WO2016119164A1 - Terminal security management method and apparatus - Google Patents

Terminal security management method and apparatus Download PDF

Info

Publication number
WO2016119164A1
WO2016119164A1 PCT/CN2015/071818 CN2015071818W WO2016119164A1 WO 2016119164 A1 WO2016119164 A1 WO 2016119164A1 CN 2015071818 W CN2015071818 W CN 2015071818W WO 2016119164 A1 WO2016119164 A1 WO 2016119164A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
function
security mode
access
access permission
Prior art date
Application number
PCT/CN2015/071818
Other languages
French (fr)
Chinese (zh)
Inventor
吕云飞
艾浩峰
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Priority to PCT/CN2015/071818 priority Critical patent/WO2016119164A1/en
Publication of WO2016119164A1 publication Critical patent/WO2016119164A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to the field of communications, and in particular, to a terminal security management method and apparatus.
  • Some application software enriches the life of the user, it is also easy to bring huge security risks to the user's various information and privacy.
  • some application software may involve multi-directional user rights (such as obtaining user address book information, obtaining user-bound bank account information, obtaining user's current location information, etc.), which is obtained by malicious illegal software. Users' privacy, personal and property security will be in great danger.
  • the embodiments of the present invention provide a terminal security management method and device, which improves the security of the terminal during use, and avoids potential security risks that may be caused when the user uses the terminal.
  • a first aspect of the embodiments of the present invention provides a terminal security management method, and a package include:
  • the access permission function refers to a function that is allowed to be performed after the user is granted the access right
  • the calling instruction of the access permission function is received by the application, the calling instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
  • the access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function;
  • the generating a security mode broadcast according to the security mode command includes:
  • the broadcasting according to the security mode, retaining a voice service function of the terminal, and shutting down the terminal Access rights features, including:
  • the access permission function outside the access permission white list is closed according to the access permission white list, wherein the access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function. .
  • the calling instruction of the access permission function is received by the application, the calling instruction is prohibited, including:
  • the calling instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
  • the method further includes:
  • the method further includes:
  • the access permission function is restored to the recorded use status of the access permission function to exit the security mode.
  • a second aspect of the embodiments of the present invention further provides a terminal, including:
  • An acquiring unit configured to acquire a user-triggered security mode instruction, where the security mode instruction is used to instruct to initiate security protection for the terminal;
  • a broadcast generating unit configured to generate a security mode broadcast according to the security mode instruction in the obtaining unit, where the security mode broadcast is used to instruct an interception application to initiate an unsecure access operation to the terminal;
  • a security mode switching unit configured to broadcast, according to the security mode in the broadcast generating unit, a voice service function of the terminal, and to disable an access permission function of the terminal, where the access permission function is required to be granted by the user The function that is allowed to be executed after accessing the permission;
  • the intercepting unit is configured to: if the calling instruction of the access permission function is received by the application, prohibit the calling instruction to intercept an unsafe access operation initiated by the application to the terminal.
  • the broadcast generating unit is specifically configured to obtain a whitelist of access rights selected by the user, where the whitelist of the access rights includes an application that the user has authorized to access or the user has Authorizing the access permission function; generating a security mode broadcast according to the security mode instruction and the access authority whitelist, the security mode broadcasting to indicate that an application other than the access permission whitelist is intercepted Insecure access operation initiated by the terminal;
  • the access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
  • the security mode switching unit is configured to broadcast the voice service function of the terminal according to the security mode, and close the access permission function of the access permission white list according to the access permission white list, where the
  • the access rights function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
  • the intercepting unit is specifically configured to: if receiving the calling instruction that the application invokes the access permission function, determine whether to initiate security protection on the terminal; if the security protection of the terminal is started, prohibiting The calling instruction intercepts an unsecure access operation initiated by the application to the terminal.
  • the terminal further includes a recording unit, where
  • the recording unit is configured to record a usage status of a current access permission function of the terminal
  • the security mode switching unit is further configured to: if receiving an exit command triggered by a user, restore the access permission function to a usage state of the access permission function recorded in the recording unit, to exit the security mode.
  • An embodiment of the present invention provides a terminal security management method and device, which generates a security mode broadcast by acquiring a user-triggered security mode command, so that each functional module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and closes The access permission function of the terminal, wherein the access permission function refers to the user being required to grant access The function that is allowed to be executed after the permission; in this way, the terminal can successfully switch to the security mode, and upon receiving the calling instruction of the access function by the application, the terminal can prohibit the calling instruction to intercept the application.
  • the insecure access operation initiated by the terminal improves the security of the terminal during use and avoids the security risks that may be caused when the user uses the terminal.
  • FIG. 1 is a schematic flowchart 1 of a terminal security management method according to an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of a terminal interface according to an embodiment of the present invention.
  • FIG. 3 is a second schematic flowchart of a terminal security management method according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of hardware of a terminal according to an embodiment of the present disclosure.
  • FIG. 5 is a schematic structural diagram 1 of a terminal according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram 2 of a terminal according to an embodiment of the present invention.
  • the embodiment of the invention provides a terminal security management method, as shown in FIG. 1 , which includes:
  • the terminal acquires a user-triggered security mode command, where the security mode command is used to instruct to initiate security protection for the terminal.
  • the terminal generates a security mode broadcast according to the security mode command, where the security mode broadcast is used to indicate that the interception application initiates an insecure access operation to the terminal.
  • the terminal broadcasts the voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal, where the access permission function refers to that the user is required to grant access rights.
  • the terminal prohibits the calling instruction to intercept the insecure access operation initiated by the application to the terminal.
  • the terminal may acquire a security mode command triggered by the user, where the security mode command is used to instruct to initiate security protection for the terminal.
  • a super security mode option may be added in the scenario mode of the terminal.
  • the terminal After the user triggers the super security mode option, the terminal generates a security mode instruction, where the security mode instruction is used to indicate that the security of the terminal is initiated. Protection, in this way, the terminal can open the super security mode according to the security mode command to maintain the security of the terminal.
  • step 102 after the terminal acquires the security mode command, the terminal generates a security mode broadcast according to the security mode command, where the security mode broadcast is used to indicate that the interception application initiates an insecure access operation to the terminal.
  • the terminal Since the security mode command acquired by the terminal is used to instruct to initiate security protection for the terminal, the terminal needs to notify a plurality of hardware devices (such as a camera, GPS, Bluetooth, etc.) and/or function modules (such as a data network module, etc.) in the terminal. ) Turn on the security mode so that these hardware devices and/or function modules can turn off the access rights of the application to itself, and then secure the terminal.
  • the terminal may generate a security mode broadcast according to the received security mode command, and play the security mode broadcast in each hardware device and/or function module in the terminal to instruct each hardware device and/or function module to intercept the application. Insecure access operation initiated by the terminal.
  • the form of the security mode broadcast may be various.
  • the security mode broadcast may only include indication information that informs each hardware device and/or the function module to turn off the corresponding function, such that each hardware device and/or function module After receiving the security mode broadcast, the function of the security mode is turned off, or the security mode broadcast can also be classified into a first-level security mode broadcast, a second-level security mode broadcast, etc.
  • the first-level security mode broadcast can be used to indicate all Both the hardware device and the function module intercept the insecure access operation initiated by the application to the terminal
  • the secondary security mode broadcast can be used to indicate Relatively important hardware devices and/or functional modules (such as GPS or data network modules) intercept the insecure access operations initiated by the application to the terminal, so that the user can adjust the security of the terminal according to the currently required security level. Maintenance.
  • the secure mode broadcast may also include an identification of the corresponding application to instruct the hardware device and/or the function module to perform a specified operation such as masking the unsafe access operations initiated by the applications included in the secure mode broadcast.
  • the terminal may broadcast the voice service function of the reserved terminal according to the security mode, and close the access permission function of the terminal, where the access permission function refers to A function that is allowed to be performed after a user is granted an access right.
  • the access permission function may include at least one of a Global Positioning System (GPS) function, a data service function, a wireless network function, a camera function, and a recording function.
  • GPS Global Positioning System
  • the GPS function can be turned off according to the security mode broadcast; after receiving the security mode broadcast, the WIFI module can broadcast the wireless network function according to the security mode; After receiving the security mode broadcast, the network module can broadcast the data service function according to the security mode; the terminal can also invoke the camera interface to disable the camera function, and invoke the audio HAL (Hardware Abstraction Layer) interface to disable the recording function; The terminal sets the communication mode currently being used by the terminal to a CS (Circuit Switch) only mode that provides voice service to ensure the normal communication function of the user.
  • CS Circuit Switch
  • the terminal when the terminal enters the security mode, the terminal can be superimposed with any other context mode, that is, when the terminal is enabled in the super security mode, the outdoor mode, the standard mode, and the conference mode can be simultaneously enabled. , one of the silent mode and the flight mode.
  • step 104 after the terminal performs steps 101 to 103, the terminal has already turned on the security mode. At this time, if the terminal receives the calling instruction of the application access function, the terminal prohibits the calling instruction to intercept the application. Insecure access operation initiated by the terminal.
  • the terminal has turned off the GPS function. Therefore, when the user uses the application program such as Baidu map to initiate a GPS function call instruction to the terminal, in order to protect the terminal's use security, the terminal will now The call instruction is disabled to intercept unsafe access operations initiated by the application to the terminal.
  • the application program such as Baidu map
  • An embodiment of the present invention provides a terminal security management method, which generates a security mode broadcast by acquiring a user-triggered security mode command, so that each functional module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and closes the terminal.
  • the access permission function wherein the access permission function includes a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the secure mode, and once the application receives the call instruction for the access permission function,
  • the terminal may prohibit the calling instruction to intercept the insecure access operation initiated by the application to the terminal, improve the security of the terminal during use, and avoid potential security risks that may be caused when the user uses the terminal.
  • An embodiment of the present invention provides a terminal security management method, as shown in FIG. 3, including:
  • the terminal acquires a user-triggered security mode command, where the security mode command is used to instruct to initiate security protection for the terminal.
  • the terminal obtains a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or an access permission function that the user has authorized access, and the access permission function includes a GPS function, a data service function, and a wireless network. At least one of a function, a camera function, and a recording function.
  • the terminal generates a security mode broadcast according to the security mode command and the access permission whitelist, where the security mode broadcast is used to indicate that the application that intercepts the access permission whitelist is insecure to the terminal.
  • the terminal records the usage status of the current access permission function of the terminal.
  • the terminal broadcasts the voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal.
  • the terminal prohibits The call instruction is terminated to intercept an unsafe access operation initiated by the application to the terminal.
  • step 207 If an exit command triggered by the user is received, return the access permission function to the used state of the recorded access permission function in step 204 to exit the security mode.
  • the terminal may acquire a security mode command triggered by the user, where the security mode command is used to instruct to initiate security protection for the terminal.
  • a super security mode option may be added in a scenario mode of the terminal.
  • the terminal After the user triggers the super security mode option, the terminal generates a security mode instruction for instructing to initiate security protection for the terminal, such that The terminal can start the super security mode according to the security mode command to maintain the security of the terminal.
  • the terminal may obtain a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or an access permission function that the user has authorized access to.
  • the access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
