CN101888442A - Security management method for mobile terminal and mobile terminal - Google Patents
Security management method for mobile terminal and mobile terminal Download PDFInfo
- Publication number
- CN101888442A CN101888442A CN2010101511186A CN201010151118A CN101888442A CN 101888442 A CN101888442 A CN 101888442A CN 2010101511186 A CN2010101511186 A CN 2010101511186A CN 201010151118 A CN201010151118 A CN 201010151118A CN 101888442 A CN101888442 A CN 101888442A
- Authority
- CN
- China
- Prior art keywords
- information
- chip
- portable terminal
- flash
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a security management method for a mobile terminal, and the mobile terminal. The mobile terminal comprises a baseband chip, a Flash chip and a trusted platform module (TPM) chip, wherein the TPM chip comprises an initialization module, a receiving module, a storage module, a verification module and a processing module, wherein the initialization module is used for receiving a drive signal of reading Flash information in the Flash chip from the baseband chip in the power-on of the mobile terminal to finish the initialization of the TPM chip; the receiving module is used for receiving first password information input by a user, and generating first user authentication information according to the first password information; the storage module is used for storing second user authentication information generated according to second password information; the verification module is used for comparing the first user authentication information with the second user authentication information to generate verification information; and the processing module is used for executing the corresponding operation of controlling the security of the mobile terminal according to the verification information. Through the method, better security protection can be provided for the mobile terminal by arranging the TPM chip in the mobile terminal.
Description
Technical field
The present invention relates generally to the safety management field of portable terminal, is meant a kind of method for managing security and portable terminal of portable terminal especially.
Background technology
At present, various portable terminals, as mobile phone, intercom, notebook computer etc. become people work the life in an indispensable part.With the mobile phone is example, the development of mobile phone also is to have experienced from low side to high-end, (Global System for Mobile Communications from the simulating mobile terminal to the Digital GSM, global system for mobile communications), arrive GPRS (General Packet Radio Service again, the general packet radio service technology), 3G (3rd-generation, the 3G (Third Generation) Moblie technology) process, function is sent short messages and can be surfed the Net from making a phone call, send out mail, take pictures, play games etc., its function and intellectuality from strength to strength, the memory space of mobile phone Flash (flash memory) is also increasing.High-end mobile phone is big more in the memory space that people enjoy the fast happy fail safe, particularly mobile phone of worrying it easily simultaneously again, and its Flash canned data is just many more, and fail safe is just important more.
In the prior art, have multiple mobile phone method for managing security, wherein a kind of mobile phone method for managing security is that the security management program that will contain " safety code " is stored in the mobile phone; Send first user profile to control centre then, control centre stores information; The security management program that Activates Phone; When control centre received user's release service request, control centre sent the information that contains " safety code " to this mobile phone after confirming, to the mobile phone release, and the closed safe hypervisor.
The inventor finds in realizing process of the present invention, at least there is following defective in the prior art: " safety code " and security management program must be stored among the Flash, if lawless people is carried out software refreshing to described Flash, will wipe " safety code " of storage, thereby this method for managing security was lost efficacy.
Summary of the invention
The present invention proposes a kind of method for managing security and portable terminal of portable terminal, by a credible platform module TPM chip is set in portable terminal, user authentication information is stored in the described TPM chip, and verify with first password information of user input, even therefore the Flash chip is refreshed the safety verification that does not also influence portable terminal, thereby has improved the fail safe of portable terminal.
Technical scheme of the present invention is achieved in that
A kind of portable terminal comprises baseband chip, flash memory Flash chip, also comprises credible platform module TPM chip, and an end of described TPM chip connects described baseband chip, and the other end of described TPM chip connects described Flash chip;
Described TPM chip comprises:
Initialization module is used for when described portable terminal powers on, and receives the drive signal that reads Flash information in the described Flash chip that described baseband chip sends, and finishes the initialization of described TPM chip;
Receiver module is used to receive first password information that the user imports, and generates first user authentication information according to described first password information;
Memory module is used to store second user authentication information that generates according to second password information;
Authentication module is used for more described first user authentication information and described second user authentication information, generates authorization information;
Processing module is used for carrying out according to described authorization information the operation of the described portable terminal safety of control corresponding.
Preferably, described processing module comprises:
First processing sub, be used for when described authorization information shows described first user authentication information and described second user authentication information coupling, read Flash information in the described Flash chip according to described drive signal, and send described Flash information to described baseband chip, finish the start operation of described portable terminal by described baseband chip control.
