A kind of data prevention method of terminal and terminalTechnical field
The present invention relates to the data prevention methods of technical field of data security more particularly to a kind of terminal and terminal.
Background technology
With the extensive use of computer, problem of data safety increasingly attracts people's attention, currently, each terminal deviceIn the case where logging in unlocked state, being inserted into the movable storage devices such as USB flash disk can be in the number in direct copying terminal device under logon accountAccording to such mode is unfavorable for protecting the personal data of terminal user.
Existing anti-copy method needs on computer installation to set generally by the safe class of software manual setting USB flash diskSoftware is set, USB flash disk needs reserved storage space to carry out storage level information, and notebook is done by identifying the USB flash disk of different safety classGo out corresponding actions, it is this very cumbersome by way of manual setting USB flash disk safe class, and the free space of USB flash disk itself is wasted,And the way of each USB flash disk business men is difficult unification, versatility is poor.
Also be exactly by computer file or file password is set, when copy, needs to input password, suchFile is revealed caused by scheme cannot prevent password from revealing, and is often copied a file and be required for password, extremely influences to copyShellfish rate and user experience.
Invention content
The purpose of the present invention is to provide the data prevention methods of a kind of terminal and terminal, are asked for solving above-mentioned technologyTopic.
For this purpose, the present invention uses following technical scheme:
In a first aspect, the present invention provides a kind of data prevention methods of terminal, including:
If terminal has detected movable storage device insertion, the current location information of terminal is obtained;
Judge terminal whether in scheduled harbor according to the current location information of terminal;
If so, can mutually transmit arbitrary file between terminal and the movable storage device;
If it is not, the identity identification information of acquisition user, and pass through the level of trust of the identity identification information matches user;According to the level of trust of user, the file transmitting rights that are correspondingly arranged between terminal and the movable storage device.
Optionally, the identity identification information includes the image information of user;
The step:The identity identification information of user is acquired, and passes through the trust of the identity identification information matches userRank specifically includes:
The image acquisition device for starting terminal, acquires the image information of user;
The face information of user is extracted from the image collected information;
The database for inquiring terminal, judges letter corresponding with the face information whether is stored in the database of terminalAppoint rank;
If so, the level of trust of setting active user is level of trust corresponding with the face information;
If it is not, the level of trust that active user is then arranged is trustless rank;
Wherein, the step:The level of trust that active user is arranged is level of trust corresponding with the face information,It specifically includes:
If level of trust corresponding with the face information is complete level of trust, the level of trust of active user is setFor complete level of trust;
If level of trust corresponding with the face information is readable level of trust, the level of trust of active user is setFor readable level of trust;
If level of trust corresponding with the face information is writeable level of trust, the level of trust of active user is setFor writeable level of trust.
Optionally, the specific setting method of the file transmitting rights includes:
If the level of trust of active user is complete level of trust, can mutually be passed between terminal and the movable storage deviceDefeated arbitrary file;
If the level of trust of active user is trustless rank, cannot be transmitted between terminal and the movable storage deviceArbitrary file;
If the level of trust of active user is readable level of trust, only terminal is allowed to copy text from the movable storage devicePart;
If the level of trust of active user is writeable level of trust, the movable storage device is only allowed to copy text from terminalPart.
Optionally, the step:If terminal has detected movable storage device insertion, the current location information of terminal is obtainedBefore, further include:
It is the harbor to preset the place corresponding to one or several location informations;
Terminal has detected whether movable storage device insertion in real time;
The step:After terminal has detected whether that movable storage device is inserted into real time, including:
If so, obtaining the current location information of terminal;
If it is not, continuing to have detected whether movable storage device insertion in real time.Optionally, the step:Terminal detects in real timeBefore whether having movable storage device insertion, further include:Pre-set the file hierarchies of each file stored in terminal;The textPart grade includes open grade, common degree of protection and important degree of protection;
If the level of trust of active user is trustless rank, the file of the important degree of protection of terminal and common protectionThe file of grade is invisible to user, and the file of the only open grade of terminal is visible to user;
If the level of trust of active user is readable level of trust or writeable level of trust, the file pair of important degree of protectionUser is invisible, and file, the file of common degree of protection of open grade are visible to user;
If the level of trust of active user is complete level of trust, the file of the All Files grade of terminal is to per family may be usedSee.
