[go: up one dir, main page]

CN107124279B - Method and device for erasing terminal data - Google Patents

Method and device for erasing terminal data Download PDF

Info

Publication number
CN107124279B
CN107124279B CN201710291012.8A CN201710291012A CN107124279B CN 107124279 B CN107124279 B CN 107124279B CN 201710291012 A CN201710291012 A CN 201710291012A CN 107124279 B CN107124279 B CN 107124279B
Authority
CN
China
Prior art keywords
terminal
signature file
server
data
erasing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710291012.8A
Other languages
Chinese (zh)
Other versions
CN107124279A (en
Inventor
于涛
郑利洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Yiti New Media Co.,Ltd.
Original Assignee
Jinhua Tashan Technology Consulting Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinhua Tashan Technology Consulting Service Co Ltd filed Critical Jinhua Tashan Technology Consulting Service Co Ltd
Priority to CN201710291012.8A priority Critical patent/CN107124279B/en
Priority to CN202010492907.XA priority patent/CN111614698A/en
Publication of CN107124279A publication Critical patent/CN107124279A/en
Application granted granted Critical
Publication of CN107124279B publication Critical patent/CN107124279B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明实施例公开了一种擦除终端数据的方法及装置,所述方法包括:接收服务器通过加密算法生成的签名文件,其中,所述签名文件与终端的身份验证信息有关;于工厂模式状态下,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据。本发明实施例通过接收服务器通过加密算法生成的签名文件,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据,解决了现有技术中难以擦除终端中特殊区域数据的问题,保证了终端数据擦除的安全性。

Figure 201710291012

The embodiment of the present invention discloses a method and device for erasing terminal data, the method includes: receiving a signature file generated by a server through an encryption algorithm, wherein the signature file is related to the identity verification information of the terminal; Next, the signature file is decrypted according to the erasure instruction sent by the server, and if the decryption is successful, the terminal data is erased. In the embodiment of the present invention, the signature file generated by the server through the encryption algorithm is received, and the signature file is decrypted according to the erasure instruction sent by the server. The problem of data in special areas in China ensures the security of terminal data erasure.

Figure 201710291012

Description

擦除终端数据的方法及装置Method and device for erasing terminal data

技术领域technical field

本发明实施例涉及数据处理技术领域,尤其涉及一种擦除终端数据的方法及装置。Embodiments of the present invention relate to the technical field of data processing, and in particular, to a method and device for erasing terminal data.

背景技术Background technique

Google账户锁英文简称为Google FRP(Factory Reset Protect,工厂重置保护)。当登录了Google账户以后,在未退出Google账户就使用了复位或者远程命令方式恢复了出厂设置的情况下,会导致开机需要连网输入恢复出厂设置前登录的Google账户,无法跳过。如果没有正确的账号和密码输入手机,就不会正常进入开机状态。The English abbreviation of Google Account Lock is Google FRP (Factory Reset Protect). After logging in to the Google account, if you use the reset or remote command to restore the factory settings without logging out of the Google account, you will need to connect to the Internet to enter the Google account that you logged in before restoring the factory settings, which cannot be skipped. If you do not enter the correct account number and password, the phone will not enter the power-on state normally.

这个机制保护了用户手机的安全。例如一旦手机丢失,用户可以通过远程访问的方式让手机恢复出厂设置。拿到手机的人由于不清楚Google账号和密码,从而无法正常进入待机界面。因此最大限度的保护了手机主人的隐私安全。This mechanism protects the security of the user's mobile phone. For example, once the mobile phone is lost, the user can restore the factory settings of the mobile phone through remote access. The person who got the phone could not enter the standby interface normally because he did not know the Google account and password. Therefore, the privacy and security of the owner of the mobile phone are protected to the greatest extent.

之所以在恢复出厂设置前需要输入Google账号和密码,是因为在手机的内部分区中有一个命名为FRP的分区。这个分区保存了用户在第一次开机设置用户向导的时候输入了相应的Google账号和密码,且难以擦除。只要这个分区的内容有效,就无法绕开验证过程。The reason why you need to enter your Google account and password before restoring to factory settings is because there is a partition named FRP in the internal partition of the phone. This partition saves the corresponding Google account and password entered by the user when the user is first powered on to set up the user wizard, and is difficult to erase. As long as the contents of this partition are valid, there is no way to bypass the verification process.

发明内容SUMMARY OF THE INVENTION

本发明实施例提供一种擦除终端数据的方法及装置,能够避免终端数据难以擦除的问题,保证了用户正常使用。Embodiments of the present invention provide a method and device for erasing terminal data, which can avoid the problem that terminal data is difficult to erase, and ensure normal use by users.

第一方面,本发明实施例提供了一种擦除终端数据的方法,包括:In a first aspect, an embodiment of the present invention provides a method for erasing terminal data, including:

接收服务器通过加密算法生成的签名文件,其中,所述签名文件与终端的身份验证信息有关;receiving a signature file generated by the server through an encryption algorithm, wherein the signature file is related to the identity verification information of the terminal;

于工厂模式状态下,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据。In the factory mode state, the signature file is decrypted according to the erasure instruction sent by the server, and if the decryption is successful, the terminal data is erased.

