[go: up one dir, main page]

TW201828186A - Mobile device with built-in access control mechanism comprises an access control unit including a control module and a storage module; a memory unit storing an application program; and a processing unit - Google Patents

Mobile device with built-in access control mechanism comprises an access control unit including a control module and a storage module; a memory unit storing an application program; and a processing unit Download PDF

Info

Publication number
TW201828186A
TW201828186A TW106102831A TW106102831A TW201828186A TW 201828186 A TW201828186 A TW 201828186A TW 106102831 A TW106102831 A TW 106102831A TW 106102831 A TW106102831 A TW 106102831A TW 201828186 A TW201828186 A TW 201828186A
Authority
TW
Taiwan
Prior art keywords
processing unit
control module
mobile device
control
built
Prior art date
Application number
TW106102831A
Other languages
Chinese (zh)
Other versions
TWI673667B (en
Inventor
楊建綱
Original Assignee
楊建綱
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 楊建綱 filed Critical 楊建綱
Priority to TW106102831A priority Critical patent/TWI673667B/en
Priority to CN201710187742.3A priority patent/CN108345785B/en
Priority to US15/600,143 priority patent/US10216913B2/en
Priority to JP2017121167A priority patent/JP6591495B2/en
Priority to EP17177219.7A priority patent/EP3355221B1/en
Publication of TW201828186A publication Critical patent/TW201828186A/en
Priority to HK19101397.6A priority patent/HK1258920B/en
Application granted granted Critical
Publication of TWI673667B publication Critical patent/TWI673667B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

A mobile device with built-in access control mechanism is disclosed, which comprises: an access control unit including a control module and a storage module; a memory unit storing an application program; and a processing unit. The processing unit transmits a certification information to the access control unit through the application program. When the control module determines that the application program is legal based on the certification information, it allows the processing unit to establish connection with it. The processing unit transmits a user identification code and an user password to the control module through the application program. The control module inquires the access right of a user identification code based on an access control data table, and when the user password is determined to match with the user password recorded in a password table, it allows the processing unit to use the storage module in the range of access right.

Description

內建權限控管機制的行動裝置Mobile device with built-in permission control mechanism

本發明是有關於一種行動裝置,特別是指一種內建權限控管機制的行動裝置。The invention relates to a mobile device, in particular to a mobile device with a built-in permission control mechanism.

現有的行動裝置,例如一智慧型手機讓使用者可以藉由外插一SD卡,並利用智慧型手機通過SD卡的驗證及授權後,使用SD卡內存的交易憑證資訊來執行一行動支付,例如台灣第I537851號專利。The existing mobile device, such as a smart phone, allows the user to perform an action payment by externally inserting an SD card and using the smart phone to verify and authorize the SD card, using the transaction voucher information stored in the SD card. For example, Taiwan Patent No. I537851.

因此,本發明的目的,即在提供一種由行動裝置本身對使用者進行身份驗證及權限控管之內建權限控管機制的行動裝置。Accordingly, it is an object of the present invention to provide a mobile device having a built-in access control mechanism for authenticating and controlling rights of a user by the mobile device itself.

於是,本發明內建權限控管機制的行動裝置,包括一權限控管單元、一記憶體單元及一處理單元。該權限控管單元包含一控制模組及一儲存模組,該控制模組具有一權限控管資料表及一密碼表,該權限控管資料表記錄一使用者識別碼及其使用該儲存模組的一使用權限,該密碼表記錄該使用者識別碼及其對應的一使用者密碼;該記憶體單元儲存一應用程式;該處理單元與該權限控管單元及該記憶體單元電連接,且該處理單元執行該應用程式時,該應用程式傳送一認證資訊給該權限控管單元,且該控制模組根據該認證資訊判斷該應用程式合法時,允許該處理單元與其建立連線,且該處理單元透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模組,該控制模組根據該權限控管資料表查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在該密碼表的該使用者密碼相符時,允許該處理單元在該使用權限範圍內使用該儲存模組。Therefore, the mobile device of the built-in authority control mechanism of the present invention comprises an authority control unit, a memory unit and a processing unit. The privilege control unit comprises a control module and a storage module, the control module has an privilege control data table and a password table, the privilege control data table records a user identification code and uses the storage module a usage permission of the group, the password table records the user identifier and a corresponding user password; the memory unit stores an application; the processing unit is electrically connected to the rights control unit and the memory unit, When the processing unit executes the application, the application transmits an authentication information to the permission control unit, and the control module allows the processing unit to establish a connection with the application when the application is legal according to the authentication information, and The processing unit transmits a user identification code and a user password to the control module through the application, and the control module queries a usage right of the user identification code according to the permission control data table, and determines the use. When the password is consistent with the user password recorded in the password table, the processing unit is allowed to use the storage module within the scope of the usage authority.