Preferably, described processing module also comprises:
Second processing sub is used for when described authorization information shows that described first user authentication information and described second user authentication information do not match, and produces information, and the prompting user imports first password information once more.
Preferably, described processing module also comprises:
Counting module is used to count the number of times that described second processing sub produces information;
Judge module is used to judge whether the counting of described counting module surpasses a threshold value;
The 3rd processing sub, be used for when described judge module judges that the counting of described counting module surpasses described threshold value, the authentication failed information that sends is to described baseband chip, finished the power-off operation of described portable terminal or destroyed Flash information in the described Flash chip by described baseband chip control.
Preferably, described TPM chip also comprises:
Module is set, is used to be provided with second password information;
Encrypting module is used for according to cryptographic algorithm described second password information being encrypted, and second password information after will encrypting and the authentication information of described portable terminal bind, and generates second user authentication information.
A kind of method for managing security of portable terminal is applied to comprise in the portable terminal of baseband chip, credible platform module TPM chip and flash memory Flash chip, comprising:
When described portable terminal powers on, receive the drive signal that reads Flash information in the described Flash chip that described baseband chip sends, finish the initialization of described TPM chip;
Receive first password information of user's input, and generate first user authentication information according to described first password information;
More described first user authentication information and second user authentication information of storing in advance generate authorization information;
Carry out the operation of the described portable terminal safety of control corresponding according to described authorization information.
Preferably, described operation according to the described portable terminal safety of described authorization information execution control corresponding specifically comprises:
When described authorization information shows described first user authentication information and described second user authentication information coupling, read Flash information in the described Flash chip according to described drive signal, and send described Flash information to described baseband chip, finish the start operation of described portable terminal by described baseband chip control.
Preferably, described operation according to the described portable terminal safety of described authorization information execution control corresponding specifically also comprises:
When described authorization information shows that described first user authentication information and described second user authentication information do not match, produce information, the prompting user imports first password information once more.
Preferably, described generation information also comprises after the prompting user imports first password information once more:
Counting produces the number of times of information;
Judge whether described counting surpasses a threshold value;
When described counting surpassed described threshold value, the authentication failed information that sends was to described baseband chip, finished the power-off operation of described portable terminal or destroyed Flash information in the described Flash chip by described baseband chip control.
Preferably, also comprise:
Second password information is set;
According to cryptographic algorithm described second password information is encrypted, and second password information after will encrypting and the authentication information of described portable terminal bind, generate second user authentication information and storage.
Technical solution of the present invention is by increasing by a credible platform module TPM chip in portable terminal, user authentication information is stored in the described TPM chip, and verify with first password information of user input, even therefore the Flash chip is refreshed the safety verification that does not also influence portable terminal, thereby has improved the fail safe of portable terminal by hardware mode.Further; because being stored in the authentication information (Chip ID and Flash ID) of user authentication information and mobile phone in the TPM chip binds; also can't be read even if the Flash chip is installed on other portable terminals, thereby realize portable terminal safety better protection.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the structural representation of a kind of portable terminal first embodiment of the present invention;
Fig. 2 is the logical construction schematic diagram of TPM chip of the present invention;
Fig. 3 is the schematic flow sheet of method for managing security first embodiment of a kind of portable terminal of the present invention;
Fig. 4 is the internal structure schematic diagram of TPM chip of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.Below the present invention among each embodiment, all be that example describes with the mobile phone terminal, but, be appreciated that, technical scheme of the present invention is not limited to mobile phone terminal, can also be applied to other various portable terminals such as intercom, the net book with mobile communication function, game machine, personal digital assistant or all-in-one multifunctional machine etc.
The invention provides a kind of technical scheme based on TPM (Trusted Platform Module, credible platform module) chip protection Flash safety, it has very high fail safe based on the thought realization of hardware security as protection Flash safety.In October, 1999, many tame IT (Information Technology information technology) giant unites initiation and sets up believable calculate platform (the Trusted Computing PlatformAlliance of alliance, TCPA), this alliance is devoted to facilitate a new generation to have safe and reliable hardware calculate platform.In March, 2003, (Trusted Computing Group TCG), wishes to formulate believable computer relevant criterion and standard, and proposed the TPM standard aspect the hardware and software two of cross-platform and operating environment to be reorganized as believable computation organization.The TPM chip at first must have the function that produces the encryption and decryption secret key; must be able to carry out data encryption and decryption at a high speed in addition; and serve as the auxiliary processor that protection BIOS (Basic InputOutput System, basic input output system) and operating system are not modified.Can prevent effectively that the disabled user from visiting.