进一步的,所述接收服务器通过加密方式生成的签名文件包括:Further, the signature file generated by the receiving server in an encrypted manner includes:

将所述终端的身份验证信息发送至所述服务器;sending the identity verification information of the terminal to the server;

接收所述服务器基于所述身份验证信息进行加密所生成的签名文件。A signature file generated by encryption by the server based on the authentication information is received.

进一步的,在所述根据服务器发送的擦除指令对签名文件进行解密之后,还包括:Further, after the signature file is decrypted according to the erasure instruction sent by the server, the method further includes:

验证解密后的签名文件中的密文是否与所述终端的身份验证信息一致;Verifying whether the ciphertext in the decrypted signature file is consistent with the identity verification information of the terminal;

若一致,则擦除所述终端的数据。If they are consistent, the data of the terminal is erased.

进一步的,所述签名文件中的密文为二进制文件。Further, the ciphertext in the signature file is a binary file.

进一步的,所述加密算法为非对称加密算法。Further, the encryption algorithm is an asymmetric encryption algorithm.

第二方面,本发明实施例还提供了一种擦除终端数据的方法,包括:In a second aspect, an embodiment of the present invention also provides a method for erasing terminal data, including:

接收服务器通过加密方式生成的签名文件,其中,所述签名文件与终端的身份验证信息有关;receiving a signature file generated by the server in an encrypted manner, wherein the signature file is related to the identity verification information of the terminal;

于工厂模式状态下,解密所述签名文件,若解密成功,则根据读取所述服务器发送的擦除指令擦除终端数据。In the factory mode, the signature file is decrypted, and if the decryption is successful, the terminal data is erased according to the erasure instruction sent by the server.

第三方面,本发明实施例还提供了一种擦除终端数据的装置,包括:In a third aspect, an embodiment of the present invention further provides a device for erasing terminal data, including:

文件生成模块,用于于工厂模式状态下,接收服务器通过加密算法生成的签名文件,其中,所述签名文件与终端的身份验证信息有关;a file generation module, configured to receive a signature file generated by the server through an encryption algorithm in a factory mode state, wherein the signature file is related to the identity verification information of the terminal;

数据擦除模块,用以于工厂模式状态下,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据;或者,用于解密所述签名文件,若解密成功,则根据读取所述服务器发送的擦除指令擦除终端数据。The data erasing module is used to decrypt the signature file according to the erasure instruction sent by the server in the factory mode, and if the decryption is successful, the terminal data will be erased; or, it is used to decrypt the signature file. If successful, the terminal data is erased according to the erase instruction sent by the server.

进一步的,所述文件生成模块具体用于:将所述终端的身份验证信息发送至所述服务器;接收所述服务器基于所述身份验证信息进行加密所生成的签名文件。Further, the file generation module is specifically configured to: send the identity verification information of the terminal to the server; and receive a signature file generated by the server after encryption based on the identity verification information.

进一步的,还包括:验证模块,在所述根据服务器发送的擦除指令对签名文件进行解密之后,用于验证解密后的签名文件中的密文是否与所述终端的身份验证信息一致;若一致,则擦除所述终端的数据。Further, it also includes: a verification module for verifying whether the ciphertext in the decrypted signature file is consistent with the identity verification information of the terminal after the signature file is decrypted according to the erasure instruction sent by the server; If they are consistent, the data of the terminal is erased.

进一步的,所述签名文件中的密文为二进制文件。Further, the ciphertext in the signature file is a binary file.

进一步的,所述加密算法为非对称加密算法。Further, the encryption algorithm is an asymmetric encryption algorithm.

本发明实施例提供了一种擦除终端数据的方法及装置,接收服务器通过加密算法生成的签名文件,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据,解决了现有技术中难以擦除终端中特殊区域数据的问题,保证了终端数据擦除的安全性。Embodiments of the present invention provide a method and device for erasing terminal data, receiving a signature file generated by a server through an encryption algorithm, decrypting the signature file according to an erasing instruction sent by the server, and erasing the terminal if the decryption is successful. It solves the problem that it is difficult to erase special area data in the terminal in the prior art, and ensures the security of terminal data erasure.

附图说明Description of drawings

图1是本发明实施例一中的一种擦除终端数据方法的流程图;1 is a flowchart of a method for erasing terminal data in Embodiment 1 of the present invention;

图2是本发明实施例二中的一种擦除终端数据方法的流程图;2 is a flowchart of a method for erasing terminal data in Embodiment 2 of the present invention;

图3是本发明实施例三中的一种擦除终端数据方法的流程图;3 is a flowchart of a method for erasing terminal data in Embodiment 3 of the present invention;

图4是本发明实施例四中的一种擦除终端数据装置的结构图。FIG. 4 is a structural diagram of an apparatus for erasing terminal data in Embodiment 4 of the present invention.

具体实施方式Detailed ways

下面结合附图和实施例对本发明作进一步的详细说明。可以理解的是,此处所描述的具体实施例仅仅用于解释本发明,而非对本发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与本发明相关的部分而非全部结构。The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention. In addition, it should be noted that, for the convenience of description, the drawings only show some but not all structures related to the present invention.

