CN105282155A - Authority control method, device and system for interaction among terminals - Google Patents
Authority control method, device and system for interaction among terminals Download PDFInfo
- Publication number
- CN105282155A CN105282155A CN201510642347.0A CN201510642347A CN105282155A CN 105282155 A CN105282155 A CN 105282155A CN 201510642347 A CN201510642347 A CN 201510642347A CN 105282155 A CN105282155 A CN 105282155A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key information
- information
- operator
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an authority control method, device and system for the interaction among terminals, and belongs to the technical field of communication. The method comprises the steps: carrying out the identity recognition of an operator according to the identity information inputted by the operator; enabling recognition results and the identity information to be packaged when the recognized identity of the operator is legal; carrying out the encryption of packaged data; transmitting the encrypted data to an execution terminal, and determining the operation authority of a control terminal according to generated secrete key information after an execution terminal carries out the unlocking of the encrypted data and generates the secrete key information. The method just needs to carry out the identity recognition at the control terminal, and the execution terminal does not need to carry out secondary collection, thereby simplifying operation under the condition of guaranteeing the information safety, determining the operation authority of the control terminal according to the identity information, and further guaranteeing the information safety during terminal interaction.
Description
Technical field
The present invention relates to communication technique field, particularly relate to a kind of terminal room and carry out mutual authority control method, Apparatus and system.
Background technology
Distance wireless communication technique (NearFieldCommunication, NFC).Be a kind of short-range high frequency wireless communication technology, allow to carry out contactless Point-to-Point Data Transmission between electronic equipment.Utilize NFC, can realize, as the data exchange between digital camera, PDA, computer, mobile phone, operation control, consumption and payment or other services between multiple terminal.
Along with development and application universal of NFC technique, the installation of NFC technique also seems ever more important.In prior art, in order to ensure the fail safe of NFC reciprocal process, often need the identity information carrying out prestored user in mutual terminal at two, therefore user is needed to carry out twice authentication, if adopt the physiological characteristic such as fingerprint or eyeprint as identity identification information, then need two terminals all to have corresponding physiological characteristic harvester, require higher to terminal configuration.Further, prior art can not control the operating right of user.
Summary of the invention
Main purpose of the present invention is that proposing a kind of terminal room carries out mutual authority control method, Apparatus and system, be intended to solve prior art terminal when carrying out mutual, need repetition authentication, all higher to the configuration requirement of two terminals, and can not control operating right time mutual.
For achieving the above object, the invention provides a kind of terminal room and carry out mutual authority control method, be applicable to control terminal, described method comprises step:
Identity information according to operator's input carries out identification to described operator;
When the identity identifying described operator is legal, recognition result and described identity information are encapsulated;
The data of encapsulation are encrypted;
Enciphered data after encryption is sent to execution terminal, is unlocked by the data of described execution terminal to described encryption and after generating key information, determine the operating right of described control terminal according to the key information generated.
There is provided a kind of method as above, the described identity information according to operator's input carries out identification to described operator, comprising:
Gather the physiological characteristic parameter can carrying out identification of described operator;
The parameter collected and the data prestored are compared;
If comparison result is there are the data consistent with described parameter, then think that the identity of described operator is legal.
For achieving the above object, the present invention also provides another kind of terminal room to carry out mutual authority control method, is applicable to perform terminal, and described method comprises:
Receive the enciphered data that control terminal sends;
Generation key information is decrypted to described enciphered data;
The key information of generation and prestored secret key information are compared, searches the prestored secret key information identical with the key information of described generation;
The operating right of described control terminal is determined according to the prestored secret key information found.
A kind of as above method is provided, described generation key information is decrypted to described enciphered data, comprising:
Described enciphered data is decrypted, obtains the identity information of operator;
Key information is generated according to described identity information;
Wherein, described identity information comprises the physiological characteristic parameter can carrying out identification.
There is provided a kind of method as above, described method also comprises:
Operational order in described operating right is responded.
For achieving the above object, present invention also offers a kind of control terminal, described control terminal comprises:
Recognition unit, carries out identification for the identity information inputted according to operator to described operator;
Encapsulation unit, for when the identity identifying described operator is legal, encapsulates recognition result and described identity information;
Ciphering unit, is encrypted for the data encapsulated described encapsulation unit;
Transmitting element, for the enciphered data after encryption is sent to execution terminal, is unlocked by the data of described execution terminal to described encryption and after generating key information, determines the operating right of described control terminal according to the key information generated.
There is provided a kind of device as above, described recognition unit comprises:
Acquisition module, for gathering the physiological characteristic parameter can carrying out identification of described operator;
Comparing module, for comparing the parameter collected and the data prestored;
Judge module, for being there are the data consistent with described parameter at comparison result, then thinks that the identity of described operator is legal.
For achieving the above object, the present invention is also a kind of performs terminal, and described execution terminal comprises:
Receiving element, for receiving the enciphered data that control terminal sends;
Decryption unit, for being decrypted generation key information to described enciphered data;
Comparing unit, for the key information of generation and prestored secret key information being compared, searches the prestored secret key information identical with the key information of described generation;
Authority determining unit, for determining the operating right of described control terminal according to the prestored secret key information found.
There is provided a kind of device as above, described decryption unit comprises:
Deciphering module, for being decrypted described enciphered data, obtain the identity information of operator, wherein, described identity information comprises the physiological characteristic parameter can carrying out identification;
Generation module, for generating key information according to described identity information.