With reference to Fig. 1, show the structural representation of a kind of portable terminal first embodiment of the present invention.Described portable terminal comprises baseband chip 100, flash memory Flash chip 300 and credible platform module TPM chip 200, certainly, described portable terminal is except comprising baseband chip 100, flash memory Flash chip 300 and credible platform module TPM chip 200, can also comprise parts such as battery module 400, LCD (Liquid Crystal Display LCDs) module 500, SIM (Subscriber Identity Module, subscriber identification module) card 600, keyboard 700, radio-frequency module 800.
Wherein, one end of described TPM chip 200 connects described baseband chip 100; the other end of described TPM chip 200 connects described Flash chip 300; thereby must be when making baseband chip 100 will read Flash information in the Flash chip 300 by 200 checkings of TPM chip; thereby make TPM chip 200 erect the bridge that the Chip chip is visited Flash chip 300, can play the effect of effective protection Flash chip 300 for mobile phone.
With reference to Fig. 2, show the logical construction schematic diagram of TPM chip 200 of the present invention.Described TPM chip 200 comprises:
Initialization module 210 is used for when described portable terminal powers on, and receives the drive signal that reads Flash information in the described Flash chip 300 that described baseband chip 100 sends, and finishes the initialization of described TPM chip 200.
When portable terminal such as mobile phone power on, master clock 26M Hz (crystal) and auxiliary clock 32.768K Hz (crystal) starting of oscillation, trigger baseband chip 100 work, baseband chip 100 will read Flash information must pass through TPM chip 200, TPM chip 200 operation chip operating system COS finish the initialization of chip internal.
Receiver module 220 is used to receive first password information that the user imports, and generates first user authentication information according to described first password information.
First password information of user's input is the information such as username and password that the user imports, after receiving first password information of user's input, can encrypt by cryptographic algorithms such as symmetric cryptographic algorithm, hash algorithms, and after encryption, can bind the authentication information of mobile phone, as generating first user authentication information after the information such as baseband chip Chip ID and Flash ID.
Memory module 230 is used to store second user authentication information that generates according to second password information.
Described second user authentication information is second password information that is set in advance by the user, and encrypt by cryptographic algorithms such as symmetric cryptographic algorithm, hash algorithms, and the authentication information of binding mobile phone forms after encryption, the authentication information of described mobile phone can comprise information such as baseband chip Chip ID and Flash ID.
Authentication module 240 is used for more described first user authentication information and described second user authentication information, generates authorization information.
Processing module 250 is used for carrying out according to described authorization information the operation of the described portable terminal safety of control corresponding.
Described authorization information shows described first user authentication information and described second user authentication information coupling or do not match, thereby can carry out the operation of the described portable terminal safety of control corresponding according to different authorization informations.As described in showing as authorization information first user authentication information and as described in second user authentication information coupling, then carry out the operation of control mobile terminal-opening; As described in showing as authorization information first user authentication information and as described in second user authentication information do not match, then carry out shutdown of control portable terminal or other protection operation.
Wherein, described processing module 250 comprises:
First processing sub, be used for when described authorization information shows described first user authentication information and described second user authentication information coupling, read Flash information in the described Flash chip 300 according to described drive signal, and send described Flash information to described baseband chip 100, finish the start operation of described portable terminal by described baseband chip 100 controls.
Described processing module 250 also comprises:
Second processing sub is used for when described authorization information shows that described first user authentication information and described second user authentication information do not match, and produces information, and the prompting user imports first password information once more.
Described processing module 250 comprises also and comprising:
Counting module is used to count the number of times that described second processing sub produces information.
Judge module is used to judge whether the counting of described counting module surpasses a threshold value.
The 3rd processing sub, be used for when described judge module judges that the counting of described counting module surpasses described threshold value, the authentication failed information that sends is to described baseband chip 100, finished the power-off operation of described portable terminal or destroyed Flash information in the described Flash chip 300 by described baseband chip 100 controls.
Described threshold value can be set a numerical value according to the actual requirements, and as being 5,10 or other numerical value, the present invention does not limit this.
If verify incorrect and surpass certain number of times, illustrate that then the user is the disabled user, send an authentication failed information to described baseband chip 100 this moment, finish the power-off operation of described portable terminal or destroy Flash information in the described Flash chip 300 by 100 controls of described baseband chip, can certainly carry out other operation, as reporting to the police etc.
Further, described TPM chip 200 also comprises:
Module is set, is used to be provided with second password information.