实施例一Example 1

图1为本发明实施例一提供的一种擦除终端数据方法的流程图,本实施例可适用于终端数据擦除的情况,该方法可以由本发明实施例提供的擦除终端数据装置来执行,该装置可采用软件和/或硬件的方式实现,该装置可集成在任何提供擦除终端数据功能的设备中,例如可以是电脑,也可以是移动终端(如手机、平板电脑等)如图1所示,具体包括:FIG. 1 is a flowchart of a method for erasing terminal data according to Embodiment 1 of the present invention. This embodiment is applicable to the situation where terminal data is erased, and the method can be executed by the device for erasing terminal data provided in this embodiment of the present invention. , the device can be implemented in software and/or hardware, and the device can be integrated in any device that provides the function of erasing terminal data, such as a computer or a mobile terminal (such as a mobile phone, tablet computer, etc.) 1, including:

S110、接收服务器通过加密算法生成的签名文件。S110. Receive the signature file generated by the server through the encryption algorithm.

其中,服务器是指协助完成终端擦除数据的设备,用于对至少一台终端完成擦除数据的操作,例如可以由电脑形成。加密算法是指对原来为明文的文件或数据按某种算法进行处理,使其成为不可读的一段代码,通常称为“密文”,使其只能在输入相应的密钥之后才能显示出原始内容。签名文件指的是包含有密文的文档,其文档格式不作限定,例如可以以“xxx.dat”的格式进行保存。终端的身份验证信息为终端的唯一标识,可以为SN(SerialNumber,产品序列号)码,也可以是IMEI(International Mobile Equipment Identity,国际移动设备身份码)标识码等,用于在计算机及计算机网络系统中确认访问指令是否具有对某种资源进行访问或使用权限的过程。The server refers to a device that assists in erasing data from a terminal, and is used to complete the operation of erasing data on at least one terminal, for example, it can be formed by a computer. Encryption algorithm refers to processing the original plaintext file or data according to a certain algorithm to make it an unreadable piece of code, usually called "ciphertext", so that it can only be displayed after entering the corresponding key. original content. The signature file refers to a document containing ciphertext, and its document format is not limited, for example, it can be saved in the "xxx.dat" format. The identity verification information of the terminal is the unique identification of the terminal, which can be an SN (SerialNumber, product serial number) code, or an IMEI (International Mobile Equipment Identity, International Mobile Equipment Identity) identification code, etc., used in computers and computer networks. The process of confirming whether the access instruction has the right to access or use a certain resource in the system.

具体的,当终端有需求删除特殊区域中的数据(例如FRP分区的数据)时,连接服务器。其中,终端与服务器的连接可以为有线、无线或者蓝牙方式中的一种。终端中也可以包含具有连接功能的APK(AndroidPackage,安装包),通过该APK安装包文件直接安装应用程序,来完成终端与服务器的通讯连接,接收服务器通过加密算法对身份验证信息进行加密生成的签名文件,并将签名文件发保存至终端。Specifically, when the terminal needs to delete the data in the special area (for example, the data of the FRP partition), it connects to the server. The connection between the terminal and the server may be one of wired, wireless or Bluetooth. The terminal can also contain an APK (AndroidPackage, installation package) with a connection function, and the application program is directly installed through the APK installation package file to complete the communication connection between the terminal and the server, and the receiving server encrypts the authentication information through an encryption algorithm. Sign the file, and save the signed file to the terminal.

需要说明的是,服务器可以从终端中获取身份验证信息,也可以从云平台中获取身份验证信息,还可以从服务器中已经存储的信息中获取身份验证信息,从而对终端的身份验证信息进行加密生成签名文件,并将签名文件发回终端。因此,签名文件为与终端的身份验证信息有关的文件。It should be noted that the server can obtain the authentication information from the terminal, obtain the authentication information from the cloud platform, and also obtain the authentication information from the information already stored in the server, so as to encrypt the authentication information of the terminal. Generate a signature file and send the signature file back to the terminal. Therefore, the signature file is a file related to the authentication information of the terminal.

S120、于工厂模式状态下,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据。S120. In the factory mode state, decrypt the signature file according to the erasure instruction sent by the server, and if the decryption is successful, erase the terminal data.

其中,工厂模式是手机一种特殊的工作模式,在此模式下可以对手机的某些分区进行擦除和下载,以及执行一些其他的命令。擦除指令为用于擦除终端中数据的指令。具体的,在工厂模式状态下,服务器将专业人员输入的擦除指令发送给终端。终端识别该擦除指令,从而对签名文件进行解密。Among them, the factory mode is a special working mode of the mobile phone. In this mode, some partitions of the mobile phone can be erased and downloaded, and some other commands can be executed. The erase command is a command for erasing data in the terminal. Specifically, in the factory mode state, the server sends the erasing instruction input by the professional to the terminal. The terminal recognizes the erasing instruction, thereby decrypting the signature file.

示例性的,在所述服务器发送的擦除指令对签名文件进行解密之后,还包括:验证解密后的签名文件中的密文是否与所述终端的身份验证信息一致;若一致,则擦除所述终端的数据。Exemplarily, after the erasure instruction sent by the server decrypts the signature file, the method further includes: verifying whether the ciphertext in the decrypted signature file is consistent with the identity verification information of the terminal; if they are consistent, erasing data of the terminal.