在本發明的一些實施態樣中,該控制模組記錄有該應用程式的一識別碼及一密碼,且該控制模組判斷該認證資訊中包含的一識別碼及一密碼與該控制模組記錄的該識別碼及密碼相同時,即判定該應用程式合法。In some implementations of the present invention, the control module records an identification code and a password of the application, and the control module determines an identification code and a password included in the authentication information and the control module. When the recorded identification code and password are the same, it is determined that the application is legal.

在本發明的一些實施態樣中,該控制模組能對該儲存模組規劃一隱密資料區,且該控制模組判斷該使用權限允許存取該儲存模組的該隱密資料區時,則允許該處理單元存取該儲存模組的該隱密資料區。In some implementations of the present invention, the control module can plan a hidden data area for the storage module, and the control module determines that the usage right allows access to the hidden data area of the storage module. The processing unit is allowed to access the hidden data area of the storage module.

在本發明的一些實施態樣中,該控制模組判斷該使用權限允許設定與更新該權限控管資料表及/或該密碼表時,允許該處理單元對該權限控管資料表及/或該密碼表進行設定及更新。In some implementations of the present invention, the control module determines that the usage permission allows setting and updating the rights control data table and/or the password table, allowing the processing unit to control the data table and/or The password table is set and updated.

在本發明的一些實施態樣中,該控制模組判斷該使用權限允許規劃該隱密資料區時,該處理單元能透過該控制模組對該隱密資料區規劃多個私密空間,且該控制模組判斷該使用權限允許存取該等私密空間至少其中之一時,允許該處理單元存取該私密空間,並將該處理單元傳來的資料進行加密後再存入該私密空間,或者將該處理單元需要的資料從該私密空間讀出並對其解密後,再傳送給該處理單元。In some implementations of the present invention, the control module determines that the usage right permission allows the privacy data area to be planned, and the processing unit can plan a plurality of private spaces for the hidden data area through the control module, and the When the control module determines that the usage right allows access to at least one of the private spaces, the processing unit is allowed to access the private space, and the data transmitted by the processing unit is encrypted and then stored in the private space, or The data required by the processing unit is read from the private space and decrypted, and then transmitted to the processing unit.

在本發明的一些實施態樣中,該行動裝置包括一輸入單元,其接受輸入該使用者識別碼及該使用者密碼並將其傳送給該處理單元。In some embodiments of the invention, the mobile device includes an input unit that accepts the user identification code and the user password and transmits it to the processing unit.

在本發明的一些實施態樣中,該控制模組還包含一金融晶片,其中儲存一密鑰及一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片時,將該處理單元傳來的一要被押碼的資料傳送給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。In some embodiments of the present invention, the control module further includes a financial chip, wherein a key and a code program are stored, and the control module determines that the usage right allows the processing unit to access the financial chip. Transmitting, by the processing unit, a data to be debited to the financial chip, causing the execution of the code program, and by using the key to code the data to be debited to generate a transaction code, and The transaction code is returned to the processing unit.

在本發明的一些實施態樣中,該隱密資料區存有一密鑰,該控制模組具有一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該隱密資料區時,讀取儲存於該隱密資料區的該密鑰,且接受該處理單元傳來的一要被押碼的資料,並執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。In some implementations of the present invention, the secret data area stores a key, the control module has a code execution program, and the control module determines that the usage right allows the processing unit to access the hidden data area. And reading the key stored in the secret data area, and accepting a data to be debited from the processing unit, and executing the code execution program, and the key to be coded The data is coded to generate a transaction code, and the transaction code is returned to the processing unit.

在本發明的一些實施態樣中,該控制模組還包含一儲存一押碼程式的金融晶片,該隱密資料區存有一密鑰,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片及該隱密資料區時,該控制模組讀取儲存於該隱密資料區的該密鑰,並將該密鑰及該處理單元傳來的一要被押碼的資料提供給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。In some implementations of the present invention, the control module further includes a financial chip storing a code program, the secret data area storing a key, and the control module determining that the usage right allows the processing unit to save When the financial chip and the hidden data area are taken, the control module reads the key stored in the hidden data area, and provides the key and a data to be hacked from the processing unit. And the financial chip is executed to execute the code program, and the data of the code to be hacked is coded by the key to generate a transaction code, and the transaction code is returned to the processing unit.

在本發明的一些實施態樣中,該行動裝置具有一主機板,該處理單元設置在該主機板上,且該權限控管單元是一設置在該主機板上的晶片;或者,該權限控管單元的該控制模組是一設置在該主機板上的第一晶片,該權限控管單元的該儲存模組是一設置在該主機板上的第二晶片。In some embodiments of the present invention, the mobile device has a motherboard, the processing unit is disposed on the motherboard, and the rights control unit is a chip disposed on the motherboard; or The control module of the tube unit is a first chip disposed on the motherboard, and the storage module of the rights control unit is a second chip disposed on the motherboard.