There is provided a kind of device as above, described execution terminal also comprises:
Performance element, for responding the operational order in described operating right.
For achieving the above object, the present invention also a kind of terminal room carries out mutual authority control system, and described system comprises control terminal as above and performs terminal:
Described control terminal, for when determination operation person's identity is legal, sends enciphered data to described execution terminal;
Described execution terminal, for being decrypted generation key information to described enciphered data, and determines the operating right of described control terminal according to this key information, and responds the operational order in described operating right.
The terminal room that the present invention proposes carries out mutual authority control method, Apparatus and system, be encrypted by the identity information of control terminal to user and then send to execution terminal, by execution terminal to decrypt encrypted data, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, operation is simplified when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
Accompanying drawing explanation
Fig. 1 is the hardware configuration schematic diagram of the mobile terminal realizing each embodiment of the present invention;
Fig. 2 is the wireless communication system schematic diagram of mobile terminal as shown in Figure 1;
Fig. 3 carries out the flow chart of mutual authority control method for a kind of terminal room that the embodiment of the present invention one provides;
Fig. 4 carries out the flow chart of mutual authority control method for a kind of terminal room that the embodiment of the present invention two provides;
Fig. 5 carries out the flow chart of mutual authority control method for a kind of terminal room that the embodiment of the present invention three provides;
The modular structure schematic diagram of a kind of control terminal that Fig. 6 provides for the embodiment of the present invention four;
A kind of modular structure schematic diagram performing terminal that Fig. 7 provides for the embodiment of the present invention five;
Fig. 8 carries out the schematic diagram of the system of mutual control of authority for a kind of terminal room that the embodiment of the present invention six provides.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The mobile terminal realizing each embodiment of the present invention is described referring now to accompanying drawing.In follow-up description, use the suffix of such as " module ", " parts " or " unit " for representing element only in order to be conducive to explanation of the present invention, itself is specific meaning not.Therefore, " module " and " parts " can mixedly use.
Mobile terminal can be implemented in a variety of manners.Such as, the terminal described in the present invention can comprise the such as mobile terminal of mobile phone, smart phone, notebook computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP (portable media player), guider etc. and the fixed terminal of such as digital TV, desktop computer etc.Below, suppose that terminal is mobile terminal.But it will be appreciated by those skilled in the art that except the element except being used in particular for mobile object, structure according to the embodiment of the present invention also can be applied to the terminal of fixed type.
Fig. 1 is the hardware configuration signal of the mobile terminal realizing each embodiment of the present invention.
Mobile terminal 100 can comprise wireless communication unit 110, A/V (audio/video) input unit 120, user input unit 130, sensing cell 140, output unit 150, memory 160, interface unit 170, controller 180 and power subsystem 190 etc.Fig. 1 shows the mobile terminal with various assembly, it should be understood that, does not require to implement all assemblies illustrated.Can alternatively implement more or less assembly.Will be discussed in more detail below the element of mobile terminal.
Wireless communication unit 110 generally includes one or more assembly, and it allows the radio communication between mobile terminal 100 and wireless communication system or network.Such as, wireless communication unit can comprise at least one in broadcast reception module 111, mobile communication module 112, wireless Internet module 113, short range communication module 114 and positional information module 115.
Broadcast reception module 111 via broadcast channel from external broadcasting management server receiving broadcast signal and/or broadcast related information.Broadcast channel can comprise satellite channel and/or terrestrial channel.Broadcast management server can be generate and send the server of broadcast singal and/or broadcast related information or the broadcast singal generated before receiving and/or broadcast related information and send it to the server of terminal.Broadcast singal can comprise TV broadcast singal, radio signals, data broadcasting signal etc.And broadcast singal may further include the broadcast singal combined with TV or radio signals.Broadcast related information also can provide via mobile communications network, and in this case, broadcast related information can be received by mobile communication module 112.Broadcast singal can exist in a variety of manners, such as, it can exist with the form of the electronic service guidebooks (ESG) of the electronic program guides of DMB (DMB) (EPG), digital video broadcast-handheld (DVB-H) etc.Broadcast reception module 111 can by using the broadcast of various types of broadcast system Received signal strength.Especially, broadcast reception module 111 can by using such as multimedia broadcasting-ground (DMB-T), DMB-satellite (DMB-S), digital video broadcasting-hand-held (DVB-H), forward link media (MediaFLO
) the digit broadcasting system receiving digital broadcast of Radio Data System, received terrestrial digital broadcasting integrated service (ISDB-T) etc.Broadcast reception module 111 can be constructed to be applicable to providing the various broadcast system of broadcast singal and above-mentioned digit broadcasting system.The broadcast singal received via broadcast reception module 111 and/or broadcast related information can be stored in memory 160 (or storage medium of other type).
Radio signal is sent at least one in base station (such as, access point, Node B etc.), exterior terminal and server and/or receives radio signals from it by mobile communication module 112.Various types of data that such radio signal can comprise voice call signal, video calling signal or send according to text and/or Multimedia Message and/or receive.
Wireless Internet module 113 supports the Wi-Fi (Wireless Internet Access) of mobile terminal.This module can be inner or be externally couple to terminal.Wi-Fi (Wireless Internet Access) technology involved by this module can comprise WLAN (WLAN) (Wi-Fi), Wibro (WiMAX), Wimax (worldwide interoperability for microwave access), HSDPA (high-speed downlink packet access) etc.
