart bracelet receives the connection request initiated by the mobile phone through the Bluetooth mode, and the smart hand The connection between the ring and the mobile phone is taken as an example:
用户通过手机和智能手环提供的输入方式选择开启手机和智能手环的蓝牙 功能, 如果手机的屏幕终端处于锁定状态, 则用户需要先对手机的屏幕进行解 锁; 蓝牙功能开启后, 手机和智能手环能够发现对方, 手机通过蓝牙方式向智 能手环发送连接请求; 智能手环通过蓝牙方式接收到连接请求, 智能手环与手 机建立连接。  The user selects the Bluetooth function of the mobile phone and the smart bracelet through the input mode provided by the mobile phone and the smart bracelet. If the screen terminal of the mobile phone is locked, the user needs to unlock the screen of the mobile phone first; after the Bluetooth function is turned on, the mobile phone and the smart phone The bracelet can discover the other party, and the mobile phone sends a connection request to the smart bracelet through Bluetooth; the smart bracelet receives the connection request through Bluetooth, and the smart bracelet establishes a connection with the mobile phone.
两个设备基于蓝牙方式建立连接为现有技术, 此处不再赘述。  The two devices establish a connection based on the Bluetooth mode as the prior art, and details are not described herein again.
步骤 203、 手机判断自身与智能手环的连接状态, 如果处于连接状态, 则 执行步骤 204; 如果处于未连接状态, 则执行步骤 205;  Step 203, the mobile phone determines its own connection status with the smart bracelet, if it is in the connected state, step 204 is performed; if it is in the unconnected state, step 205 is performed;
具体的, 手机可以周期性检测与智能手环的连接状态, 如果手机与智能手 环处于连接状态, 表明手机处于用户的可控范围内, 则执行步骤 204; 如果手 机与智能手环处于未连接状态, 表明手机已脱离用户的可控范围, 则执行步骤 205;  Specifically, the mobile phone can periodically detect the connection status with the smart bracelet. If the mobile phone is connected to the smart wristband, indicating that the mobile phone is within the controllable range of the user, step 204 is performed; if the mobile phone and the smart wristband are not connected Status, indicating that the mobile phone has been out of the user's controllable range, step 205 is performed;
步骤 204、 手机将屏幕锁定的加密标志位置为解密, 如将加密标志位设置 为 0;  Step 204: The mobile phone locks the encrypted flag position of the screen lock, for example, setting the encryption flag bit to 0;
步骤 205、 手机将屏幕锁定的加密标志位置为加密, 如将加密标志位设置 为 1。  Step 205: The mobile phone sets the encrypted flag position of the screen lock to be encrypted, for example, setting the encryption flag bit to 1.
用户需要显示手机的屏幕时, 手机读取屏幕锁定的加密标志位的值, 如果 屏幕锁定的加密标志位为解密, 则手机确定屏幕锁定当前处于解密状态, 直接 向用户开启屏幕, 而无需用户再对解锁屏幕进行繁瑣的解密输入; 如果屏幕锁 定的加密标志位为加密, 则手机确定屏幕锁定处于加密状态, 仍需用户在解锁 屏幕时进行繁瑣的解密输入。  When the user needs to display the screen of the mobile phone, the mobile phone reads the value of the encrypted flag bit of the screen lock. If the encrypted flag of the screen lock is decrypted, the mobile phone determines that the screen lock is currently in the decrypted state, and directly opens the screen to the user without the user having to The cumbersome decryption input is performed on the unlock screen; if the encryption flag of the screen lock is encrypted, the mobile phone determines that the screen lock is in an encrypted state, and the user still needs to perform cumbersome decryption input when unlocking the screen.
具体的, 手机检测与智能手环的连接状态, 包括: 手机通过蓝牙方式向智 能手环发送侦听包, 如果通过蓝牙方式收到智能手环返回的侦听响应包, 则手 机与智能手环处于连接状态; 如果未通过蓝牙方式收到智能手环返回的侦听响 应包, 则手机与智能手环处于未连接状态。 Specifically, the connection status of the mobile phone detection and the smart bracelet includes: the mobile phone sends a listening packet to the smart bracelet through the Bluetooth mode, and if the listening response packet returned by the smart wristband is received through the Bluetooth mode, the mobile phone and the smart bracelet Is connected; if you do not receive the soundback returned by the smart bracelet via Bluetooth If the package is included, the mobile phone and the smart bracelet are not connected.
手机检测与智能手环的连接状态的周期可以由用户根据需要进行设置, 如 The period of the connection state of the mobile phone detection and the smart bracelet can be set by the user as needed, such as