具体的,签名文件包含了服务器对终端中身份验证信息进行加密后的密文,因此解密后的密文应该包含了终端的身份验证信息。对解密后的签名文件中的身份验证信息与终端的身份验证信息进行对比,如果信息一致,则确定该终端为需要擦除操作的终端,可以对该终端进行擦除操作。如果信息不一致,则可以通过文字或者特殊声音来提示专业人员信息存在错误,不能进行擦除操作。Specifically, the signature file contains the ciphertext after the server encrypts the authentication information in the terminal, so the decrypted ciphertext should contain the authentication information of the terminal. The identity verification information in the decrypted signature file is compared with the identity verification information of the terminal, and if the information is consistent, it is determined that the terminal is a terminal that needs an erasing operation, and an erasing operation can be performed on the terminal. If the information is inconsistent, the professional information can be prompted by words or special sounds, and the erasure operation cannot be performed.

例如,终端在运行APK应用程序成功连接服务器后,APK应用程序发送给服务器终端的序列码,再接收服务器发回的签名文件,存储在终端的存储区域。终端重启进入工作模式状态后,专业人员可以在服务器中的显示页面输入擦除指令fastboot erase FRP。终端依次读取erase与FRP,从而识别擦除指令与擦除区域。若成功识别代码指令的含义,则对签名文件中的密文进行验证。若验证成功,则可以对FRP区域进行擦除操作。For example, after the terminal runs the APK application and successfully connects to the server, the APK application sends the serial code to the server terminal, and then receives the signature file sent back by the server and stores it in the storage area of the terminal. After the terminal restarts and enters the working mode, professionals can enter the erasing command fastboot erase FRP on the display page of the server. The terminal reads erase and FRP in turn to identify the erase command and erase area. If the meaning of the code instruction is successfully identified, the ciphertext in the signature file is verified. If the verification is successful, the erase operation can be performed on the FRP area.

通过对签名文件中的密文与终端身份验证信息的验证,进一步提高了终端数据擦除的安全性,且有效防止误操作。By verifying the ciphertext in the signature file and the terminal identity verification information, the security of terminal data erasure is further improved, and misoperations are effectively prevented.

示例性的,所述签名文件中的密文为二进制文件。Exemplarily, the ciphertext in the signature file is a binary file.

具体的,服务器可以将终端发送的身份验证信息加密为二进制的文件,即签名文件可以为二进制文件,且签名文件中的密文长度可以为2048bit。使用二进制文件以及较长的密文长度可以有效提高签名文件的安全性,不易被破解。Specifically, the server may encrypt the authentication information sent by the terminal into a binary file, that is, the signature file may be a binary file, and the length of the ciphertext in the signature file may be 2048 bits. Using binary files and a longer ciphertext length can effectively improve the security of the signature file, and it is not easy to be cracked.

需要说明的是,为了保护用户的隐私以及使用终端的安全性,本发明实施例提供的擦除终端数据的方法只能由专业人员以及专业设备进行操作。It should be noted that, in order to protect the privacy of users and the security of using the terminal, the method for erasing terminal data provided by the embodiments of the present invention can only be operated by professionals and professional equipment.

本发明实施例通过接收服务器通过加密算法生成的签名文件,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据,解决了现有技术中难以擦除终端中特殊区域数据的问题,保证了终端数据擦除的安全性。In the embodiment of the present invention, the signature file generated by the server through the encryption algorithm is received, and the signature file is decrypted according to the erasure instruction sent by the server. The problem of data in special areas in China ensures the security of terminal data erasure.

实施例二Embodiment 2

图2为本发明实施例二提供的一种擦除终端数据方法的流程图,本实施例在上述实施例的基础上进行优化,提供了优化的所述接收服务器通过加密方式生成的签名文件的处理方法,具体是:将所述终端的身份验证信息发送至所述服务器;接收所述服务器基于所述身份验证信息进行加密所生成的签名文件。FIG. 2 is a flowchart of a method for erasing terminal data according to Embodiment 2 of the present invention. This embodiment is optimized on the basis of the above-mentioned embodiments, and provides an optimized signature file generated by the receiving server through encryption. The processing method is specifically: sending the identity verification information of the terminal to the server; and receiving a signature file generated by the server encrypting based on the identity verification information.

相应的,本实施例的方法包括:Correspondingly, the method of this embodiment includes:

S210、将所述终端的身份验证信息发送至所述服务器。S210. Send the identity verification information of the terminal to the server.

具体的,在终端与服务器通讯连接后,可以将存储在终端NV(NonVolatile,存储器)区域的身份验证信息(例如,终端的SN码)发送至服务器。Specifically, after the terminal is connected to the server for communication, the identity verification information (for example, the SN code of the terminal) stored in the NV (NonVolatile, memory) area of the terminal may be sent to the server.

S220、接收所述服务器基于所述身份验证信息进行加密所生成的签名文件。S220: Receive a signature file generated by the server performing encryption based on the identity verification information.

服务器接收到终端发送的身份验证信息后,对该身份验证信息进行加密生成签名文件,并将签名文件发送回终端,且将终端的状态调整为工厂模式状态。After receiving the authentication information sent by the terminal, the server encrypts the authentication information to generate a signature file, sends the signature file back to the terminal, and adjusts the state of the terminal to the factory mode state.

需要说明的是,在终端与服务器通讯连接的过程中,可以通过APK应用程序向服务器发送终端的SN码,并且能够获取服务器返回的签名文件,将签名文件保存在终端中。只要签名文件成功保存之后,终端即可重启进入工厂模式状态(如Fastboot mode的快速启动模式)。It should be noted that, during the communication connection between the terminal and the server, the SN code of the terminal can be sent to the server through the APK application, and the signature file returned by the server can be obtained and stored in the terminal. As long as the signature file is successfully saved, the terminal can be restarted into the factory mode state (such as the fast boot mode of Fastboot mode).