Encrypting module is used for according to cryptographic algorithm described second password information being encrypted, and second password information after will encrypting and the authentication information of described portable terminal bind, and generates second user authentication information.
The authentication information of described portable terminal comprises information such as base band Chip ID and Flash ID; because user authentication information and Chip ID and Flash ID bind; therefore Flash chip 300 is installed on other portable terminals and also can't be read, thereby realize the portable terminal better protection.
With reference to Fig. 4, be the internal structure schematic diagram of TPM chip of the present invention, wherein, described main processor modules is finished the control to whole TPM chip; Encrypting module carries out encryption and decryption according to cryptographic algorithms such as symmetric cryptographic algorithm, hash algorithms; Interface module is used for being connected with system board or other external interfaces; RAM is used to store intermediate object program; Flash is used for the chip operating system COS of storage chip etc.In the drawings, though its part and title exist different with logical construction shown in Figure 2, but it comes down to corresponding with logical construction schematic diagram shown in Figure 2, as the primary processor correspondence in the initialization module among Fig. 2 210, processing module 250 corresponding diagram 4, therefore interface module 220 corresponding interface modules, can not be assert Fig. 2 thus and Figure 4 shows that two different TPM chips, just Fig. 2 presentation function logic is formed, and Fig. 4 represents actual internal structure.
Technical solution of the present invention is by increasing by a credible platform module TPM chip in portable terminal, user authentication information is stored in the described TPM chip, and verify with first password information of user input, even therefore the Flash chip is refreshed the safety verification that does not also influence portable terminal, thereby has improved the fail safe of portable terminal by hardware mode.Further; because being stored in the authentication information (Chip ID and Flash ID) of user authentication information and mobile phone in the TPM chip binds; also can't be read even if the Flash chip is installed on other portable terminals, thereby realize portable terminal safety better protection.
With reference to Fig. 3, the schematic flow sheet of method for managing security first embodiment of a kind of portable terminal of the present invention is shown.Described method for managing security is applied to comprise in the portable terminal of baseband chip, credible platform module TPM chip and flash memory Flash chip.
The method for managing security of described portable terminal comprises:
The drive signal that reads Flash information in the described Flash chip that step S310, the described baseband chip of reception send is finished the initialization of described TPM chip.
When described portable terminal such as mobile phone power on, receive the drive signal that reads Flash information in the described Flash chip that described baseband chip sends, finish the initialization of described TPM chip.
Step S320, receive first password information of user's input, and generate first user authentication information according to described first password information.
After the TPM chip is finished initialization, receive first password information of user's input, and generate first user authentication information according to described first password information.
Step S330, more described first user authentication information and second user authentication information of storing in advance generate authorization information.
Step S340, carry out the operation of the described portable terminal safety of control corresponding according to described authorization information.
Wherein, described step S340 specifically comprises:
Step S341, when described authorization information shows described first user authentication information and described second user authentication information coupling, read Flash information in the described Flash chip according to described drive signal, and send described Flash information to described baseband chip, finish the start operation of described portable terminal by described baseband chip control.
Step S342, when described authorization information shows that described first user authentication information and described second user authentication information do not match, produce information, the prompting user imports first password information once more.
Can also comprise behind the described step S342:
Step S343, counting produce the number of times of information.
Step S344, judge that whether described counting surpasses a threshold value.
Step S345, when described counting surpasses described threshold value, the authentication failed information that sends is to described baseband chip, finished the power-off operation of described portable terminal or destroyed Flash information in the described Flash chip by described baseband chip control.
Described threshold value can be set a numerical value according to the actual requirements, and as being 5,10 or other numerical value, the present invention does not limit this.
If verify incorrect and surpass certain number of times, illustrate that then the user is the disabled user, send an authentication failed information to described baseband chip this moment, finish the power-off operation of described portable terminal or destroy Flash information in the described Flash chip by the control of described baseband chip, can certainly carry out other operation, as reporting to the police etc.
Further, the method for managing security of described portable terminal comprises and can also comprise:
Step S350, second password information is set.
Step S360, described second password information is encrypted, and second password information after will encrypting and the authentication information of described portable terminal bind, generate second user authentication information and storage according to cryptographic algorithm.
The authentication information of described portable terminal comprises information such as base band Chip ID and Flash ID; because user authentication information and Chip ID and Flash ID bind; therefore the Flash chip is installed on other portable terminals and also can't be read, thereby realize better protection Flash information.
It will be appreciated by those skilled in the art that, when portable terminal such as mobile phone use for the first time, can carry out described step S350, described step S350 can be carried out when making mobile phone by manufacturer, as unified second password information that is set to give tacit consent to, the user also can reset second password information, thereby need import new password information when starting shooting next time.