5分钟、 10分钟。 5 minutes, 10 minutes.
图 3以另一个现实应用场景为例对本发明实施例阐述如下:  FIG. 3 illustrates an embodiment of the present invention by taking another real application scenario as an example:
其中, 移动终端以手机为例; 可穿戴设备以智能手环为例; 近场无线通信 方式以蓝牙为例; 安全策略以屏幕锁定为例, 包括以下步骤:  The mobile terminal uses a mobile phone as an example; the wearable device uses a smart wristband as an example; the near field wireless communication method uses Bluetooth as an example; the security policy takes a screen lock as an example, and includes the following steps:
步骤 501〜步骤 502与步骤 201〜步骤 202相同。  Steps 501 to 502 are the same as steps 201 to 202.
步骤 503、 手机与智能手环进行绑定;  Step 503: Binding the mobile phone to the smart bracelet;
当手机与多个可穿戴设备连接时, 为避免手机的误操作, 因此可以将手机 与智能手环进行绑定。  When the phone is connected to multiple wearable devices, in order to avoid the wrong operation of the phone, the phone can be bound to the smart bracelet.
步骤 504、 手机判断自身与智能手环的连接状态, 如果处于连接状态, 则 表明手机与智能手环仍处于绑定状态, 执行步骤 505; 如果处于未连接状态, 则表明手机与智能手环已脱离绑定状态, 执行步骤 507。  Step 504: The mobile phone determines the connection status between the mobile phone and the smart wristband. If the mobile phone is in the connected state, the mobile phone and the smart wristband are still in the binding state, and step 505 is performed; if the mobile phone is in the unconnected state, the mobile phone and the smart wristband are In the unbound state, go to step 507.
步骤 505、 手机将绑定标志位置为绑定, 如将绑定标志位置为 0;  Step 505: The mobile phone binds the location of the flag to the binding, such as setting the binding flag to 0;
步骤 506、 手机才艮据绑定标志位为绑定, 将屏幕锁定的加密标志位置为解 密, 如将加密标志位设置为 0;  Step 506: The mobile phone is bound according to the binding flag bit, and the location of the encrypted flag of the screen lock is decrypted, for example, the encryption flag bit is set to 0;
步骤 507、 手机将绑定标志位置为未绑定, 如将绑定标志位置为 1 ;  Step 507: The mobile phone sets the binding flag to unbound, such as setting the binding flag to 1;
步骤 508、 手机才艮据绑定标志位为未绑定, 将屏幕锁定的加密标志位置为 加密, 如将加密标志位设置为 1。  Step 508: The mobile phone is unbound according to the binding flag bit, and the encrypted flag position of the screen lock is encrypted, for example, the encryption flag bit is set to 1.
为实现上述方法, 本发明实施例提供一种保护终端安全性的***, 如图 4 所示, 包括终端 30和可穿戴设备 40; 其中,  To implement the above method, the embodiment of the present invention provides a system for protecting the security of a terminal. As shown in FIG. 4, the terminal 30 and the wearable device 40 are included.
终端 30, 用于对自身的安全策略进行加密处理, 使自身处于加密状态; 通 过近场无线通信方式与可穿戴设备 40建立连接; 根据自身与可穿戴设备 40的 连接状态对安全策略进行处理;  The terminal 30 is configured to perform encryption processing on the security policy of the user to be in an encrypted state; establish a connection with the wearable device 40 by using a near field wireless communication manner; and process the security policy according to the connection state between the terminal and the wearable device 40;
可穿戴设备 40, 用于通过近场无线通信方式与终端建立连接。  The wearable device 40 is configured to establish a connection with the terminal by using near field wireless communication.
具体的, 安全策略是用户根据自身需要在终端 30中选择设定的, 其中, 安 全策略包括屏幕锁定、 隐私空间、 程序锁定等, 屏幕锁定方式包括滑动锁定、 人脸识别、 图案、 PIN等。 隐私空间锁定可以对图片、 视频、 其他文件进行密 码保护。 程序锁定可以对应用程序进行加锁, 只有在输入正确的密码之后, 才 可以使用该应用程序。设定之后, 终端 30依据用户设定的密码对自身的安全策 略进行加密处理, 使得终端 30默认处于加密状态。 Specifically, the security policy is selected by the user in the terminal 30 according to the needs of the user, wherein the security policy includes a screen lock, a privacy space, a program lock, and the like, and the screen lock mode includes a slide lock, Face recognition, patterns, PIN, etc. Privacy Space Lock allows password protection for images, videos, and other files. Program locking can lock an application, and the application can only be used after entering the correct password. After the setting, the terminal 30 encrypts its own security policy according to the password set by the user, so that the terminal 30 is in an encrypted state by default.