在本發明的一些實施態樣中,該行動裝置具有一主機板及一與該主機板電連接的電路板,該處理單元設置在該主機板上,且該權限控管單元是設置在該電路板上;或者,該權限控管單元的該控制模組設置在該電路板上,該權限控管單元的該儲存模組設置在該主機板上。In some embodiments of the present invention, the mobile device has a motherboard and a circuit board electrically connected to the motherboard, the processing unit is disposed on the motherboard, and the permission control unit is disposed on the circuit Or the control module of the privilege control unit is disposed on the circuit board, and the storage module of the privilege control unit is disposed on the motherboard.

本發明的功效在於:藉由內建在行動裝置中的該權限控管單元,能對該處理單元存取該權限控管單元中的該儲存模組,尤其是該儲存模組中的該隱密資料區進行存取權限的控管,並讓該權限控管單元能以單一晶片或獨立的兩個晶片與該處理單元設置在同一個或不同的電路板上,而達成本發明的目的。The effect of the present invention is that the storage module in the privilege control unit can be accessed by the processing unit by the privilege control unit built in the mobile device, in particular, the implicit in the storage module. The dense data area controls the access authority and allows the rights control unit to be disposed on the same or a different circuit board as the single wafer or two independent wafers, thereby achieving the object of the present invention.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same reference numerals.

參閱圖1,是本發明內建權限控管機制的行動裝置的一實施例,本實施例的行動裝置1可以是智慧型手機、平板電腦、筆記型電腦等可攜式電子裝置,但不以此為限,且其主要包括一記憶體單元10、一輸入單元11、一顯示單元18,一與記憶體單元10、顯示單元18及輸入單元11電連接的處理單元12及一與處理單元12電連接的權限控管單元13。Referring to FIG. 1 , an embodiment of a mobile device with a built-in privilege control mechanism is provided. The mobile device 1 of the present embodiment may be a portable electronic device such as a smart phone, a tablet computer, or a notebook computer, but This is limited to a memory unit 10, an input unit 11, a display unit 18, a processing unit 12 and a processing unit 12 electrically connected to the memory unit 10, the display unit 18, and the input unit 11. The authority control unit 13 is electrically connected.

在本實施例中,輸入單元1可以是一鍵盤或一觸控面板。記憶體單元10儲存有至少一應用程式,處理單元12可以是一應用處理器(Application Processor , AP)或中央處理器。權限控管單元13主要包含一控制模組14及一儲存模組15,該控制模組14具有一密碼表16及一權限控管資料表17。其中該權限控管資料表17記錄至少一使用者識別碼及其使用該儲存模組15的一使用權限,該密碼表16記錄該使用者識別碼及其對應的一使用者密碼。藉此,當該處理單元12為了存取儲存模組15內的資料而執行一應用程式時,該應用程式會先傳送一認證資訊給該權限控管單元13,並由其中的該控制模組14根據該認證資訊判斷該應用程式合法時,才允許該處理單元12與其建立連線,然後該處理單元12透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模組14,該控制模組14根據該權限控管資料表17查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在該密碼表16的該使用者密碼是否相符,若是,才允許該處理單元12在該使用權限範圍內使用該儲存模組15。藉此,達到對欲存取儲存模組15的使用者進行身份驗證及權限控管的目的。In this embodiment, the input unit 1 can be a keyboard or a touch panel. The memory unit 10 stores at least one application, and the processing unit 12 can be an application processor (AP) or a central processing unit. The privilege control unit 13 mainly includes a control module 14 and a storage module 15. The control module 14 has a password table 16 and an privilege control data table 17. The permission control data table 17 records at least one user identification code and a usage right using the storage module 15, and the password table 16 records the user identification code and a corresponding user password. Therefore, when the processing unit 12 executes an application for accessing the data in the storage module 15, the application first transmits an authentication information to the permission control unit 13, and the control module is When the application is legal according to the authentication information, the processing unit 12 is allowed to establish a connection with the processing unit 12, and then the processing unit 12 transmits a user identifier and a user password to the control module 14 through the application. The control module 14 queries a usage right of the user identification code according to the permission control data table 17, and determines whether the user password matches the user password recorded in the password table 16, and if so, allows the The processing unit 12 uses the storage module 15 within the scope of the usage rights. Thereby, the purpose of authenticating and controlling the rights of the user who wants to access the storage module 15 is achieved.