S230、于工厂模式状态下,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据。S230. In the factory mode state, decrypt the signature file according to the erasure instruction sent by the server, and if the decryption is successful, erase the terminal data.

示例性的,所述加密算法为非对称加密算法。Exemplarily, the encryption algorithm is an asymmetric encryption algorithm.

其中,非对称加密算法需要两个密钥:公开密钥和私有密钥,简称公钥与私钥。公开密钥与私有密钥是一对,如果用公钥对数据进行加密,只有用对应的私钥才能解密;如果用私钥对数据进行加密,那么只有用对应的公钥才能解密。由于加密和解密使用两个不同的密钥,因此这种算法叫作非对称加密算法。在本发明实施例中,由于只有专业人员的专业设备(为本发明实施例中所述的服务器)才能进行擦除操作,且一台服务器可以擦除多台终端的数据,因此服务器生成一对秘钥后,将公钥发送给多台需要擦除数据的终端,而私钥只由服务器进行保存。其中,公钥的形式可以为字符串,例如“81cb78ec68577b81b71f829c2117ba5d6fe6ed00b04e……”Among them, asymmetric encryption algorithm requires two keys: public key and private key, referred to as public key and private key. The public key and the private key are a pair. If the data is encrypted with the public key, it can only be decrypted with the corresponding private key; if the data is encrypted with the private key, only the corresponding public key can be decrypted. Since encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. In the embodiment of the present invention, since only the professional equipment of professionals (the server described in the embodiment of the present invention) can perform the erasing operation, and one server can erase the data of multiple terminals, the server generates a pair of After the secret key is obtained, the public key is sent to multiple terminals that need to erase data, and the private key is only stored by the server. Among them, the form of the public key can be a string, such as "81cb78ec68577b81b71f829c2117ba5d6fe6ed00b04e..."

具体的,服务器使用私钥对终端发送的身份验证信息进行加密生成签名文件,并发回终端。在终端识别擦除操作后,使用公钥对该签名文件中的密文进行解密,将解密后的密文与身份验证信息进行对比,若一致,则执行擦除操作。Specifically, the server encrypts the authentication information sent by the terminal using the private key to generate a signature file, and sends it back to the terminal. After the terminal recognizes the erasing operation, the public key is used to decrypt the ciphertext in the signature file, and the decrypted ciphertext is compared with the identity verification information. If they are consistent, the erasing operation is performed.

需要说明的是,服务器不仅协助终端擦除特殊区域内的数据,还对所有擦除过的终端进行记录,进行备案。It should be noted that the server not only assists the terminal in erasing the data in the special area, but also records and records all erased terminals.

本发明实施例通过将终端的身份验证信息发送至服务器,并接收服务器基于身份验证信息进行加密所生成的签名文件,从终端获取身份验证信息进行加密,擦除FRP区域数据,进一步提高了终端擦除数据的安全性,且保证了擦除的终端为正确终端,降低了误操作的概率,使得用户在开机阶段不需要输入Google账号与密码即可进入手机页面。In the embodiment of the present invention, by sending the identity verification information of the terminal to the server, receiving the signature file generated by the encryption based on the identity verification information by the server, obtaining the identity verification information from the terminal for encryption, and erasing the FRP area data, the terminal erasure is further improved. In addition to data security, it ensures that the erased terminal is the correct terminal, reduces the probability of misoperation, and enables users to enter the mobile phone page without entering the Google account and password during the boot phase.

实施例三Embodiment 3

图3为本发明实施例三提供的一种擦除终端数据方法的流程图,本实施例可适用于终端数据擦除的情况,该方法可以由本发明实施例提供的擦除终端数据装置来执行,该装置可采用软件和/或硬件的方式实现,该装置可集成在任何提供擦除终端数据功能的设备中,例如可以是电脑,也可以是移动终端(如手机、平板电脑等)如图3所示,具体包括:FIG. 3 is a flowchart of a method for erasing terminal data according to Embodiment 3 of the present invention. This embodiment is applicable to the situation where terminal data is erased, and the method can be executed by the device for erasing terminal data provided in this embodiment of the present invention. , the device can be implemented in software and/or hardware, and the device can be integrated in any device that provides the function of erasing terminal data, such as a computer or a mobile terminal (such as a mobile phone, tablet computer, etc.) 3, including:

相应的,本实施例的方法包括:Correspondingly, the method of this embodiment includes:

S310、接收服务器通过加密方式生成的签名文件。S310. Receive the signature file generated by the server in an encrypted manner.

具体的,当终端有需求删除特殊区域中的数据(例如FRP分区的数据)时,连接服务器。其中,终端与服务器的连接可以为有线、无线或者蓝牙方式中的一种。终端中也可以包含具有连接功能的安装包(APK,AndroidPackage),通过该安装包文件直接安装应用程序,来完成终端与服务器的通讯连接,接收服务器通过加密算法对身份验证信息进行加密生成的签名文件,并将签名文件发保存至终端,且将终端的状态自动调整为工厂模式状态。Specifically, when the terminal needs to delete the data in the special area (for example, the data of the FRP partition), it connects to the server. The connection between the terminal and the server may be one of wired, wireless or Bluetooth. The terminal can also contain an installation package (APK, AndroidPackage) with a connection function. The application is directly installed through the installation package file to complete the communication connection between the terminal and the server, and the server receives the signature generated by encrypting the authentication information through an encryption algorithm. file, and save the signature file to the terminal, and automatically adjust the state of the terminal to the factory mode state.