具体的, 终端 30, 具体用于通过近场无线通信方式向可穿戴设备 40发起 连接请求, 与可穿戴设备 40建立连接; 可穿戴设备 40, 具体用于通过近场无 线通信方式接收终端 30发起的连接请求, 与终端 30建立连接; 或者,  Specifically, the terminal 30 is specifically configured to initiate a connection request to the wearable device 40 by using a near field wireless communication manner to establish a connection with the wearable device 40. The wearable device 40 is specifically configured to be used by the receiving terminal 30 by the near field wireless communication method. Connection request, establishing a connection with the terminal 30; or,
可穿戴设备 40, 具体用于通过近场无线通信方式向终端 30发起连接请求, 与终端 30建立连接; 终端 30, 具体用于通过近场无线通信方式接收可穿戴设 备 40发起的连接请求, 与可穿戴设备 40建立连接。  The wearable device 40 is specifically configured to initiate a connection request to the terminal 30 by using a near field wireless communication manner, and establish a connection with the terminal 30. The terminal 30 is specifically configured to receive a connection request initiated by the wearable device 40 by using a near field wireless communication manner, and The wearable device 40 establishes a connection.
终端 30, 具体用于周期性检测自身与可穿戴设备 40的连接状态, 如果自 身与可穿戴设备 40处于连接状态, 则将安全策略的加密标志位置为解密; 如果 自身与可穿戴设备 40处于未连接状态, 则将安全策略的加密标志位置为加密。  The terminal 30 is specifically configured to periodically detect the connection status between the device and the wearable device 40. If the device is in a connected state with the wearable device 40, the encrypted flag position of the security policy is decrypted; if the device itself and the wearable device 40 are not In the connection state, the encryption flag of the security policy is encrypted.
终端 30, 具体用于周期性检测自身与可穿戴设备 40的连接状态, 如果自 身与可穿戴设备 40处于连接状态, 则将绑定标志位置为绑定, 并根据绑定标志 位为绑定将安全策略的加密标志位置为解密;如果自身与可穿戴设备 40处于未 连接状态, 则将绑定标志位置为未绑定, 并才艮据绑定标志位为未绑定将安全策 略的加密标志位置为加密。  The terminal 30 is specifically configured to periodically detect the connection state between the device and the wearable device 40. If the connection state is in the connection state with the wearable device 40, the binding flag is set to be bound, and the binding flag is used as the binding. The encryption flag of the security policy is decrypted; if it is in the unconnected state with the wearable device 40, the binding flag is unbound, and the binding flag is unencrypted. The location is encrypted.
终端 30, 具体用于通过近场无线通信方式向可穿戴设备 40发送侦听包, 如果通过近场无线通信方式收到可穿戴设备 40返回的侦听响应包,则确定与可 穿戴设备 40处于连接状态; 如杲未通过近场无线通信方式收到可穿戴设备 40 返回的侦听响应包, 则确定与可穿戴设备 40处于未连接状态;  The terminal 30 is specifically configured to send a listening packet to the wearable device 40 by using a near field wireless communication manner, and if the listening response packet returned by the wearable device 40 is received by the near field wireless communication manner, determining that the wearable device 40 is a connection status; if the listening response packet returned by the wearable device 40 is not received by the near field wireless communication mode, determining that the wearable device 40 is in an unconnected state;
可穿戴设备 40, 还用于通过近场无线通信方式接收到终端 30发送的侦听 包后, 向终端 30发送侦听响应包。  The wearable device 40 is further configured to send the interception response packet to the terminal 30 after receiving the interception packet sent by the terminal 30 by using the near field wireless communication method.
终端 30, 进一步用于读取安全策略的加密标志位的值, 当安全策略的加密 标志位为解密, 则确定自身的安全策略当前处于解密状态; 当安全策略的加密 标志位为加密, 则确定自身的安全策略处于加密状态。 终端 30检测与可穿戴设备 40的连接状态的周期可以由用户根据需要进行 设置, 如 5分钟、 10分钟。 The terminal 30 is further configured to read the value of the encryption flag of the security policy. When the encryption flag of the security policy is decrypted, determine that the security policy of the security policy is currently in a decrypted state; when the encryption flag of the security policy is encrypted, determine Your own security policy is in an encrypted state. The period in which the terminal 30 detects the connection state with the wearable device 40 can be set by the user as needed, such as 5 minutes, 10 minutes.