具體而言,如圖2所示,本實施例的控制模組14主要包含一控制器晶片141及燒錄於控制器晶片141中的一控制韌體142以及一應用程式介面(application program interface;API)143,且該密碼表16及該權限控管資料表17被燒錄儲存在控制韌體142中。其中如下表1所示,密碼表16存有行動裝置之使用者的使用者識別碼(例如ID1、ID2、ID3等)與使用者密碼(例如CODE1、CODE2、CODE3等),供驗正使用者的身份。且實際上儲存在密碼表16中的密碼,是經過加密而以亂碼化方式儲存的密碼,以確保密碼不會遭到非法竊取。此外,密碼表16還存有被權限控管單元13認可且合法的應用程式的一識別碼及其對應的一密碼。 表1Specifically, as shown in FIG. 2, the control module 14 of the present embodiment mainly includes a controller chip 141 and a control firmware 142 programmed in the controller chip 141 and an application program interface; API) 143, and the password table 16 and the rights control data table 17 are burned and stored in the control firmware 142. As shown in Table 1 below, the password table 16 stores the user identification code (such as ID1, ID2, ID3, etc.) of the user of the mobile device and the user password (for example, CODE1, CODE2, CODE3, etc.) for checking the user. identity of. And the password actually stored in the password table 16 is a password that is encrypted and stored in a garbled manner to ensure that the password is not illegally stolen. In addition, the password table 16 also stores an identification code of the application approved by the rights control unit 13 and a corresponding one of the passwords. Table 1

儲存模組15包括一系統部分151及一儲存部分152。系統部分151內建基本操作資訊(basic operation information)。儲存部分152包括一隱密資料區153及一可視區154。可視區154允許被行動裝置1的處理單元12(即作業系統(OS))存取,而相當於行動碟的用途,以Android®系統舉例來說,可視區154能被檔案管理程式(file management program)存取。但隱密資料區153則無法被處理單元12(作業系統)存取,亦即處理單元12不能對隱密資料區153儲存的檔案進行讀取、寫入或修改。相反的,處理單元12只有在完成特定的驗證及授權順序之後,處理單元12才能透過控制器晶片141中的控制韌體142存取隱密資料區153。因此處理單元12無法顯示隱密資料區153給使用者,且只有當時使用者藉由處理單元12通過所述驗證及授權順序時,使用者才能透過處理單元12存取隱密資料區153。The storage module 15 includes a system portion 151 and a storage portion 152. The system portion 151 has built-in basic operation information. The storage portion 152 includes a hidden data area 153 and a visible area 154. The viewable area 154 is allowed to be accessed by the processing unit 12 (i.e., the operating system (OS)) of the mobile device 1, and is equivalent to the use of the mobile disc. For example, the Android® system can be used by the file management program (file management). Program) access. However, the secret data area 153 cannot be accessed by the processing unit 12 (the operating system), that is, the processing unit 12 cannot read, write or modify the file stored in the hidden data area 153. In contrast, the processing unit 12 can access the hidden material area 153 through the control firmware 142 in the controller chip 141 only after the specific verification and authorization sequence is completed. Therefore, the processing unit 12 cannot display the hidden data area 153 to the user, and the user can access the hidden data area 153 through the processing unit 12 only when the user passes the verification and authorization sequence by the processing unit 12.

因此,如下表2所示,該權限控管資料表17主要儲存使用者的使用者識別碼(例如ID1、ID2、ID3等)與其對應的一使用權限,例如使用者識別碼ID1的使用權限為可讀、寫隱密資料區153,使用者識別碼ID2的使用權限為可讀隱密資料區153、使用者識別碼ID3的使用權限為可讀、寫及刪除隱密資料區153等,以供驗證使用者是否具有對隱密資料區153資料之讀取、更新和刪除的權限。 表2Therefore, as shown in Table 2 below, the privilege control data table 17 mainly stores the user identification code (for example, ID1, ID2, ID3, etc.) of the user and a corresponding usage right thereof, for example, the user identification code ID1 is used. The readable and writeable secret data area 153, the user identification code ID2 usage right is the readable secret data area 153, the user identification code ID3 usage right is readable, written and deleted, the hidden data area 153, etc. It is used to verify whether the user has the right to read, update, and delete the data in the secret data area 153. Table 2

舉例來說,假設隱密資料區153儲存有一密鑰,且該密鑰是對應於一用於行動支付的虛擬帳戶,則當行動裝置1欲使用該密鑰以執行一行動支付時,處理單元12會執行一應用程式(例如一種支付軟體)並輸出一訊息至行動裝置1的一顯示單元18,要求使用者從輸入單元11輸入其使用者識別碼及/或使用者密碼(當然應用程式也可以直接使用先前已記錄的使用者識別碼及使用者密碼,而不需要使用者輸入)。接著處理單元12的應用程式將其包含有一識別碼及一密碼的認證資訊及該使用者密碼以及與該行動支付相關的一要被押碼的資料傳送給控制模組14的應用程式介面143,則應用程式介面143會先執行一建立連線功能,根據密碼表16,判斷該應用程式提供的識別碼及密碼是否有記錄在密碼表16中,若是,則判定該應用程式合法。應用程式介面143接著執行一權限控管管理功能,根據權限控管資料表17確認該應用程式提供的使用者識別碼,例如ID2的使用權限為讀取,並判斷該應用程式提供的使用者密碼(ID2)與密碼表16中記錄的一使用者密碼相符,則允許該應用程式透過控制韌體142讀取儲存於隱密資料區153的該密鑰,且由控制韌體142根據該密鑰及該要被押碼的資料產生一交易押碼並回傳給處理單元12,使處理單元12據以進行後續的行動支付作業。For example, assuming that the secret data area 153 stores a key corresponding to a virtual account for mobile payment, when the mobile device 1 wants to use the key to perform an action payment, the processing unit 12 will execute an application (such as a payment software) and output a message to a display unit 18 of the mobile device 1, requesting the user to input their user identification code and/or user password from the input unit 11 (of course, the application is also The previously recorded user ID and user password can be used directly without user input). Then, the application unit of the processing unit 12 transmits the authentication information including the identification code and a password, and the user password and the data to be debited related to the mobile payment to the application interface 143 of the control module 14, The application interface 143 first performs a connection establishment function, and according to the password table 16, determines whether the identification code and password provided by the application are recorded in the password table 16, and if so, determines that the application is legal. The application interface 143 then performs an privilege management function, and confirms the user identification code provided by the application according to the privilege control data table 17, for example, the usage right of the ID2 is read, and the user password provided by the application is determined. (ID2) conforming to a user password recorded in the password table 16, allowing the application to read the key stored in the secret data area 153 through the control firmware 142, and the control firmware 142 is based on the key. And the data to be debited generates a transaction code and is transmitted back to the processing unit 12, so that the processing unit 12 performs the subsequent action payment operation.