  • the terminal may output a corresponding output interface through the display device provided with the touch panel to prompt the user from the GPS function, the data service function, the wireless network function, the camera function, and the recording.
  • One or more of the functions are selected as a white list of access rights that the user has authorized to access, or the terminal may output a corresponding output interface to prompt the user to select one or more of the plurality of applications as the user has authorized access.
  • the whitelist of access rights is provided so that the terminal selectively intercepts the insecure access operation initiated by the related application to the terminal according to the whitelist of access rights that the user has authorized to access.
  • step 203 after the terminal obtains the whitelist of access rights selected by the user, the terminal generates a security mode broadcast according to the security mode command and the whitelist of access rights, where the security mode broadcast is used to indicate that the application other than the whitelist of the access rights is intercepted.
  • the program initiates an insecure access operation to the terminal.
  • the security protection of the terminal is started.
  • the terminal needs to notify a plurality of hardware devices (such as a camera, GPS, Bluetooth, etc.) and/or function modules (such as a data network module, etc.) in the terminal to turn on the security mode, so that the hardware devices and/or function modules close the application.
  • the program has its own access rights, which in turn protects the terminal. Therefore, the terminal may generate a security mode broadcast according to the obtained security mode command and the access permission white list, and play the security mode broadcast in each hardware device and/or function module in the terminal to indicate each hardware device and/or function.
  • the module intercepts insecure access operations initiated by the application to the terminal.
  • a Broadcast Receiver may be set in each hardware device and/or function module in the mobile phone equipped with the Android system, and wait for the security mode broadcast initiated by the receiving terminal, wherein the broadcast receiver is to implement terminal broadcast. And a component provided.
  • the form of the security mode broadcast may be various. For details, refer to step 102 in Embodiment 1, and details are not described herein again.
  • the terminal may also record the usage status of the current access right function of the terminal, or the GPS service function, the data service function, currently used by the terminal, after executing step 203 or after performing step 203.
  • the working status of the wireless network function, the camera function, and the recording function, for example, the GPS function is turned on or off, so that the terminal can restore the access right function of the terminal to the state before the user turns on the security mode in time after exiting the security mode.
  • the terminal may broadcast the voice service function of the reserved terminal according to the security mode, and close the access permission function of the terminal, where the access permission function includes a GPS function. At least one of a data service function, a wireless network function, a camera function, and a recording function.
  • the security mode broadcast includes the access authority determined by the user.
  • the information of the list therefore, when the access permission function of the terminal is turned off, the terminal can turn off the GPS function, the data service function, the wireless network function, according to the whitelist of access rights determined by the user, At least one of the camera function and the recording function realizes a user-defined security mode, and can realize user-to-terminal security self-management while improving terminal security.
  • step 206 after the terminal performs steps 201 to 205, the terminal has turned on the security mode. At this time, if the terminal receives the calling instruction of the application access function, the terminal prohibits the calling instruction to intercept the application. Insecure access operation initiated by the terminal.
  • the terminal has turned off the GPS function. Therefore, when the user uses the application program such as Baidu map to initiate a GPS function call instruction to the terminal, in order to protect the terminal's use security, the terminal will now The call instruction is disabled to intercept unsafe access operations initiated by the application to the terminal.
  • the application program such as Baidu map
  • step 207 corresponding to step 206, after the terminal performs steps 201 to 205, the terminal has turned on the security mode. At this time, if the user-initiated exit command is received, the access permission function is restored to step 204. The usage status of the recorded access rights feature to exit the security mode.
  • An embodiment of the present invention provides a terminal security management method, which generates a security mode broadcast by acquiring a user-triggered security mode command, so that each functional module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and closes the terminal.
  • the access permission function wherein the access permission function refers to a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the secure mode, and once receiving the calling instruction of the access permission function by the application, the terminal
  • the calling instruction may be disabled to intercept the insecure access operation initiated by the application to the terminal, improve the security of the terminal during use, and avoid potential security risks that may be caused when the user uses the terminal.
  • Figure 4 shows a hardware schematic of the terminal of the present invention.
  • the terminal may be a mobile phone, an IPAD, or the like, for example, a smart phone using an Android system.
  • the terminal includes a processor 11, a communication interface 12, a memory 13, a display device 14, and a bus 15.
  • the processor 11, the communication interface 12, the memory 13, and the display device 14 communicate via the bus 15.
  • the processor 11 is a control center of the terminal, and the processor 11 performs various functions of the terminal by processing data received by the communication interface 12 and calling software or programs in the memory 13.
  • the communication interface 12 can be implemented by an optical communication interface, an electrical communication interface, a wireless communication interface, or any combination thereof.
  • the optical communication interface can be a small package pluggable transceiver (English: small form-factor pluggable transceiver, abbreviation: SFP) communication interface (English: transceiver), enhanced small form factor pluggable (English: enhanced small form-factor pluggable, Abbreviation: SFP+) Communication interface or 10 Gigabit small form-factor pluggable (English: 10Gigabit small form-factor pluggable, abbreviation: XFP) communication interface.
  • the electrical communication interface can be an Ethernet (English: Ethernet) network interface controller (English: network interface controller, abbreviation: NIC).
  • the wireless communication interface can be a wireless network interface controller (English: wireless network interface controller, abbreviation: WNIC). There may be multiple communication interfaces 12 in the terminal.
  • the memory 13 can be used to store software programs or data, and the processor 11 executes various functional applications and data processing of the terminal by running software programs or data stored in the memory 13.
  • the display device 14 can be used to display information input by the user or information provided to the user as well as various menus of the terminal.
  • the display device 14 may include a display panel.
  • the display panel may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
  • the touch panel may cover the display panel, and when the touch panel detects a touch operation on or near it, the touch panel transmits to the processor 11 to determine the type of the touch event, and then the processor 11 displays according to the type of the touch event. A corresponding visual output is provided on the panel.
  • the processor 11 acquires a user-triggered security mode instruction through the display device 14, the security mode instruction is used to initiate activation of security protection to the terminal; and the processor 11 generates a security mode according to the security mode instruction. Broadcast, the security The full mode broadcast is used to indicate that the interception application initiates an unsecure access operation to the terminal; the processor 11 broadcasts the call communication interface 12 according to the security mode to reserve the voice service function of the terminal, and closes the access right of the terminal.
  • the access permission function refers to a function that is allowed to be executed after the user is granted the access right; if the processor 11 receives the call instruction of the access permission function by the application program through the communication interface 12, the processor 11 prohibits the function
  • the call instruction is output and output to the display device 14 to intercept an unsafe access operation initiated by the application to the terminal.
  • the access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
  • the processor 11 generates a security mode broadcast according to the security mode command, and may specifically include the following steps: the processor 11 obtains a whitelist of access rights selected by the user through the communication interface 12, where the access permission white list includes the user authorized access. The application or the access permission function that the user has authorized access; the processor 11 generates a security mode broadcast according to the security mode instruction and the access permission white list, the security mode broadcast is used to indicate that the access permission is intercepted An unsafe access operation initiated by the application outside the list to the terminal.
  • the method may further include the step of: the processor 11 reserves the voice of the terminal according to the security mode broadcast call communication interface 12.
  • the service function is: the processor 11 calls the communication interface 12 to close the access permission function outside the access permission white list according to the access permission white list, wherein the access permission function includes a GPS function, a data service function, a wireless network function, At least one of a camera function and a recording function.
  • the processor 11 receives the call instruction of the access permission function by the application program through the communication interface 12, the processor 11 disables the call instruction and outputs the command to the display device 14, which may specifically include the following steps: The processor 11 receives the call instruction that the application invokes the access permission function, and the processor 11 determines whether to initiate security protection for the terminal; if the security protection of the terminal has been initiated, the processor 11 prohibits The calling instruction to intercept the application to the terminal Insecure access operation initiated.
  • the method may further include the following steps: the processor 11 records the terminal The usage status of the current access right function is stored in the memory 13; thus, after the processor 11 receives the calling instruction that the application invokes the access authority function, after the calling instruction is prohibited, the method may include the following steps: The device 11 receives the user-initiated exit command, and the processor 11 restores the access permission function to the recorded use status of the access permission function according to the usage status of the access permission function recorded in the memory 13. To exit the safe mode.
  • An embodiment of the present invention provides a terminal, which generates a security mode broadcast by acquiring a security mode command triggered by a user, so that each function module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal.
  • the access permission function refers to a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the security mode, and once receiving the calling instruction of the access permission function by the application, the terminal can prohibit the terminal.
  • the call instruction is used to intercept the insecure access operation initiated by the application to the terminal, which improves the security of the terminal during use and avoids potential security risks that may be caused when the user uses the terminal.
  • An embodiment of the present invention provides a terminal, as shown in FIG. 5, including:
  • the acquiring unit 21 is configured to acquire a user-triggered security mode instruction, where the security mode instruction is used to initiate a security protection for the terminal;
  • the broadcast generating unit 22 is configured to generate a security mode broadcast according to the security mode instruction in the obtaining unit 21, where the security mode broadcast is used to indicate that the interception application initiates an unsecure access operation to the terminal;
  • the security mode switching unit 23 is configured to broadcast the voice service function of the terminal according to the security mode broadcast in the broadcast generating unit 22, and turn off the access permission function of the terminal, where the access permission function refers to the required The function that the user is allowed to perform after granting access rights;
  • the intercepting unit 24 is configured to: if the calling instruction of the access permission function in the security mode switching unit 23 is received by the application, prohibit the calling instruction to intercept the insecure initiated by the application to the terminal Access operation.
  • the broadcast generating unit 22 is specifically configured to obtain a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or the access permission function that the user has authorized to access;
  • the security mode command and the access permission whitelist generate a security mode broadcast, where the security mode broadcast is used to indicate that an unsecured access operation initiated by an application other than the access permission whitelist is initiated to the terminal;
  • the access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
  • the security mode switching unit 23 is configured to broadcast the voice service function of the terminal according to the security mode, and close the access permission function of the access permission white list according to the access permission white list.
  • the access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
  • intercepting unit 24 is specifically configured to: if receiving the calling instruction that the application invokes the access permission function, determine whether to initiate security protection on the terminal; if the security of the terminal is started Protection, the call instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
  • the terminal further includes a recording unit 25, where
  • the recording unit 25 is configured to record a usage status of the current access permission function of the terminal;
  • the security mode switching unit 23 is further configured to: when receiving an exit command triggered by the user, restore the access permission function to a usage state of the access permission function recorded in the recording unit 25, to exit the The security mode.
  • An embodiment of the present invention provides a terminal, which generates a security mode broadcast by acquiring a security mode command triggered by a user, so that each function module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal.
  • the access permission function refers to a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the security mode, and once receiving the calling instruction of the access permission function by the application, the terminal can prohibit the terminal.
  • the call instruction is used to intercept the insecure access operation initiated by the application to the terminal, which improves the security of the terminal during use and avoids potential security risks that may be caused when the user uses the terminal.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be another division manner for example, multiple units or components may be used. Combinations can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in various embodiments of the present invention can be integrated in one place In the unit, it is also possible that each unit physically exists alone, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium.
  • a number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) or a processor to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)