如图 5所示, 所述终端 30包括加密模块 31、 近场无线通信模块 32和处理 模块 33; 其中,  As shown in FIG. 5, the terminal 30 includes an encryption module 31, a near field wireless communication module 32, and a processing module 33;
所述加密模块 31, 用于对终端的安全策略进行加密处理, 使终端 30处于 加密状态;  The encryption module 31 is configured to perform encryption processing on the security policy of the terminal, so that the terminal 30 is in an encrypted state;
所述近场无线通信模块 32, 用于通过近场无线通信方式建立终端 30与可 穿戴设备的连接;  The near field wireless communication module 32 is configured to establish a connection between the terminal 30 and the wearable device by using a near field wireless communication manner;
所述处理模块 33, 用于根据终端 30与可穿戴设备的连接状态对安全策略 进行处理。  The processing module 33 is configured to process the security policy according to the connection state of the terminal 30 and the wearable device.
近场无线通信模块 32 , 具体用于通过近场无线通信方式向可穿戴设备发起 连接请求或通过近场无线通信方式接收可穿戴设备发起的连接请求, 建立终端 30与可穿戴设备的连接;  The near field wireless communication module 32 is specifically configured to initiate a connection request to the wearable device by using a near field wireless communication manner or receive a connection request initiated by the wearable device by using a near field wireless communication manner, and establish a connection between the terminal 30 and the wearable device;
所述近场无线通信模块 32, 还用于通过近场无线通信方式向可穿戴设备发 送侦听包, 并将是否通过近场无线通信方式收到可穿戴设备返回的侦听响应包 的结果通知给所述处理模块;  The near field wireless communication module 32 is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and notify a result of receiving a response response packet returned by the wearable device by using a near field wireless communication manner. Giving the processing module;
所述处理模块 33 , 具体用于根据所述近场无线通信模块 32收到侦听响应 包的通知, 将安全策略的加密标志位置为解密; 根据所述近场无线通信模块 32 未收到侦听响应包的通知, 将安全策略的加密标志位置为加密。  The processing module 33 is specifically configured to: according to the notification that the near field wireless communication module 32 receives the interception response packet, locate the encrypted flag of the security policy as decrypted; according to the near field wireless communication module 32, the Detector is not received. Listen to the notification of the response packet and set the encryption flag of the security policy to be encrypted.
所述近场无线通信模块 32, 还用于通过近场无线通信方式向可穿戴设备发 送侦听包, 并将是否通过近场无线通信方式收到可穿戴设备返回的侦听响应包 的结果通知给所述处理模块;  The near field wireless communication module 32 is further configured to send a listening packet to the wearable device by using a near field wireless communication manner, and notify a result of receiving a response response packet returned by the wearable device by using a near field wireless communication manner. Giving the processing module;
所述处理模块 33, 具体用于根据所述近场无线通信模块 32收到侦听响应 包的通知, 将绑定标志位置为绑定, 并根据绑定标志位为绑定将安全策略的加 密标志位置为解密; 根据所述近场无线通信模块 32未收到侦听响应包的通知, 将绑定标志位置为未绑定, 并根据绑定标志位为未绑定将安全策略的加密标志 位置为加密。 用户需要访问终端 30的安全策略时, 所述加密模块 31, 还用于读取安全 策略的加密标志位的值, 当安全策略的加密标志位为解密, 则确定安全策略当 前处于解密状态; 当安全策略的加密标志位为加密, 则确定安全策略处于加密 状态; The processing module 33 is specifically configured to: according to the notification that the near field wireless communication module 32 receives the listening response packet, bind the binding flag to the binding, and encrypt the security policy according to the binding flag bit. The flag position is decryption; according to the notification that the near field wireless communication module 32 does not receive the listening response packet, the binding flag position is unbound, and the encryption flag of the security policy is unbound according to the binding flag bit. The location is encrypted. When the user needs to access the security policy of the terminal 30, the encryption module 31 is further configured to read the value of the encryption flag of the security policy. When the encryption flag of the security policy is decrypted, it is determined that the security policy is currently in the decrypted state; The encryption flag of the security policy is encrypted, and it is determined that the security policy is in an encrypted state;