Described method embodiment is corresponding with described device embodiment, and the part of not describing in detail in method embodiment gets final product referring to the description of device embodiment relevant portion.
Technical solution of the present invention is by increasing by a credible platform module TPM chip in portable terminal, user authentication information is stored in the described TPM chip, and verify with first password information of user input, even therefore the Flash chip is refreshed the safety verification that does not also influence portable terminal, thereby has improved the fail safe of portable terminal by hardware mode.Further; because being stored in the authentication information (Chip ID and Flash ID) of user authentication information and mobile phone in the TPM chip binds; also can't be read even if the Flash chip is installed on other portable terminals, thereby realize portable terminal safety better protection.
More than technical solution of the present invention is described in detail, from user's use angle portable terminal of the present invention (is example with the mobile phone) is elaborated below.
One, user's initialization is provided with.
The user needs the initialization setting when using mobile phone or TPM function for the first time, mainly sets initial user personal information (second password information), closes the TPM function because mobile phone may be given tacit consent in Default Value.
Specific implementation is as follows:
The first step: the mobile phone start that powers on, mobile phone base band chip sends the drive signal that reads Flash information, reads Flash information by the TPM chip, and the TPM chip carries out basic initialization.
Second step: TPM chip internal system start-up, whether interface inquiry user will open the TPM function, if the user selects "Yes", the TPM chip just requires the user that personal information (second password information) is set, as username and password, carried out for the 3rd step,, then carried out for the 4th step if the user selects "No".
The 3rd step: second password information that TPM will be provided with is with password calculation algorithm for encryption formation ciphertext and be stored among self Flash.
The 4th step: read Flash information, mobile phone enters standby interface.
Specific to MMI (Man Machine Interface, be man-machine interface) figure, the user uses mobile phone for the first time, at first by the start of start key, interface prompt then " opening the TPM function? " at this time the user can select respectively be not or not, if selection "Yes", just enter next interface, the prompting user is provided with second password information (as username and password), and the user can be no more than 10 user name and 8 password by the keyboard input, edits the back and selects to determine just to have set the userspersonal information, the mobile phone normal boot-strap enters standby interface.If the user select " opening the TPM function? " the time select "No", mobile phone is directly started shooting, and enters standby interface.
Two, personal information checking has been described the user and how normally have been used the TPM function, testing personal information how, and specific implementation is as follows:
The first step: the mobile phone start that powers on, mobile phone base band chip sends the drive signal that reads Flash information, reads Flash information by the TPM chip, and the TPM chip carries out basic initialization.
Second step: the system start-up of TPM chip internal, whether TPM chip system arbitration functions opens, if opening is just carried out user information authentication, carries out for the 3rd step, if closed condition is just opened setting operation, carries out for the 7th step.
The 3rd step: the interface prompt user imports personal information, i.e. first password information (as username and password).
The 4th step: the TPM chip forms ciphertext with the password of user's input with password calculation algorithm for encryption, then with self Flash in the ciphertext of having stored compare, if unanimity then verify and pass through, the number of times of inconsistent and counters count is during less than five times, then remind the user to import once more, the counter of inner input user password adds 1, judge whether to reach five times, if import still authentication failed the 5th time, the prompting disabled user, mobile phone directly shuts down or carries out other operation then, thereby prevents disabled user's repeatedly experiment.
The 5th step: after the user profile checking is passed through, carry out user interface, three options can be arranged, (1) enters power on mode; (2) revise password; (3) close the TPM function.As selecting (2) cryptographic function of making amendment, then carried out for the 6th step, if select (1) or (3) then carried out for the 9th step.
The 6th step: must import an Old Password and twice new password, after new password generated, Old Password lost efficacy at once, carried out for the 9th step after new password is provided with successfully.
The 7th step: whether interface inquiry user will open the TPM function, if the user selects "Yes", the TPM chip just requires the user to import personal information.
The 8th step: TPM forms ciphertext with the personal identification number that is provided with password calculation algorithm for encryption and is stored among self Flash.
The 9th step: read Flash information, mobile phone enters standby interface.
Specific to MMI (Man Machine Interface, i.e. man-machine interface) figure, in two kinds of situation, first kind of situation: the TPM function is an opening; Second kind of situation: the TPM function is a closed condition.
First kind of situation: the user enters the start interface by the start key, the interface prompt user imports user password (first password information), the user can import username and password by keyboard, and at this moment the left and right soft key in interface is respectively and determines and cancellation, edits the back and selects to determine.