Abstract

Provided are a terminal security management method and apparatus, which relate to the field of communications, improve the security of a terminal during use, and avoid a security risk that may be brought about when a user uses the terminal. The solution includes: acquiring a security mode instruction triggered by a user, wherein the security mode instruction is used for indicating the starting of security protection for a terminal; generating a security mode broadcast according to the security mode instruction, wherein the security mode broadcast is used for indicating the interception of an insecure access operation initiated by an application program to the terminal; reserving a voice service function of the terminal according to the security mode broadcast, and disabling an access permission function of the terminal, wherein the access permission function refers to a function in which the user needs to be granted access permission and is then allowed to perform execution; and if an invoking instruction of the application program for the access permission function is received, prohibiting the invoking instruction, so as to intercept the insecure access operation initiated by the application program to the terminal.

Description

一种终端安全的管理方法及装置Terminal security management method and device 技术领域Technical field
本发明涉及通讯领域,尤其涉及一种终端安全的管理方法及装置。The present invention relates to the field of communications, and in particular, to a terminal security management method and apparatus.
背景技术Background technique
随着通信技术的飞速发展,尤其以手机为代表的智能终端的兴起,为人们的生活提供了极大地方便。用户可以通过在智能终端内安装各种类型的应用软件,以实现各种类型的应用功能。例如,用户在手机内成功安装地图APP(Application,应用程序)之后,地图APP可以通过打开GPS(Global Positioning System,全球定位***)对用户当前的活动地点进行定位,以便于向用户提供线路搜索等服务。又或者,用户在手机内成功安装支付宝APP之后,就可以使用支付宝APP直接与银行进行转账支付等货币服务。With the rapid development of communication technology, especially the rise of smart terminals represented by mobile phones, it has greatly facilitated people's lives. Users can implement various types of application functions by installing various types of application software in the smart terminal. For example, after the user successfully installs the map APP (Application) in the mobile phone, the map APP can locate the current active location of the user by turning on the GPS (Global Positioning System), so as to provide the user with a line search, etc. service. Or, after the user successfully installs the Alipay APP in the mobile phone, the Alipay APP can directly use the money transfer service such as transfer payment with the bank.
然而,这些应用软件在丰富用户的生活的同时,也容易对用户的各类信息和隐私带来巨大的安全隐患。例如,有的应用软件在应用时可能会涉及多向用户权限(例如获取用户通讯录信息,获取用户绑定的银行账户信息,获取用户的当前位置信息等),这些信息一旦被恶意非法软件获取,用户的隐私、人身以及财产安全将面临巨大危险。However, while these application software enriches the life of the user, it is also easy to bring huge security risks to the user's various information and privacy. For example, some application software may involve multi-directional user rights (such as obtaining user address book information, obtaining user-bound bank account information, obtaining user's current location information, etc.), which is obtained by malicious illegal software. Users' privacy, personal and property security will be in great danger.
因此,亟需一种终端安全的管理方法,以提高终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。Therefore, there is a need for a terminal security management method to improve the security of the terminal during use and to avoid potential security risks that users may bring when using the terminal.
发明内容Summary of the invention
本发明的实施例提供一种终端安全的管理方法及装置,提高终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。The embodiments of the present invention provide a terminal security management method and device, which improves the security of the terminal during use, and avoids potential security risks that may be caused when the user uses the terminal.
为达到上述目的,本发明的实施例采用如下技术方案:In order to achieve the above object, embodiments of the present invention adopt the following technical solutions:
本发明实施例的第一方面,提供一种终端安全的管理方法,包 括:A first aspect of the embodiments of the present invention provides a terminal security management method, and a package include:
获取用户触发的安全模式指令,所述安全模式指令用于指示启动对终端的安全保护;Obtaining a user-triggered security mode instruction, where the security mode instruction is used to instruct to initiate security protection for the terminal;
根据所述安全模式指令生成安全模式广播,所述安全模式广播用于指示拦截应用程序对所述终端发起的不安全访问操作;Generating a security mode broadcast according to the security mode command, the security mode broadcast is used to indicate that an interception application initiates an insecure access operation initiated by the terminal;
根据所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,所述访问权限功能是指需要所述用户授予访问权限后允许执行的功能;Broadcasting the voice service function of the terminal according to the security mode, and turning off the access permission function of the terminal, where the access permission function refers to a function that is allowed to be performed after the user is granted the access right;
若接收到所述应用程序对所述访问权限功能的调用指令,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。And if the calling instruction of the access permission function is received by the application, the calling instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
结合第一方面,在第一方面的第一种可能的实现方式中,所述访问权限功能包括全球定位***功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种;With reference to the first aspect, in a first possible implementation manner of the first aspect, the access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function;
其中,所述根据所述安全模式指令生成安全模式广播,包括:The generating a security mode broadcast according to the security mode command includes:
获取用户选择的访问权限白名单,所述访问权限白名单中包含用户已授权访问的应用程序或者用户已授权访问的所述访问权限功能;Obtaining a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or the access permission function that the user has authorized access to;
根据所述安全模式指令和所述访问权限白名单生成安全模式广播,所述安全模式广播用于指示拦截所述访问权限白名单之外的应用程序对所述终端发起的不安全访问操作。And generating, according to the security mode command and the access permission whitelist, a security mode broadcast, where the security mode broadcast is used to indicate that an unsecured access operation initiated by an application other than the access permission whitelist is initiated to the terminal.
结合第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,所述根据所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,包括:In conjunction with the first possible implementation of the first aspect, in a second possible implementation manner of the first aspect, the broadcasting, according to the security mode, retaining a voice service function of the terminal, and shutting down the terminal Access rights features, including:
根据所述安全模式广播保留所述终端的语音业务功能;Broadcasting the voice service function of the terminal according to the security mode broadcast;
根据所述访问权限白名单关闭所述访问权限白名单之外的访问权限功能,其中,所述访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The access permission function outside the access permission white list is closed according to the access permission white list, wherein the access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function. .
结合第一方面,在第一方面的第三种可能的实现方式中,所述 若接收到所述应用程序调用所述访问权限功能的调用指令,则禁止所述调用指令,包括:In conjunction with the first aspect, in a third possible implementation of the first aspect, And if the calling instruction of the access permission function is received by the application, the calling instruction is prohibited, including:
若接收到所述应用程序调用所述访问权限功能的调用指令,则确定是否启动对所述终端的安全保护;If the calling instruction of the access permission function is received by the application, determining whether to initiate security protection for the terminal;
若已启动对所述终端的安全保护,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。If the security protection of the terminal has been initiated, the calling instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
结合第一方面,在第一方面的第四种可能的实现方式中,在所述根据所述安全模式指令生成安全模式广播之后,还包括:With reference to the first aspect, in a fourth possible implementation manner of the first aspect, after the generating the security mode broadcast according to the security mode command, the method further includes:
记录所述终端当前的访问权限功能的使用状态;Recording the usage status of the current access permission function of the terminal;
其中,在所述若接收到所述应用程序调用所述访问权限功能的调用指令,则禁止所述调用指令之后,还包括:Wherein, after receiving the call instruction that the application program invokes the access permission function, after the calling the instruction is prohibited, the method further includes:
若接收到用户触发的退出指令,则将所述访问权限功能恢复至已记录的所述访问权限功能的使用状态,以退出所述安全模式。If the user-initiated exit command is received, the access permission function is restored to the recorded use status of the access permission function to exit the security mode.
本发明实施例的第二方面,还提供一种终端,包括:A second aspect of the embodiments of the present invention further provides a terminal, including:
获取单元,用于获取用户触发的安全模式指令,所述安全模式指令用于指示启动对终端的安全保护;An acquiring unit, configured to acquire a user-triggered security mode instruction, where the security mode instruction is used to instruct to initiate security protection for the terminal;
广播生成单元,用于根据所述获取单元中所述安全模式指令生成安全模式广播,所述安全模式广播用于指示拦截应用程序对所述终端发起的不安全访问操作;a broadcast generating unit, configured to generate a security mode broadcast according to the security mode instruction in the obtaining unit, where the security mode broadcast is used to instruct an interception application to initiate an unsecure access operation to the terminal;
安全模式切换单元,用于根据所述广播生成单元中所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,所述访问权限功能是指需要所述用户授予访问权限后允许执行的功能;a security mode switching unit, configured to broadcast, according to the security mode in the broadcast generating unit, a voice service function of the terminal, and to disable an access permission function of the terminal, where the access permission function is required to be granted by the user The function that is allowed to be executed after accessing the permission;
拦截单元,用于若接收到所述应用程序对所述访问权限功能的调用指令,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。The intercepting unit is configured to: if the calling instruction of the access permission function is received by the application, prohibit the calling instruction to intercept an unsafe access operation initiated by the application to the terminal.
结合第二方面,在第二方面的第一种可能的实现方式中,In conjunction with the second aspect, in a first possible implementation of the second aspect,
所述广播生成单元,具体用于获取用户选择的访问权限白名单,所述访问权限白名单中包含用户已授权访问的应用程序或者用户已 授权访问的所述访问权限功能;根据所述安全模式指令和所述访问权限白名单生成安全模式广播,所述安全模式广播用于指示拦截所述访问权限白名单之外的应用程序对所述终端发起的不安全访问操作;The broadcast generating unit is specifically configured to obtain a whitelist of access rights selected by the user, where the whitelist of the access rights includes an application that the user has authorized to access or the user has Authorizing the access permission function; generating a security mode broadcast according to the security mode instruction and the access authority whitelist, the security mode broadcasting to indicate that an application other than the access permission whitelist is intercepted Insecure access operation initiated by the terminal;
其中,所述访问权限功能包括全球定位***功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
结合第第二方面的第一种可能的实现方式,在第二方面的第二种可能的实现方式中,In conjunction with the first possible implementation of the second aspect, in a second possible implementation of the second aspect,
所述安全模式切换单元,具体用于根据所述安全模式广播保留所述终端的语音业务功能;根据所述访问权限白名单关闭所述访问权限白名单之外的访问权限功能,其中,所述访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The security mode switching unit is configured to broadcast the voice service function of the terminal according to the security mode, and close the access permission function of the access permission white list according to the access permission white list, where the The access rights function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
结合第二方面,在第二方面的第三种可能的实现方式中,In conjunction with the second aspect, in a third possible implementation of the second aspect,
所述拦截单元,具体用于若接收到所述应用程序调用所述访问权限功能的调用指令,则确定是否启动对所述终端的安全保护;若已启动对所述终端的安全保护,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。The intercepting unit is specifically configured to: if receiving the calling instruction that the application invokes the access permission function, determine whether to initiate security protection on the terminal; if the security protection of the terminal is started, prohibiting The calling instruction intercepts an unsecure access operation initiated by the application to the terminal.
结合第二方面,在第二方面的第四种可能的实现方式中,所述终端还包括记录单元,其中,With reference to the second aspect, in a fourth possible implementation manner of the second aspect, the terminal further includes a recording unit, where
所述记录单元,用于记录所述终端当前的访问权限功能的使用状态;The recording unit is configured to record a usage status of a current access permission function of the terminal;
所述安全模式切换单元,还用于若接收到用户触发的退出指令,则将所述访问权限功能恢复至所述记录单元中已记录的所述访问权限功能的使用状态,以退出所述安全模式。The security mode switching unit is further configured to: if receiving an exit command triggered by a user, restore the access permission function to a usage state of the access permission function recorded in the recording unit, to exit the security mode.