具体的, 用户需要访问终端 30的安全策略时, 如打开屏幕、 进入隐私空间 等,加密模块 31读取安全策略的加密标志位的值, 当安全策略的加密标志位为 解密, 则加密模块 31确定安全策略当前处于解密状态, 直接向用户提供相应应 用, 如开启屏幕、 打开私密空间等, 而无需用户再进行对安全策略的繁瑣解密 输入; 当安全策略的加密标志位为加密, 则加密模块 31确定安全策略处于加密 状态, 仍需用户对安全策略的繁瑣解密输入。  Specifically, when the user needs to access the security policy of the terminal 30, such as opening the screen, entering the privacy space, etc., the encryption module 31 reads the value of the encryption flag of the security policy. When the encryption flag of the security policy is decrypted, the encryption module 31 It is determined that the security policy is currently in the decrypted state, and directly provides the corresponding application to the user, such as opening the screen, opening the private space, and the like, without the user having to perform the cumbersome decryption input on the security policy; when the encryption flag of the security policy is encrypted, the encryption module 31 It is determined that the security policy is in an encrypted state, and the user still needs to decrypt the tedious input of the security policy.
上述加密模块 31和处理模块 33可以由 CPU或 DSP等硬件实现; 近场无 线通信模块 32可以由 NFC或蓝牙等功能模块实现。  The above encryption module 31 and processing module 33 may be implemented by hardware such as a CPU or a DSP; the near field wireless communication module 32 may be implemented by a function module such as NFC or Bluetooth.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的设备和方法, 可 以通过其它的方式实现。 以上所描述的设备实施例仅仅是示意性的, 例如, 所 述单元的划分,仅仅为一种逻辑功能划分, 实际实现时可以有另外的划分方式, 如: 多个单元或组件可以结合, 或可以集成到另一个***, 或一些特征可以忽 略, 或不执行。 另外, 所显示或讨论的各组成部分相互之间的耦合、 或直接耦 合、 或通信连接可以是通过一些接口, 设备或单元的间接耦合或通信连接, 可 以是电性的、 机械的或其它形式的。  In the several embodiments provided herein, it should be understood that the disclosed apparatus and method may be implemented in other ways. The device embodiments described above are only schematic. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
上述作为分离部件说明的单元可以是、 或也可以不是物理上分开的, 作为 单元显示的部件可以是、 或也可以不是物理单元, 即可以位于一个地方, 也可 以分布到多个网络单元上; 可以根据实际的需要选择其中的部分或全部单元来 实现本实施例方案的目的。  The units described above as separate components may or may not be physically separated, and the components displayed as the units may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另夕卜,在本发明各实施例中的各功能单元可以全部集成在一个处理单元中, 也可以是各单元分别单独作为一个单元, 也可以两个或两个以上单元集成在一 个单元中; 上述集成的单元既可以釆用硬件的形式实现, 也可以釆用硬件加软 件功能单元的形式实现。 本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步骤可 以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机可读取存 储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的存储 介质包括: 移动存储设备、 只读存储器 (ROM, Read-Only Memory )、 随机存 取存储器 (RAM, Random Access Memory ), 磁碟或者光盘等各种可以存储程 序代码的介质。 In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units. A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like. A medium that can store program code.
或者, 本发明上述集成的单元如果以软件功能模块的形式实现并作为独立 的产品销售或使用时, 也可以存储在一个计算机可读取存储介质中。 基于这样 的理解, 本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可 以以软件产品的形式体现出来, 该计算机软件产品存储在一个存储介质中, 包 括若干指令用以使得一台计算机设备(可以是个人计算机、 服务器、 或者网络 设备等)执行本发明各个实施例所述方法的全部或部分。 而前述的存储介质包 括: 移动存储设备、 只读存储器(ROM, Read-Only Memory ), 随机存取存储 器(RAM, Random Access Memory )、 磁碟或者光盘等各种可以存储程序代码 的介质。  Alternatively, the above-described integrated unit of the present invention may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product. The computer software product is stored in a storage medium and includes a plurality of instructions. A computer device (which may be a personal computer, server, or network device, etc.) is implemented to perform all or part of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a removable storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局限于 此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到 变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应 以所述权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

