[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110895612B - Unlocking method and device and terminal equipment - Google Patents

Unlocking method and device and terminal equipment Download PDF

Info

Publication number
CN110895612B
CN110895612B CN201811067794.8A CN201811067794A CN110895612B CN 110895612 B CN110895612 B CN 110895612B CN 201811067794 A CN201811067794 A CN 201811067794A CN 110895612 B CN110895612 B CN 110895612B
Authority
CN
China
Prior art keywords
operating system
data
decryption
information
data corresponding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811067794.8A
Other languages
Chinese (zh)
Other versions
CN110895612A (en
Inventor
魏明业
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201811067794.8A priority Critical patent/CN110895612B/en
Priority to PCT/CN2019/105293 priority patent/WO2020052579A1/en
Publication of CN110895612A publication Critical patent/CN110895612A/en
Application granted granted Critical
Publication of CN110895612B publication Critical patent/CN110895612B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The application discloses an unlocking method and device and terminal equipment, wherein the method comprises the following steps: collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked; checking whether the first decryption data and the second decryption data are correct or not to obtain a checking result; and the verification result indicates that the first operating system is unlocked when the first decrypted data and the second decrypted data are verified to be correct.

Description

Unlocking method and device and terminal equipment
Technical Field
The present application relates to unlocking technologies, and in particular, to an unlocking method and apparatus for an operating system, and a terminal device.
Background
As terminal devices continue to evolve, the morphology presented by the terminal devices becomes more and more rich. From the viewpoint of the operating system and the display screen, the terminal device has the form of a single-screen double-operating system or the form of a double-screen single-operating system. The single-screen dual-operation system refers to that the terminal equipment is provided with one display screen and two operation systems, however, the display screen can only load the interface of one operation system, but can not load the interfaces of two operation systems at the same time, and when the user unlocks the terminal equipment of the single-screen dual-operation system, the user only inputs the password of one operation system, for example: if the password of the first operating system is input, unlocking the first operating system is realized; if the password of the second operating system is input, unlocking of the second operating system is achieved, and the security verification portions between the two operating systems are independent of each other. The double-screen single-operation system refers to that the terminal equipment is provided with two display screens and an operation system, the two display screens can load different interfaces of one operation system, such as interfaces of different Applications (APP), and when a user unlocks the terminal equipment of the double-screen single-operation system, only the password of the single operation system is needed to be input. The unlocking mode of the terminal equipment is only aimed at an operating system, so that the safety is very low, and once the safety information of the operating system is leaked, the operating system is easy to invade by illegal personnel.
Disclosure of Invention
The embodiment of the application provides an unlocking method and device and terminal equipment.
The unlocking method provided by the embodiment of the application comprises the following steps:
collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked;
checking whether the first decryption data and the second decryption data are correct or not to obtain a checking result;
and the verification result indicates that the first operating system is unlocked when the first decrypted data and the second decrypted data are verified to be correct.
The unlocking device provided by the embodiment of the application comprises:
the acquisition unit (1001) is configured to acquire first decrypted data corresponding to a first operating system and second decrypted data corresponding to a second operating system, where the first operating system is an operating system to be unlocked;
a verification unit (1002) configured to verify whether the first decrypted data and the second decrypted data are correct, to obtain a verification result;
and the unlocking unit (1003) is used for unlocking the first operating system when the verification result shows that the first decryption data and the second decryption data are correct.
The terminal equipment provided by the embodiment of the application comprises: the unlocking device comprises a processor and a memory, wherein the memory is used for storing a computer program, and the processor is used for calling and running the computer program stored in the memory to execute the unlocking method.
The chip provided by the embodiment of the application comprises: and the processor is used for calling and running the computer program from the memory so that the device provided with the chip executes the unlocking method.
The computer readable storage medium provided by the embodiment of the application is used for storing a computer program, and the computer program enables a computer to execute the unlocking method.
The computer program product provided by the embodiment of the application comprises computer program instructions, wherein the computer program instructions enable a computer to execute the unlocking method.
The embodiment of the application provides a computer program which enables a computer to execute the unlocking method.
In the technical scheme of the embodiment of the application, the terminal equipment has a double-display-area double-operating-system form, two display areas of the terminal equipment can be simultaneously loaded with interfaces of two operating systems, the two operating systems are respectively a first operating system and a second operating system, and when a user needs to unlock the first operating system, first decryption data corresponding to the first operating system and second decryption data corresponding to the second operating system are acquired; checking whether the first decryption data and the second decryption data are correct or not to obtain a checking result; and the verification result indicates that the first operating system is unlocked when the first decrypted data and the second decrypted data are verified to be correct. By adopting the technical scheme of the embodiment of the application, when any one of the dual operating systems is unlocked, the two decrypted data of the dual operating systems are required to be checked, namely the two operating systems are required to cooperate to finish the final unlocking operation, so that the safety of the terminal equipment is improved.
Drawings
The drawings illustrate generally, by way of example and not by way of limitation, various embodiments discussed herein.
Fig. 1 is a schematic flow chart of an unlocking method according to an embodiment of the present application;
FIG. 2 is a block diagram of a dual operating system according to an embodiment of the present application;
FIG. 3 is a second block diagram of a dual operating system according to an embodiment of the present application;
FIG. 4 is a schematic flow chart of collecting encrypted data according to an embodiment of the present application;
fig. 5 is a second schematic flow chart of an unlocking method according to an embodiment of the present application;
fig. 6 is a schematic diagram of an unlocking interface provided in an embodiment of the application;
fig. 7 is a second schematic diagram of an unlocking interface provided in an embodiment of the application;
fig. 8 is a schematic diagram III of an unlocking interface provided in an embodiment of the application;
fig. 9 is a schematic diagram of an unlocking interface provided in an embodiment of the application;
fig. 10 is a schematic diagram illustrating the structural components of an unlocking device according to an embodiment of the present application
Fig. 11 is a schematic block diagram of a terminal device according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a chip according to an embodiment of the present application.
Detailed Description
The technical scheme of the embodiment of the application is suitable for the terminal equipment with double display areas and double operation systems, and the terminal equipment can be mobile phones, tablet computers, palm computers, game machines and other equipment. The terminal equipment of the double-display-area double-operating system loads two operating systems on the two display areas respectively, the two operating systems are mutually independent, and a user can operate the two operating systems at the same time, so that user experience is facilitated. The dual display area may be implemented by two independent physical screens, or one screen may have two independent display areas, for example, a larger screen or a flexible screen may implement two independent display areas.
The following description of the technical solutions according to the embodiments of the present application will be given with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Fig. 1 is a schematic flow chart of an unlocking method provided by an embodiment of the present application, as shown in fig. 1, the unlocking method includes the following steps:
step 101: collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked.
In the embodiment of the application, the terminal equipment is provided with two operating systems, namely a first operating system and a second operating system. The first operating system and the second operating system may be the same type of operating system, or may be different types of operating systems, for example: the first operating system and the second operating system are both android operating systems, or the first operating system and the second operating system are both iOS operating systems, or the first operating system is an android operating system, the second operating system is an iOS operating system, or the first operating system is an iOS operating system, and the second operating system is an android operating system. Further, if the first operating system and the second operating system are the same type of operating system, the system versions of the first operating system and the second operating system may be the same or different.
Referring to fig. 2, fig. 2 is a block diagram of a dual operating system, where operating system 1 and operating system 2 are isolated from each other, and no direct snoop or interaction is possible between operating system 1 and operating system 2 without a master-slave division. The operating system 1, the operating system 2 and User management (User Manager) are located in a rich execution environment (REE, rich Execution Environment), and the trusted application is located in a trusted execution environment (TEE, trust Execution Environment), and in the embodiment of the present application, the hardware where the TEE is located is called a security chip, and is responsible for storing encrypted data and verifying decrypted data.