本发明的实施例提供一种终端安全的管理方法及装置,通过获取用户触发的安全模式指令生成安全模式广播,以使得终端内的各个功能模块根据安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能是指需要用户授予访问 权限后允许执行的功能;这样一来,终端可以成功切换到安全模式,一旦接收到应用程序对该访问权限功能的调用指令,终端就可以禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作,提高了终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。An embodiment of the present invention provides a terminal security management method and device, which generates a security mode broadcast by acquiring a user-triggered security mode command, so that each functional module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and closes The access permission function of the terminal, wherein the access permission function refers to the user being required to grant access The function that is allowed to be executed after the permission; in this way, the terminal can successfully switch to the security mode, and upon receiving the calling instruction of the access function by the application, the terminal can prohibit the calling instruction to intercept the application. The insecure access operation initiated by the terminal improves the security of the terminal during use and avoids the security risks that may be caused when the user uses the terminal.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art description will be briefly described below.
图1为本发明实施例提供的一种终端安全的管理方法的流程示意图一;1 is a schematic flowchart 1 of a terminal security management method according to an embodiment of the present invention;
图2为本发明实施例提供的一种终端界面的示意图;2 is a schematic diagram of a terminal interface according to an embodiment of the present invention;
图3为本发明实施例提供的一种终端安全的管理方法的流程示意图二;FIG. 3 is a second schematic flowchart of a terminal security management method according to an embodiment of the present disclosure;
图4为本发明实施例提供的一种终端的硬件示意图;FIG. 4 is a schematic diagram of hardware of a terminal according to an embodiment of the present disclosure;
图5为本发明实施例提供的一种终端的结构示意图一;FIG. 5 is a schematic structural diagram 1 of a terminal according to an embodiment of the present disclosure;
图6为本发明实施例提供的一种终端的结构示意图二。FIG. 6 is a schematic structural diagram 2 of a terminal according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments.
实施例1Example 1
本发明实施例提供一种终端安全的管理方法,如图1所示,包括:The embodiment of the invention provides a terminal security management method, as shown in FIG. 1 , which includes:
101、终端获取用户触发的安全模式指令,该安全模式指令用于指示启动对终端的安全保护。101. The terminal acquires a user-triggered security mode command, where the security mode command is used to instruct to initiate security protection for the terminal.
102、终端根据该安全模式指令生成安全模式广播,该安全模式广播用于指示拦截应用程序对终端发起的不安全访问操作。102. The terminal generates a security mode broadcast according to the security mode command, where the security mode broadcast is used to indicate that the interception application initiates an insecure access operation to the terminal.
103、终端根据该安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,该访问权限功能是指需要用户授予访问权 限后允许执行的功能。103. The terminal broadcasts the voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal, where the access permission function refers to that the user is required to grant access rights. The functions allowed to be executed after the limit.
104、若接收到应用程序对访问权限功能的调用指令,终端则禁止该调用指令,以拦截应用程序对终端发起的不安全访问操作。104. If receiving an invocation command of the application to the access permission function, the terminal prohibits the calling instruction to intercept the insecure access operation initiated by the application to the terminal.
在步骤101中,用户在使用终端的过程中,终端可以获取由用户触发的安全模式指令,该安全模式指令用于指示启动对终端的安全保护。In step 101, during the process of using the terminal, the terminal may acquire a security mode command triggered by the user, where the security mode command is used to instruct to initiate security protection for the terminal.
具体的,如图2所示,可以在终端的情景模式中加入超级安全模式选项,当用户触发该超级安全模式选项后,终端生成安全模式指令,该安全模式指令用于指示启动对终端的安全保护,这样,终端便可以根据该安全模式指令开启超级安全模式来维护终端的安全。Specifically, as shown in FIG. 2, a super security mode option may be added in the scenario mode of the terminal. After the user triggers the super security mode option, the terminal generates a security mode instruction, where the security mode instruction is used to indicate that the security of the terminal is initiated. Protection, in this way, the terminal can open the super security mode according to the security mode command to maintain the security of the terminal.
在步骤102中,在终端获取到该安全模式指令之后,终端根据该安全模式指令生成安全模式广播,其中,该安全模式广播用于指示拦截应用程序对终端发起的不安全访问操作。In step 102, after the terminal acquires the security mode command, the terminal generates a security mode broadcast according to the security mode command, where the security mode broadcast is used to indicate that the interception application initiates an insecure access operation to the terminal.
由于终端获取到的安全模式指令用于指示启动对终端的安全保护,因此,终端需要通知终端内的多个硬件设备(例如摄像头、GPS以及蓝牙等)和/或功能模块(例如数据网络模块等)开启安全模式,以便于这些硬件设备和/或功能模块关闭应用程序对其自身的访问权限,进而对终端进行安全保护。此时,终端可以根据接收到的安全模式指令生成安全模式广播,并在终端内的各个硬件设备和/或功能模块中播放该安全模式广播,以指示各个硬件设备和/或功能模块拦截应用程序对终端发起的不安全访问操作。Since the security mode command acquired by the terminal is used to instruct to initiate security protection for the terminal, the terminal needs to notify a plurality of hardware devices (such as a camera, GPS, Bluetooth, etc.) and/or function modules (such as a data network module, etc.) in the terminal. ) Turn on the security mode so that these hardware devices and/or function modules can turn off the access rights of the application to itself, and then secure the terminal. At this time, the terminal may generate a security mode broadcast according to the received security mode command, and play the security mode broadcast in each hardware device and/or function module in the terminal to instruct each hardware device and/or function module to intercept the application. Insecure access operation initiated by the terminal.
其中,该安全模式广播的形式可以是多种多样的,例如,该安全模式广播可以仅仅包含通知各个硬件设备和/或功能模块关闭相应功能的指示信息,这样,各个硬件设备和/或功能模块接收到该安全模式广播后关闭自身的功能,又或者,该安全模式广播还可以按优先级分为一级安全模式广播,二级安全模式广播等,其中,一级安全模式广播可用于指示所有的硬件设备和功能模块均拦截应用程序对终端发起的不安全访问操作,而二级安全模式广播可用于指示 相对重要的一些硬件设备和/或功能模块(例如GPS或数据网络模块等)拦截应用程序对终端发起的不安全访问操作,这样一来,用户便可根据当前所需的安全等级调整对终端安全的维护。又或者,该安全模式广播还可以包含相应应用程序的标识,以指示硬件设备和/或功能模块对安全模式广播中包含的这些应用程序发起的不安全访问操作进行屏蔽等指定操作。The form of the security mode broadcast may be various. For example, the security mode broadcast may only include indication information that informs each hardware device and/or the function module to turn off the corresponding function, such that each hardware device and/or function module After receiving the security mode broadcast, the function of the security mode is turned off, or the security mode broadcast can also be classified into a first-level security mode broadcast, a second-level security mode broadcast, etc. according to the priority, wherein the first-level security mode broadcast can be used to indicate all Both the hardware device and the function module intercept the insecure access operation initiated by the application to the terminal, and the secondary security mode broadcast can be used to indicate Relatively important hardware devices and/or functional modules (such as GPS or data network modules) intercept the insecure access operations initiated by the application to the terminal, so that the user can adjust the security of the terminal according to the currently required security level. Maintenance. Alternatively, the secure mode broadcast may also include an identification of the corresponding application to instruct the hardware device and/or the function module to perform a specified operation such as masking the unsafe access operations initiated by the applications included in the secure mode broadcast.
在步骤103中,在终端根据所述安全模式指令生成安全模式广播之后,终端便可以根据该安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能是指需要用户授予访问权限后允许执行的功能,示例性的,该访问权限功能可以包括全球定位***(GPS)功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。In step 103, after the terminal generates the security mode broadcast according to the security mode command, the terminal may broadcast the voice service function of the reserved terminal according to the security mode, and close the access permission function of the terminal, where the access permission function refers to A function that is allowed to be performed after a user is granted an access right. Illustratively, the access permission function may include at least one of a Global Positioning System (GPS) function, a data service function, a wireless network function, a camera function, and a recording function.
具体的,当GPS模块接收到该安全模式广播之后,便可以根据该安全模式广播关闭GPS功能;当WIFI模块接收到该安全模式广播之后,便可以根据该安全模式广播关闭无线网络功能;当数据网络模块接收到该安全模式广播之后,便可以根据该安全模式广播关闭数据业务功能;终端还可以调用相机接口禁用相机功能,调用音频HAL(Hardware Abstraction Layer,硬件抽象层)接口禁用录音功能;同时,终端将当前终端正在使用的通信模式设置为仅提供语音服务的CS(Circuit Switch,电路交换)only模式,以保证用户的正常通讯功能。Specifically, after the GPS module receives the security mode broadcast, the GPS function can be turned off according to the security mode broadcast; after receiving the security mode broadcast, the WIFI module can broadcast the wireless network function according to the security mode; After receiving the security mode broadcast, the network module can broadcast the data service function according to the security mode; the terminal can also invoke the camera interface to disable the camera function, and invoke the audio HAL (Hardware Abstraction Layer) interface to disable the recording function; The terminal sets the communication mode currently being used by the terminal to a CS (Circuit Switch) only mode that provides voice service to ensure the normal communication function of the user.
需要说明的是,参见图2,在本发明的实施例中,终端进入安全模式时可以与其他任何情景模式叠加使用,即当终端开启超级安全模式时可同时开启户外模式、标准模式、会议模式、静音模式以及飞行模式中的任一种情景模式。It should be noted that, in the embodiment of the present invention, when the terminal enters the security mode, the terminal can be superimposed with any other context mode, that is, when the terminal is enabled in the super security mode, the outdoor mode, the standard mode, and the conference mode can be simultaneously enabled. , one of the silent mode and the flight mode.
在步骤104中,当终端执行完步骤101至103之后,终端便已经开启安全模式,此时,若终端接收到应用程序对访问权限功能的调用指令,终端则禁止该调用指令,以拦截应用程序对终端发起的不安全访问操作。 In step 104, after the terminal performs steps 101 to 103, the terminal has already turned on the security mode. At this time, if the terminal receives the calling instruction of the application access function, the terminal prohibits the calling instruction to intercept the application. Insecure access operation initiated by the terminal.
示例性的,终端在开启安全模式之后,由于终端已经关闭了GPS功能,因此,当用户使用百度地图等应用程序向终端发起GPS功能的调用指令时,为保护终端的使用安全,终端此时会禁止该调用指令,以拦截应用程序对终端发起的不安全访问操作。Exemplarily, after the terminal is in the security mode, the terminal has turned off the GPS function. Therefore, when the user uses the application program such as Baidu map to initiate a GPS function call instruction to the terminal, in order to protect the terminal's use security, the terminal will now The call instruction is disabled to intercept unsafe access operations initiated by the application to the terminal.
本发明的实施例提供一种终端安全的管理方法,通过获取用户触发的安全模式指令生成安全模式广播,以使得终端内的各个功能模块根据安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能包括是指需要用户授予访问权限后允许执行的功能;这样一来,终端可以成功切换到安全模式,一旦接收到应用程序对该访问权限功能的调用指令,终端就可以禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作,提高了终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。An embodiment of the present invention provides a terminal security management method, which generates a security mode broadcast by acquiring a user-triggered security mode command, so that each functional module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and closes the terminal. The access permission function, wherein the access permission function includes a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the secure mode, and once the application receives the call instruction for the access permission function, The terminal may prohibit the calling instruction to intercept the insecure access operation initiated by the application to the terminal, improve the security of the terminal during use, and avoid potential security risks that may be caused when the user uses the terminal.
实施例2Example 2
本发明实施例提供一种终端安全的管理方法,如图3所示,包括:An embodiment of the present invention provides a terminal security management method, as shown in FIG. 3, including:
201、终端获取用户触发的安全模式指令,该安全模式指令用于指示启动对终端的安全保护。201. The terminal acquires a user-triggered security mode command, where the security mode command is used to instruct to initiate security protection for the terminal.
202、终端获取用户选择的访问权限白名单,该访问权限白名单中包含用户已授权访问的应用程序或者用户已授权访问的访问权限功能,该访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。202. The terminal obtains a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or an access permission function that the user has authorized access, and the access permission function includes a GPS function, a data service function, and a wireless network. At least one of a function, a camera function, and a recording function.
203、终端根据安全模式指令和访问权限白名单生成安全模式广播,该安全模式广播用于指示拦截该访问权限白名单之外的应用程序对终端发起的不安全访问操作。203. The terminal generates a security mode broadcast according to the security mode command and the access permission whitelist, where the security mode broadcast is used to indicate that the application that intercepts the access permission whitelist is insecure to the terminal.
204、终端记录终端当前的访问权限功能的使用状态。204. The terminal records the usage status of the current access permission function of the terminal.
205、终端根据该安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能。205. The terminal broadcasts the voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal.