权利要求书 claims
1、 一种保护终端安全性的方法, 该方法包括: 1. A method for protecting terminal security. The method includes:
终端对自身的安全策略进行加密处理, 使终端处于加密状态; The terminal encrypts its own security policy so that the terminal is in an encrypted state;
终端通过近场无线通信方式与可穿戴设备建立连接; The terminal establishes a connection with the wearable device through near-field wireless communication;
终端根据自身与可穿戴设备的连接状态对安全策略进行处理。 The terminal processes the security policy based on its connection status with the wearable device.
2、根据权利要求 1所述的方法, 其中, 所述终端通过近场无线通信方式与 可穿戴设备建立连接, 包括: 2. The method according to claim 1, wherein the terminal establishes a connection with the wearable device through near-field wireless communication, including:
终端通过近场无线通信方式向可穿戴设备发起连接请求, 可穿戴设备通过 近场无线通信方式接收终端发起的连接请求, 可穿戴设备与终端建立连接; 或者, The terminal initiates a connection request to the wearable device through near field wireless communication, the wearable device receives the connection request initiated by the terminal through near field wireless communication, and the wearable device establishes a connection with the terminal; or,
可穿戴设备通过近场无线通信方式向终端发起连接请求, 终端通过近场无 线通信方式接收可穿戴设备发起的连接请求, 终端与可穿戴设备建立连接。 The wearable device initiates a connection request to the terminal through near-field wireless communication, the terminal receives the connection request initiated by the wearable device through near-field wireless communication, and the terminal establishes a connection with the wearable device.
3、根据权利要求 1所述的方法, 其中, 所述终端根据自身与可穿戴设备的 连接状态对安全策略进行处理, 包括: 3. The method according to claim 1, wherein the terminal processes the security policy according to its connection status with the wearable device, including:
终端周期性检测与可穿戴设备的连接状态, 如果终端与可穿戴设备处于连 接状态, 则将安全策略的加密标志位置为解密; The terminal periodically detects the connection status with the wearable device. If the terminal and the wearable device are connected, the encryption flag of the security policy is set to decryption;
如果终端与可穿戴设备处于未连接状态, 则将安全策略的加密标志位置为 加密。 If the terminal is not connected to the wearable device, set the encryption flag of the security policy to Encryption.
4、根据权利要求 1所述的方法, 其中, 所述终端根据自身与可穿戴设备的 连接状态对安全策略进行处理, 包括: 4. The method according to claim 1, wherein the terminal processes the security policy according to its connection status with the wearable device, including:
终端周期性检测与可穿戴设备的连接状态, 如果终端与可穿戴设备处于连 接状态, 则将绑定标志位置为绑定, 并根据绑定标志位为绑定将安全策略的加 密标志位置为解密; 如果终端与可穿戴设备处于未连接状态, 则将绑定标志位 置为未绑定, 并根据绑定标志位为未绑定将安全策略的加密标志位置为加密。 The terminal periodically detects the connection status with the wearable device. If the terminal and the wearable device are connected, the binding flag position is set to binding, and the encryption flag position of the security policy is set to decryption according to the binding flag position. ; If the terminal and the wearable device are not connected, the binding flag position is set to unbound, and the encryption flag position of the security policy is set to encryption according to the binding flag position being unbound.
5、根据权利要求 3或 4所述的方法, 其中, 所述检测与可穿戴设备的连接 状态, 包括: 终端通过近场无线通信方式向可穿戴设备发送侦听包, 当通过近场无线通 信方式收到可穿戴设备返回的侦听响应包时, 终端确定与可穿戴设备处于连接 状态; 当未通过近场无线通信方式收到可穿戴设备返回的侦听响应包时, 终端 确定与可穿戴设备处于未连接状态。 5. The method according to claim 3 or 4, wherein the detecting the connection status with the wearable device includes: The terminal sends a listening packet to the wearable device through near-field wireless communication. When receiving the listening response packet returned by the wearable device through near-field wireless communication, the terminal determines that it is connected to the wearable device; When the field wireless communication method receives the listening response packet returned by the wearable device, the terminal determines that it is not connected to the wearable device.
6、 根据权利要求 3或 4所述的方法, 其中, 所述方法还包括: 6. The method according to claim 3 or 4, wherein the method further includes:
终端读取安全策略的加密标志位的值, 当安全策略的加密标志位为解密, 则终端确定安全策略当前处于解密状态; 当安全策略的加密标志位为加密, 则 终端确定安全策略处于加密状态。 The terminal reads the value of the encryption flag bit of the security policy. When the encryption flag bit of the security policy is decryption, the terminal determines that the security policy is currently in the decryption state; when the encryption flag bit of the security policy is encryption, the terminal determines that the security policy is in the encryption state. .
7、 一种终端, 该终端包括: 加密模块、 近场无线通信模块和处理模块; 其 中, 7. A terminal, which includes: an encryption module, a near-field wireless communication module and a processing module; wherein,
所述加密模块, 配置为对终端的安全策略进行加密处理, 使终端处于加密 状态; The encryption module is configured to encrypt the security policy of the terminal so that the terminal is in an encrypted state;
所述近场无线通信模块, 配置为通过近场无线通信方式建立终端与可穿戴 设备的连接; The near-field wireless communication module is configured to establish a connection between the terminal and the wearable device through near-field wireless communication;
所述处理模块, 配置为根据自身与可穿戴设备的连接状态对安全策略进行 处理。 The processing module is configured to process the security policy according to the connection status between itself and the wearable device.
8、 根据权利要求 7所述的终端, 其中, 8. The terminal according to claim 7, wherein,
所述近场无线通信模块, 配置为通过近场无线通信方式向可穿戴设备发起 连接请求或通过近场无线通信方式接收可穿戴设备发起的连接请求, 建立终端 与可穿戴设备的连接。 The near-field wireless communication module is configured to initiate a connection request to the wearable device through near-field wireless communication or receive a connection request initiated by the wearable device through near-field wireless communication, and establish a connection between the terminal and the wearable device.