If user password correctly interface prompt " personal information checking is passed through! ", the interface enters user's option of operation, has three menus available, and (1) enters power on mode; (2) revise password; (3) close the TPM function.Select (1) or (3) mobile phone directly to enter standby interface, select (2) to enter password and revise the interface, prompting " please import original password ", determine back prompting " please import new password ", the interface of these three times input passwords all is an editing interface, determine back prompting " please importing new password once more ", prompting after determining " password is revised successfully! ", mobile phone enters standby interface, and new password has just come into force, and next start will be used new cipher authentication.
" personal information authentication failed of the interface prompt if user password is incorrect! ", the number of times that prompting simultaneously can also be imported the interface that the prompting user imports once more appears; last prompting can also be imported 1 time, if at this time go back authentication failed, just point out the disabled user; mobile phone just directly shuts down or carries out other operation, thereby protects mobile phone safety.
Second kind of situation: the user enters the start interface by the start key, interface prompt " opening the TPM function? " at this time the user can select respectively by left and right soft key be not or not, if select "Yes" by left soft key, just enter next interface, the prompting user imports personal information, and checking enters standby interface by mobile phone.If select "No", the direct standby interface of mobile phone by right soft key.
One of ordinary skill in the art will appreciate that; in each method embodiment of the present invention; the sequence number of described each step can not be used to limit the sequencing of each step; for those of ordinary skills; under the prerequisite of not paying creative work, the priority of each step is changed also within protection scope of the present invention.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a portable terminal comprises baseband chip, flash memory Flash chip, it is characterized in that, also comprise credible platform module TPM chip, an end of described TPM chip connects described baseband chip, and the other end of described TPM chip connects described Flash chip;
Described TPM chip comprises:
Initialization module is used for when described portable terminal powers on, and receives the drive signal that reads Flash information in the described Flash chip that described baseband chip sends, and finishes the initialization of described TPM chip;
Receiver module is used to receive first password information that the user imports, and generates first user authentication information according to described first password information;
Memory module is used to store second user authentication information that generates according to second password information;
Authentication module is used for more described first user authentication information and described second user authentication information, generates authorization information;
Processing module is used for carrying out according to described authorization information the operation of the described portable terminal safety of control corresponding.
2. portable terminal according to claim 1 is characterized in that, described processing module comprises:
First processing sub, be used for when described authorization information shows described first user authentication information and described second user authentication information coupling, read Flash information in the described Flash chip according to described drive signal, and send described Flash information to described baseband chip, finish the start operation of described portable terminal by described baseband chip control.
3. portable terminal according to claim 2 is characterized in that, described processing module also comprises:
Second processing sub is used for when described authorization information shows that described first user authentication information and described second user authentication information do not match, and produces information, and the prompting user imports first password information once more.
4. portable terminal according to claim 3 is characterized in that, described processing module also comprises:
Counting module is used to count the number of times that described second processing sub produces information;
Judge module is used to judge whether the counting of described counting module surpasses a threshold value;
The 3rd processing sub, be used for when described judge module judges that the counting of described counting module surpasses described threshold value, the authentication failed information that sends is to described baseband chip, finished the power-off operation of described portable terminal or destroyed Flash information in the described Flash chip by described baseband chip control.
5. according to each described portable terminal of claim 1 to 4, it is characterized in that described TPM chip also comprises:
Module is set, is used to be provided with second password information;
Encrypting module is used for according to cryptographic algorithm described second password information being encrypted, and second password information after will encrypting and the authentication information of described portable terminal bind, and generates second user authentication information.
6. the method for managing security of a portable terminal is applied to comprise in the portable terminal of baseband chip, credible platform module TPM chip and flash memory Flash chip, it is characterized in that, comprising:
When described portable terminal powers on, receive the drive signal that reads Flash information in the described Flash chip that described baseband chip sends, finish the initialization of described TPM chip;
Receive first password information of user's input, and generate first user authentication information according to described first password information;
More described first user authentication information and second user authentication information of storing in advance generate authorization information;
Carry out the operation of the described portable terminal safety of control corresponding according to described authorization information.
7. the method for managing security of portable terminal according to claim 6 is characterized in that, described operation according to the described portable terminal safety of described authorization information execution control corresponding specifically comprises:
When described authorization information shows described first user authentication information and described second user authentication information coupling, read Flash information in the described Flash chip according to described drive signal, and send described Flash information to described baseband chip, finish the start operation of described portable terminal by described baseband chip control.