In the embodiment of the application, before first decrypted data corresponding to a first operating system and second decrypted data corresponding to a second operating system are acquired, a first screen locking interface is displayed on a first display area, and the first screen locking interface is used for acquiring the first decrypted data corresponding to the first operating system; and displaying a second screen locking interface or a standby interface on a second display area, wherein the second screen locking interface or the standby interface is used for acquiring first decryption data corresponding to the first operating system, the second screen locking interface is displayed on the second display area when the second operating system is in a locked state, and the standby interface is displayed on the second display area when the second operating system is in an unlocked state.
In the embodiment of the present application, how to determine whether the currently unlocked operating system is the first operating system or the second operating system may be implemented by the following manner:
mode one: after the first decryption data and the second decryption data are acquired, determining that the first operating system is the operating system to be unlocked based on the first decryption data and the second decryption data.
Specifically, determining first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data; and the first operating system is an operating system to be unlocked under the condition that the first time stamp information is earlier than the second time stamp information.
For example, when the terminal device collects the first decrypted data, the corresponding first timestamp information is recorded as T1, when the terminal device collects the second decrypted data, the corresponding second timestamp information is recorded as T2, and if T1 is earlier than T2 (i.e., T1 is smaller than T2), then it is determined that the currently unlocked operating system is the first operating system.
Mode two: and determining the first operating system as the operating system to be unlocked based on a first setting operation corresponding to the first operating system.
For example, the user may double-click on the first display area, triggering the first operating system to be the operating system to be unlocked. Or the user can adjust the terminal equipment to a certain gesture, so that after the gravity sensor or the gyroscope detects that the gesture parameter of the terminal equipment meets the preset condition, the first operating system is triggered to be the operating system to be unlocked.
In the embodiment of the present application, the acquisition of the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system may be implemented by the following methods:
mode one: collecting first decryption data corresponding to the first operating system on a first display area, and sending the first decryption data to a security chip by the first operating system; and acquiring second decryption data corresponding to the second operating system on a second display area, and sending the second decryption data to the security chip by the second operating system.
For example: the method comprises the steps that a first display area and a second display area of the terminal equipment are both touch display screens, the first display area is used for displaying an interface of a first operating system, the second display area is used for displaying an interface of a second operating system, a user inputs first decryption data in a touch mode on the first display area, the first display area acquires the first decryption data, correspondingly, the first operating system acquires the first decryption data, and the first operating system sends the first decryption data to a security chip for verification; and similarly, the user inputs second decryption data in a touch manner on the second display area, the second display area acquires the second decryption data, and correspondingly, the second operation system acquires the second decryption data and sends the second decryption data to the security chip for verification.
In an embodiment, a sliding operation is obtained, a starting position of the sliding operation being located in the first display area, and an ending position of the sliding operation being located in the second display area; acquiring initial position information of the sliding operation on the first display area, and determining first decryption data corresponding to the first operating system based on the initial position information, wherein the first operating system sends the first decryption data to a security chip; and acquiring the end position information of the sliding operation on the second display area, determining second decryption data corresponding to the second operating system based on the end position information, and sending the second decryption data to the security chip by the second operating system. Further, the start position information of the sliding operation corresponds to first digital information, the end position information of the sliding operation corresponds to second digital information, the first digital information is used as the first decryption data, and the second digital information is used as the second decryption data; or, the start position information of the sliding operation corresponds to first letter information, the end position information of the sliding operation corresponds to second letter information, the first letter information is used as the first decryption data, and the second letter information is used as the second decryption data. Here, the first digital information and the second digital information may be the same digital information or may be different digital information. Also, the first letter information and the second letter information may be the same letter information or may be different letter information.
In a specific application process, the user slides from a first position on the first display area to a second position on the second display area, where the position information of the first position corresponds to the first decrypted data (i.e., the first digital information or the first letter information), and the position information of the second position corresponds to the second decrypted data (i.e., the second digital information or the second letter information). Or, the user touches a first position on the first display area, and then touches a second position on the second display area, where the position information of the first position corresponds to the first decrypted data (i.e., the first digital information or the first letter information), and the position information of the second position corresponds to the second decrypted data (i.e., the second digital information or the second letter information).
In another embodiment, a sliding operation is obtained, a starting position of the sliding operation being located in the first display area, and an ending position of the sliding operation being located in the second display area; collecting first fingerprint information of the sliding operation on the first display area as first decryption data corresponding to the first operating system, and sending the first decryption data to a security chip by the first operating system; and acquiring second fingerprint information of the sliding operation on the second display area as second decryption data corresponding to the second operating system, and sending the second decryption data to the security chip by the second operating system.
The first display area and the second display area of the terminal equipment are respectively provided with a fingerprint acquisition device, the first display area is used for displaying an interface of a first operating system, the second display area is used for displaying an interface of a second operating system, a user presses the fingerprint acquisition area on the first display area, so that first decryption data are acquired, and correspondingly, the first operating system acquires the first decryption data and sends the first decryption data to the security chip for verification; and similarly, the user presses a fingerprint acquisition area on the second display area, so that second decryption data are acquired, and correspondingly, the second operation system acquires the second decryption data and sends the second decryption data to the security chip for verification.
In the specific application process, a user slides from a fingerprint acquisition area on a first display area to a fingerprint acquisition area on a second display area, fingerprint information acquired on the first display area corresponds to first decryption data, and fingerprint information acquired on the second display area corresponds to second decryption data. Or, the user may press the fingerprint acquisition area on the first display area first, and then press the fingerprint acquisition area on the second display area, where the fingerprint information acquired on the first display area corresponds to the first decrypted data, and the fingerprint information acquired on the second display area corresponds to the second decrypted data. It should be noted that the fingerprint information collected on the two display areas may be the same or different.
Mode two: acquiring first decryption data corresponding to the first operating system by using an image acquisition device, wherein the first operating system sends the first decryption data to a security chip; and acquiring second decryption data corresponding to the second operating system by using the image acquisition device, and sending the second decryption data to the security chip by the second operating system.
In an embodiment, a first image is acquired by using an image acquisition device, the first image is analyzed to obtain first decryption data corresponding to the first operating system, and the first operating system sends the first decryption data to a security chip; and acquiring a second image by using the image acquisition device, analyzing the second image to obtain second decryption data corresponding to the second operating system, and sending the second decryption data to the security chip by the second operating system. Further, the first image is a first face image, and the second image is a second face image; alternatively, the first image is a first iris image, and the second image is a second iris image. Here, the first face image and the second face image may be the same face image or may be different face images. Also, the first iris image and the second iris image may be the same iris image or may be different iris images.