此外,本實施例的控制模組14還可包含一金融晶片140,其中儲存有一發行該金融晶片140之金融機構的密鑰及一押碼程式。因此,當行動裝置1之處理單元12欲使用該密鑰,並通過上述的身份及權限驗證後,控制模組14的控制韌體142會將處理單元12透過應用程式傳來的一要被押碼的資料傳送給金融晶片140,使執行押碼程式,以該密鑰對要被押碼的資料押碼而產生一交易押碼,並透過該應用程式回傳給處理單元12,使處理單元12據以進行後續的行動支付作業。有關上述本實施例之金融晶片應用於行動支付的細節可參見台灣第I537851號專利。In addition, the control module 14 of the embodiment may further include a financial chip 140 in which a key of a financial institution that issues the financial chip 140 and a code program are stored. Therefore, when the processing unit 12 of the mobile device 1 wants to use the key and is authenticated by the identity and authority described above, the control firmware 142 of the control module 14 will pass the processing unit 12 through the application. The data of the code is transmitted to the financial chip 140, so that the code execution program is executed, and the transaction code is generated by using the key to the code of the code to be hacked, and is transmitted back to the processing unit 12 through the application to make the processing unit 12 Based on the subsequent action payment operations. For details on the application of the financial chip of the present embodiment to the mobile payment, refer to Taiwan Patent No. I537851.

由此可知,本實施例的控制模組14不論是否包含金融晶片140,若行動裝置1要用於行動支付的該密鑰儲存在隱密資料區153時,則於通過上述的身份及權限驗證後,由控制韌體142讀取儲存於隱密資料區153的該密鑰,並執行預存於控制模組14內的該押碼程式,以根據該密鑰及處理單元12提供之該要被押碼的資料產生一交易押碼,關於此行動支付的細節可參見台灣第I509542專利;或者,當控制模組14內包含金融晶片140,且行動裝置1要用於行動支付的該密鑰(由非發行金融晶片140之金融機構提供)是儲存在隱密資料區153時,則於通過上述的身份及權限驗證後,由控制韌體142讀取儲存於隱密資料區153的該密鑰,並將該密鑰及要被押碼的資料傳送給金融晶片140,由金融晶片140執行該押碼程式,以該密鑰對要被押碼的資料押碼而產生一交易押碼;又或者,若行動裝置1要用於行動支付的該密鑰是儲存在金融晶片140內時,則於通過上述的身份及權限驗證後,控制模組14的控制韌體142會將要被押碼的資料傳送給金融晶片140,由金融晶片140執行該押碼程式,以該密鑰對要被押碼的資料押碼而產生一交易押碼。因此金融晶片140可視實際應用所需而被包含於控制模組14中或者省略。Therefore, it can be seen that the control module 14 of the embodiment, whether or not the financial chip 140 is included, is verified by the above identity and authority if the key to be used for the mobile payment by the mobile device 1 is stored in the secret data area 153. Thereafter, the key stored in the secret data area 153 is read by the control firmware 142, and the code program stored in the control module 14 is executed to be provided according to the key and the processing unit 12. The data of the pledge code generates a transaction code. For details of the payment of this action, refer to the Taiwan Patent No. I509542; or, when the control module 14 includes the financial chip 140, and the mobile device 1 is to be used for the payment of the key ( When the financial institution of the non-issued financial chip 140 is provided in the secret data area 153, the key stored in the secret data area 153 is read by the control firmware 142 after the identity and authority verification described above. Transmitting the key and the data to be hacked to the financial chip 140, and executing the plucking program by the financial chip 140, and using the key to slap the data of the code to be hacked to generate a transaction code; Or if the mobile device 1 wants When the key of the action payment is stored in the financial chip 140, after the identity and authority verification is performed, the control firmware 142 of the control module 14 transmits the data to be hacked to the financial chip 140. The financial chip 140 executes the charge code program, and generates a transaction code by using the key to code the data to be coded. Therefore, the financial chip 140 can be included in the control module 14 or omitted as needed for practical applications.