8. the method for managing security of portable terminal according to claim 7 is characterized in that, described operation according to the described portable terminal safety of described authorization information execution control corresponding specifically also comprises:
When described authorization information shows that described first user authentication information and described second user authentication information do not match, produce information, the prompting user imports first password information once more.
9. the method for managing security of portable terminal according to claim 8 is characterized in that, described generation information also comprises after the prompting user imports first password information once more:
Counting produces the number of times of information;
Judge whether described counting surpasses a threshold value;
When described counting surpassed described threshold value, the authentication failed information that sends was to described baseband chip, finished the power-off operation of described portable terminal or destroyed Flash information in the described Flash chip by described baseband chip control.
10. according to the method for managing security of each described portable terminal of claim 6 to 9, it is characterized in that, also comprise:
Second password information is set;
According to cryptographic algorithm described second password information is encrypted, and second password information after will encrypting and the authentication information of described portable terminal bind, generate second user authentication information and storage.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101511186A CN101888442A (en) | 2010-04-16 | 2010-04-16 | Security management method for mobile terminal and mobile terminal |
| PCT/CN2010/075456 WO2011127697A1 (en) | 2010-04-16 | 2010-07-26 | Security management method for mobile terminal and mobile terminal thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101511186A CN101888442A (en) | 2010-04-16 | 2010-04-16 | Security management method for mobile terminal and mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101888442A true CN101888442A (en) | 2010-11-17 |
Family
ID=43074155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101511186A Pending CN101888442A (en) | 2010-04-16 | 2010-04-16 | Security management method for mobile terminal and mobile terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101888442A (en) |
| WO (1) | WO2011127697A1 (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102340578A (en) * | 2011-09-23 | 2012-02-01 | 中兴通讯股份有限公司 | Mobile terminal and starting-up method thereof |
| CN102946384A (en) * | 2012-10-24 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and device |
| CN103298158A (en) * | 2012-02-28 | 2013-09-11 | 芯讯通无线科技(上海)有限公司 | Communication module and control method thereof |
| CN105224885A (en) * | 2015-10-08 | 2016-01-06 | 宇龙计算机通信科技(深圳)有限公司 | A kind of data processing method and terminal |
| CN106529232A (en) * | 2016-10-19 | 2017-03-22 | 广东欧珀移动通信有限公司 | Startup method and device |
| CN107769917A (en) * | 2016-08-22 | 2018-03-06 | 普天信息技术有限公司 | A kind of credible platform and method for wireless terminal |
| CN108319848A (en) * | 2017-01-17 | 2018-07-24 | 深圳兆日科技股份有限公司 | Start-up control method and device |
| CN110223462A (en) * | 2019-06-12 | 2019-09-10 | 南通百旺金赋信息科技有限公司 | A kind of shared billing system of tax control tray |
| CN112307523A (en) * | 2020-11-09 | 2021-02-02 | 维沃移动通信有限公司 | Chip module, information processing method and device and electronic equipment |
| CN115544589A (en) * | 2022-07-04 | 2022-12-30 | 中国移动通信集团四川有限公司 | I/O port prevention and control method and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822013A (en) * | 2006-03-14 | 2006-08-23 | 上海一维科技有限公司 | Finger print biological identifying engine system and its identifying method based on credible platform module |
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101221509A (en) * | 2008-01-24 | 2008-07-16 | 武汉大学 | Bus arbitration starting method of reliable embedded platform |
| CN101222698A (en) * | 2007-01-12 | 2008-07-16 | 展讯通信(上海)有限公司 | IMEI code protection method based on hardware sequence number |
| CN101430747A (en) * | 2008-09-26 | 2009-05-13 | 武汉大学 | Movable equipment based on credible embedded platform and its security storage method |
| US20090249014A1 (en) * | 2008-03-25 | 2009-10-01 | Spansion Llc | Secure management of memory regions in a memory |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100502599C (en) * | 2003-10-10 | 2009-06-17 | 高延飞 | Security management method for mobile phone |
| CN100432890C (en) * | 2005-07-12 | 2008-11-12 | 中国长城计算机深圳股份有限公司 | Computer starting up identifying system and method |
| CN100481107C (en) * | 2006-11-24 | 2009-04-22 | 深圳兆日技术有限公司 | An identity control method based on credibility platform module and fingerprint identifying |