For example: the terminal equipment is provided with an image acquisition device, such as a two-dimensional camera and a stereo camera, a first display area is used for displaying an interface of a first operating system, a second display area is used for displaying an interface of a second operating system, the first operating system can call the image acquisition device to acquire face image information, and accordingly, the first operating system acquires first decryption data, and the first operating system sends the first decryption data to the security chip for verification; similarly, the second operating system can also call the image acquisition device to acquire the face image information, and correspondingly, the second operating system acquires second decryption data, and the second operating system sends the second decryption data to the security chip for verification. It should be noted that the face image information acquired by the first operating system and the face image information acquired by the second operating system may be the same or different.
In the above example, the image capturing device is used to capture the face image, and the embodiment of the application is not limited thereto, and the image capturing device may also capture other information, such as iris information, gesture information, and the like, as the decryption data.
Mode three: collecting first decryption data corresponding to the first operating system by utilizing a sound collecting device, and sending the first decryption data to a security chip by the first operating system; and acquiring second decryption data corresponding to the second operating system by utilizing the sound acquisition device, and sending the second decryption data to the security chip by the second operating system.
For example: the terminal equipment is provided with a sound acquisition device, a first display area is used for displaying an interface of a first operating system, a second display area is used for displaying an interface of a second operating system, the first operating system can call the sound acquisition device to acquire semantic information and/or voiceprint information, correspondingly, the first operating system acquires first decryption data, and the first operating system sends the first decryption data to the security chip for verification; similarly, the second operating system can also call the sound collection device to collect semantic information and/or voiceprint information, and correspondingly, the second operating system obtains second decryption data, and the second operating system sends the second decryption data to the security chip for verification. It should be noted that the semantic information and/or the voiceprint information acquired by the first operating system may be the same as or different from the semantic information and/or the voiceprint information acquired by the second operating system.
Step 102: and checking whether the first decrypted data and the second decrypted data are correct or not to obtain a checking result.
In the embodiment of the application, a security chip verifies whether the first decryption data and the second decryption data are correct or not to obtain a verification result, and the verification result is sent to the first operating system; and when the verification result shows that the first decrypted data and the second decrypted data are correct, the first operating system performs unlocking operation.
In the embodiment of the present application, if the operating system to be unlocked is determined based on the first setting operation, before the secure chip verifies the first decrypted data and the second decrypted data, it may be further determined that the first timestamp information corresponding to the first decrypted data and the second timestamp information corresponding to the second decrypted data, and if the first timestamp information is earlier than the second timestamp information, the first decrypted data and the second decrypted data are verified to be correct, so as to obtain a verification result. If the first time stamp information is later than the second time stamp information, unlocking fails.
In the embodiment of the application, considering that the total time for completing one unlocking operation is limited, the time interval between the first time stamp information and the second time stamp information needs to be limited in one time length, for this purpose, a time threshold value is set in the security chip, and if the time interval between the first time stamp information and the second time stamp information is smaller than or equal to the time threshold value, the security chip is triggered to check whether the first decryption data and the second decryption data are correct, so as to obtain a check result. In this way, terminal power consumption can be saved.
In the embodiment of the application, the security chip stores first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system in advance, the collection of the first encrypted data and the second encrypted data is the same as the collection of the first decrypted data and the second decrypted data, and the terminal equipment collects the first encrypted data corresponding to the first operating system and the second encrypted data corresponding to the second operating system and stores the first encrypted data and the second encrypted data. The method can be realized by the following steps:
mode one: collecting first encrypted data corresponding to the first operating system on a first display area, and sending the first encrypted data to a security chip by the first operating system; collecting second encrypted data corresponding to the second operating system on a second display area, and sending the second encrypted data to the security chip by the second operating system; the security chip stores the first encrypted data and the second encrypted data.
Mode two: acquiring first encrypted data corresponding to the first operating system by using an image acquisition device, wherein the first operating system sends the first encrypted data to a security chip; acquiring second encrypted data corresponding to the second operating system by using the image acquisition device, wherein the second operating system sends the second encrypted data to the security chip; the security chip stores the first encrypted data and the second encrypted data.
Mode three: collecting first encrypted data corresponding to the first operating system by utilizing a sound collecting device, and sending the first encrypted data to a security chip by the first operating system; acquiring second encrypted data corresponding to the second operating system by using the sound acquisition device, wherein the second operating system sends the second encrypted data to the security chip; the security chip stores the first encrypted data and the second encrypted data.
In the embodiment of the application, the content stored by the security chip comprises first encrypted data and second encrypted data, and further, the security chip also stores the relation (early-late relation) between the time stamp information corresponding to the first encrypted data and the time stamp information corresponding to the second encrypted data. The time threshold value may be set by the secure chip, or may be determined based on time stamp information of two encrypted data.
After the security chip acquires the first encrypted data and the second encrypted data, comparing the first decrypted data with the first encrypted data, and if the first decrypted data is consistent with the first encrypted data, checking the first decrypted data successfully; comparing the second decrypted data with the second encrypted data, and if the second decrypted data is consistent with the second encrypted data, checking the second decrypted data successfully.
Step 103: and the verification result indicates that the first operating system is unlocked when the first decrypted data and the second decrypted data are verified to be correct.
In the embodiment of the application, after the first operating system is unlocked, the first operating system enters a main interface, or a desktop, or an operation interface of the last time of a user before the current unlocking.
The above technical solution of the embodiment of the present application is that, taking the first operating system as an example, the manner of unlocking the second operating system is the same as that of the first operating system, and in addition, the user can unlock the first operating system and the second operating system at the same time. According to the embodiment of the application, the operation systems are easy to operate by means of interaction of the two operation systems, the user organoleptic properties are strong, and the information of the two operation systems is interacted to unlock more safely.
In the above-mentioned scheme of the embodiment of the present application, before the first operating system is unlocked, the first operating system is in a locked state (otherwise referred to as an unlocked state) by default, and the second operating system may be in an unlocked state or in a locked state.
For the UI, 1) if both operating systems are in the locked state, after the unlocked state is triggered (the unlocked state may be triggered by touching the screen, or the unlocked state may be triggered by a specific key), the first display area displays the unlocking mode (for example, number, character, fingerprint, voiceprint, face recognition, etc.) of the first operating system, the second display area displays the unlocking mode (for example, number, character, fingerprint, voiceprint, face recognition, etc.) of the second operating system, if the operating system to be unlocked is the first operating system, the unlocking mode of the second operating system may also be a virtual character (for example, a virtual frame), and the user drags the unlocking mode on the first display area to the unlocking mode on the second display area, so as to consider that the unlocking of the first operating system is successful; and the user drags the unlocking mode on the second display area to the unlocking mode on the first display area, and the unlocking of the second operating system is considered to be successful. The user successfully drags the unlocking mode in both directions, and the unlocking of the dual operating system is considered as successful. 2) If one of the two operating systems is in a locked state (e.g., the first operating system) and the other operating system is in an unlocked state (e.g., the second operating system), after the unlocked state is triggered (the unlocked state may be triggered by a touch screen or may be triggered by a specific key), the first display area normally displays the unlocking mode of the first operating system, and the second display area displays the virtual unlocking mode of the second operating system, where the virtual unlocking mode is different from the policy unlocking mode, and the difference is that the second operating system is in the unlocked state, and the user may perform an operation, and the same is that the unlocking mode may be provided to assist in unlocking the first operating system, and in specific implementation, the virtual unlocking mode and the normal unlocking mode may be displayed through different UIs, and the user may obviously distinguish whether the corresponding operating system is in the unlocked state or the locked state, for example: the interface of the virtual unlocking mode is semitransparent, and the interface of the normal unlocking mode is opaque, for example: the interface of the virtual unlocking mode is displayed through a first theme color, and the interface of the normal unlocking mode is displayed through a second theme color.