Optionally, the step:The level of trust that active user is arranged is that trustless rank further includes later:
Locking terminal screen.
Optionally, when the level of trust of user is trustless rank, readable level of trust or writeable level of trust, eventuallyIf end detects that the movable storage device is pulled out, immediately locking terminal screen.
Optionally, terminal is laptop;The movable storage device is USB flash disk.
Second aspect includes the data-interface for grafting movable storage device the present invention also provides a kind of terminal, alsoIncluding interface administration module, GPS module, System right management module, Image Acquisition and processing module and memory;
If the interface administration module notifies the GPS module positioning eventually for having detected movable storage device insertionHold current position;
GPS module is electrically connected the interface administration module, the location information current for obtaining terminal;
Whether GPS module is additionally operable to judge terminal in scheduled harbor according to the current location information of terminal;If so,Notify System right management module, terminal is currently in scheduled harbor;If it is not, the acquisition of notice described image and processing moduleAcquire the identity identification information of user;
Described image acquires and processing module, is electrically connected the GPS module, the memory and the system permission pipeManage module;Described image acquires the identity identification information for being used to acquire and handle user with processing module, and passes through the identityIdentification information matches the level of trust of user;
System right management module is used for the level of trust according to user, is correspondingly arranged terminal and the movable storage deviceBetween file transmitting rights;
Wherein, be stored with several identity identification information in the memory, and with the identity identification information phaseCorresponding level of trust.
Optionally, the identity identification information includes the image information of user;
It includes image acquisition device and image processing module that described image, which is acquired with processing module,;
Described image collector is electrically connected the GPS module, the image information for acquiring user;
Described image processing module is electrically connected described image collector, for extracting user from the image collected informationFace information;It is additionally operable to inquire the database in the memory, be obtained from database corresponding with the face informationLevel of trust, and notify the System right management module;
The System right management module is electrically connected described image processing module, the level of trust for active user to be arrangedFor level of trust corresponding with the face information;If being additionally operable to described image processing module not obtain from the database of terminalLevel of trust corresponding with the face information is got, then the level of trust that active user is arranged is trustless rank;
Wherein, the level of trust of the setting active user is level of trust corresponding with the face information, specificallyIncluding:
If level of trust corresponding with the face information is complete level of trust, the level of trust of active user is setFor complete level of trust;
If level of trust corresponding with the face information is readable level of trust, the level of trust of active user is setFor readable level of trust;
If level of trust corresponding with the face information is writeable level of trust, the level of trust of active user is setFor writeable level of trust;
Wherein, the file transmitting rights being correspondingly arranged between terminal and the movable storage device, specifically include:
If the level of trust of active user is complete level of trust, can mutually be passed between terminal and the movable storage deviceDefeated arbitrary file;
If the level of trust of active user is trustless rank, cannot be transmitted between terminal and the movable storage deviceArbitrary file;
If the level of trust of active user is readable level of trust, only terminal is allowed to copy text from the movable storage devicePart;
If the level of trust of active user is writeable level of trust, the movable storage device is only allowed to copy text from terminalPart;
Wherein, terminal is laptop, and described image collector is the front camera of laptop;Mobile storageEquipment is USB flash disk.
Compared with prior art, beneficial effects of the present invention are:By the position judgment terminal of positioning terminal currently whetherIn harbor, when terminal is in harbor, the possibility that other people steal data is smaller, and data should be opposite pacifyComplete, data transmission permission is decontroled at this time;When terminal is not at harbor, the automatic identity identification information for obtaining user andThe identity identification information for being stored in terminal is compared, the level of trust of Auto-matching user, and then is correspondingly arranged different textsPart transmitting rights pass through complicated setting manually with the data being effectively protected without user, very convenient.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show belowThere is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only thisSome embodiments of invention without having to pay creative labor, may be used also for those of ordinary skill in the artTo obtain other attached drawings according to these attached drawings.
Fig. 1 is the system architecture diagram of terminal provided in an embodiment of the present invention.
Fig. 2 is a kind of data prevention method flow chart of terminal provided in an embodiment of the present invention;
Fig. 3 is the method flow diagram of a part of step of the data prevention method of terminal provided in an embodiment of the present invention;
Fig. 4 is the specific method flow of the another part steps of the data prevention method of terminal provided in an embodiment of the present inventionFigure;
Fig. 5 is the specific method flow of another part steps of the data prevention method of terminal provided in an embodiment of the present inventionFigure;
Fig. 6 is Fig. 3 subsequent step flow charts.
In figure:
10, terminal;11, data-interface;12, interface administration module;13, GPS module;14, System right management module;15, Image Acquisition and processing module;16, memory;17, file hierarchies setup module.
Specific implementation mode
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present inventionAttached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed belowEmbodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this fieldAll other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present inventionRange.
Include being connect for the data of grafting movable storage device 20 referring to Fig. 1, present embodiments provide a kind of terminal 10Mouth 11, interface administration module 12, GPS (Global Positioning System, global positioning system) module 13, system powerLimit management module 14, Image Acquisition and processing module 15, memory 16 and file hierarchies setup module 17.
Interface administration module 12 is electrically connected data-interface 11, for detecting whether having the insertion of movable storage device 20, or inspectionSurvey whether movable storage device 20 is pulled out;GPS module 13 is electrically connected interface administration module 12 and Image Acquisition and processingModule 15;System right management module 14 is electrically connected GPS module 13 and Image Acquisition and processing module 15;Image Acquisition withProcessing module 15 is also electrically connected memory 16;Memory 16 is electrically connected file hierarchies setup module 17.
Please continue to refer to Fig. 2, Fig. 2 is the data prevention method flow chart of terminal provided in an embodiment of the present invention;The dataMeans of defence specifically includes:
Initialization step one, the place preset corresponding to one or several location informations are harbor.
Wherein, harbor can be set according to user's actual conditions, such as in the family of holder terminal.
Initialization step two, the file hierarchies for pre-setting each file stored in terminal 10;Wherein, file hierarchies include public affairsOpen grade, common degree of protection and important degree of protection.
Step S110, terminal 10 has detected whether that movable storage device 20 is inserted into real time;If so, executing step S120;IfIt is no, continue to execute step S110.
The state of 12 real-time detector data interface 11 of interface administration module, to have detected whether that movable storage device 20 is insertedEnter, if so, notice GPS module 13 starts to position.
If S120, terminal 10 have detected that movable storage device 20 is inserted into, the current location information of terminal 10 is obtained.
If terminal 10 detects that movable storage device 20 is inserted into, GPS module 13 starts to position, and obtains the current position of terminal 10Confidence ceases.
S130, judge terminal whether in scheduled harbor according to the current location information of terminal;If so, executing stepS131;If it is not, executing step S132.
After GPS module 13 obtains the current location information of terminal 10, terminal 10 is judged whether in preset harbor,If so, executing step S131;If it is not, executing step S132.
Arbitrary file can be mutually transmitted between S131, terminal 10 and movable storage device 20.
S132, the identity identification information for acquiring user, and pass through the level of trust of identity identification information matches user.
Image Acquisition acquires the identity identification information of user with processing module 15, passes through identity identification information matches user'sLevel of trust, and notify System right management module 14.
S133, the level of trust according to user, the file transmission being correspondingly arranged between terminal 10 and movable storage device 20Permission.
System right management module 14 according to the level of trust of user, be correspondingly arranged terminal 10 and movable storage device 20 itBetween file transmitting rights.
Specifically, in the present embodiment, identity identification information selects the image information of user.Image Acquisition and processing module 15Including image acquisition device and image processing module.
Step S132 is specifically included:
S1321, the image acquisition device for starting terminal 10, acquire the image information of user;
Image acquisition device is electrically connected GPS module 13, the image information for acquiring user, in the present embodiment, Image AcquisitionDevice is the front camera of terminal 10.
S1322, the face information that user is extracted from the image collected information;
Image processing module is electrically connected image acquisition device, the face letter for extracting user from the image collected informationBreath, and for inquiring the database being stored in memory 16, obtained from database corresponding with the face information of acquisitionLevel of trust, and notify System right management module 14.
Whether S1323, the database for inquiring terminal, judge to be stored in the database of terminal opposite with the face informationThe level of trust answered;If so, executing step S150;If it is not, executing step S140.
System right management module 14 is electrically connected image processing module, and the level of trust for active user to be arranged is to obtainLevel of trust;Wherein, if image processing module fails to get matched level of trust from database, current use is setThe level of trust at family is trustless rank.
Wherein, the level of trust includes complete level of trust, readable level of trust, writeable level of trust and insincereAppoint rank.
S150, the level of trust that active user is arranged are level of trust corresponding with the face information.
S140, the level of trust that active user is arranged are trustless rank.
With continued reference to FIG. 4, Fig. 4 is the further subdivision to the data prevention method of terminal.
Specifically, step S150 is specifically included:
If S151, level of trust corresponding with face information are complete level of trust, the level of trust of active user is setIt Wei not complete level of trust;
If S152, level of trust corresponding with the face information are readable level of trust, the letter of active user is setIt is readable level of trust to appoint rank;
If S153, level of trust corresponding with the face information are writeable level of trust, the letter of active user is setIt is writeable level of trust to appoint rank.
Further, in step S133, the specific setting method of file transmitting rights includes:
After step S151, step S131 is executed;
After step S140, step S1401 is executed:Arbitrary text cannot be transmitted between terminal 10 and movable storage device 20Part;
After step S152, step S1521 is executed:Only allow terminal 10 from 20 copied files of movable storage device;
After step S153, step S1531 is executed:Only allow movable storage device 20 from 10 copied files of terminal.
In the present embodiment, for the user of different reliability ratings, it is restricted to check that the permission of file also corresponds to.
Specifically, in step S1401, the file of the file of important degree of protection and common degree of protection can not to userSee, the file for only disclosing grade is visible to user.
In step S1521, the file of important degree of protection is invisible to user, the file of open grade, common protection etc.The file of grade is visible to user;
In step S1531, the file of important degree of protection is invisible to user, the file of open grade, common protection etc.The file of grade is visible to user;
In step S131, the file of the All Files grade of terminal is to visible per family.
In order to further strengthen data protection, in the present embodiment, further include after step S140:
S141,10 screen of locking terminal;
Whether S142,10 screen of terminal are successfully unlocked;If so, executing step S1401;If it is not, return to step S141.
Please continue to refer to Fig. 5 and Fig. 6.
Further include step S161 specifically, after step S131.
Whether detection movable storage device 20 is pulled out in real time for S161, terminal 10;If so, return to step S110;If it is not, afterWhether the continuous movable storage device 20 of detection in real time is pulled out.
After step S1401, after step S1521 and after step S1531, go to step S162;
Whether detection movable storage device 20 is pulled out in real time for S162, terminal 10;If so, executing step S170;If it is not, afterWhether the continuous movable storage device 20 of detection in real time is pulled out;
S170,10 screen of locking terminal;And return to step S110.
Applicable in the present embodiment, terminal 10 is the computer of the removable offices such as laptop, tablet computer;It is mobileStorage device 20 is the electronic equipment that USB flash disk, mobile phone etc. carry data storage function and data-transformation facility.
In the present embodiment, whether it is in harbor by the way that the position judgment terminal 10 of positioning terminal 10 is current, works as terminal10 be in harbor when, decontrol data transmission permission at this time;It is automatic to obtain user's when terminal 10 is not at harborIdentity identification information and the identity identification information for being stored in terminal 10 are compared, the level of trust of Auto-matching user, in turnIt is correspondingly arranged different file transmitting rights, the safety for the data that can be so effectively protected, and needs not move through artificial complexitySetting, it is very convenient.
It should be noted that in the present embodiment, the identity identification information of user in addition to face information, can also be sound,Fingerprint etc. can play the identity identification information of unique mark, also can reach technology similar in meeting identical with face information and imitateFruit, therefore should all be within protection scope of the present invention.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to beforeStating embodiment, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to precedingThe technical solution recorded in each embodiment is stated to modify or equivalent replacement of some of the technical features;And theseModification or replacement, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.