206、若接收到应用程序对访问权限功能的调用指令,终端则禁 止该调用指令,以拦截应用程序对终端发起的不安全访问操作。206. If the application receives the call instruction for the access permission function, the terminal prohibits The call instruction is terminated to intercept an unsafe access operation initiated by the application to the terminal.
207、若接收到用户触发的退出指令,则将访问权限功能恢复至步骤204中已记录的访问权限功能的使用状态,以退出所述安全模式。207. If an exit command triggered by the user is received, return the access permission function to the used state of the recorded access permission function in step 204 to exit the security mode.
在步骤201中,用户在使用终端的过程中,终端可以获取由用户触发的安全模式指令,该安全模式指令用于指示启动对终端的安全保护。In step 201, during the process of using the terminal, the terminal may acquire a security mode command triggered by the user, where the security mode command is used to instruct to initiate security protection for the terminal.
示例性的,如图2所示,可以在终端的情景模式中加入超级安全模式选项,当用户触发该超级安全模式选项后,终端生成安全模式指令,用于指示启动对终端的安全保护,这样,终端便可以根据该安全模式指令开启超级安全模式来维护终端的安全。Exemplarily, as shown in FIG. 2, a super security mode option may be added in a scenario mode of the terminal. After the user triggers the super security mode option, the terminal generates a security mode instruction for instructing to initiate security protection for the terminal, such that The terminal can start the super security mode according to the security mode command to maintain the security of the terminal.
在步骤202中,在终端获取到该安全模式指令之后,终端可以获取用户选择的访问权限白名单,该访问权限白名单中包含用户已授权访问的应用程序或者用户已授权访问的访问权限功能,其中,该访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。In step 202, after the terminal obtains the security mode command, the terminal may obtain a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or an access permission function that the user has authorized access to. The access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
示例性的,在在终端获取到该安全模式指令之后,终端可以通过设有触控面板的显示设备输出相应输出界面,以提示用户从GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中选择一种或多种作为用户已授权访问的访问权限白名单,又或者,终端可以输出相应输出界面,以提示用户从多个应用程序中选择一种或多种作为用户已授权访问的访问权限白名单,以便于终端根据用户已授权访问的访问权限白名单选择性的拦截相关应用程序对终端发起的不安全访问操作。Exemplarily, after the terminal obtains the security mode command, the terminal may output a corresponding output interface through the display device provided with the touch panel to prompt the user from the GPS function, the data service function, the wireless network function, the camera function, and the recording. One or more of the functions are selected as a white list of access rights that the user has authorized to access, or the terminal may output a corresponding output interface to prompt the user to select one or more of the plurality of applications as the user has authorized access. The whitelist of access rights is provided so that the terminal selectively intercepts the insecure access operation initiated by the related application to the terminal according to the whitelist of access rights that the user has authorized to access.
在步骤203中,在终端获取到用户选择的访问权限白名单之后,终端根据安全模式指令和访问权限白名单生成安全模式广播,该安全模式广播用于指示拦截该访问权限白名单之外的应用程序对终端发起的不安全访问操作。In step 203, after the terminal obtains the whitelist of access rights selected by the user, the terminal generates a security mode broadcast according to the security mode command and the whitelist of access rights, where the security mode broadcast is used to indicate that the application other than the whitelist of the access rights is intercepted. The program initiates an insecure access operation to the terminal.
在终端获取到的安全模式指令后,启动对该终端的安全保护, 此时,终端需要通知终端内的多个硬件设备(例如摄像头、GPS以及蓝牙等)和/或功能模块(例如数据网络模块等)开启安全模式,以便于这些硬件设备和/或功能模块关闭应用程序对其自身的访问权限,进而对终端进行安全保护。因此,终端可以根据获取到的安全模式指令和访问权限白名单生成安全模式广播,并在终端内的各个硬件设备和/或功能模块中播放该安全模式广播,以指示各个硬件设备和/或功能模块拦截应用程序对终端发起的不安全访问操作。After the security mode command obtained by the terminal is started, the security protection of the terminal is started. At this time, the terminal needs to notify a plurality of hardware devices (such as a camera, GPS, Bluetooth, etc.) and/or function modules (such as a data network module, etc.) in the terminal to turn on the security mode, so that the hardware devices and/or function modules close the application. The program has its own access rights, which in turn protects the terminal. Therefore, the terminal may generate a security mode broadcast according to the obtained security mode command and the access permission white list, and play the security mode broadcast in each hardware device and/or function module in the terminal to indicate each hardware device and/or function. The module intercepts insecure access operations initiated by the application to the terminal.
示例性的,可以在搭载安卓***的手机中的各个硬件设备和/或功能模块中设置Broadcast Receiver(广播接收器),等待接收终端发起的安全模式广播,其中,广播接收器是为了实现终端广播而提供的一种组件。For example, a Broadcast Receiver may be set in each hardware device and/or function module in the mobile phone equipped with the Android system, and wait for the security mode broadcast initiated by the receiving terminal, wherein the broadcast receiver is to implement terminal broadcast. And a component provided.
其中,该安全模式广播的形式可以是多种多样的,具体可参见实施例1中步骤102,故此处不再赘述。The form of the security mode broadcast may be various. For details, refer to step 102 in Embodiment 1, and details are not described herein again.
在步骤204中,终端在执行步骤203的同时或者在执行完步骤203之后,还可以记录终端当前的访问权限功能的使用状态,也就是说,记录当前用户正在使用的GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能的工作状态,例如GPS功能为打开或关闭状态,以便于终端在退出安全模式后及时将终端的访问权限功能恢复至用户打开安全模式之前的状态。In step 204, the terminal may also record the usage status of the current access right function of the terminal, or the GPS service function, the data service function, currently used by the terminal, after executing step 203 or after performing step 203. The working status of the wireless network function, the camera function, and the recording function, for example, the GPS function is turned on or off, so that the terminal can restore the access right function of the terminal to the state before the user turns on the security mode in time after exiting the security mode.
在步骤205中,终端根据所述安全模式指令生成安全模式广播之后,终端便可以根据该安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。In step 205, after the terminal generates the security mode broadcast according to the security mode command, the terminal may broadcast the voice service function of the reserved terminal according to the security mode, and close the access permission function of the terminal, where the access permission function includes a GPS function. At least one of a data service function, a wireless network function, a camera function, and a recording function.
其中,终端根据该安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能的方法可参见实施例1中步骤103,可以看出,由于该安全模式广播中包含用户确定的访问权限白名单的信息,因此,在关闭终端的访问权限功能时,终端可以根据用户确定的访问权限白名单关闭GPS功能、数据业务功能、无线网络功能、 相机功能以及录音功能中的至少一种,实现用户自定义的安全模式,在提高终端安全性的同时可实现用户对终端安全的自主管理。For a method for the terminal to broadcast the voice service function of the terminal and to disable the access permission function of the terminal according to the security mode, refer to step 103 in Embodiment 1, and it can be seen that the security mode broadcast includes the access authority determined by the user. The information of the list, therefore, when the access permission function of the terminal is turned off, the terminal can turn off the GPS function, the data service function, the wireless network function, according to the whitelist of access rights determined by the user, At least one of the camera function and the recording function realizes a user-defined security mode, and can realize user-to-terminal security self-management while improving terminal security.
在步骤206中,当终端执行完步骤201至205之后,终端便已经开启安全模式,此时,若终端接收到应用程序对访问权限功能的调用指令,终端则禁止该调用指令,以拦截应用程序对终端发起的不安全访问操作。In step 206, after the terminal performs steps 201 to 205, the terminal has turned on the security mode. At this time, if the terminal receives the calling instruction of the application access function, the terminal prohibits the calling instruction to intercept the application. Insecure access operation initiated by the terminal.
示例性的,终端在开启安全模式之后,由于终端已经关闭了GPS功能,因此,当用户使用百度地图等应用程序向终端发起GPS功能的调用指令时,为保护终端的使用安全,终端此时会禁止该调用指令,以拦截应用程序对终端发起的不安全访问操作。Exemplarily, after the terminal is in the security mode, the terminal has turned off the GPS function. Therefore, when the user uses the application program such as Baidu map to initiate a GPS function call instruction to the terminal, in order to protect the terminal's use security, the terminal will now The call instruction is disabled to intercept unsafe access operations initiated by the application to the terminal.
在步骤207中,与步骤206对应的,当终端执行完步骤201至205之后,终端便已经开启安全模式,此时,若接收到用户触发的退出指令,则将访问权限功能恢复至步骤204中已记录的访问权限功能的使用状态,以退出所述安全模式。In step 207, corresponding to step 206, after the terminal performs steps 201 to 205, the terminal has turned on the security mode. At this time, if the user-initiated exit command is received, the access permission function is restored to step 204. The usage status of the recorded access rights feature to exit the security mode.
本发明的实施例提供一种终端安全的管理方法,通过获取用户触发的安全模式指令生成安全模式广播,以使得终端内的各个功能模块根据安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能是指需要用户授予访问权限后允许执行的功能;这样一来,终端可以成功切换到安全模式,一旦接收到应用程序对该访问权限功能的调用指令,终端就可以禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作,提高了终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。An embodiment of the present invention provides a terminal security management method, which generates a security mode broadcast by acquiring a user-triggered security mode command, so that each functional module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and closes the terminal. The access permission function, wherein the access permission function refers to a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the secure mode, and once receiving the calling instruction of the access permission function by the application, the terminal The calling instruction may be disabled to intercept the insecure access operation initiated by the application to the terminal, improve the security of the terminal during use, and avoid potential security risks that may be caused when the user uses the terminal.
实施例3Example 3
附图4示出的是本发明的终端的硬件示意图。Figure 4 shows a hardware schematic of the terminal of the present invention.
所述终端可以为手机、IPAD等,例如,使用安卓***的智能手机。The terminal may be a mobile phone, an IPAD, or the like, for example, a smart phone using an Android system.
如图4,所述终端包括处理器11、通信接口12、存储器13、显示设备14以及总线15。 As shown in FIG. 4, the terminal includes a processor 11, a communication interface 12, a memory 13, a display device 14, and a bus 15.
其中,处理器11、通讯接口12、存储器13以及显示设备14通过总线15进行通信。The processor 11, the communication interface 12, the memory 13, and the display device 14 communicate via the bus 15.
处理器11,是所述终端的控制中心,处理器11通过对通讯接口12接收到的数据进行处理,并调用存储器13中的软件或程序,执行所述终端的各项功能。The processor 11 is a control center of the terminal, and the processor 11 performs various functions of the terminal by processing data received by the communication interface 12 and calling software or programs in the memory 13.
通信接口12,可以由光通讯接口,电通讯接口,无线通讯接口或其任意组合实现。例如,光通讯接口可以是小封装可插拔(英文:small form-factor pluggable transceiver,缩写:SFP)通讯接口(英文:transceiver),增强小封装可插拔(英文:enhanced small form-factor pluggable,缩写:SFP+)通讯接口或10吉比特小封装可插拔(英文:10Gigabit small form-factor pluggable,缩写:XFP)通讯接口。电通讯接口可以是以太网(英文:Ethernet)网络接口控制器(英文:network interface controller,缩写:NIC)。无线通讯接口可以是无线网络接口控制器(英文:wireless network interface controller,缩写:WNIC)。终端中可以有多个通信接口12。The communication interface 12 can be implemented by an optical communication interface, an electrical communication interface, a wireless communication interface, or any combination thereof. For example, the optical communication interface can be a small package pluggable transceiver (English: small form-factor pluggable transceiver, abbreviation: SFP) communication interface (English: transceiver), enhanced small form factor pluggable (English: enhanced small form-factor pluggable, Abbreviation: SFP+) Communication interface or 10 Gigabit small form-factor pluggable (English: 10Gigabit small form-factor pluggable, abbreviation: XFP) communication interface. The electrical communication interface can be an Ethernet (English: Ethernet) network interface controller (English: network interface controller, abbreviation: NIC). The wireless communication interface can be a wireless network interface controller (English: wireless network interface controller, abbreviation: WNIC). There may be multiple communication interfaces 12 in the terminal.
存储器13,可用于存储软件程序或数据,处理器11通过运行存储在存储器13的软件程序或数据,从而执行所述终端的各种功能应用以及数据处理。The memory 13 can be used to store software programs or data, and the processor 11 executes various functional applications and data processing of the terminal by running software programs or data stored in the memory 13.
显示设备14,可用于显示由用户输入的信息或提供给用户的信息以及终端的各种菜单。显示设备14可包括显示面板,可选的,可以采用LCD(Liquid Crystal Display,液晶显示器)、OLED(Organic Light-Emitting Diode,有机发光二极管)等形式来配置显示面板。进一步的,触控面板可覆盖显示面板,当触控面板检测到在其上或附近的触摸操作后,传送给处理器11以确定触摸事件的类型,随后处理器11根据触摸事件的类型在显示面板上提供相应的视觉输出。The display device 14 can be used to display information input by the user or information provided to the user as well as various menus of the terminal. The display device 14 may include a display panel. Alternatively, the display panel may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch panel may cover the display panel, and when the touch panel detects a touch operation on or near it, the touch panel transmits to the processor 11 to determine the type of the touch event, and then the processor 11 displays according to the type of the touch event. A corresponding visual output is provided on the panel.