For verification of decrypted data, after triggering corresponding unlocking operations on two display areas, a user judges which screen is the screen to be unlocked by monitoring touch actions on the two display areas. And unlocking the main screen when the decryption data from the two display areas monitored by the main screen and the auxiliary screen are correct.
The following describes the technical solution of the embodiment of the present application with reference to the dual operating system structure shown in fig. 2 and fig. 3, and referring to fig. 2, the operating system 1 and the operating system 2 monitor the operations of the operating system 1 and the operating system 2 respectively through User management (User Manager), the operating system 1 and the operating system 2 respectively transmit the obtained first unlocking data and second unlocking data to the TEE, that is, the security chip, and the security chip checks the two unlocking data of the two operating systems, and after the verification is successful, the operating system 1 is unlocked, and the operating system 2 does not receive the verification result. Referring to fig. 3, in fig. 3, for implementing an unlocking scheme more safely, an android operating system is taken as an example, unlocking information can be obtained, and isolation running of two operating systems is not interfered, a Namespace (Namespace) can be adopted in the android operating system to monitor actions on the two android operating systems, the android operating system 1 and the android operating system 2 respectively transmit the obtained first unlocking data and second unlocking data to a TEE, namely a security chip, the security chip checks the two unlocking data of the two operating systems, and after the verification is successful, the android operating system 1 (can receive a check result) is unlocked, and the android operating system 2 does not receive the check result. The security check unlocking is guaranteed, and the independent operation of the two operating systems is guaranteed.
Fig. 4 is a schematic flow chart of collecting encrypted data according to an embodiment of the present application, in this embodiment, as shown in fig. 4, the flow chart of collecting encrypted data includes the following steps:
step 401: and selecting a main screen and an auxiliary screen.
Here, a main screen of encrypted data to be collected is selected, another screen is an auxiliary screen of encrypted data to be collected, a system corresponding to the main screen is an encrypted main system, a system corresponding to the auxiliary screen is an encrypted auxiliary verification system, for example, the encrypted main system is a system 1, and the encrypted auxiliary verification system is a system 2.
Here, the home screen may be determined by a user setting operation. For example: the action of long-time pressing and dragging by a user is automatically recorded as a main screen, and a system where the main screen is positioned is a system 1; the action record of dragging and then long pressing is used as an auxiliary screen, and the system where the auxiliary screen is located is the system 2. The system of the main screen has the authority of acquiring the verification result from the TEE (namely the security chip), and the system of the auxiliary screen has the authority of decrypting data transmission and does not acquire the verification result from the TEE. Once the home screen is set, no secondary change can be made unless the legitimate user releases the screen lock or changes the user lock.
Step 402: the first encrypted data is acquired from the system 1 where the home screen is located.
Here, the first encrypted data may be at least one of: numbers, characters, fingerprints, voiceprints, face recognition. Taking a digital unlocking mode as an example, the first encrypted data is information character 8 on the main screen, and the first system stores the first encrypted data as 8 or encrypted information corresponding to 8; taking the fingerprint unlocking mode as an example, the first encrypted data refers to fingerprint information 1 on the main screen, and the first system stores the first encrypted data as the fingerprint information 1 or the encrypted information corresponding to the fingerprint information 1.
Step 403: and acquiring second encrypted data from the system 2 where the auxiliary screen is located.
Here, the second encrypted data may be at least one of: numbers, characters, fingerprints, voiceprints, face recognition. Taking a digital unlocking mode as an example, the second encrypted data is information character 4 on the main screen, and the second system stores the second encrypted data as 4 or encrypted information corresponding to 4; taking the fingerprint unlocking mode as an example, the first encrypted data refers to fingerprint information 2 on the main screen, and the second system stores the second encrypted data as the fingerprint information 2 or the encrypted information corresponding to the fingerprint information 2.
Step 404: the first encrypted data corresponding to the home screen is stored in the TEE as check data for unlocking the first decrypted data (obtained by the system 1) of the home screen (system 1).
Step 405: the second encrypted data corresponding to the secondary screen is stored in the TEE as verification data for unlocking the second decrypted data (obtained by the system 2) of the primary screen (system 1).
Notably, the decryption data for unlocking the home screen (system 1) requires that the first decryption data obtained by system 1 and the second decryption data obtained by system 2 be implemented in cooperation.
Further, time stamp information may be acquired based on the acquisition time of the first encrypted data and the acquisition time of the second encrypted data, the time stamp information requiring that the acquisition time 1 of the first decrypted data (obtained by the system 1) unlocking the main screen (system 1) is earlier than the acquisition time 2 of the second decrypted data (obtained by the system 2) unlocking the main screen (system 1), and the acquisition time 1 and the acquisition time 2 are required to be within a certain period of time.
In addition, in the above scheme, the system 1 and the system 2 where the main screen and the auxiliary screen are located are both provided with a receiving identification bit, and the receiving identification bit is used for identifying whether the system can receive the verification result fed back by the TEE. Further, in the process of collecting the encrypted data, the receiving identification bits of the system 1 and the system 2 are set to be incapable of receiving the verification result fed back by the TEE, until the unlocking process is started and the main system to be unlocked is confirmed, the receiving identification bit of the main system is set to be capable of receiving the verification result fed back by the TEE, and the receiving identification bit of the auxiliary system is still set to be incapable of receiving the verification result fed back by the TEE.
The scheme completes the collection of the encrypted data of one system, and the collection mode of the encrypted data of the other system is the same as the process.
Fig. 5 is a second flow chart of an unlocking method according to an embodiment of the present application, as shown in fig. 5, where the unlocking method includes the following steps:
step 501: the unlocked state of the screen 1 is triggered.
Here, the manner of triggering the unlock state of the screen 1 includes, but is not limited to, the following manner:
light up screen 1, touch a specific area of screen 1, click screen 1 continuously.
Step 502: whether the screen 1 is in the unlocked state is determined, and if not, the process directly jumps to step 504.
Step 503: screen 1 displays a virtual unlocking mode.
Since the screen 1 is in the unlocked state, the displayed unlocking method is different from the unlocking method in the locked state, and the unlocking method in the unlocked state is referred to as a virtual unlocking method.
Step 504: monitor screen status.
Step 505: judging whether the screen 1 is a main screen or an auxiliary screen.
Here, the primary screen is a screen that needs to be unlocked, and the primary screen can receive the verification result fed back by the TEE, while the secondary screen cannot receive the verification result fed back by the TEE.
In one example, the method of judging whether the screen 1 is the main screen or the sub screen may be implemented by: if the action of pressing for a long time and then dragging is collected on the screen 1, automatically recording the action as a main screen of the screen 1; if the action of dragging and then long pressing is collected on the screen 1, the screen 1 is recorded as an auxiliary screen.
Step 506: and the system where the main screen is located transmits monitoring unlocking information and monitoring timestamp information to the TEE, and sets a receiving identification bit to be 1.
Here, a reception identification bit of 1 of the system represents that the check result from TEE feedback is allowed (can be received).
Here, the unlock information, that is, the decrypted data, includes unlock characters, unlock pattern information, unlock fingerprint information, and the like.
Step 507: the system where the auxiliary screen is located transmits monitoring unlocking information and monitoring time stamp information to the TEE, and sets a receiving identification bit to be 0.
Here, a reception identification bit of 0 of the system represents that the check result from TEE feedback is not allowed (cannot be received).
Here, the unlock information, that is, the decrypted data, includes unlock characters, unlock pattern information, unlock fingerprint information, and the like.
Step 508: and judging the time stamp information.
Here, the time stamp information may be set or obtained from the collection of encrypted data or from the collection of the positive and negative differences of the unlock speed samples.
The time stamp information of the characters monitored by the main screen indicates the time of the main screen action, and the time stamp information of the characters monitored by the auxiliary screen indicates the time of the auxiliary screen action.
Step 509: if the time of the main screen action is later than that of the auxiliary screen action, the unlocking is failed, and the unlocking failure information of the main system is returned.
Step 510: if the time of the screen action is earlier than the time of the auxiliary screen action, judging the time interval of the unlocking actions of the two systems. If the unlocking failure information is greater than the threshold value, the step 509 is skipped, and the unlocking failure information of the main system is returned.
Step 511: and if the time interval of the unlocking actions of the two systems is smaller than the threshold value, the TEE checks the unlocking information of the main screen.