9、 根据权利要求 7所述的终端, 其中, 9. The terminal according to claim 7, wherein,
所述近场无线通信模块, 配置为通过近场无线通信方式向可穿戴设备发送 侦听包, 并将是否通过近场无线通信方式收到可穿戴设备返回的侦听响应包的 结果通知给所述处理模块; The near-field wireless communication module is configured to send a listening packet to the wearable device through near-field wireless communication, and notify the wearable device of the result of whether the listening response packet returned by the wearable device is received through near-field wireless communication. Described processing module;
所述处理模块,配置为根据所述近场无线通信模块收到侦听响应包的通知, 将安全策略的加密标志位置为解密; 根据所述近场无线通信模块未收到侦听响 应包的通知, 将安全策略的加密标志位置为加密。 The processing module is configured to set the encryption flag position of the security policy to decrypt according to the near field wireless communication module receiving the notification of the interception response packet; according to the near field wireless communication module not receiving the interception response packet. Notification, set the encryption flag of the security policy to encryption.
10、 根据权利要求 7所述的终端, 其中, 10. The terminal according to claim 7, wherein,
所述近场无线通信模块, 配置为通过近场无线通信方式向可穿戴设备发送 侦听包, 并将是否通过近场无线通信方式收到可穿戴设备返回的侦听响应包的 结杲通知给所述处理模块; The near-field wireless communication module is configured to send a listening packet to the wearable device through near-field wireless communication, and notify the result of whether the listening response packet returned by the wearable device is received through near-field wireless communication. The processing module;
所述处理模块,配置为根据所述近场无线通信模块收到侦听响应包的通知, 将绑定标志位置为绑定, 并根据绑定标志位为绑定将安全策略的加密标志位置 为解密; 根据所述近场无线通信模块未收到侦听响应包的通知, 将绑定标志位 置为未绑定, 并才艮据绑定标志位为未绑定将安全策略的加密标志位置为加密。 The processing module is configured to set the binding flag position to binding according to the near field wireless communication module receiving the notification of the interception response packet, and to set the encryption flag position of the security policy to binding according to the binding flag position. Decrypt; According to the near field wireless communication module not receiving the notification of the interception response packet, the binding flag position is set to unbound, and based on the binding flag position being unbound, the encryption flag position of the security policy is set to encryption.
11、 根据权利要求 9或 10所述的终端, 其中, 11. The terminal according to claim 9 or 10, wherein,
所述加密模块, 配置为读取安全策略的加密标志位的值, 当安全策略的加 密标志位为解密, 则确定安全策略当前处于解密状态; 当安全策略的加密标志 位为加密, 则确定安全策略处于加密状态。 The encryption module is configured to read the value of the encryption flag of the security policy. When the encryption flag of the security policy is decryption, it is determined that the security policy is currently in the decryption state; when the encryption flag of the security policy is encryption, it is determined that security is The policy is encrypted.
12、 一种保护终端安全性的***, 该***包括: 终端和可穿戴设备; 其中, 所述终端, 配置为对自身的安全策略进行加密处理,使自身处于加密状态; 通过近场无线通信方式与可穿戴设备建立连接; 根据自身与可穿戴设备的连接 状态对安全策略进行处理; 12. A system for protecting terminal security, the system includes: a terminal and a wearable device; wherein, the terminal is configured to encrypt its own security policy and put itself in an encrypted state; through near-field wireless communication Establish a connection with a wearable device; process security policies based on the connection status between itself and the wearable device;
所述可穿戴设备, 配置为通过近场无线通信方式与终端建立连接。 The wearable device is configured to establish a connection with the terminal through near-field wireless communication.
13、 根据权利要求 12所述的***, 其中, 13. The system of claim 12, wherein,
所述终端, 配置为周期性检测自身与可穿戴设备的连接状态, 如果自身与 可穿戴设备处于连接状态, 则将安全策略的加密标志位置为解密; 如果自身与 可穿戴设备处于未连接状态, 则将安全策略的加密标志位置为加密。 The terminal is configured to periodically detect the connection status between itself and the wearable device. If the terminal is connected to the wearable device, set the encryption flag of the security policy to decryption; if the terminal is not connected to the wearable device, Then set the encryption flag of the security policy to encryption.
14、 根据权利要求 12所述的***, 其中, 14. The system of claim 12, wherein,
所述终端, 配置为周期性检测自身与可穿戴设备的连接状态, 如果自身与 可穿戴设备处于连接状态, 则将绑定标志位置为绑定, 并根据绑定标志位为绑 定将安全策略的加密标志位置为解密;如果自身与可穿戴设备处于未连接状态, 则将绑定标志位置为未绑定, 并根据绑定标志位为未绑定将安全策略的加密标 志位置为加密。 The terminal is configured to periodically detect the connection status between itself and the wearable device. If it is connected to the wearable device, set the binding flag position to binding, and set the security policy according to the binding flag position. The encryption flag position is decryption; if it is not connected to the wearable device, the binding flag position is set to unbound, and the encryption flag position of the security policy is encrypted according to the binding flag position being unbound.
15、 根据权利要求 13或 14所述的***, 其中, 15. The system according to claim 13 or 14, wherein,
所述终端, 配置为读取安全策略的加密标志位的值, 当安全策略的加密标 志位为解密, 则确定自身的安全策略当前处于解密状态; 当安全策略的加密标 志位为加密, 则确定自身的安全策略处于加密状态。 The terminal is configured to read the value of the encryption flag bit of the security policy. When the encryption flag bit of the security policy is decryption, it is determined that its own security policy is currently in the decryption state; when the encryption flag bit of the security policy is encryption, it is determined Its own security policy is in an encrypted state.
PCT/CN2014/081281 2014-04-17 2014-06-30 Method, terminal and system for protecting terminal security WO2015158043A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410155210.8A CN104091133A (en) 2014-04-17 2014-04-17 Method for protecting security of terminal, terminal and system
CN201410155210.8 2014-04-17