需要说明的是,服务器可以从终端中获取身份验证信息,也可以从云平台中获取身份验证信息,还可以从服务器中已经存储的信息中获取身份验证信息,从而对终端的身份验证信息进行加密生成签名文件,并将签名文件发回终端。It should be noted that the server can obtain the authentication information from the terminal, obtain the authentication information from the cloud platform, and also obtain the authentication information from the information already stored in the server, so as to encrypt the authentication information of the terminal. Generate a signature file and send the signature file back to the terminal.

S320、于工厂模式状态下,解密所述签名文件,若解密成功,则根据读取所述服务器发送的擦除指令擦除终端数据。S320. Decrypt the signature file in the factory mode state, and if the decryption is successful, erase the terminal data according to the erasure instruction sent by the server.

具体的,当终端接收到服务器发回的签名文件后,在工厂模式状态下,可以对该签名文件进行解密,解密成功后才读取擦除指令。例如,若加密算法为非对称加密算法,终端接收到签名文件后,先使用公钥对签名文件中的密文进行解密。将解密后的身份验证信息与终端内部存储的身份验证信息进行对比,若一致,则解密成功。解密成功后,才对服务器中输入的擦除指令进行识别,若识别成功,则执行擦除终端的操作。Specifically, after the terminal receives the signature file sent back by the server, in the factory mode state, the signature file can be decrypted, and the erasing instruction can be read only after the decryption is successful. For example, if the encryption algorithm is an asymmetric encryption algorithm, after receiving the signature file, the terminal first uses the public key to decrypt the ciphertext in the signature file. Compare the decrypted authentication information with the authentication information stored in the terminal, and if they are consistent, the decryption is successful. After the decryption is successful, the erasing instruction input in the server is identified, and if the identification is successful, the operation of erasing the terminal is performed.

本发明实施例通过接收服务器通过加密方式生成的签名文件,解密所述签名文件,若解密成功,则根据读取的擦除指令擦除终端数据,解决了现有技术中难以擦除终端中特殊区域数据的问题,保证了终端数据擦除的安全性。The embodiment of the present invention decrypts the signature file by receiving the signature file generated by the server through encryption, and if the decryption is successful, erases the terminal data according to the read erasing instruction, which solves the problem of the difficulty in erasing the terminal in the prior art. The problem of regional data ensures the security of terminal data erasure.

实施例四Embodiment 4

图4为本发明实施例四提供的一种擦除终端数据装置的结构示意图,该装置可采用软件和/或硬件的方式实现,该装置可集成在任何提供擦除终端数据功能的设备中,例如可以是电脑,也可以是移动终端(如手机、平板电脑等)如图4所示,具体包括:文件生成模块41和数据擦除模块42。4 is a schematic structural diagram of a device for erasing terminal data provided in Embodiment 4 of the present invention, the device can be implemented in software and/or hardware, and the device can be integrated in any device that provides a function of erasing terminal data, For example, it can be a computer or a mobile terminal (such as a mobile phone, a tablet computer, etc.), as shown in FIG.

文件生成模块41,用于接收服务器通过加密算法生成的签名文件,其中,所述签名文件与终端的身份验证信息有关;The file generation module 41 is used to receive a signature file generated by the server through an encryption algorithm, wherein the signature file is related to the identity verification information of the terminal;

数据擦除模块42,用以于工厂模式状态下,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据;或者,用于解密所述签名文件,若解密成功,则根据读取所述服务器发送的擦除指令擦除终端数据。The data erasing module 42 is used for decrypting the signature file according to the erasing instruction sent by the server in the factory mode, and if the decryption is successful, then erasing the terminal data; or, for decrypting the signature file, if If the decryption is successful, the terminal data is erased according to the erase instruction sent by the server.

在上述实施例基础上,所述文件生成模块41具体用于:将所述终端的身份验证信息发送至所述服务器;接收所述服务器基于所述身份验证信息进行加密所生成的签名文件。Based on the above embodiment, the file generation module 41 is specifically configured to: send the identity verification information of the terminal to the server; and receive a signature file generated by the server encrypting based on the identity verification information.

在上述实施例基础上,还包括:验证模块43。On the basis of the above embodiment, it also includes: a verification module 43 .

验证模块43,在所述根据服务器发送的擦除指令对签名文件进行解密之后,用于验证解密后的签名文件中的密文是否与所述终端的身份验证信息一致;若一致,则擦除所述终端的数据。The verification module 43, after decrypting the signature file according to the erasure instruction sent by the server, is used to verify whether the ciphertext in the decrypted signature file is consistent with the identity verification information of the terminal; if it is consistent, then erase data of the terminal.

在上述实施例基础上,所述签名文件中的密文为二进制文件。Based on the above embodiment, the ciphertext in the signature file is a binary file.

在上述实施例基础上,所述加密算法为非对称加密算法。Based on the above embodiment, the encryption algorithm is an asymmetric encryption algorithm.