Step 512: and judging whether the unlocking information of the main screen is correct.
If the main screen unlocking information is incorrect, the step 509 is skipped, and the verification result is fed back to the system where the main screen is located. After the system where the main screen is located reads the received identification bit, a verification result is obtained, and unlocking fails.
Step 513: if the main screen unlocking information is correct, the TEE checks the auxiliary screen unlocking information.
Step 514: judging whether the unlocking information of the auxiliary screen is correct.
If the unlocking information of the auxiliary screen is incorrect, the step 509 is skipped, and the verification result is fed back to the system where the main screen is located. After the system where the main screen is located reads the acquired identification bit, a verification result is acquired, and unlocking fails.
Step 515: if the unlocking information of the auxiliary screen is correct, the verification result is fed back to the system where the main screen is located. After the system where the main screen is located reads the received identification bit, a verification result is obtained, and unlocking is successful.
The technical solution of the embodiment of the present application is described below with reference to a User Interface (UI).
The invention unlocks two systems, but from the perspective of user experience, the invention has smooth operation, and when the unlocking operation is carried out, the interactive unlocking of the two systems is more similar to the completion of the interaction of a double screen for the user. Simple operation and clear sense.
Application example one
The user selects the system to be unlocked, referring to fig. 6, the screen corresponding to the system to be unlocked is the main screen, and the other screen is the auxiliary screen automatically. In this example, the main screen displays the unlocking number, the auxiliary screen displays the virtual frame, and the user can drag the unlocking number to the designated position of the auxiliary screen on the main screen, so as to complete unlocking of the main screen. For example: setting the unlocking number as 8 and setting the unlocking position as the position corresponding to the virtual frame of the first row and the first column (namely the position corresponding to the number 4), and dragging the position of the virtual frame of the first row and the first column on the auxiliary screen from 8 on the main screen to the position corresponding to the number 4 by the user to finish unlocking the main screen. Unlocking the auxiliary screen is the same.
The above is only one interface display example, and in actual setting, single-character multi-position unlocking, multi-character single-position unlocking, or multi-character multi-position unlocking may be set.
Alternatively, the virtual frame of the auxiliary screen may be a hidden dislocation number, for example, 1, in the most middle position.
Application example two
The user selects the system to be unlocked, referring to fig. 7, the screen corresponding to the system to be unlocked is the main screen, and the other screen is the auxiliary screen automatically. In this example, the main screen displays the unlock character, the auxiliary screen displays the virtual frame, and the user can drag the unlock character to the designated position of the auxiliary screen on the main screen to complete unlocking the main screen. For example: setting the unlocking character as F and setting the unlocking position as a virtual frame corresponding to the N position, and dragging the F on the main screen to the position of the virtual frame corresponding to the N position on the auxiliary screen by the user to finish unlocking the main screen. Unlocking the auxiliary screen is the same.
Application example three
The user selects the system to be unlocked, referring to fig. 8, the screen corresponding to the system to be unlocked is the main screen, and the other screen is the auxiliary screen automatically. In this example, fingerprint 1 is gathered to the system that the home screen is located, and fingerprint 2 is gathered to the system that the auxiliary screen is located, and the time of gathering fingerprint 1 is earlier than the time of gathering fingerprint 2, and after TEE check fingerprint 1 and fingerprint 2 all succeeded, accomplish the unblock to the home screen. Unlocking the auxiliary screen is the same.
Application example four
The user selects the system to be unlocked, referring to fig. 9, the screen corresponding to the system to be unlocked is the main screen, and the other screen is the auxiliary screen automatically. In this example, the system where the main screen is located collects face information 1 or iris information 1, the system where the auxiliary screen is located collects face information 2 or iris information 2, the time for collecting face information 1 or iris information 1 is earlier than the time for collecting face information 2 or iris information 2, and after the TEE checks that face information 1 and face information 2 are successful, or after the check that iris information 1 and iris information 2 are successful, the unlocking of the main screen is completed. Unlocking the auxiliary screen is the same.
According to the technical scheme, the dual-screen dual-system can load two operating systems on one terminal (such as a mobile phone), the two operating systems are used simultaneously, authentication information of the other operating system can be mutually called to unlock the current system through dual-screen interactive unlocking, and system authentication is safer. In addition, the double-screen interactive unlocking is simpler and more convenient for the sense of the user, and the user operation is less. Further, erroneous judgment results are reduced by the time stamp information.
Fig. 10 is a schematic structural diagram of an unlocking device according to an embodiment of the present application, as shown in fig. 10, where the device includes:
The acquisition unit 1001 is configured to acquire first decrypted data corresponding to a first operating system and second decrypted data corresponding to a second operating system, where the first operating system is an operating system to be unlocked;
a verification unit 1002, configured to verify whether the first decrypted data and the second decrypted data are correct, to obtain a verification result;
and an unlocking unit 1003, configured to unlock the first operating system when the verification result indicates that the first decrypted data and the second decrypted data are verified to be correct.
In one embodiment, the acquisition unit 1001 includes:
the first acquisition subunit is used for acquiring first decryption data corresponding to the first operating system on a first display area, and transmitting the first decryption data to the security chip through the first operating system;
the second acquisition subunit is used for acquiring second decryption data corresponding to the second operating system on a second display area, and sending the second decryption data to the security chip through the second operating system.
In an embodiment, the acquiring unit 1001 is configured to obtain a sliding operation, where a start position of the sliding operation is located in the first display area, and an end position of the sliding operation is located in the second display area;
The first acquisition subunit is configured to acquire starting position information of the sliding operation on the first display area, determine first decryption data corresponding to the first operating system based on the starting position information, and send the first decryption data to a security chip by the first operating system;
the second acquisition subunit is configured to acquire end position information of the sliding operation on the second display area, determine second decryption data corresponding to the second operating system based on the end position information, and send the second decryption data to the security chip by the second operating system.
The initial position information of the sliding operation corresponds to first digital information, the end position information of the sliding operation corresponds to second digital information, the first digital information is used as the first decryption data, and the second digital information is used as the second decryption data; or,
the initial position information of the sliding operation corresponds to first letter information, the end position information of the sliding operation corresponds to second letter information, the first letter information is used as the first decryption data, and the second letter information is used as the second decryption data.
In an embodiment, the acquiring unit 1001 is configured to obtain a sliding operation, where a start position of the sliding operation is located in the first display area, and an end position of the sliding operation is located in the second display area;
the first collecting subunit is configured to collect, on the first display area, first fingerprint information of the sliding operation, as first decrypted data corresponding to the first operating system, where the first operating system sends the first decrypted data to a security chip;
the second acquisition subunit is configured to acquire, on the second display area, second fingerprint information of the sliding operation, as second decrypted data corresponding to the second operating system, where the second operating system sends the second decrypted data to the security chip.
In one embodiment, the acquisition unit 1001 includes:
the third acquisition subunit is used for acquiring first decryption data corresponding to the first operating system by using the image acquisition device, and transmitting the first decryption data to the security chip through the first operating system;
and the fourth acquisition subunit is used for acquiring second decryption data corresponding to the second operating system by using the image acquisition device, and transmitting the second decryption data to the security chip through the second operating system.
In an embodiment, the third collecting subunit is configured to collect a first image by using an image collecting device, parse the first image to obtain first decrypted data corresponding to the first operating system, and send the first decrypted data to a security chip by using the first operating system;
the fourth acquisition subunit is configured to acquire a second image by using the image acquisition device, parse the second image to obtain second decrypted data corresponding to the second operating system, and send the second decrypted data to the security chip by using the second operating system.
The first image is a first face image, and the second image is a second face image; alternatively, the first image is a first iris image, and the second image is a second iris image.
In an embodiment, the verification unit 1002 is configured to verify, through the secure chip, whether the first decrypted data and the second decrypted data are correct, obtain a verification result, and send the verification result to the first operating system;