Short range communication module 114 is the modules for supporting junction service.Some examples of short-range communication technology comprise bluetooth
tM, radio-frequency (RF) identification (RFID), Infrared Data Association (IrDA), ultra broadband (UWB), purple honeybee
tMetc..
Positional information module 115 is the modules of positional information for checking or obtain mobile terminal.The typical case of positional information module is GPS (global positioning system).According to current technology, GPS module 115 calculates from the range information of three or more satellite and correct time information and for the Information application triangulation calculated, thus calculates three-dimensional current location information according to longitude, latitude and pin-point accuracy.Current, the method for calculating location and temporal information uses three satellites and by the error of the position that uses an other satellite correction calculation to go out and temporal information.In addition, GPS module 115 can carry out computational speed information by Continuous plus current location information in real time.
A/V input unit 120 is for audio reception or vision signal.A/V input unit 120 can comprise camera 121 and microphone 1220, and the view data of camera 121 to the static images obtained by image capture apparatus in Video Capture pattern or image capture mode or video processes.Picture frame after process may be displayed on display unit 151.Picture frame after camera 121 processes can be stored in memory 160 (or other storage medium) or via wireless communication unit 110 and send, and can provide two or more cameras 1210 according to the structure of mobile terminal.Such acoustic processing can via microphones sound (voice data) in telephone calling model, logging mode, speech recognition mode etc. operational mode, and can be voice data by microphone 122.Audio frequency (voice) data after process can be converted to the formatted output that can be sent to mobile communication base station via mobile communication module 112 when telephone calling model.Microphone 122 can be implemented various types of noise and eliminate (or suppress) algorithm and receiving and sending to eliminate (or suppression) noise or interference that produce in the process of audio signal.
User input unit 130 can generate key input data to control the various operations of mobile terminal according to the order of user's input.User input unit 130 allows user to input various types of information, and keyboard, the young sheet of pot, touch pad (such as, detecting the touch-sensitive assembly of the change of the resistance, pressure, electric capacity etc. that cause owing to being touched), roller, rocking bar etc. can be comprised.Especially, when touch pad is superimposed upon on display unit 151 as a layer, touch-screen can be formed.
Sensing cell 140 detects the current state of mobile terminal 100, (such as, mobile terminal 100 open or close state), the position of mobile terminal 100, user for mobile terminal 100 contact (namely, touch input) presence or absence, the orientation of mobile terminal 100, the acceleration or deceleration of mobile terminal 100 move and direction etc., and generate order or the signal of the operation for controlling mobile terminal 100.Such as, when mobile terminal 100 is embodied as sliding-type mobile phone, sensing cell 140 can sense this sliding-type phone and open or close.In addition, whether whether sensing cell 140 can detect power subsystem 190 provides electric power or interface unit 170 to couple with external device (ED).Sensing cell 140 can comprise proximity transducer 1410 and will be described this in conjunction with touch-screen below.
Interface unit 170 is used as at least one external device (ED) and is connected the interface that can pass through with mobile terminal 100.Such as, external device (ED) can comprise wired or wireless head-band earphone port, external power source (or battery charger) port, wired or wireless FPDP, memory card port, for connecting the port, audio frequency I/O (I/O) port, video i/o port, ear port etc. of the device with identification module.Identification module can be that storage uses the various information of mobile terminal 100 for authentication of users and can comprise subscriber identification module (UIM), client identification module (SIM), Universal Subscriber identification module (USIM) etc.In addition, the device (hereinafter referred to " recognition device ") with identification module can take the form of smart card, and therefore, recognition device can be connected with mobile terminal 100 via port or other jockey.Interface unit 170 may be used for receive from external device (ED) input (such as, data message, electric power etc.) and the input received be transferred to the one or more element in mobile terminal 100 or may be used for transmitting data between mobile terminal and external device (ED).
In addition, when mobile terminal 100 is connected with external base, interface unit 170 can be used as to allow by it electric power to be provided to the path of mobile terminal 100 from base or can be used as the path that allows to be transferred to mobile terminal by it from the various command signals of base input.The various command signal inputted from base or electric power can be used as and identify whether mobile terminal is arranged on the signal base exactly.Output unit 150 is constructed to provide output signal (such as, audio signal, vision signal, alarm signal, vibration signal etc.) with vision, audio frequency and/or tactile manner.Output unit 150 can comprise display unit 151, dio Output Modules 152, alarm unit 153 etc.
Display unit 151 may be displayed on the information of process in mobile terminal 100.Such as, when mobile terminal 100 is in telephone calling model, display unit 151 can show with call or other communicate (such as, text messaging, multimedia file are downloaded etc.) be correlated with user interface (UI) or graphic user interface (GUI).When mobile terminal 100 is in video calling pattern or image capture mode, display unit 151 can the image of display capture and/or the image of reception, UI or GUI that video or image and correlation function are shown etc.
Meanwhile, when display unit 151 and touch pad as a layer superposed on one another to form touch-screen time, display unit 151 can be used as input unit and output device.Display unit 151 can comprise at least one in liquid crystal display (LCD), thin-film transistor LCD (TFT-LCD), Organic Light Emitting Diode (OLED) display, flexible display, three-dimensional (3D) display etc.Some in these displays can be constructed to transparence and watch from outside to allow user, and this can be called transparent display, and typical transparent display can be such as TOLED (transparent organic light emitting diode) display etc.According to the specific execution mode wanted, mobile terminal 100 can comprise two or more display units (or other display unit), such as, mobile terminal can comprise outernal display unit (not shown) and inner display unit (not shown).Touch-screen can be used for detecting touch input pressure and touch input position and touch and inputs area.