本发明实施例提供了一种擦除终端数据的装置,接收服务器通过加密算法生成的签名文件,根据服务器发送的擦除指令对所述签名文件进行解密,若解密成功,则擦除终端数据,解决了现有技术中难以擦除终端中特殊区域数据的问题,保证了终端数据擦除的安全性。An embodiment of the present invention provides a device for erasing terminal data, receiving a signature file generated by a server through an encryption algorithm, decrypting the signature file according to an erasing instruction sent by the server, and erasing the terminal data if the decryption is successful, The problem that it is difficult to erase the special area data in the terminal in the prior art is solved, and the security of the terminal data erasure is guaranteed.

注意,上述仅为本发明的较佳实施例及所运用技术原理。本领域技术人员会理解,本发明不限于这里所述的特定实施例,对本领域技术人员来说能够进行各种明显的变化、重新调整和替代而不会脱离本发明的保护范围。因此,虽然通过以上实施例对本发明进行了较为详细的说明,但是本发明不仅仅限于以上实施例,在不脱离本发明构思的情况下,还可以包括更多其他等效实施例,而本发明的范围由所附的权利要求范围决定。Note that the above are only preferred embodiments of the present invention and applied technical principles. Those skilled in the art will understand that the present invention is not limited to the specific embodiments described herein, and various obvious changes, readjustments and substitutions can be made by those skilled in the art without departing from the protection scope of the present invention. Therefore, although the present invention has been described in detail through the above embodiments, the present invention is not limited to the above embodiments, and can also include more other equivalent embodiments without departing from the concept of the present invention. The scope is determined by the scope of the appended claims.

Claims (10)

1. A method for erasing terminal data, comprising:
receiving a signature file generated by a server through an encryption algorithm, and adjusting the state of a terminal to be a factory mode state; wherein the signature file is related to authentication information of the terminal;
in a factory mode state, decrypting the signature file according to an erasing instruction sent by a server, and if the decryption is successful, erasing terminal data so that the terminal after erasing the terminal data can directly execute a factory setting restoration function; the erased terminal data comprises data stored in a terminal special area, and the data in the terminal special area is used for providing safety verification before a factory reset function is executed.
2. The method of claim 1, wherein receiving the signature file generated by the server in an encrypted manner comprises:
sending the authentication information of the terminal to the server;
and receiving a signature file generated by the server based on the encryption of the identity verification information.
3. The method of claim 1, after decrypting the signature file according to an erasure instruction sent by the server, further comprising:
verifying whether the ciphertext in the decrypted signature file is consistent with the identity verification information of the terminal;
and if the data are consistent, erasing the data of the terminal.
4. The method of claim 3, wherein the ciphertext in the signature file is a binary file.
5. The method of claim 1, wherein the encryption algorithm is an asymmetric encryption algorithm.
6. A method for erasing terminal data, comprising:
receiving a signature file generated by a server in an encryption mode, and adjusting the state of a terminal to be a factory mode state; wherein the signature file is related to authentication information of the terminal;
decrypting the signature file in a factory mode state, and if decryption is successful, erasing terminal data according to an erasing instruction sent by the server, so that the terminal after erasing the terminal data can directly execute a factory setting restoration function; the erased terminal data comprises data stored in a terminal special area, and the data in the terminal special area is used for providing safety verification before a factory reset function is executed.
7. An apparatus for erasing terminal data, comprising:
the file generation module is used for receiving a signature file generated by the server through an encryption algorithm and adjusting the state of the terminal to be a factory mode state; wherein the signature file is related to authentication information of the terminal;
the data erasing module is used for decrypting the signature file according to an erasing instruction sent by the server in a factory mode state, and erasing terminal data if decryption is successful; or, the signature file is used for decrypting the signature file, and if the decryption is successful, the terminal data is erased according to the erasing instruction sent by the server, so that the terminal after erasing the terminal data can directly execute the factory reset function; the erased terminal data comprises data stored in a terminal special area, and the data in the terminal special area is used for providing safety verification before a factory reset function is executed.
8. The apparatus of claim 7, wherein the file generation module is specifically configured to:
sending the authentication information of the terminal to the server;
and receiving a signature file generated by the server based on the encryption of the identity verification information.
9. The apparatus of claim 7, further comprising:
the verification module is used for verifying whether the ciphertext in the decrypted signature file is consistent with the identity verification information of the terminal or not after the signature file is decrypted according to the erasing instruction sent by the server; and if the data are consistent, erasing the data of the terminal.
10. The apparatus of claim 9, wherein the ciphertext in the signature file is a binary file.
CN201710291012.8A 2017-04-28 2017-04-28 Method and device for erasing terminal data Active CN107124279B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710291012.8A CN107124279B (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data
CN202010492907.XA CN111614698A (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710291012.8A CN107124279B (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202010492907.XA Division CN111614698A (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data

Publications (2)

Publication Number Publication Date
CN107124279A CN107124279A (en) 2017-09-01
CN107124279B true CN107124279B (en) 2020-11-27

Family

ID=59725177

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010492907.XA Withdrawn CN111614698A (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data
CN201710291012.8A Active CN107124279B (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202010492907.XA Withdrawn CN111614698A (en) 2017-04-28 2017-04-28 Method and device for erasing terminal data

Country Status (1)