再者,本實施例至少具有身份識別、權限控管、私密空間及個資保護四種功能。針對身份識別功能,該儲存模組15的隱密資料區153可記錄一使用者的一身份識別資料,當處理單元12執行一應用程式要讀取該身份識別資料而自動提供或者由輸入單元11輸入一使用者識別碼及其使用者密碼給權限控管單元13時,應用程式介面143以如同上述程序驗證應用程式合法後,並根據權限控管資料表17判斷該使用者識別碼具有存取該儲存模組15的隱密資料區153的權限,並判斷該使用者密碼與該密碼表16記錄的使用者密碼相符時,則允許該處理單元12透過控制韌體142讀取儲存於隱密資料區153的該身份識別資料,以供行動裝置1進行後續身份識別的應用。Furthermore, the embodiment has at least four functions of identity recognition, rights control, private space, and personal protection. For the identification function, the secret data area 153 of the storage module 15 can record an identification data of a user, which is automatically provided by the processing unit 12 to execute an application to read the identification data or by the input unit 11 When a user identification code and its user password are input to the authority control unit 13, the application interface 143 determines that the user identification code has access according to the authority control data table 17 after verifying that the application is legal as described above. When the password of the hidden data area 153 of the storage module 15 is determined, and the user password is determined to match the user password recorded by the password table 16, the processing unit 12 is allowed to read and store the hidden secret through the control firmware 142. The identification data of the data area 153 is used by the mobile device 1 for subsequent identification.

而針對權限控管功能,主要是在使用者取得行動裝置1之前,將預先建立的密碼表16及權限控管資料表17透過應用程式介面143燒錄在控制韌體142中,其中密碼表16主要記錄使用行動裝置1之每一使用者的使用者識別碼及其對應的使用者密碼,權限控管資料表17主要記錄每一使用者識別碼及其對儲存模組15之隱密資料區153中的資料讀取、更新及刪除等權限,因此不同的使用者對於隱密資料區153的使用權限會有所不同。For the privilege control function, the pre-established cipher table 16 and the privilege control data table 17 are burned in the control firmware 142 through the application interface 143, wherein the password table 16 is used before the user obtains the mobile device 1. The user identification code of each user of the mobile device 1 and its corresponding user password are mainly recorded, and the authority control data table 17 mainly records each user identification code and the hidden data area of the storage module 15 153, the data read, update and delete permissions, so different users will have different access rights to the hidden data area 153.

且應用程式介面143除了上述的建立連線功能及權限控管管理功能外,還具有線上個人化作業(Preso)管理功能,其能讓處理單元12執行一應用程式與應用程式介面143建立連線後,並於通過上述的身份及權限驗證時,讓使用者根據實際應用所需對密碼表16及權限控管資料表17進行設定與更新,並能依實際應用所需將儲存模組15規劃(切割)成多個不同的區塊以供儲存不同類型的資料,例如上述儲存部分152的可視區154及隱密資料區153。In addition to the above-mentioned connection connection function and the rights management management function, the application interface 143 also has an online personalization (Preso) management function, which enables the processing unit 12 to execute an application to establish a connection with the application interface 143. After the above-mentioned identity and authority verification, the user is allowed to set and update the password table 16 and the authority control data table 17 according to the actual application, and can plan the storage module 15 according to the actual application. (Cut) into a plurality of different blocks for storing different types of data, such as the visible area 154 of the storage portion 152 and the hidden data area 153.

針對私密空間功能,當處理單元12執行的一應用程式與控制模組14的應用程式介面143已建立連線,並通過上述權限控管管理功能的驗證及授權,控制模組14的應用程式介面143能根據處理單元12執行的該應用程式下達的指令,利用線上個人化作業(Preso)管理功能將隱密資料區153切割出多個私密空間,以供存放不同種類的私密資料,例如行動支付相關資料、個人醫療(就醫)資料、各種憑證等。並且控制模組14可在權限控管資料表中針對不同的使用者識別碼(即不同的使用者)設定其對該等私密空間的存取權限。For the private space function, an application executed by the processing unit 12 and the application interface 143 of the control module 14 are connected, and the application interface of the control module 14 is verified and authorized by the above-mentioned authority management management function. 143 can use the online personalization (Preso) management function to cut the hidden data area 153 into a plurality of private spaces according to the instructions issued by the application executed by the processing unit 12, for storing different kinds of private information, such as mobile payment. Relevant information, personal medical (medical) information, various vouchers, etc. And the control module 14 can set the access rights of the private space to different user identifiers (ie different users) in the rights control data table.