Publications (1)

Publication Number Publication Date
WO2015158043A1 true WO2015158043A1 (en) 2015-10-22

Family

ID=51638848

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/081281 WO2015158043A1 (en) 2014-04-17 2014-06-30 Method, terminal and system for protecting terminal security

Country Status (2)

Country Link
CN (1) CN104091133A (en)
WO (1) WO2015158043A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104408360B (en) * 2014-10-24 2018-01-12 上海微肯网络科技有限公司 Encryption device and method based on mobile terminal
CN105630144B (en) * 2014-11-26 2019-02-19 华为终端(东莞)有限公司 Handheld terminal and its control method for screen display
CN104517071B (en) * 2015-01-16 2017-04-05 宇龙计算机通信科技(深圳)有限公司 System processing method, system processing meanss and terminal
CN104751066A (en) * 2015-03-10 2015-07-01 广东欧珀移动通信有限公司 Information processing method and device
CN104702792A (en) 2015-03-20 2015-06-10 小米科技有限责任公司 State control method and device, electronic device of terminal screen
CN104732158A (en) * 2015-04-09 2015-06-24 上海斐讯数据通信技术有限公司 Encryption photographing method, system and device
CN104951703B (en) * 2015-05-27 2019-01-18 小米科技有限责任公司 terminal control method and device
CN105787395B (en) * 2016-02-29 2019-03-22 宇龙计算机通信科技(深圳)有限公司 Data access method, data access device and mobile terminal
CN107678533A (en) * 2016-08-01 2018-02-09 北京心有灵犀科技有限公司 A kind of gesture identification method for wearable device
CN106326724A (en) * 2016-08-18 2017-01-11 捷开通讯(深圳)有限公司 Unlocking method based on terminal added with trusted device and terminal
CN107622547A (en) * 2017-09-13 2018-01-23 广州咩也科技有限公司 Method, apparatus, storage medium and the computer equipment that terminal is unlocked
CN108259661A (en) * 2017-12-27 2018-07-06 北京海杭通讯科技有限公司 Method for protecting privacy and mobile terminal based on bluetooth connection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023539A (en) * 2012-12-04 2013-04-03 中兴通讯股份有限公司 Method and system for starting functions of electronic devices
WO2013095356A1 (en) * 2011-12-20 2013-06-27 Intel Corporation File encryption, decryption and accessvia near field communication
CN103473514A (en) * 2013-09-06 2013-12-25 宇龙计算机通信科技(深圳)有限公司 Data storage access method and device
CN103647587A (en) * 2013-12-30 2014-03-19 华为终端有限公司 Method and system for unlocking mobile terminal, mobile terminal and wearable electronic device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247579A (en) * 2007-02-14 2008-08-20 德信无线通讯科技(北京)有限公司 Method for locking mobile communication terminal through Bluetooth earphone
CN101739529A (en) * 2009-12-01 2010-06-16 深圳华为通信技术有限公司 Device, computer, system and method for locking computer by data card
CN102402651B (en) * 2010-09-09 2016-01-20 三星电子(中国)研发中心 Information protection device and method and portable terminal
CN103369511B (en) * 2012-03-28 2016-09-21 宇龙计算机通信科技(深圳)有限公司 Unblock based on WiFi network or locking means and communication terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013095356A1 (en) * 2011-12-20 2013-06-27 Intel Corporation File encryption, decryption and accessvia near field communication
CN103023539A (en) * 2012-12-04 2013-04-03 中兴通讯股份有限公司 Method and system for starting functions of electronic devices
CN103473514A (en) * 2013-09-06 2013-12-25 宇龙计算机通信科技(深圳)有限公司 Data storage access method and device
CN103647587A (en) * 2013-12-30 2014-03-19 华为终端有限公司 Method and system for unlocking mobile terminal, mobile terminal and wearable electronic device

Also Published As

Publication number Publication date
CN104091133A (en) 2014-10-08

Similar Documents

Publication Publication Date Title
WO2015158043A1 (en) Method, terminal and system for protecting terminal security
US20200302719A1 (en) Wearable misplacement
US10070313B2 (en) Wireless token device
EP2770702B1 (en) Mobile phone and communication method thereof
US8467770B1 (en) System for securing a mobile terminal
KR101727660B1 (en) Method of using one device to unlock another device
US9547761B2 (en) Wireless token device
US8190129B2 (en) Systems for three factor authentication
US8260262B2 (en) Systems for three factor authentication challenge
CA2898609C (en) Cryptographic protocol for portable devices
US8819445B2 (en) Wireless token authentication
WO2016086584A1 (en) Method and authentication device for unlocking administrative rights
US20130268758A1 (en) Wireless storage device
CN107438230B (en) Safe wireless ranging
KR20130027571A (en) Securing a mobile computing device
JP2015505105A (en) Secure user authentication for Bluetooth-enabled computer storage devices
CN106572427B (en) Method and device for establishing near field communication
WO2015117333A1 (en) Information processing method and apparatus, encryption device and computer storage medium
CN104318177A (en) Protection method and protection device for data of terminal equipment
WO2013123453A1 (en) Data storage devices, systems, and methods
CN104951703B (en) terminal control method and device
JP6349712B2 (en) Mobile device setting method
JP6201835B2 (en) Information processing apparatus, information processing method, and computer program
TWI633800B (en) Methods for device pairing and data transmission in handheld communication devices
CN113596811B (en) Data transmission method and terminal equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14889324

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14889324

Country of ref document: EP

Kind code of ref document: A1