在本发明的实施例中,处理器11通过显示设备14获取用户触发的安全模式指令,所述安全模式指令用于指示启动对终端的安全保护;处理器11根据所述安全模式指令生成安全模式广播,所述安 全模式广播用于指示拦截应用程序对所述终端发起的不安全访问操作;处理器11根据所述安全模式广播调用通讯接口12保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,所述访问权限功能是指需要用户授予访问权限后允许执行的功能;若处理器11通过通讯接12接收到所述应用程序对所述访问权限功能的调用指令,处理器11则禁止所述调用指令并输出至显示设备14,以拦截所述应用程序对所述终端发起的不安全访问操作。In an embodiment of the present invention, the processor 11 acquires a user-triggered security mode instruction through the display device 14, the security mode instruction is used to initiate activation of security protection to the terminal; and the processor 11 generates a security mode according to the security mode instruction. Broadcast, the security The full mode broadcast is used to indicate that the interception application initiates an unsecure access operation to the terminal; the processor 11 broadcasts the call communication interface 12 according to the security mode to reserve the voice service function of the terminal, and closes the access right of the terminal. Function, the access permission function refers to a function that is allowed to be executed after the user is granted the access right; if the processor 11 receives the call instruction of the access permission function by the application program through the communication interface 12, the processor 11 prohibits the function The call instruction is output and output to the display device 14 to intercept an unsafe access operation initiated by the application to the terminal.
示例性的,所述访问权限功能包括全球定位***功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。Exemplarily, the access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
进一步地,处理器11根据所述安全模式指令生成安全模式广播,可以具体包括步骤:处理器11通过通讯接口12获取用户选择的访问权限白名单,所述访问权限白名单中包含用户已授权访问的应用程序或者用户已授权访问的所述访问权限功能;处理器11根据所述安全模式指令和所述访问权限白名单生成安全模式广播,所述安全模式广播用于指示拦截所述访问权限白名单之外的应用程序对所述终端发起的不安全访问操作。Further, the processor 11 generates a security mode broadcast according to the security mode command, and may specifically include the following steps: the processor 11 obtains a whitelist of access rights selected by the user through the communication interface 12, where the access permission white list includes the user authorized access. The application or the access permission function that the user has authorized access; the processor 11 generates a security mode broadcast according to the security mode instruction and the access permission white list, the security mode broadcast is used to indicate that the access permission is intercepted An unsafe access operation initiated by the application outside the list to the terminal.
进一步地,在处理器11根据所述安全模式指令和所述访问权限白名单生成安全模式广播之后,还可以包括步骤:处理器11根据所述安全模式广播调用通讯接口12保留所述终端的语音业务功能;处理器11根据所述访问权限白名单调用通讯接口12关闭所述访问权限白名单之外的访问权限功能,其中,所述访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。Further, after the processor 11 generates the security mode broadcast according to the security mode command and the access rights whitelist, the method may further include the step of: the processor 11 reserves the voice of the terminal according to the security mode broadcast call communication interface 12. The service function is: the processor 11 calls the communication interface 12 to close the access permission function outside the access permission white list according to the access permission white list, wherein the access permission function includes a GPS function, a data service function, a wireless network function, At least one of a camera function and a recording function.
进一步地,若处理器11通过通讯接口12接收到所述应用程序对所述访问权限功能的调用指令,处理器11则禁止所述调用指令并输出至显示设备14,可以具体包括步骤:若处理器11接收到所述应用程序调用所述访问权限功能的调用指令,处理器11则确定是否启动对所述终端的安全保护;若已启动对所述终端的安全保护,处理器11则通过禁止所述调用指令,以拦截所述应用程序对所述终端 发起的不安全访问操作。Further, if the processor 11 receives the call instruction of the access permission function by the application program through the communication interface 12, the processor 11 disables the call instruction and outputs the command to the display device 14, which may specifically include the following steps: The processor 11 receives the call instruction that the application invokes the access permission function, and the processor 11 determines whether to initiate security protection for the terminal; if the security protection of the terminal has been initiated, the processor 11 prohibits The calling instruction to intercept the application to the terminal Insecure access operation initiated.
进一步地,在处理器11则禁止所述调用指令并输出至显示设备14,以拦截所述应用程序对所述终端发起的不安全访问操作之后,还可以包括步骤:处理器11记录所述终端当前的访问权限功能的使用状态并存储至存储器13;这样,在处理器11接收到所述应用程序调用所述访问权限功能的调用指令,则禁止所述调用指令之后,可以包括步骤:若处理器11接收到用户触发的退出指令,处理器11则根据存储器13中已记录的所述访问权限功能的使用状态,将所述访问权限功能恢复至已记录的所述访问权限功能的使用状态,以退出所述安全模式。Further, after the processor 11 prohibits the calling instruction and outputs to the display device 14 to intercept the unsafe access operation initiated by the application to the terminal, the method may further include the following steps: the processor 11 records the terminal The usage status of the current access right function is stored in the memory 13; thus, after the processor 11 receives the calling instruction that the application invokes the access authority function, after the calling instruction is prohibited, the method may include the following steps: The device 11 receives the user-initiated exit command, and the processor 11 restores the access permission function to the recorded use status of the access permission function according to the usage status of the access permission function recorded in the memory 13. To exit the safe mode.
本发明的实施例提供一种终端,通过获取用户触发的安全模式指令生成安全模式广播,以使得终端内的各个功能模块根据安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能是指需要用户授予访问权限后允许执行的功能;这样一来,终端可以成功切换到安全模式,一旦接收到应用程序对该访问权限功能的调用指令,终端就可以禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作,提高了终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。An embodiment of the present invention provides a terminal, which generates a security mode broadcast by acquiring a security mode command triggered by a user, so that each function module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal. The access permission function refers to a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the security mode, and once receiving the calling instruction of the access permission function by the application, the terminal can prohibit the terminal. The call instruction is used to intercept the insecure access operation initiated by the application to the terminal, which improves the security of the terminal during use and avoids potential security risks that may be caused when the user uses the terminal.
实施例4Example 4
本发明实施例提供一种终端,如图5所示,包括:An embodiment of the present invention provides a terminal, as shown in FIG. 5, including:
获取单元21,用于获取用户触发的安全模式指令,所述安全模式指令用于指示启动对终端的安全保护;The acquiring unit 21 is configured to acquire a user-triggered security mode instruction, where the security mode instruction is used to initiate a security protection for the terminal;
广播生成单元22,用于根据所述获取单元21中所述安全模式指令生成安全模式广播,所述安全模式广播用于指示拦截应用程序对所述终端发起的不安全访问操作;The broadcast generating unit 22 is configured to generate a security mode broadcast according to the security mode instruction in the obtaining unit 21, where the security mode broadcast is used to indicate that the interception application initiates an unsecure access operation to the terminal;
安全模式切换单元23,用于根据所述广播生成单元22中所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,所述访问权限功能是指需要所述用户授予访问权限后允许执行的功能; The security mode switching unit 23 is configured to broadcast the voice service function of the terminal according to the security mode broadcast in the broadcast generating unit 22, and turn off the access permission function of the terminal, where the access permission function refers to the required The function that the user is allowed to perform after granting access rights;
拦截单元24,用于若接收到所述应用程序对所述安全模式切换单元23中访问权限功能的调用指令,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。The intercepting unit 24 is configured to: if the calling instruction of the access permission function in the security mode switching unit 23 is received by the application, prohibit the calling instruction to intercept the insecure initiated by the application to the terminal Access operation.
进一步地,所述广播生成单元22,具体用于获取用户选择的访问权限白名单,所述访问权限白名单中包含用户已授权访问的应用程序或者用户已授权访问的所述访问权限功能;根据所述安全模式指令和所述访问权限白名单生成安全模式广播,所述安全模式广播用于指示拦截所述访问权限白名单之外的应用程序对所述终端发起的不安全访问操作;Further, the broadcast generating unit 22 is specifically configured to obtain a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or the access permission function that the user has authorized to access; The security mode command and the access permission whitelist generate a security mode broadcast, where the security mode broadcast is used to indicate that an unsecured access operation initiated by an application other than the access permission whitelist is initiated to the terminal;
其中,所述访问权限功能包括全球定位***功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
进一步地,所述安全模式切换单元23,具体用于根据所述安全模式广播保留所述终端的语音业务功能;根据所述访问权限白名单关闭所述访问权限白名单之外的访问权限功能,其中,所述访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。Further, the security mode switching unit 23 is configured to broadcast the voice service function of the terminal according to the security mode, and close the access permission function of the access permission white list according to the access permission white list. The access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
进一步地,所述拦截单元24,具体用于若接收到所述应用程序调用所述访问权限功能的调用指令,则确定是否启动对所述终端的安全保护;若已启动对所述终端的安全保护,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。Further, the intercepting unit 24 is specifically configured to: if receiving the calling instruction that the application invokes the access permission function, determine whether to initiate security protection on the terminal; if the security of the terminal is started Protection, the call instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
进一步地,如图6所示,所述终端还包括记录单元25,其中,Further, as shown in FIG. 6, the terminal further includes a recording unit 25, where
所述记录单元25,用于记录所述终端当前的访问权限功能的使用状态;The recording unit 25 is configured to record a usage status of the current access permission function of the terminal;
所述安全模式切换单元23,还用于若接收到用户触发的退出指令,则将所述访问权限功能恢复至所述记录单元25中已记录的所述访问权限功能的使用状态,以退出所述安全模式。The security mode switching unit 23 is further configured to: when receiving an exit command triggered by the user, restore the access permission function to a usage state of the access permission function recorded in the recording unit 25, to exit the The security mode.
需要说明的是,本发明实施例提供的终端中部分功能模块的具体描述可以参考方法实施例中的对应内容,本实施例这里不再详细赘述。 It should be noted that the specific description of some of the functional modules in the terminal provided by the embodiment of the present invention may be referred to the corresponding content in the method embodiment, and details are not described in detail in this embodiment.
本发明的实施例提供一种终端,通过获取用户触发的安全模式指令生成安全模式广播,以使得终端内的各个功能模块根据安全模式广播保留终端的语音业务功能,并关闭终端的访问权限功能,其中,该访问权限功能是指需要用户授予访问权限后允许执行的功能;这样一来,终端可以成功切换到安全模式,一旦接收到应用程序对该访问权限功能的调用指令,终端就可以禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作,提高了终端在使用过程中的安全性,避免用户在使用终端时可能带来的安全隐患。An embodiment of the present invention provides a terminal, which generates a security mode broadcast by acquiring a security mode command triggered by a user, so that each function module in the terminal broadcasts a voice service function of the reserved terminal according to the security mode, and turns off the access permission function of the terminal. The access permission function refers to a function that is allowed to be executed after the user is granted the access right; thus, the terminal can successfully switch to the security mode, and once receiving the calling instruction of the access permission function by the application, the terminal can prohibit the terminal. The call instruction is used to intercept the insecure access operation initiated by the application to the terminal, which improves the security of the terminal during use and avoids potential security risks that may be caused when the user uses the terminal.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。上述描述的***,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Through the description of the above embodiments, those skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of the above functional modules is illustrated. In practical applications, the above functions can be allocated according to needs. It is completed by different functional modules, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. For the specific working process of the system, the device and the unit described above, reference may be made to the corresponding process in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的***,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个***,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be used. Combinations can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处 理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in various embodiments of the present invention can be integrated in one place In the unit, it is also possible that each unit physically exists alone, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) or a processor to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。 The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims (10)