針對個資保護功能,控制模組14的應用程式介面143會建置一加解密功能,而能使用3DES(Triple Data Encryption Algorithm symmetric-key block cipher)、AES(Advanced Encryption Standard)或RSA等演算法對資料進行加密或解密。例如當處理單元12執行的一應用程式與控制模組14的應用程式介面143已建立連線,並且通過上述權限控管管理功能的驗證,且該應用程式要寫入一個資資料至隱密資料區153的一個資保護區塊(由上述線上個人化作業(Preso)管理功能規劃的一私密空間,圖未示)時,應用程式介面143會以該加解密功能對該個資資料進行加密,再透過控制韌體142將加密後的該個資資料寫入隱密資料區153的該個資保護區塊。而若處理單元12執行的該應用程式要讀取存於隱密資料區153的該個資保護區塊的資料時,控制韌體142會將資料從該個資保護區塊讀出並傳送給應用程式介面143,使應用加解密功能對該資料解密後,再透過控制韌體142將解密後的資料傳送給處理單元12。For the privilege protection function, the application interface 143 of the control module 14 can implement an encryption and decryption function, and can use algorithms such as 3DES (Triple Data Encryption Algorithm symmetric-key block cipher), AES (Advanced Encryption Standard) or RSA. Encrypt or decrypt the data. For example, when an application executed by the processing unit 12 is connected to the application interface 143 of the control module 14, and the verification of the function is managed by the above-mentioned authority, the application must write a resource to the hidden data. When a protected area of the area 153 (a private space planned by the above-mentioned online personalization operation (Preso) management function, not shown), the application interface 143 encrypts the information by using the encryption and decryption function. The encrypted resource information is further written into the protection block of the secret data area 153 through the control firmware 142. If the application executed by the processing unit 12 is to read the data of the protected area stored in the hidden data area 153, the control firmware 142 reads and transmits the data from the protected area to the protected area. The application interface 143 causes the application encryption/decryption function to decrypt the data, and then transmits the decrypted data to the processing unit 12 through the control firmware 142.

此外,在本實施例中,如圖3所示,該行動裝置1具有一主機板100,該處理單元12及該權限控管單元13設置在該主機板100上,且該權限控管單元13是以一晶片的型態實現。In addition, in this embodiment, as shown in FIG. 3, the mobile device 1 has a motherboard 100, the processing unit 12 and the privilege control unit 13 are disposed on the motherboard 100, and the privilege control unit 13 It is implemented in the form of a wafer.

或者,在本實施例中,如圖4所示,該權限控管單元13的該控制模組14及該儲存模組15可以各自獨立設置在該主機板100上,且控制模組14是以一第一晶片的型態實現,儲存模組15是以一第二晶片的型態實現。Alternatively, in this embodiment, as shown in FIG. 4, the control module 14 and the storage module 15 of the privilege control unit 13 can be independently disposed on the motherboard 100, and the control module 14 is A type of first wafer is implemented, and the memory module 15 is implemented in the form of a second wafer.

或者,在本實施例中,如圖5所示,該行動裝置1還具有一與該主機板100電連接的電路板20,該處理單元12設置在該主機板100上,且該權限控管單元13是設置在該電路板20上,並以一晶片的型態實現。Alternatively, in the embodiment, as shown in FIG. 5, the mobile device 1 further has a circuit board 20 electrically connected to the motherboard 100. The processing unit 12 is disposed on the motherboard 100, and the permission control is provided. The unit 13 is disposed on the circuit board 20 and implemented in the form of a wafer.

又或者,在本實施例中,如圖6所示,該處理單元12及該權限控管單元13的儲存模組15設置在該主機板100上,且儲存模組15是以一晶片的型態實現,而該權限控管單元13的控制模組14設置在該電路板20上,並以一晶片的型態實現。Alternatively, in the embodiment, as shown in FIG. 6, the processing unit 12 and the storage module 15 of the privilege control unit 13 are disposed on the motherboard 100, and the storage module 15 is of a wafer type. The state is implemented, and the control module 14 of the privilege control unit 13 is disposed on the circuit board 20 and implemented in a wafer type.

綜上所述,本發明藉由內建在行動裝置1中的權限控管單元13,對處理單元12於存取權限控管單元13中的儲存模組15時,進行權限控管,尤其是對儲存模組15中的隱密資料區153之存取權限控管,並讓權限控管單元13能以單一晶片或獨立的兩個晶片與處理單元12設置在同一個或不同的電路板上,而達成本發明的功效與目的。In summary, the present invention performs the privilege control on the storage module 15 in the access control unit 13 by the privilege control unit 13 built in the mobile device 1, in particular, The access rights of the hidden data area 153 in the storage module 15 are controlled, and the rights control unit 13 can be disposed on the same or different circuit boards as the processing unit 12 with a single wafer or two independent wafers. The efficacy and purpose of the present invention are achieved.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above is only the embodiment of the present invention, and the scope of the invention is not limited thereto, and all the simple equivalent changes and modifications according to the scope of the patent application and the patent specification of the present invention are still Within the scope of the invention patent.