the unlocking unit 1003 is configured to perform an unlocking operation by the first operating system when the verification result indicates that the first decrypted data and the second decrypted data are verified to be correct.
In one embodiment, the apparatus further comprises:
a first determining unit 1004, configured to determine, based on the first decrypted data and the second decrypted data, that the first operating system is an operating system to be unlocked.
In an embodiment, the first determining unit 1004 is configured to determine first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data; and the first operating system is an operating system to be unlocked under the condition that the first time stamp information is earlier than the second time stamp information.
In one embodiment, the apparatus further comprises:
the second determining unit 1005 is configured to determine, based on a first setting operation corresponding to the first operating system, that the first operating system is an operating system to be unlocked.
In an embodiment, the second determining unit 1005 is further configured to determine first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data;
the verification unit 1002 is configured to verify whether the first decrypted data and the second decrypted data are correct if the first timestamp information is earlier than the second timestamp information, so as to obtain a verification result.
In an embodiment, the verification unit 1002 is configured to, if the time interval between the first timestamp information and the second timestamp information is less than or equal to a time threshold value, verify whether the first decrypted data and the second decrypted data are correct, and obtain a verification result.
In an embodiment, the verification unit 1002 is configured to compare the first decrypted data with first encrypted data, and if the first decrypted data is consistent with the first encrypted data, the first decrypted data is verified successfully; comparing the second decrypted data with the second encrypted data, and if the second decrypted data is consistent with the second encrypted data, checking the second decrypted data successfully.
In an embodiment, the collection unit 1001 is further configured to collect first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system;
the apparatus further comprises: a storage unit 1006, configured to store the first encrypted data and the second encrypted data.
In an embodiment, the acquisition unit 1001 includes:
The first acquisition subunit is used for acquiring first encrypted data corresponding to the first operating system on a first display area, and transmitting the first encrypted data to the security chip through the first operating system;
the second acquisition subunit is used for acquiring second encrypted data corresponding to the second operating system on a second display area, and sending the second encrypted data to the security chip through the second operating system;
the storage unit is used for storing the first encrypted data and the second encrypted data through the security chip.
In an embodiment, the acquisition unit 1001 includes:
the third acquisition subunit is used for acquiring first encrypted data corresponding to the first operating system by using the image acquisition device, and transmitting the first encrypted data to the security chip through the first operating system;
the fourth acquisition subunit is used for acquiring second encrypted data corresponding to the second operating system by using the image acquisition device, and sending the second encrypted data to the security chip through the second operating system;
the storage unit is used for storing the first encrypted data and the second encrypted data through the security chip.
In one embodiment, the apparatus further comprises:
the display unit 1007 is configured to display a first screen locking interface on a first display area, where the first screen locking interface is used to collect first decrypted data corresponding to the first operating system; and displaying a second screen locking interface or a standby interface on a second display area, wherein the second screen locking interface or the standby interface is used for acquiring first decryption data corresponding to the first operating system, the second screen locking interface is displayed on the second display area when the second operating system is in a locked state, and the standby interface is displayed on the second display area when the second operating system is in an unlocked state.
Those skilled in the art will appreciate that the implementation functions of the units in the unlocking apparatus shown in fig. 10 can be understood with reference to the foregoing description of the unlocking method. The functions of the respective units in the unlocking apparatus shown in fig. 10 may be realized by a program running on a processor or by a specific logic circuit.
Fig. 11 is a schematic block diagram of a terminal device 600 provided in an embodiment of the present application, where the terminal device 600 shown in fig. 11 includes a processor 610, and the processor 610 may call and execute a computer program from a memory to implement a method in an embodiment of the present application.
Optionally, as shown in fig. 11, the terminal device 600 may further comprise a memory 620. Wherein the processor 610 may call and run a computer program from the memory 620 to implement the method in an embodiment of the application.
The memory 620 may be a separate device from the processor 610 or may be integrated into the processor 610.
Optionally, as shown in fig. 11, the terminal device 600 may further include a transceiver 630, and the processor 610 may control the transceiver 630 to communicate with other devices, and in particular, may send information or data to other devices, or receive information or data sent by other devices.
The transceiver 630 may include a transmitter and a receiver, among others. Transceiver 630 may further include antennas, the number of which may be one or more.
Fig. 12 is a schematic structural diagram of a chip of an embodiment of the present application. The chip 700 shown in fig. 12 includes a processor 710, and the processor 710 may call and run a computer program from a memory to implement the method in the embodiment of the present application.
Optionally, as shown in fig. 12, chip 700 may also include memory 720. Wherein the processor 710 may call and run a computer program from the memory 720 to implement the method in an embodiment of the application.
Wherein the memory 720 may be a separate device from the processor 710 or may be integrated into the processor 710.
Optionally, the chip 700 may also include an input interface 730. The processor 710 may control the input interface 730 to communicate with other devices or chips, and in particular, may obtain information or data sent by other devices or chips.
Optionally, the chip 700 may further include an output interface 740. The processor 710 may control the output interface 740 to communicate with other devices or chips, and in particular, may output information or data to other devices or chips.
Optionally, the chip may be applied to the network device in the embodiment of the present application, and the chip may implement a corresponding flow implemented by the network device in each method in the embodiment of the present application, which is not described herein for brevity.
Optionally, the chip may be applied to a mobile terminal/terminal device in the embodiment of the present application, and the chip may implement a corresponding flow implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, which is not described herein for brevity.
It should be understood that the chips referred to in the embodiments of the present application may also be referred to as system-on-chip chips, or the like.
It should be appreciated that the processor of an embodiment of the present application may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in a processor or instructions in software form. The processor may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
It will be appreciated that the memory in embodiments of the application may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and Direct RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
It should be understood that the above memory is illustrative but not restrictive, and for example, the memory in the embodiments of the present application may be Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), direct RAM (DR RAM), and the like. That is, the memory in embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The embodiment of the application also provides a computer readable storage medium for storing a computer program.
Optionally, the computer readable storage medium may be applied to a network device in the embodiment of the present application, and the computer program causes a computer to execute a corresponding flow implemented by the network device in each method in the embodiment of the present application, which is not described herein for brevity.
Optionally, the computer readable storage medium may be applied to a mobile terminal/terminal device in the embodiment of the present application, and the computer program causes a computer to execute a corresponding procedure implemented by the mobile terminal/terminal device in each method of the embodiment of the present application, which is not described herein for brevity.
The embodiment of the application also provides a computer program product comprising computer program instructions.
Optionally, the computer program product may be applied to a network device in the embodiment of the present application, and the computer program instructions cause a computer to execute corresponding processes implemented by the network device in each method in the embodiment of the present application, which are not described herein for brevity.
Optionally, the computer program product may be applied to a mobile terminal/terminal device in the embodiment of the present application, and the computer program instructions cause a computer to execute corresponding processes implemented by the mobile terminal/terminal device in each method of the embodiment of the present application, which are not described herein for brevity.
The embodiment of the application also provides a computer program.
Optionally, the computer program may be applied to a network device in the embodiment of the present application, and when the computer program runs on a computer, the computer is caused to execute a corresponding flow implemented by the network device in each method in the embodiment of the present application, which is not described herein for brevity.
Optionally, the computer program may be applied to a mobile terminal/terminal device in the embodiment of the present application, and when the computer program runs on a computer, the computer is caused to execute corresponding processes implemented by the mobile terminal/terminal device in each method in the embodiment of the present application, which is not described herein for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (21)