  1. 一种终端安全的管理方法,其特征在于,包括:A method for managing terminal security, characterized in that it comprises:
    获取用户触发的安全模式指令,所述安全模式指令用于指示启动对终端的安全保护;Obtaining a user-triggered security mode instruction, where the security mode instruction is used to instruct to initiate security protection for the terminal;
    根据所述安全模式指令生成安全模式广播,所述安全模式广播用于指示拦截应用程序对所述终端发起的不安全访问操作;Generating a security mode broadcast according to the security mode command, the security mode broadcast is used to indicate that an interception application initiates an insecure access operation initiated by the terminal;
    根据所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,所述访问权限功能是指需要所述用户授予访问权限后允许执行的功能;Broadcasting the voice service function of the terminal according to the security mode, and turning off the access permission function of the terminal, where the access permission function refers to a function that is allowed to be performed after the user is granted the access right;
    若接收到所述应用程序对所述访问权限功能的调用指令,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。And if the calling instruction of the access permission function is received by the application, the calling instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
  2. 根据权利要求1所述的方法,其特征在于,所述访问权限功能包括全球定位***功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种;The method according to claim 1, wherein the access authority function comprises at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function;
    其中,所述根据所述安全模式指令生成安全模式广播,包括:The generating a security mode broadcast according to the security mode command includes:
    获取用户选择的访问权限白名单,所述访问权限白名单中包含用户已授权访问的应用程序或者用户已授权访问的所述访问权限功能;Obtaining a whitelist of access rights selected by the user, where the whitelist of access rights includes an application that the user has authorized to access or the access permission function that the user has authorized access to;
    根据所述安全模式指令和所述访问权限白名单生成安全模式广播,所述安全模式广播用于指示拦截所述访问权限白名单之外的应用程序对所述终端发起的不安全访问操作。And generating, according to the security mode command and the access permission whitelist, a security mode broadcast, where the security mode broadcast is used to indicate that an unsecured access operation initiated by an application other than the access permission whitelist is initiated to the terminal.
  3. 根据权利要求2所述的方法,其特征在于,所述根据所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,包括:The method according to claim 2, wherein the broadcasting the voice service function of the terminal according to the security mode and turning off the access permission function of the terminal includes:
    根据所述安全模式广播保留所述终端的语音业务功能;Broadcasting the voice service function of the terminal according to the security mode broadcast;
    根据所述访问权限白名单关闭所述访问权限白名单之外的访问权限功能,其中,所述访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The access permission function outside the access permission white list is closed according to the access permission white list, wherein the access permission function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function. .
  4. 根据权利要求1所述的方法,其特征在于,所述若接收到所 述应用程序调用所述访问权限功能的调用指令,则禁止所述调用指令,包括:The method of claim 1 wherein said receiving said The calling instruction of the access permission function is invoked by the application, and the calling instruction is prohibited, including:
    若接收到所述应用程序调用所述访问权限功能的调用指令,则确定是否启动对所述终端的安全保护;If the calling instruction of the access permission function is received by the application, determining whether to initiate security protection for the terminal;
    若已启动对所述终端的安全保护,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。If the security protection of the terminal has been initiated, the calling instruction is prohibited to intercept an unsafe access operation initiated by the application to the terminal.
  5. 根据权利要求1所述的方法,其特征在于,在所述根据所述安全模式指令生成安全模式广播之后,还包括:The method according to claim 1, wherein after the generating the security mode broadcast according to the security mode command, the method further comprises:
    记录所述终端当前的访问权限功能的使用状态;Recording the usage status of the current access permission function of the terminal;
    其中,在所述若接收到所述应用程序调用所述访问权限功能的调用指令,则禁止所述调用指令之后,还包括:Wherein, after receiving the call instruction that the application program invokes the access permission function, after the calling the instruction is prohibited, the method further includes:
    若接收到用户触发的退出指令,则将所述访问权限功能恢复至已记录的所述访问权限功能的使用状态,以退出所述安全模式。If the user-initiated exit command is received, the access permission function is restored to the recorded use status of the access permission function to exit the security mode.
  6. 一种终端,其特征在于,包括:A terminal, comprising:
    获取单元,用于获取用户触发的安全模式指令,所述安全模式指令用于指示启动对终端的安全保护;An acquiring unit, configured to acquire a user-triggered security mode instruction, where the security mode instruction is used to instruct to initiate security protection for the terminal;
    广播生成单元,用于根据所述获取单元中所述安全模式指令生成安全模式广播,所述安全模式广播用于指示拦截应用程序对所述终端发起的不安全访问操作;a broadcast generating unit, configured to generate a security mode broadcast according to the security mode instruction in the obtaining unit, where the security mode broadcast is used to instruct an interception application to initiate an unsecure access operation to the terminal;
    安全模式切换单元,用于根据所述广播生成单元中所述安全模式广播保留所述终端的语音业务功能,并关闭所述终端的访问权限功能,所述访问权限功能是指需要所述用户授予访问权限后允许执行的功能;a security mode switching unit, configured to broadcast, according to the security mode in the broadcast generating unit, a voice service function of the terminal, and to disable an access permission function of the terminal, where the access permission function is required to be granted by the user The function that is allowed to be executed after accessing the permission;
    拦截单元,用于若接收到所述应用程序对所述访问权限功能的调用指令,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。The intercepting unit is configured to: if the calling instruction of the access permission function is received by the application, prohibit the calling instruction to intercept an unsafe access operation initiated by the application to the terminal.
  7. 根据权利要求6所述的终端,其特征在于,The terminal of claim 6 wherein:
    所述广播生成单元,具体用于获取用户选择的访问权限白名单,所述访问权限白名单中包含用户已授权访问的应用程序或者用户已 授权访问的所述访问权限功能;根据所述安全模式指令和所述访问权限白名单生成安全模式广播,所述安全模式广播用于指示拦截所述访问权限白名单之外的应用程序对所述终端发起的不安全访问操作;The broadcast generating unit is specifically configured to obtain a whitelist of access rights selected by the user, where the whitelist of the access rights includes an application that the user has authorized to access or the user has Authorizing the access permission function; generating a security mode broadcast according to the security mode instruction and the access authority whitelist, the security mode broadcasting to indicate that an application other than the access permission whitelist is intercepted Insecure access operation initiated by the terminal;
    其中,所述访问权限功能包括全球定位***功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The access permission function includes at least one of a global positioning system function, a data service function, a wireless network function, a camera function, and a recording function.
  8. 根据权利要求7所述的终端,其特征在于,The terminal according to claim 7, wherein
    所述安全模式切换单元,具体用于根据所述安全模式广播保留所述终端的语音业务功能;根据所述访问权限白名单关闭所述访问权限白名单之外的访问权限功能,其中,所述访问权限功能包括GPS功能、数据业务功能、无线网络功能、相机功能以及录音功能中的至少一种。The security mode switching unit is configured to broadcast the voice service function of the terminal according to the security mode, and close the access permission function of the access permission white list according to the access permission white list, where the The access rights function includes at least one of a GPS function, a data service function, a wireless network function, a camera function, and a recording function.
  9. 根据权利要求6所述的终端,其特征在于,The terminal of claim 6 wherein:
    所述拦截单元,具体用于若接收到所述应用程序调用所述访问权限功能的调用指令,则确定是否启动对所述终端的安全保护;若已启动对所述终端的安全保护,则禁止所述调用指令,以拦截所述应用程序对所述终端发起的不安全访问操作。The intercepting unit is specifically configured to: if receiving the calling instruction that the application invokes the access permission function, determine whether to initiate security protection on the terminal; if the security protection of the terminal is started, prohibiting The calling instruction intercepts an unsecure access operation initiated by the application to the terminal.
  10. 根据权利要求6所述的终端,其特征在于,所述终端还包括记录单元,其中,The terminal according to claim 6, wherein the terminal further comprises a recording unit, wherein
    所述记录单元,用于记录所述终端当前的访问权限功能的使用状态;The recording unit is configured to record a usage status of a current access permission function of the terminal;
    所述安全模式切换单元,还用于若接收到用户触发的退出指令,则将所述访问权限功能恢复至所述记录单元中已记录的所述访问权限功能的使用状态,以退出所述安全模式。 The security mode switching unit is further configured to: if receiving an exit command triggered by a user, restore the access permission function to a usage state of the access permission function recorded in the recording unit, to exit the security mode.
PCT/CN2015/071818 2015-01-29 2015-01-29 Terminal security management method and apparatus WO2016119164A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/071818 WO2016119164A1 (en) 2015-01-29 2015-01-29 Terminal security management method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/071818 WO2016119164A1 (en) 2015-01-29 2015-01-29 Terminal security management method and apparatus

Publications (1)

Publication Number Publication Date
WO2016119164A1 true WO2016119164A1 (en) 2016-08-04

Family

ID=56542161

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/071818 WO2016119164A1 (en) 2015-01-29 2015-01-29 Terminal security management method and apparatus

Country Status (1)

Country Link
WO (1) WO2016119164A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118558A1 (en) * 2005-11-21 2007-05-24 Research In Motion Limited System and method for application program operation on a wireless device
CN103324893A (en) * 2013-05-31 2013-09-25 华为技术有限公司 Privacy protection method and device
CN103686600A (en) * 2013-11-27 2014-03-26 深圳酷派技术有限公司 Terminal and information protection method
CN103927475A (en) * 2014-03-24 2014-07-16 广东明创软件科技有限公司 Time-based application program access permission control method and mobile terminal for implementing same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118558A1 (en) * 2005-11-21 2007-05-24 Research In Motion Limited System and method for application program operation on a wireless device
CN103324893A (en) * 2013-05-31 2013-09-25 华为技术有限公司 Privacy protection method and device
CN103686600A (en) * 2013-11-27 2014-03-26 深圳酷派技术有限公司 Terminal and information protection method
CN103927475A (en) * 2014-03-24 2014-07-16 广东明创软件科技有限公司 Time-based application program access permission control method and mobile terminal for implementing same

Similar Documents

Publication Publication Date Title
CN105447406B (en) A kind of method and apparatus for accessing memory space
US9916475B2 (en) Programmable interface for extending security of application-based operating system
US9495560B2 (en) Polymorphic virtual appliance rule set
CN103391374B (en) Dual system terminal supporting seamless switching
JP6332766B2 (en) Trusted Service Manager Trusted Security Zone Container for data protection and confidentiality
US8341749B2 (en) Preventing malware attacks in virtualized mobile devices
JP5596785B2 (en) Virtual mobile device
US8438256B2 (en) Migrating functionality in virtualized mobile devices
CN105446713B (en) Method for secure storing and equipment
US8219063B2 (en) Controlling usage in mobile devices via a virtualization software layer
JP5611338B2 (en) Providing security for virtual mobile devices
US20150100890A1 (en) User interface management method and system
CN103679007A (en) Method and device for managing application program permission and mobile device
WO2016014593A1 (en) Mobile device security monitoring and notification
CN104794374B (en) A kind of application rights management method and apparatus for Android system
CN107077565A (en) The collocation method and equipment of a kind of safe configured information
WO2015109668A1 (en) Application program management method, device, terminal, and computer storage medium
CN105550595A (en) Private data access method and system for intelligent communication equipment
JP6858256B2 (en) Payment application separation methods and devices, as well as terminals
US11379621B2 (en) Apparatus and method for tracking access permissions over multiple execution environments
US20170329963A1 (en) Method for data protection using isolated environment in mobile device
EP3683702A1 (en) Method and apparatus for securely calling fingerprint information, and mobile terminal
US9473936B2 (en) Method and device for protecting privacy information
WO2016119164A1 (en) Terminal security management method and apparatus
US20150220720A1 (en) Electronic device and method for controlling access to given area thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15879372

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15879372

Country of ref document: EP

Kind code of ref document: A1