When dio Output Modules 152 can be under the isotypes such as call signal receiving mode, call mode, logging mode, speech recognition mode, broadcast reception mode at mobile terminal, voice data convert audio signals that is that wireless communication unit 110 is received or that store in memory 160 and exporting as sound.And dio Output Modules 152 can provide the audio frequency relevant to the specific function that mobile terminal 100 performs to export (such as, call signal receives sound, message sink sound etc.).Dio Output Modules 152 can comprise loud speaker, buzzer etc.
Alarm unit 153 can provide and export that event informed to mobile terminal 100.Typical event can comprise calling reception, message sink, key signals input, touch input etc.Except audio or video exports, alarm unit 153 can provide in a different manner and export with the generation of notification event.Such as, alarm unit 153 can provide output with the form of vibration, when receive calling, message or some other enter communication (incomingcommunication) time, alarm unit 153 can provide sense of touch to export (that is, vibrating) to notify to user.By providing such sense of touch to export, even if when the mobile phone of user is in the pocket of user, user also can identify the generation of various event.Alarm unit 153 also can provide the output of the generation of notification event via display unit 151 or dio Output Modules 152.
Memory 160 software program that can store process and the control operation performed by controller 180 etc., or temporarily can store oneself through exporting the data (such as, telephone directory, message, still image, video etc.) that maybe will export.And, memory 160 can store about when touch be applied to touch-screen time the vibration of various modes that exports and the data of audio signal.
Memory 160 can comprise the storage medium of at least one type, described storage medium comprises flash memory, hard disk, multimedia card, card-type memory (such as, SD or DX memory etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory (ROM), Electrically Erasable Read Only Memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc.And mobile terminal 100 can be connected the memory function of execute store 160 network storage device with by network cooperates.
Controller 180 controls the overall operation of mobile terminal usually.Such as, controller 180 performs the control relevant to voice call, data communication, video calling etc. and process.In addition, controller 180 can comprise the multi-media module 1810 for reproducing (or playback) multi-medium data, and multi-media module 1810 can be configured in controller 180, or can be configured to be separated with controller 180.Controller 180 can pattern recognition process, is identified as character or image so that input is drawn in the handwriting input performed on the touchscreen or picture.
Power subsystem 190 receives external power or internal power and provides each element of operation and the suitable electric power needed for assembly under the control of controller 180.
Various execution mode described herein can to use such as computer software, the computer-readable medium of hardware or its any combination implements.For hardware implementation, execution mode described herein can by using application-specific IC (ASIC), digital signal processor (DSP), digital signal processing device (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), processor, controller, microcontroller, microprocessor, being designed at least one performed in the electronic unit of function described herein and implementing, in some cases, such execution mode can be implemented in controller 180.For implement software, the execution mode of such as process or function can be implemented with allowing the independent software module performing at least one function or operation.Software code can be implemented by the software application (or program) write with any suitable programming language, and software code can be stored in memory 160 and to be performed by controller 180.
So far, oneself is through the mobile terminal according to its functional description.Below, for the sake of brevity, by the slide type mobile terminal that describes in various types of mobile terminals of such as folded form, board-type, oscillating-type, slide type mobile terminal etc. exemplarily.Therefore, the present invention can be applied to the mobile terminal of any type, and is not limited to slide type mobile terminal.
Mobile terminal 100 as shown in Figure 1 can be constructed to utilize and send the such as wired and wireless communication system of data via frame or grouping and satellite-based communication system operates.
Describe wherein according to the communication system that mobile terminal of the present invention can operate referring now to Fig. 2.
Such communication system can use different air interfaces and/or physical layer.Such as, the air interface used by communication system comprises such as frequency division multiple access (FDMA), time division multiple access (TDMA), code division multiple access (CDMA) and universal mobile telecommunications system (UMTS) (especially, Long Term Evolution (LTE)), global system for mobile communications (GSM) etc.As non-limiting example, description below relates to cdma communication system, but such instruction is equally applicable to the system of other type.
With reference to figure 2, cdma wireless communication system can comprise multiple mobile terminal 100, multiple base station (BS) 270, base station controller (BSC) 275 and mobile switching centre (MSC) 280.MSC280 is constructed to form interface with Public Switched Telephony Network (PSTN) 290.MSC280 is also constructed to form interface with the BSC275 that can be couple to base station 270 via back haul link.Back haul link can construct according to any one in some interfaces that oneself knows, described interface comprises such as E1/T1, ATM, IP, PPP, frame relay, HDSL, ADSL or xDSL.Will be appreciated that system as shown in Figure 2 can comprise multiple BSC2750.
Each BS270 can serve one or more subregion (or region), by multidirectional antenna or point to specific direction each subregion of antenna cover radially away from BS270.Or each subregion can by two or more antenna covers for diversity reception.Each BS270 can be constructed to support multiple parallel compensate, and each parallel compensate has specific frequency spectrum (such as, 1.25MHz, 5MHz etc.).