-
2010
- 2010-04-16 CN CN2010101511186A patent/CN101888442A/en active Pending
- 2010-07-26 WO PCT/CN2010/075456 patent/WO2011127697A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822013A (en) * | 2006-03-14 | 2006-08-23 | 上海一维科技有限公司 | Finger print biological identifying engine system and its identifying method based on credible platform module |
| CN101222698A (en) * | 2007-01-12 | 2008-07-16 | 展讯通信(上海)有限公司 | IMEI code protection method based on hardware sequence number |
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101221509A (en) * | 2008-01-24 | 2008-07-16 | 武汉大学 | Bus arbitration starting method of reliable embedded platform |
| US20090249014A1 (en) * | 2008-03-25 | 2009-10-01 | Spansion Llc | Secure management of memory regions in a memory |
| CN101430747A (en) * | 2008-09-26 | 2009-05-13 | 武汉大学 | Movable equipment based on credible embedded platform and its security storage method |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102340578A (en) * | 2011-09-23 | 2012-02-01 | 中兴通讯股份有限公司 | Mobile terminal and starting-up method thereof |
| CN103298158A (en) * | 2012-02-28 | 2013-09-11 | 芯讯通无线科技(上海)有限公司 | Communication module and control method thereof |
| CN102946384A (en) * | 2012-10-24 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and device |
| CN102946384B (en) * | 2012-10-24 | 2016-10-05 | 北京奇虎科技有限公司 | User authentication method and equipment |
| CN105224885A (en) * | 2015-10-08 | 2016-01-06 | 宇龙计算机通信科技(深圳)有限公司 | A kind of data processing method and terminal |
| CN107769917A (en) * | 2016-08-22 | 2018-03-06 | 普天信息技术有限公司 | A kind of credible platform and method for wireless terminal |
| CN106529232A (en) * | 2016-10-19 | 2017-03-22 | 广东欧珀移动通信有限公司 | Startup method and device |
| CN108319848A (en) * | 2017-01-17 | 2018-07-24 | 深圳兆日科技股份有限公司 | Start-up control method and device |
| CN108319848B (en) * | 2017-01-17 | 2020-09-29 | 深圳兆日科技股份有限公司 | Starting-up control method and device |
| CN110223462A (en) * | 2019-06-12 | 2019-09-10 | 南通百旺金赋信息科技有限公司 | A kind of shared billing system of tax control tray |
| CN112307523A (en) * | 2020-11-09 | 2021-02-02 | 维沃移动通信有限公司 | Chip module, information processing method and device and electronic equipment |
| CN112307523B (en) * | 2020-11-09 | 2024-09-24 | 维沃移动通信有限公司 | Chip module, information processing method and device and electronic equipment |
| CN115544589A (en) * | 2022-07-04 | 2022-12-30 | 中国移动通信集团四川有限公司 | I/O port prevention and control method and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011127697A1 (en) | 2011-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101888442A (en) | Security management method for mobile terminal and mobile terminal | |
| CN109472166B (en) | Electronic signature method, device, equipment and medium | |
| US9501652B2 (en) | Validating sensitive data from an application processor to modem processor | |
| US8700908B2 (en) | System and method for managing secure information within a hybrid portable computing device | |
| EP2633464B1 (en) | Software authentication | |
| CN101034991B (en) | Secure guiding system, method, code signature construction method and authentication method | |
| US10237072B2 (en) | Signatures for near field communications | |
| CN102970139B (en) | Data security validation method and device | |
| CN102880560A (en) | User privacy data protection method and mobile terminal using user privacy data protection method | |
| EP3251044B1 (en) | Portable security device | |
| WO2019047148A1 (en) | Password verification method, terminal, and computer readable storage medium | |
| CN105320891B (en) | A kind of method and device of computer security loading system mirror image | |
| CA2745975C (en) | Utilization of a microcode interpreter built in to a processor | |
| CN109902477A (en) | Ensure voice communication safety | |
| CN102521169B (en) | Confidential USB (universal serial bus) memory disk with display screen and security control method of confidential USB memory disk | |
| CN113055157B (en) | Biological characteristic verification method and device, storage medium and electronic equipment | |
| EP1789873A2 (en) | Non-intrusive trusted user interface | |
| CN111125705B (en) | Capability opening method and device | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| CN108182745A (en) | The smart lock and its encryption method of a kind of decentralization | |
| KR20120100342A (en) | Security token device and rf module and method of authentication usable in smartphone and pc | |
| WO2016184087A1 (en) | Method and system for transmitting information inter-device, source terminal and storage medium | |
| KR20110030515A (en) | Security token device and method of authentication usable in smartphone | |
| CN105844147A (en) | Application attestation method and apparatus | |
| CN101369254A (en) | Data protection method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101117 |