Country Link
CN (2) CN111614698A (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PL423465A1 (en) * 2017-11-15 2019-05-20 Wyrwas Marcin Wiperapp Ep Spolka Z Ograniczona Odpowiedzialnoscia Spolka Komandytowa Device for certified removal of data from a disc installed on the computer with wireless verification of entitlements to carry out that operation
CN109726558B (en) * 2018-12-27 2020-11-24 公安部物证鉴定中心 A data erasing method for Western Digital hard disk defect table
CN109710192B (en) * 2018-12-27 2022-04-05 公安部物证鉴定中心 Data erasing method for firmware area used by Western digital hard disk
CN114168160A (en) 2020-09-10 2022-03-11 荣耀终端有限公司 Application module startup method and electronic device
CN115391849A (en) * 2021-05-24 2022-11-25 荣耀终端有限公司 Method and device for storing ciphertext
CN114048402B (en) * 2022-01-12 2022-04-22 深圳软牛科技有限公司 FRP lock removing method, device, equipment and storage medium of Android system
CN118568736A (en) * 2024-08-01 2024-08-30 上海艾拉比智能科技有限公司 A device anti-theft method and system based on FRP

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359988A (en) * 2007-07-31 2009-02-04 华为技术有限公司 Method, device and system for obtaining domain license
CN102075524A (en) * 2010-12-28 2011-05-25 广东楚天龙智能卡有限公司 A method for developing digital media interactive services through smart cards
CN102111762A (en) * 2009-12-28 2011-06-29 深圳富泰宏精密工业有限公司 Mobile phone and information disclosure-proof method therefor
CN105208045A (en) * 2015-10-28 2015-12-30 广东欧珀移动通信有限公司 Identity authentication method, equipment and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4859438B2 (en) * 2005-10-25 2012-01-25 京セラ株式会社 Communication terminal, executable process restriction method, and executable process restriction program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359988A (en) * 2007-07-31 2009-02-04 华为技术有限公司 Method, device and system for obtaining domain license
CN102111762A (en) * 2009-12-28 2011-06-29 深圳富泰宏精密工业有限公司 Mobile phone and information disclosure-proof method therefor
CN102075524A (en) * 2010-12-28 2011-05-25 广东楚天龙智能卡有限公司 A method for developing digital media interactive services through smart cards
CN105208045A (en) * 2015-10-28 2015-12-30 广东欧珀移动通信有限公司 Identity authentication method, equipment and system

Also Published As

Publication number Publication date
CN107124279A (en) 2017-09-01
CN111614698A (en) 2020-09-01

Similar Documents

Publication Publication Date Title
CN107124279B (en) Method and device for erasing terminal data
CN102859963B (en) From non-local memory load and configuration subsystem safely
CN105516948B (en) Device control method and device
US9270466B2 (en) System and method for temporary secure boot of an electronic device
CN108763917B (en) Data encryption and decryption method and device
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
US20150295714A1 (en) Data security verification method and device
US9276748B2 (en) Data-encrypting method and decrypting method for a mobile phone
WO2017166362A1 (en) Esim number writing method, security system, esim number server, and terminal
CN101441601A (en) Ciphering transmission method of hard disk ATA instruction
US11082222B2 (en) Secure data management
CN113378119B (en) Software authorization method, device, equipment and storage medium
JP2009253783A (en) Mobile terminal, data protection method and program for data protection
WO2011130970A1 (en) Device and method for protecting data of mobile terminal
JP2007249507A (en) Information leakage prevention method, information leakage prevention system and information terminal
US11516215B2 (en) Secure access to encrypted data of a user terminal
US9210134B2 (en) Cryptographic processing method and system using a sensitive data item
CN107135074B (en) Advanced security method and device
CN110674525A (en) Electronic equipment and file processing method thereof
TW201738802A (en) A removable security device and a method to prevent unauthorized exploitation and control access to files
CN113127844A (en) Variable access method, device, system, equipment and medium
CN110659522B (en) Storage medium security authentication method and device, computer equipment and storage medium
JP2005303370A (en) Semiconductor chip, start program, semiconductor chip program, storage medium, terminal, and information processing method
WO2015131585A1 (en) Method and device for ensuring sd card security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200603

Address after: 518034 No. 6003, Shennan Avenue, Futian District, Shenzhen City, Guangdong Province

Applicant after: Li Liping

Address before: 200233, Shanghai, Jinshan District Jinshan Industrial Zone, Ting Wei highway 65584, room 1309

Applicant before: SHANGHAI WIND SCIENCE AND TECHNOLOGIES Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201105

Address after: Room 1718, 17 / F, Shidai Haoting, Pujiang County, Jinhua City, Zhejiang Province

Applicant after: Jinhua Tashan Technology Consulting Service Co.,Ltd.

Address before: 518034 No. 6003, Shennan Avenue, Futian District, Shenzhen City, Guangdong Province

Applicant before: Li Liping

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20241028

Address after: 421800 Intersection of Wumei Road and Hehua Road, Leiyang City, Hengyang City, Hunan Province

Patentee after: Hunan Yiti New Media Co.,Ltd.

Country or region after: China

Address before: Room 1718, 17th floor, Shidai Haoting, Pujiang County, Jinhua City, Zhejiang Province

Patentee before: Jinhua Tashan Technology Consulting Service Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right