Subregion can be called as CDMA Channel with intersecting of parallel compensate.BS270 also can be called as base station transceiver subsystem (BTS) or other equivalent terms.Under these circumstances, term " base station " may be used for broadly representing single BSC275 and at least one BS270.Base station also can be called as " cellular station ".Or each subregion of particular B S270 can be called as multiple cellular station.
As shown in Figure 2, broadcast singal is sent to the mobile terminal 100 at operate within systems by broadcsting transmitter (BT) 295.Broadcast reception module 111 as shown in Figure 1 is arranged on mobile terminal 100 and sentences the broadcast singal receiving and sent by BT295.In fig. 2, several global positioning system (GPS) satellite 300 is shown.Satellite 300 helps at least one in the multiple mobile terminal 100 in location.
In fig. 2, depict multiple satellite 300, but understand, the satellite of any number can be utilized to obtain useful locating information.GPS module 115 as shown in Figure 1 is constructed to coordinate to obtain the locating information wanted with satellite 300 usually.Substitute GPS tracking technique or outside GPS tracking technique, can use can other technology of position of tracking mobile terminal.In addition, at least one gps satellite 300 optionally or extraly can process satellite dmb transmission.
As a typical operation of wireless communication system, BS270 receives the reverse link signal from various mobile terminal 100.Mobile terminal 100 participates in call usually, information receiving and transmitting communicates with other type.Each reverse link signal that certain base station 270 receives is processed by particular B S270.The data obtained are forwarded to relevant BSC275.BSC provides call Resourse Distribute and comprises the mobile management function of coordination of the soft switching process between BS270.The data received also are routed to MSC280 by BSC275, and it is provided for the extra route service forming interface with PSTN290.Similarly, PSTN290 and MSC280 forms interface, and MSC and BSC275 forms interface, and BSC275 correspondingly control BS270 so that forward link signals is sent to mobile terminal 100.
Based on above-mentioned mobile terminal hardware configuration and communication system, each embodiment of the inventive method is proposed.
For convenience of describing, the present invention is defined in and carries out between two mutual terminals, and the side initiating communication is control terminal, and the opposing party is for performing terminal.
First embodiment of the invention proposes a kind of terminal room and carries out mutual authority control method, and the method is applicable to the control terminal as initiator.Refer to Fig. 3, method flow comprises:
S310, according to operator input identity information identification is carried out to this operator;
S320, when the identity identifying this operator is legal, recognition result and this identity information to be encapsulated;
S330, to encapsulation data be encrypted;
S340, the enciphered data after encryption is sent to execution terminal, unlocked by the data of this execution terminal to this encryption and after generating key information, determine the operating right of this control terminal according to the key information generated.
In a preferred scheme, step S310 comprises:
Gather the physiological characteristic parameter can carrying out identification of this operator;
The physiological characteristic parameter collected and the data prestored are compared;
If comparison result is there are the data consistent with this physiological characteristic parameter, then think that the identity of this operator is legal.
In practical application, the physiological characteristic parameter can carrying out identification can adopt: fingerprint, eyeprint etc.
In certain practical application, identity information also can be password.
In a preferred scheme, can preset one at control terminal does not need the application program shown to complete corresponding data encryption feature.
In a preferred scheme, control terminal will receive the situation of the authentication performing terminal feedback, the operating right that such as whether identity is legal and current, and user can operate execution terminal according to current operating right on control terminal.
In a preferred scheme, between control terminal and execution terminal, adopt NFC (NearFieldCommunication) wireless near field communication.When have employed NFC communication, two terminals are only needed to touch just can complete and extremely identify when operating, easy to operate, and by the short range transmission of NFC, the safe transmission of enciphered data can be ensured.
The terminal room of the present embodiment carries out mutual authority control method, the identity information of control terminal to user is encrypted and then sends to execution terminal, by execution terminal to decrypt encrypted data, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, operation is simplified when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
On the basis of above-described embodiment, second embodiment of the invention provides between another kind of end carries out mutual authority control method, and the method is applicable to perform terminal.Refer to Fig. 4, method flow comprises:
The enciphered data that S410, reception control terminal send;
S420, generation key information is decrypted to this enciphered data;
S430, the key information of generation and prestored secret key information to be compared, search the prestored secret key information identical with the key information of this generation;
The prestored secret key information that S440, basis find determines the operating right of this control terminal.
In a preferred scheme, step S420 comprises:
This enciphered data is decrypted, obtains the identity information of operator;
Key information is generated according to this identity information;
Wherein, this identity information comprises the physiological characteristic parameter can carrying out identification.
In a preferred scheme, the method also comprises:
Operational order in this operating right is responded.
In a preferred scheme, a data decryption functions not needing the application program shown to complete correspondence can be preset performing terminal.
The terminal room of the present embodiment carries out mutual authority control method, the identity information of control terminal to user is encrypted and then sends to execution terminal, by execution terminal to decrypt encrypted data, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, operation is simplified when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
The embodiment of the present invention three provides another kind of terminal room and carries out mutual authority control method, is applicable to control terminal and performs terminal.The present embodiment is paid an application scenarios be described for being paid out of NFC, and combined by the relatively-stationary equipment such as mobile phone comparatively powerful for function and the not high PAD of functional requirement, wherein mobile phone is control terminal, and PAD is for performing terminal.Wherein control terminal and execution terminal all support the function of NFC communication, adopt point-to-point communication pattern.And control terminal and to perform in terminal all prefabricated and do not need the application program that shows, to complete control terminal and to perform data encrypting and deciphering function mutually corresponding between terminal.