1. A method of unlocking, the method comprising:
collecting first decryption data corresponding to a first operating system and second decryption data corresponding to a second operating system, wherein the first operating system is an operating system to be unlocked;
checking whether the first decryption data and the second decryption data are correct or not to obtain a checking result;
the verification result shows that when the first decrypted data and the second decrypted data are verified to be correct, the first operating system is unlocked;
the collecting the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system includes:
obtaining a sliding operation, wherein the initial position of the sliding operation is positioned in a first display area, and the end position of the sliding operation is positioned in a second display area;
Acquiring initial position information of the sliding operation on the first display area, and determining first decryption data corresponding to the first operating system based on the initial position information, wherein the first operating system sends the first decryption data to a security chip;
and acquiring the end position information of the sliding operation on the second display area, determining second decryption data corresponding to the second operating system based on the end position information, and sending the second decryption data to the security chip by the second operating system.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the initial position information of the sliding operation corresponds to first digital information, the end position information of the sliding operation corresponds to second digital information, the first digital information is used as the first decryption data, and the second digital information is used as the second decryption data; or,
the initial position information of the sliding operation corresponds to first letter information, the end position information of the sliding operation corresponds to second letter information, the first letter information is used as the first decryption data, and the second letter information is used as the second decryption data.
3. The method of claim 1, wherein the collecting the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system comprises:
obtaining a sliding operation, wherein the starting position of the sliding operation is positioned in the first display area, and the ending position of the sliding operation is positioned in the second display area;
collecting first fingerprint information of the sliding operation on the first display area as first decryption data corresponding to the first operating system, and sending the first decryption data to a security chip by the first operating system;
and acquiring second fingerprint information of the sliding operation on the second display area as second decryption data corresponding to the second operating system, and sending the second decryption data to the security chip by the second operating system.
4. The method of claim 1, wherein the collecting the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system comprises:
acquiring first decryption data corresponding to the first operating system by using an image acquisition device, wherein the first operating system sends the first decryption data to a security chip;
And acquiring second decryption data corresponding to the second operating system by using the image acquisition device, and sending the second decryption data to the security chip by the second operating system.
5. The method of claim 4, wherein the acquiring, by using an image acquisition device, first decrypted data corresponding to the first operating system, and the first operating system sends the first decrypted data to a security chip; acquiring second decryption data corresponding to the second operating system by using the image acquisition device, wherein the second operating system sends the second decryption data to the security chip, and the method comprises the following steps:
collecting a first image by using an image collecting device, analyzing the first image to obtain first decryption data corresponding to the first operating system, and sending the first decryption data to a security chip by the first operating system;
and acquiring a second image by using the image acquisition device, analyzing the second image to obtain second decryption data corresponding to the second operating system, and sending the second decryption data to the security chip by the second operating system.
6. The method of claim 5, wherein the step of determining the position of the probe is performed,
The first image is a first face image, and the second image is a second face image; or,
the first image is a first iris image and the second image is a second iris image.
7. The method according to any one of claims 1 to 6, wherein the checking whether the first decrypted data and the second decrypted data are correct or not, results in a checking result; and when the verification result shows that the first decrypted data and the second decrypted data are verified to be correct, unlocking the first operating system, wherein the method comprises the following steps:
the security chip verifies whether the first decryption data and the second decryption data are correct or not to obtain a verification result, and sends the verification result to the first operating system;
and when the verification result shows that the first decrypted data and the second decrypted data are correct, the first operating system performs unlocking operation.
8. The method according to claim 1, wherein the method further comprises:
and determining that the first operating system is an operating system to be unlocked based on the first decryption data and the second decryption data.
9. The method of claim 8, wherein the determining that the first operating system is an operating system to be unlocked based on the first decrypted data and the second decrypted data comprises:
Determining first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data;
and the first operating system is an operating system to be unlocked under the condition that the first time stamp information is earlier than the second time stamp information.
10. The method according to claim 1, wherein the method further comprises:
and determining the first operating system as the operating system to be unlocked based on a first setting operation corresponding to the first operating system.
11. The method of claim 10, wherein verifying whether the first decrypted data and the second decrypted data are correct, results in a verification result, comprises:
determining first timestamp information corresponding to the first decrypted data and second timestamp information corresponding to the second decrypted data;
and under the condition that the first time stamp information is earlier than the second time stamp information, checking whether the first decryption data and the second decryption data are correct or not, and obtaining a checking result.
12. The method according to claim 9 or 11, wherein said verifying whether said first decrypted data and said second decrypted data are correct, results in a verification result, comprises:
And under the condition that the first time stamp information is earlier than the second time stamp information, if the time interval between the first time stamp information and the second time stamp information is smaller than or equal to a time threshold value, checking whether the first decryption data and the second decryption data are correct or not, and obtaining a checking result.
13. The method of claim 12, wherein verifying whether the first decrypted data and the second decrypted data are correct, results in a verification result, comprises:
comparing the first decrypted data with first encrypted data, and if the first decrypted data is consistent with the first encrypted data, checking the first decrypted data successfully;
comparing the second decrypted data with the second encrypted data, and if the second decrypted data is consistent with the second encrypted data, checking the second decrypted data successfully.
14. The method of claim 13, wherein the method further comprises:
collecting first encrypted data corresponding to a first operating system and second encrypted data corresponding to a second operating system, and storing the first encrypted data and the second encrypted data.
15. The method of claim 14, wherein the collecting the first encrypted data corresponding to the first operating system and the second encrypted data corresponding to the second operating system and storing the first encrypted data and the second encrypted data comprises:
collecting first encrypted data corresponding to the first operating system on a first display area, and sending the first encrypted data to a security chip by the first operating system;
collecting second encrypted data corresponding to the second operating system on a second display area, and sending the second encrypted data to the security chip by the second operating system;
the security chip stores the first encrypted data and the second encrypted data.
16. The method of claim 14, wherein the collecting the first encrypted data corresponding to the first operating system and the second encrypted data corresponding to the second operating system and storing the first encrypted data and the second encrypted data comprises:
acquiring first encrypted data corresponding to the first operating system by using an image acquisition device, wherein the first operating system sends the first encrypted data to a security chip;
Acquiring second encrypted data corresponding to the second operating system by using the image acquisition device, wherein the second operating system sends the second encrypted data to the security chip;
the security chip stores the first encrypted data and the second encrypted data.
17. The method of claim 1, wherein before the collecting the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system, the method further comprises:
displaying a first screen locking interface on a first display area, wherein the first screen locking interface is used for acquiring first decryption data corresponding to the first operating system;
and displaying a second screen locking interface or a standby interface on a second display area, wherein the second screen locking interface or the standby interface is used for acquiring first decryption data corresponding to the first operating system, the second screen locking interface is displayed on the second display area when the second operating system is in a locked state, and the standby interface is displayed on the second display area when the second operating system is in an unlocked state.
18. An unlocking device, the device comprising:
The acquisition unit (1001) is configured to acquire first decrypted data corresponding to a first operating system and second decrypted data corresponding to a second operating system, where the first operating system is an operating system to be unlocked;
a verification unit (1002) configured to verify whether the first decrypted data and the second decrypted data are correct, to obtain a verification result;
an unlocking unit (1003) configured to unlock the first operating system when the verification result indicates that the first decrypted data and the second decrypted data are verified to be correct;
the collecting the first decrypted data corresponding to the first operating system and the second decrypted data corresponding to the second operating system includes:
obtaining a sliding operation, wherein the initial position of the sliding operation is positioned in a first display area, and the end position of the sliding operation is positioned in a second display area;
acquiring initial position information of the sliding operation on the first display area, and determining first decryption data corresponding to the first operating system based on the initial position information, wherein the first operating system sends the first decryption data to a security chip;
and acquiring the end position information of the sliding operation on the second display area, determining second decryption data corresponding to the second operating system based on the end position information, and sending the second decryption data to the security chip by the second operating system.
19. A terminal device, comprising: a processor and a memory for storing a computer program, the processor being adapted to invoke and run the computer program stored in the memory, to perform the method of any of claims 1 to 17.
20. A chip, comprising: a processor for calling and running a computer program from a memory, causing a device on which the chip is mounted to perform the method of any one of claims 1 to 17.
21. A computer readable storage medium storing a computer program for causing a computer to perform the method of any one of claims 1 to 17.
CN201811067794.8A 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment Active CN110895612B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811067794.8A CN110895612B (en) 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment
PCT/CN2019/105293 WO2020052579A1 (en) 2018-09-13 2019-09-11 Unlocking method and device and terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811067794.8A CN110895612B (en) 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment

Publications (2)

Publication Number Publication Date
CN110895612A CN110895612A (en) 2020-03-20
CN110895612B true CN110895612B (en) 2023-08-11

Family

ID=69777409

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811067794.8A Active CN110895612B (en) 2018-09-13 2018-09-13 Unlocking method and device and terminal equipment

Country Status (2)

Country Link
CN (1) CN110895612B (en)
WO (1) WO2020052579A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113743150A (en) * 2020-05-15 2021-12-03 中兴通讯股份有限公司 Face image acquisition method, face image identification method, flexible screen terminal and storage medium
CN114692127B (en) * 2020-12-31 2024-07-16 Oppo广东移动通信有限公司 Unlocking method, wearable device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103339607A (en) * 2011-01-25 2013-10-02 摩托罗拉移动有限责任公司 Method and apparatus for locking and unlocking multiple operating system environments with a single gesture input
CN104537291A (en) * 2015-01-09 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Screen interface unlocking method and screen interface unlocking device
CN104536836A (en) * 2015-01-16 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Synchronous unlocking method and system based on double systems
CN105630277A (en) * 2015-06-02 2016-06-01 南京酷派软件技术有限公司 Screen unlocking method and unlocking device for terminal
CN106020838A (en) * 2016-05-27 2016-10-12 广东欧珀移动通信有限公司 Unlocking control method and mobile terminal
CN106250734A (en) * 2016-07-29 2016-12-21 努比亚技术有限公司 Double screen terminal and unlocking screen verification method
CN106991005A (en) * 2017-03-21 2017-07-28 北京小米移动软件有限公司 The switching method and device of operating system
CN108108600A (en) * 2017-12-28 2018-06-01 努比亚技术有限公司 Double screen safe verification method, mobile terminal and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156555B (en) * 2015-03-26 2019-04-02 西安酷派软件科技有限公司 Method and device for intersystem switching under multi-system terminal and multi-system terminal
CN105930701A (en) * 2016-05-16 2016-09-07 北京珠穆朗玛移动通信有限公司 System switching method, system switching apparatus and terminal
CN107480501A (en) * 2017-08-21 2017-12-15 北京珠穆朗玛移动通信有限公司 Unlocking method, mobile terminal and storage medium based on dual system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103339607A (en) * 2011-01-25 2013-10-02 摩托罗拉移动有限责任公司 Method and apparatus for locking and unlocking multiple operating system environments with a single gesture input
CN104537291A (en) * 2015-01-09 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Screen interface unlocking method and screen interface unlocking device
CN104536836A (en) * 2015-01-16 2015-04-22 宇龙计算机通信科技(深圳)有限公司 Synchronous unlocking method and system based on double systems
CN105630277A (en) * 2015-06-02 2016-06-01 南京酷派软件技术有限公司 Screen unlocking method and unlocking device for terminal
CN106020838A (en) * 2016-05-27 2016-10-12 广东欧珀移动通信有限公司 Unlocking control method and mobile terminal
CN106250734A (en) * 2016-07-29 2016-12-21 努比亚技术有限公司 Double screen terminal and unlocking screen verification method
CN106991005A (en) * 2017-03-21 2017-07-28 北京小米移动软件有限公司 The switching method and device of operating system
CN108108600A (en) * 2017-12-28 2018-06-01 努比亚技术有限公司 Double screen safe verification method, mobile terminal and computer readable storage medium

Also Published As

Publication number Publication date
WO2020052579A1 (en) 2020-03-19
CN110895612A (en) 2020-03-20

Similar Documents

Publication Publication Date Title
US8752146B1 (en) Providing authentication codes which include token codes and biometric factors
US9531710B2 (en) Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication
CN105184179B (en) Embedded encrypted mobile storage device and operation method thereof
CN103927466A (en) Method and device for controlling mobile terminal
US9953183B2 (en) User verification using touch and eye tracking
EP3490220B1 (en) Information processing apparatus
US20130183936A1 (en) Method and apparatus for remote portable wireless device authentication
CN107133993A (en) A kind of image processing method and device
US8875263B1 (en) Controlling a soft token running within an electronic apparatus
US20180114007A1 (en) Secure element (se), a method of operating the se, and an electronic device including the se
CN110895612B (en) Unlocking method and device and terminal equipment
US20150047019A1 (en) Information processing method and electronic device
CN109977039A (en) HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing
JP2021521575A (en) Improved data control and access methods and systems
US11381561B2 (en) Operation authentication relay apparatus, method, and program
CN111414605B (en) Unlocking method and device of embedded security unit, electronic equipment and storage medium
CN107862192B (en) Login interface unlocking method and device, computer equipment and storage medium
CN106161481A (en) A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk
CN110502890B (en) Verification code processing method and device, electronic equipment and storage medium
US11836231B2 (en) Android system-based smart terminal unlocking method and device, and smart terminal
CN109829279B (en) Unlocking event processing method and related equipment
US20220271933A1 (en) System and method for device to device secret backup and recovery
JP2017102758A (en) Authentication device, authentication method, and program
CN102474498B (en) Authentication method for user identification equipment
US20180069853A1 (en) Trusted ui authenticated by biometric sensor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant