Disclosure of Invention
The invention aims to provide a device safety protection method and system.
According to one aspect of the present invention, there is provided a device security protection method comprising:
The equipment to be protected checks the user information, if the user information passes the check, a key parameter of the user is generated, and a first key effective in a preset time is generated based on the key parameter;
The mobile security device detects the device information of the mobile security device, if the device information passes detection, the mobile security device establishes wired connection with the device to be protected, acquires the key parameter from the device to be protected based on the wired connection, and generates a second key effective in the preset time based on the key parameter;
the equipment to be protected acquires the second secret key from the mobile security equipment based on the wired connection, compares the first secret key with the second secret key, and if the comparison is consistent, the equipment to be protected and the mobile security equipment are successfully paired, the wired connection is disconnected, and a wireless connection is established between the equipment to be protected and the mobile security equipment;
the device to be protected acquires an operation request of a user, judges whether the device to be protected is in a locked state or not, if the device to be protected is in the locked state, does not respond to the operation request of the user, regenerates a first key effective in a preset time based on the key parameter if the device to be protected is in the unlocked state, acquires a second key effective in the preset time regenerated based on the key parameter from the mobile security device through the wireless connection, compares the regenerated first key with the second key, and responds to the operation request of the user if the comparison is consistent.
Further, in the above method, the judging whether the device to be protected is in a locked state includes:
if the mobile security device monitors that the device to be protected is monitored, the device to be protected has network proxy setting or the communication between the device to be protected and the mobile security device is interrupted, the mobile security device sends a locking instruction to the device to be protected, and the device to be protected adjusts itself to be in a locking state based on the received locking instruction.
Further, in the above method, the judging whether the device to be protected is in a locked state includes:
And the equipment to be protected monitors whether the mobile safety equipment is in an inactive state or not through the wireless connection, and if the mobile safety equipment is in the inactive state, the equipment to be protected judges that the equipment to be protected is in a locking state.
Further, in the above method, the judging whether the device to be protected is in a locked state includes:
and the equipment to be protected monitors whether the distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold, and if so, the equipment to be protected judges that the equipment to be protected is in a locking state.
Further, in the above method, the monitoring, by the device to be protected, whether the distance between the device to be protected and the mobile security device exceeds a preset distance threshold includes:
If a wireless network is connected between the equipment to be protected and the mobile safety equipment, the equipment to be protected and the mobile safety equipment form a point-to-point wireless network, the equipment to be protected is based on the point-to-point wireless network, adopts a wireless positioning method, is matched with NFC, bluetooth, GPS or a cellular mobile network, and monitors whether the opposite distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold value.
Further, in the above method, the monitoring, by the device to be protected, whether the distance between the device to be protected and the mobile security device exceeds a preset distance threshold includes:
If the equipment to be protected and the mobile safety equipment are both provided with NFC or Bluetooth devices, the equipment to be protected adopts NFC or Bluetooth and is matched with a GPS or cellular mobile network to monitor whether the opposite distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold value.
Further, in the above method, the monitoring, by the device to be protected, whether the distance between the device to be protected and the mobile security device exceeds a preset distance threshold includes:
If the equipment to be protected and the mobile safety equipment are both provided with gyroscopes and are provided with cellular mobile positioning or GPS positioning devices, the equipment to be protected adopts GPS positioning or cellular mobile networks and is cooperated with the gyroscopes to monitor whether the opposite distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold value.
Further, in the above method, the monitoring, by the device to be protected, whether the distance between the device to be protected and the mobile security device exceeds a preset distance threshold includes:
If the equipment to be protected is provided with a sound receiving device and the mobile safety equipment is provided with a sound source playing device, monitoring whether the distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold or not by monitoring the infrasound wave or the ultrasonic wave with preset frequency sent by the sound source playing device through the sound receiving device.
Further, in the above method, after the device to be protected determines that the device to be protected is in the locked state, the method further includes:
the equipment to be protected locks the screen of the equipment to be protected, disconnects the wireless connection, and/or encrypts the memory information of the equipment to be protected.
According to another aspect of the present invention, there is also provided a device security protection system, wherein the system includes:
The mobile security device is used for detecting self device information, if the self device information passes detection, establishing wired connection with the device to be protected, acquiring the key parameter from the device to be protected based on the wired connection, and generating a second key effective in the preset time based on the key parameter;
The method comprises the steps of obtaining a first key, obtaining a second key, comparing the first key with the second key, if the comparison is consistent, then pairing the first key with the second key successfully, disconnecting the wired connection and establishing wireless connection with a mobile safety device, obtaining an operation request of a user, judging whether the device to be protected is in a locking state or not, if the device to be protected is in the locking state, not responding to the operation request of the user, if the device to be protected is in the unlocking state, regenerating the first key which is valid in the preset time based on the key parameter, obtaining the second key which is valid in the preset time and regenerated based on the key parameter from the mobile safety device through the wireless connection, comparing the regenerated first key with the regenerated second key if the comparison is consistent, and responding to the operation request of the user.
According to another aspect of the present invention there is also provided a computer readable medium having stored thereon computer readable instructions executable by a processor to implement the method of any one of the above.
According to another aspect of the present invention there is also provided an apparatus for information processing at a network device, the apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform the method of any of the preceding claims.
Compared with the prior art, the equipment to be protected and the mobile safety equipment are required to be physically linked with the mobile equipment in a wired mode during the first initialization, so that the key parameters of the mobile safety equipment are acquired from the equipment to be protected based on the wired connection, and safe and reliable key parameter initialization is realized. The equipment end to be protected and the mobile security equipment end respectively and independently calculate a first secret key and a second secret key.
The invention adopts the disposable first key and the second key based on time, the first key and the second key are effective in the preset time, new first key and second key are generated every other preset time period, and the first key and the second key which are effective in the new preset time are generated again by directly cancelling after the first key and the second key are out of date, after the first key and the second key are compared and consistent, the equipment to be protected responds to the operation request of the user, the problems of simple password and long-time password replacement are avoided, and the safe and reliable response of the equipment to be protected can be realized.
The invention can use mobile equipment with high current popularity, such as mobile phones, smart watches, flat plates, smart bracelets and other portable equipment, does not need to purchase hardware equipment, realizes functions of equipment locks, software hardware locks, watchdog and the like, can adjust the locking state or unlocking state of equipment to be protected in time, prevents equipment from being unlocked due to negligence of users, and effectively prevents the problems of software theft, illegal control, information leakage and the like.
Detailed Description
The invention is described in further detail below with reference to the accompanying drawings.
In one exemplary configuration of the application, the terminal, the device of the service network, and the trusted party each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer readable media, as defined herein, does not include non-transitory computer readable media (transmission media), such as modulated data signals and carrier waves.
As shown in fig. 1, the present invention provides a device security protection method, which includes:
Step S1, checking user information by equipment to be protected, if the user information passes, generating a key parameter of the user, and generating a first key effective in preset time based on the key parameter;
Step S2, the mobile security device detects the device information of the mobile security device, if the device information of the mobile security device passes detection, the mobile security device establishes wired connection with the device to be protected, acquires the key parameter from the device to be protected based on the wired connection, and generates a second key effective in the preset time based on the key parameter;
The equipment to be protected is equipment to be protected, such as a computer, a mobile phone and the like, which needs to be protected safely;
The mobile security device is a device for protecting the device to be protected, such as a mobile phone, a tablet computer, a smart watch, a smart bracelet and the like.
The wired connection is a physical connection;
Step S3, the equipment to be protected acquires the second secret key from the mobile security equipment based on the wired connection, compares the first secret key with the second secret key, if the comparison is consistent, the equipment to be protected and the mobile security equipment are successfully paired, the wired connection is disconnected, and a wireless connection is established between the equipment to be protected and the mobile security equipment;
And S4, the equipment to be protected acquires an operation request of a user, judges whether the equipment to be protected is in a locking state or not, does not respond to the operation request of the user if the equipment to be protected is in the locking state, regenerates a first key effective in a preset time based on the key parameter if the equipment to be protected is in the unlocking state, acquires a second key effective in the preset time regenerated based on the key parameter from the mobile security equipment through the wireless connection, compares the regenerated first key with the regenerated second key, and responds to the operation request of the user if the comparison is consistent.
In the first initialization, the device to be protected and the mobile safety device need to be physically linked with the mobile device by a wired link so that the key parameter of the mobile safety device can be obtained from the device to be protected based on the wired connection, thereby realizing safe and reliable key parameter initialization. The equipment end to be protected and the mobile security equipment end respectively and independently calculate a first secret key and a second secret key.
The invention adopts the disposable first key and the second key based on time, the first key and the second key are effective in the preset time, new first key and second key are generated every other preset time period, and the first key and the second key which are effective in the new preset time are generated again by directly cancelling after the first key and the second key are out of date, after the first key and the second key are compared and consistent, the equipment to be protected responds to the operation request of the user, the problems of simple password and long-time password replacement are avoided, and the safe and reliable response of the equipment to be protected can be realized.
The invention can use mobile equipment with high current popularity, such as mobile phones, smart watches, flat plates, smart bracelets and other portable equipment, does not need to purchase hardware equipment, realizes functions of equipment locks, software hardware locks, watchdog and the like, can adjust the locking state or unlocking state of equipment to be protected in time, prevents equipment from being unlocked due to negligence of users, and effectively prevents the problems of software theft, illegal control, information leakage and the like.
In an embodiment of the device security protection method of the present invention, the device to be protected judges whether the device is in a locked state, including:
if the mobile security device monitors that the device to be protected is monitored, the device to be protected has network proxy setting or the communication between the device to be protected and the mobile security device is interrupted, the mobile security device sends a locking instruction to the device to be protected, and the device to be protected adjusts itself to be in a locking state based on the received locking instruction.
After the equipment end to be protected and the mobile safety equipment end are paired, the equipment end to be protected and the mobile safety equipment end respectively calculate a first key and a second key independently, and keep communication through a wireless network, bluetooth and other communication modes by adopting an encryption link, so that the first key and the second key are carried out. Once the communication is interrupted, monitored and an intermediate agent exists, the mobile security device sends a locking instruction to the device to be protected, and the device to be protected protects local software or hardware according to the locking instruction so as to enter a locking state, such as screen locking, memory information encryption, exiting and other measures.
In an embodiment of the device security protection method of the present invention, the device to be protected judges whether the device is in a locked state, including:
And the equipment to be protected monitors whether the mobile safety equipment is in an inactive state or not through the wireless connection, and if the mobile safety equipment is in the inactive state, the equipment to be protected judges that the equipment to be protected is in a locking state.
The mobile security device is in an inactive state, for example, may be a screen locking state, a preset application background running state, etc., which indicates that the user may forget the mobile security device in the current position, and may immediately lock the device to be protected
By monitoring whether the mobile safety equipment is in an inactive state, the equipment to be protected can be timely adjusted to a locking state, and the operation safety of the equipment to be protected is guaranteed.
In an embodiment of the device security protection method of the present invention, the device to be protected judges whether the device is in a locked state, including:
and the equipment to be protected monitors whether the distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold, and if so, the equipment to be protected judges that the equipment to be protected is in a locking state.
When the safety distance between the mobile safety device and the equipment to be protected is within the preset distance, the equipment to be protected judges that the equipment to be protected is in an unlocking state, the mobile safety device is in safe wireless connection with the equipment to be protected or software, the mobile safety device transmits offline dynamic generation of a second secret key to the equipment to be protected, and when the safety distance between the mobile safety device and the equipment to be protected is within the preset distance, the equipment to be protected judges that the equipment to be protected is in a locking state. Can ensure that the equipment to be protected is timely adjusted to a locking state or an unlocking state, and ensure the operation safety of the equipment to be protected
In an embodiment of the device security protection method of the present invention, the device to be protected monitors whether a distance between itself and the mobile security device exceeds a preset distance threshold, including:
If a wireless network is connected between the equipment to be protected and the mobile safety equipment, the equipment to be protected and the mobile safety equipment form a point-to-point wireless network, the equipment to be protected is based on the point-to-point wireless network, adopts a wireless positioning method, is matched with NFC, bluetooth, GPS or a cellular mobile network, and monitors whether the opposite distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold value.
When the device to be protected and the mobile security device both have wireless network devices, the device to be protected and the mobile security device can form a peer-to-peer network, determine the distance by using a wireless positioning method, and determine whether to open or close the locking state of the device to be protected in cooperation with near field devices such as NFC, bluetooth, or the like or the accurate distance of positioning modes such as GPS, cellular mobile network, and the like.
In an embodiment of the device security protection method of the present invention, the device to be protected monitors whether a distance between itself and the mobile security device exceeds a preset distance threshold, including:
If the equipment to be protected and the mobile safety equipment are both provided with NFC or Bluetooth devices, the equipment to be protected adopts NFC or Bluetooth and is matched with a GPS or cellular mobile network to monitor whether the opposite distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold value.
Under the condition that the equipment to be protected and the mobile security equipment do not form a non-point-to-point network, the protection equipment and the mobile security equipment can use near field communication equipment such as NFC, bluetooth and the like to judge the distance according to the strength of signals, and judge whether to open or close the locking state of the equipment to be protected according to the accurate distance in cooperation with a positioning mode such as GPS, cellular movement and the like.
In an embodiment of the device security protection method of the present invention, the device to be protected monitors whether a distance between itself and the mobile security device exceeds a preset distance threshold, including:
If the equipment to be protected and the mobile safety equipment are both provided with gyroscopes and are provided with cellular mobile positioning or GPS positioning devices, the equipment to be protected adopts GPS positioning or cellular mobile networks and is cooperated with the gyroscopes to monitor whether the opposite distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold value.
When the near field communication equipment is not available, the equipment to be protected can judge the distance between the equipment to be protected and the mobile safety equipment according to cellular movement, GPS positioning and the like, and judge the step number and the movement distance of a user in cooperation with the motion detection equipment such as a gyroscope and the like, so that the cellular movement and GPS positioning errors are reduced, and whether the locking state of the equipment to be protected is opened or closed is judged.
In an embodiment of the device security protection method of the present invention, the device to be protected monitors whether a distance between itself and the mobile security device exceeds a preset distance threshold, including:
If the equipment to be protected is provided with a sound receiving device and the mobile safety equipment is provided with a sound source playing device, monitoring whether the distance between the equipment to be protected and the mobile safety equipment exceeds a preset distance threshold or not by monitoring the infrasound wave or the ultrasonic wave with preset frequency sent by the sound source playing device through the sound receiving device.
The mobile security device can adopt sound source playing hardware to generate infrasonic wave or ultrasonic wave with preset frequency, the protected device can monitor through the sound receiving device, and when the capacity of the sound source is reduced to a preset lower limit, the locking state of the device to be protected is immediately opened or closed.
In an embodiment of the device security protection method of the present invention, after the device to be protected determines that the device to be protected is in a locked state, the device security protection method further includes:
the equipment to be protected locks the screen of the equipment to be protected, disconnects the wireless connection, and/or encrypts the memory information of the equipment to be protected.
According to another aspect of the present invention, there is also provided a device security protection system, wherein the system includes:
the mobile security device is used for detecting self device information, if the self device information passes detection, establishing wired connection with the device to be protected, acquiring the key parameter from the device to be protected based on the wired connection, and generating a second key effective in the preset time based on the key parameter
The method comprises the steps of obtaining a first key, obtaining a second key, comparing the first key with the second key, if the comparison is consistent, then pairing the first key with the second key successfully, disconnecting the wired connection and establishing wireless connection with a mobile safety device, obtaining an operation request of a user, judging whether the device to be protected is in a locking state or not, if the device to be protected is in the locking state, not responding to the operation request of the user, if the device to be protected is in the unlocking state, regenerating the first key which is valid in the preset time based on the key parameter, obtaining the second key which is valid in the preset time and regenerated based on the key parameter from the mobile safety device through the wireless connection, comparing the regenerated first key with the regenerated second key if the comparison is consistent, and responding to the operation request of the user.
According to another aspect of the present invention, there is also provided a computer readable medium having stored thereon computer readable instructions executable by a processor to implement the method according to any of the above embodiments.
According to another aspect of the present invention there is also provided an apparatus for information processing at a network device, the apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform the method of any of the embodiments described above.
Details of each device and storage medium embodiment of the present invention may refer to corresponding parts of each method embodiment, and are not described herein.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
It should be noted that the present invention may be implemented in software and/or a combination of software and hardware, e.g., using Application Specific Integrated Circuits (ASIC), a general purpose computer or any other similar hardware device. In one embodiment, the software program of the present invention may be executed by a processor to perform the steps or functions described above. Likewise, the software programs of the present invention (including associated data structures) may be stored on a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. In addition, some steps or functions of the present invention may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
Furthermore, portions of the present invention may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or techniques in accordance with the present invention by way of operation of the computer. Program instructions for invoking the inventive methods may be stored in fixed or removable recording media and/or transmitted via a data stream in a broadcast or other signal bearing medium and/or stored within a working memory of a computer device operating according to the program instructions. An embodiment according to the invention comprises an apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to operate a method and/or a solution according to the embodiments of the invention as described above.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the apparatus claims can also be implemented by means of one unit or means in software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order.