Refer to Fig. 5, method flow comprises:
S510, mobile phone, near panel computer PAD, set up the NFC communication of point-to-point (P2P), and pay out to PAD transmission the request of paying.
S520, mobile phone gather the finger print information of active user.
The finger print information collected mates with the finger print information prestored by S530, mobile phone, identifies the identity of active user, if current user identities is legal, performs step S540.
The advantage adopting this step to operate confirms whether the user of mobile phone is that the people that gets close to of the information such as fingerprint is crossed in he or she or typing before, determines the identity of user, can the result of output matching after this step completes.
S540, mobile phone encapsulate the finger print information gathered and recognition result.
In this step, encapsulating the work mainly completed is comparison result and fingerprint etc. are determined the unique features information of personnel encapsulates.The object so done enables execution terminal according to this unique features information, carries out the division of the operation of priority.
Due to the present embodiment employing is NFC communication, therefore when encapsulating finger print information and recognition result, the finger print information of collection and recognition result is converted to data, then presses the form encapsulation such as ndef according to data.
S550, mobile phone send to PAD by after packaged data encryption.
S560, PAD receive the enciphered data that mobile phone sends, and are decrypted generation key information to enciphered data.
PAD receives the enciphered data that mobile phone transmits, and is decrypted operation by decipherment algorithm corresponding with it.Will encapsulation of data be obtained to after decrypt encrypted data, encapsulation of data be resolved to the recognition result that just can obtain finger print information and mobile phone terminal.PAD, according to this unique features information (finger print information), generates a key (secret key information).
It should be noted that, multiple key (secret key information) can be pre-set, as [key1......keyN] in execution terminal.The operating right that different key is corresponding is different.
S570, the key that generates after deciphering and default key to be compared, and according to the operating right of comparison result determination mobile phone active user.
Concrete, the key that deciphering generates is identical with the key which is preset, and can obtain the operating right corresponding with the key that this is preset.
Pay in scene paying out of the present embodiment, when PAD carries out line pays, can carry out according to key value the restriction paying amount, as key1 supports payment 1000 yuan, key2 support 800 etc.
S580, PAD end respond in the operating right of mobile phone active user mobile phone terminal pay out pay request.
Such as, if subscribers feeder paid, we can carry out according to key value the restriction paying amount, as key1 supports payment 1000 yuan, and key2 support 800 etc.If the payment amount of user is 800 yuan before single, if user's request pays out the amount of money paid beyond 800, so refusal pays by PAD end.
It should be noted that, the present embodiment pays out to pay a scene and illustrate, method of the present invention is equally also suitable for other application, and as picture library, we can to read different pictures according to key value, and the information such as note are also similar.A concrete scene is: the control of file access authority, and A, B two equipment, are provided with the access rights of different user to various file system in B, as picture library, and information etc.Now A wants to access the file system in B, and the method also can be adopted to carry out the control of operating right, concrete method and the present embodiment similar, repeat no more.
Adopt the identity information of control terminal to user of the present embodiment to be encrypted and then send to execution terminal, by execution terminal, ciphered data information is deciphered, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, operation is simplified when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
The embodiment of the present invention four provides a kind of control terminal, is applicable to the initiating equipment in terminal switch.Refer to Fig. 6, this control terminal comprises:
Recognition unit 610, carries out identification for the identity information inputted according to operator to this operator;
Encapsulation unit 620, for when the identity identifying this operator is legal, encapsulates recognition result and this identity information;
Ciphering unit 630, is encrypted for the data encapsulated this encapsulation unit;
Transmitting element 640, for the enciphered data after encryption is sent to execution terminal, is unlocked by the data of this execution terminal to this encryption and after generating key information, determines the operating right of this control terminal according to the key information generated.
In a preferred scheme, recognition unit 610 comprises:
Acquisition module, for gathering the physiological characteristic parameter can carrying out identification of this operator;
Comparing module, for comparing the parameter collected and the data prestored;
Judge module, for being there are the data consistent with this parameter at comparison result, then thinks that the identity of this operator is legal.
In a preferred scheme, control terminal can be communicated with execution terminal by NFC.
The control terminal of the present embodiment, the identity information of user is encrypted and then sends to execution terminal, by execution terminal to decrypt encrypted data, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, simplify operation when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
The embodiment of the present invention five provides a kind of execution terminal, and be applicable to the target device in terminal switch, refer to Fig. 7, this execution terminal comprises:
Receiving element 710, for receiving the enciphered data that control terminal sends;
Decryption unit 720, for being decrypted generation key information to this enciphered data;
Comparing unit 730, for the key information of generation and prestored secret key information being compared, searches the prestored secret key information identical with the key information of this generation;
Authority determining unit 740, for determining the operating right of this control terminal according to the prestored secret key information found.
In a preferred scheme, decryption unit comprises:
Deciphering module, for being decrypted this enciphered data, obtain the identity information of operator, wherein, this identity information comprises the physiological characteristic parameter can carrying out identification;
Generation module, for generating key information according to this identity information.
In a preferred scheme, this decryption unit comprises:
Deciphering module, for being decrypted this enciphered data, obtain the identity information of operator, wherein, this identity information comprises the physiological characteristic parameter can carrying out identification;
Generation module, for generating key information according to this identity information.
In a preferred scheme, this execution terminal also comprises:
Performance element, for responding the operational order in this operating right.
In a preferred scheme, control terminal can be communicated with execution terminal by NFC.
The execution terminal of the present embodiment, receive the enciphered data that control terminal sends, enciphered data is decrypted, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, simplify operation when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
The embodiment of the present invention six provides a kind of terminal room and carries out mutual authority control system, refers to Fig. 8, and this system comprises control terminal 81 and performs terminal 82.
Control terminal 81, for when determination operation person's identity is legal, sends enciphered data to this execution terminal.The structure of this control terminal 81 is identical with the control terminal of previous embodiment.
This execution terminal 82, for being decrypted generation key information to this enciphered data, and determines the operating right of this control terminal according to this key information, and responds the operational order in this operating right.Perform terminal 82 structure identical with the control terminal of previous embodiment.
The system of the present embodiment, be encrypted by the identity information of control terminal to user and then send to execution terminal, by execution terminal to decrypt encrypted data, and according to the operating right of the identity information determination control terminal decrypted, therefore terminal is performed without the need to carrying out secondary acquisition to identity information, simplify operation when ensuring information security, and according to the operating right of identity information determination control terminal, further ensure that information security during terminal interaction.
It should be noted that, in this article, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or device and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or device.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the device comprising this key element and also there is other identical element.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that above-described embodiment method can add required general hardware platform by software and realize, hardware can certainly be passed through, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, CD), comprising some instructions in order to make a station terminal equipment (can be mobile phone, computer, server, air conditioner, or the network equipment etc.) perform method described in each embodiment of the present invention.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (11)
1. terminal room carries out a mutual authority control method, is applicable to control terminal, it is characterized in that, described method comprises step:
Identity information according to operator's input carries out identification to described operator;
When the identity identifying described operator is legal, recognition result and described identity information are encapsulated;
The data of encapsulation are encrypted;
Enciphered data after encryption is sent to execution terminal, is unlocked by the data of described execution terminal to described encryption and after generating key information, determine the operating right of described control terminal according to the key information generated.
2. method according to claim 1, is characterized in that, the described identity information according to operator's input carries out identification to described operator, comprising:
Gather the physiological characteristic parameter can carrying out identification of described operator;
The physiological characteristic parameter collected and the data prestored are compared;
If comparison result is there are the data consistent with described physiological characteristic parameter, then think that the identity of described operator is legal.
3. terminal room carries out a mutual authority control method, is applicable to perform terminal, and it is characterized in that, described method comprises:
Receive the enciphered data that control terminal sends;
Generation key information is decrypted to described enciphered data;
The key information of generation and prestored secret key information are compared, searches the prestored secret key information identical with the key information of described generation;
The operating right of described control terminal is determined according to the prestored secret key information found.
4. method according to claim 1, is characterized in that, is describedly decrypted generation key information to described enciphered data, comprising:
Described enciphered data is decrypted, obtains the identity information of operator;
Key information is generated according to described identity information;
Wherein, described identity information comprises the physiological characteristic parameter can carrying out identification.
5. the method according to claim 3 or 4, is characterized in that, described method also comprises:
Operational order in described operating right is responded.
6. a control terminal, is characterized in that, described control terminal comprises:
Recognition unit, carries out identification for the identity information inputted according to operator to described operator;
Encapsulation unit, for when the identity identifying described operator is legal, encapsulates recognition result and described identity information;
Ciphering unit, is encrypted for the data encapsulated described encapsulation unit;
Transmitting element, for the enciphered data after encryption is sent to execution terminal, is unlocked by the data of described execution terminal to described encryption and after generating key information, determines the operating right of described control terminal according to the key information generated.
7. control terminal according to claim 6, is characterized in that, described recognition unit comprises:
Acquisition module, for gathering the physiological characteristic parameter can carrying out identification of described operator;
Comparing module, for comparing the physiological characteristic collected parameter and the data prestored;
Judge module, for being there are the data consistent with described physiological characteristic parameter at comparison result, then thinks that the identity of described operator is legal.
8. perform a terminal, it is characterized in that, described execution terminal comprises:
Receiving element, for receiving the enciphered data that control terminal sends;
Decryption unit, for being decrypted generation key information to described enciphered data;
Comparing unit, for the key information of generation and prestored secret key information being compared, searches the prestored secret key information identical with the key information of described generation;
Authority determining unit, for determining the operating right of described control terminal according to the prestored secret key information found.
9. execution terminal according to claim 8, is characterized in that, described decryption unit comprises:
Deciphering module, for being decrypted described enciphered data, obtain the identity information of operator, wherein, described identity information comprises the physiological characteristic parameter can carrying out identification;
Generation module, for generating key information according to described identity information.
10. execution terminal according to claim 8 or claim 9, it is characterized in that, described execution terminal also comprises:
Performance element, for responding the operational order in described operating right.
11. 1 kinds of terminal rooms carry out mutual authority control system, it is characterized in that, described system comprises control terminal as claimed in claims 6 or 7 and the execution terminal as described in any one of claim 9 to 10:
Described control terminal, for when determination operation person's identity is legal, sends enciphered data to described execution terminal;
Described execution terminal, for being decrypted generation key information to described enciphered data, and determines the operating right of described control terminal according to this key information, and responds the operational order in described operating right.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510642347.0A CN105282155B (en) | 2015-09-30 | 2015-09-30 | Authority control method, device and system for interaction between terminals |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510642347.0A CN105282155B (en) | 2015-09-30 | 2015-09-30 | Authority control method, device and system for interaction between terminals |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105282155A true CN105282155A (en) | 2016-01-27 |
| CN105282155B CN105282155B (en) | 2020-08-21 |
Family
ID=55150481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510642347.0A Active CN105282155B (en) | 2015-09-30 | 2015-09-30 | Authority control method, device and system for interaction between terminals |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105282155B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105898736A (en) * | 2016-05-25 | 2016-08-24 | 努比亚技术有限公司 | Mobile terminal and control method |
| CN106447326A (en) * | 2016-09-18 | 2017-02-22 | 努比亚技术有限公司 | Cross-terminal rapid payment method and payment terminal |
| CN111211898A (en) * | 2019-12-31 | 2020-05-29 | 歌尔科技有限公司 | Method for setting control authority of electronic equipment, electronic equipment and readable storage medium |
| CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930194A (en) * | 2012-09-20 | 2013-02-13 | 无锡华御信息技术有限公司 | Data security operating system and method based on authority management and control |
| CN104820509A (en) * | 2014-01-30 | 2015-08-05 | 联发科技(新加坡)私人有限公司 | Permission control method and touch control electronic devices |
-
2015
- 2015-09-30 CN CN201510642347.0A patent/CN105282155B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102930194A (en) * | 2012-09-20 | 2013-02-13 | 无锡华御信息技术有限公司 | Data security operating system and method based on authority management and control |
| CN104820509A (en) * | 2014-01-30 | 2015-08-05 | 联发科技(新加坡)私人有限公司 | Permission control method and touch control electronic devices |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105898736A (en) * | 2016-05-25 | 2016-08-24 | 努比亚技术有限公司 | Mobile terminal and control method |
| CN106447326A (en) * | 2016-09-18 | 2017-02-22 | 努比亚技术有限公司 | Cross-terminal rapid payment method and payment terminal |
| CN111211898A (en) * | 2019-12-31 | 2020-05-29 | 歌尔科技有限公司 | Method for setting control authority of electronic equipment, electronic equipment and readable storage medium |
| CN111211898B (en) * | 2019-12-31 | 2022-08-19 | 歌尔科技有限公司 | Method for setting control authority of electronic equipment, electronic equipment and readable storage medium |
| CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105282155B (en) | 2020-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104765994A (en) | User identity recognition method and device | |
| CN104935575A (en) | Login method, and authentication method and device | |
| CN105376062A (en) | Communication safety interaction method, device and system | |
| CN104793849A (en) | Application icon display method and device | |
| CN105117123A (en) | Device and method for displaying hidden object | |
| CN104735257A (en) | Quick message reply method and system | |
| CN105208011A (en) | Verification system and method | |
| CN105681326A (en) | Multilink data transmission device and method | |
| CN105099669A (en) | Recording encryption and decryption method and device | |
| CN104980429A (en) | Method, device and system for unified account login based on virtual user identification card | |
| CN104915606A (en) | File encryption and decryption methods and devices | |
| CN104834863A (en) | Wi-Fi password storage method and apparatus | |
| CN106817377A (en) | A kind of data encryption device, decryption device and method | |
| CN104915119A (en) | Regulation method and device of terminal desktop icon | |
| CN104836884A (en) | Standby unlocking method of mobile terminal, and mobile terminal | |
| CN105184183A (en) | Chatting record encryption method and mobile terminal | |
| CN104966013A (en) | Unlocking method and apparatus | |
| CN105095790A (en) | Hidden object view method and device | |
| CN104732162A (en) | File encryption processing method and device | |
| CN105095708A (en) | Unlocking method and device for mobile terminal | |
| CN104837113A (en) | Privacy information display method and terminal | |
| CN104883685A (en) | Network access method and device | |
| CN105138880A (en) | Processing apparatus and method for terminal operation data | |
| CN105282155A (en) | Authority control method, device and system for interaction among terminals | |
| CN105101187A (en) | Method and system for processing encrypted information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200707 Address after: 210013, Gu Ping Gang 4, Gulou District, Jiangsu, Nanjing Applicant after: Nanjing feimi Agricultural Technology Co.,Ltd. Address before: 518000 Guangdong Province, Shenzhen high tech Zone of Nanshan District City, No. 9018 North Central Avenue's innovation building A, 6-8 layer, 10-11 layer, B layer, C District 6-10 District 6 floor Applicant before: NUBIA TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210305 Address after: 210013 Block C, No.4 gupinggang, Gulou District, Nanjing City, Jiangsu Province Patentee after: Edge Intelligence Research Institute Nanjing Co.,Ltd. Address before: 210013 gulping 4, Gulou District, Nanjing, Jiangsu Patentee before: Nanjing feimi Agricultural Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230802 Address after: 570100 room 1207, block B, Haiken Plaza, No. 71, haixiu Middle Road, Longhua District, Haikou City, Hainan Province Patentee after: Meiya Excellence (Hainan) Software Co.,Ltd. Address before: 210013 Block C, No.4 gupinggang, Gulou District, Nanjing City, Jiangsu Province Patentee before: Edge Intelligence Research Institute Nanjing Co.,Ltd. |
|
| TR01 | Transfer of patent right |