1‧‧‧行動電話
10‧‧‧AMOLED顯示面板
11‧‧‧中央處理器
12‧‧‧驅動電路(DDI晶片)
13‧‧‧傳輸介面
14‧‧‧存取控制器
15‧‧‧影像記憶體
16‧‧‧時序控制器
17‧‧‧數位/類比轉換器
2‧‧‧行動裝置
20‧‧‧AMOLED顯示面板
21‧‧‧中央處理器
22‧‧‧驅動電路(DDI晶片)
23‧‧‧影像記憶體
24‧‧‧存取控制模組
25‧‧‧數位/類比轉換器
241‧‧‧寫入單元
242‧‧‧讀出單元
243、244、245‧‧‧編碼器
246‧‧‧傳輸介面
247‧‧‧選擇器
248‧‧‧時序控制器
I1、I2、I3‧‧‧輸入端
O1、O2、O3‧‧‧輸出端 1‧‧‧Mobile Phone
10‧‧‧AMOLED display panel
11‧‧‧Central processor
12‧‧‧Drive Circuit (DDI Chip)
13‧‧‧Transport interface
14‧‧‧Access controller
15‧‧‧Image memory
16‧‧‧Sequence Controller
17‧‧‧Digital/Analog Converter
2‧‧‧Mobile devices
20‧‧‧AMOLED display panel
21‧‧‧Central Processing Unit
22‧‧‧Drive Circuit (DDI Chip)
23‧‧‧Image memory
24‧‧‧Access Control Module
25‧‧‧Digital/Analog Converter
241‧‧‧Write unit
242‧‧‧Reading unit
243, 244, 245‧‧ ‧ encoder
246‧‧‧Transport interface
247‧‧‧Selector
248‧‧‧ Timing Controller
I1, I2, I3‧‧‧ input
O1, O2, O3‧‧‧ output

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一電路方塊圖,說明本發明行動裝置的一實施例主要包含的電路方塊; 圖2是一電路方塊圖,說明本實施例的權限控管單元主要包含的電路方塊; 圖3是一示意圖,說明本實施例的權限控管單元設置在主機板上; 圖4是一示意圖,說明本實施例的權限控管單元的控制模組及儲存模組各自獨立地設置在主機板上; 圖5是一示意圖,說明本實施例的權限控管單元設置在一與主機板電連接的電路板上;及 圖6是一示意圖,說明本實施例的權限控管單元的儲存模組設置在主機板上,且權限控管單元的控制模組設置在一與主機板電連接的電路板上。Other features and advantages of the present invention will be apparent from the embodiments of the present invention. FIG. 1 is a circuit block diagram illustrating a circuit block mainly included in an embodiment of the mobile device of the present invention; FIG. 3 is a schematic diagram showing the privilege control unit of the embodiment is disposed on the motherboard; FIG. 4 is a schematic diagram illustrating the implementation of the circuit block of the privilege control unit of the embodiment; FIG. The control module and the storage module of the privilege control unit are respectively independently disposed on the motherboard; FIG. 5 is a schematic diagram showing that the privilege control unit of the embodiment is disposed on a circuit board electrically connected to the motherboard FIG. 6 is a schematic diagram showing that the storage module of the privilege control unit of the embodiment is disposed on the motherboard, and the control module of the privilege control unit is disposed on a circuit board electrically connected to the motherboard.

Claims (14)

一種內建權限控管機制的行動裝置,包括: 一權限控管單元,其包含一控制模組及一儲存模組,該控制模組具有一權限控管資料表及一密碼表,該權限控管資料表記錄一使用者識別碼及其使用該儲存模組的一使用權限,該密碼表記錄該使用者識別碼及其對應的一使用者密碼; 一記憶體單元,儲存一應用程式;及 一處理單元,與該權限控管單元及該記憶體單元電連接,且該處理單元執行該應用程式時,該應用程式傳送一認證資訊給該權限控管單元,且該控制模組根據該認證資訊判斷該應用程式合法時,允許該處理單元與其建立連線,且該處理單元透過該應用程式傳送一使用者識別碼及一使用者密碼給該控制模組,該控制模組根據該權限控管資料表查詢該使用者識別碼的一使用權限,並判斷該使用者密碼與記錄在該密碼表的該使用者密碼相符時,允許該處理單元在該使用權限範圍內使用該儲存模組。A mobile device with a built-in privilege control mechanism includes: an privilege control unit, comprising a control module and a storage module, the control module having an privilege control data table and a password table, the privilege control The data sheet records a user identification code and a usage right of using the storage module, the password table records the user identification code and a corresponding user password; and a memory unit stores an application; a processing unit electrically connected to the privilege control unit and the memory unit, and when the processing unit executes the application, the application transmits an authentication information to the privilege control unit, and the control module is based on the authentication When the information is judged to be legal, the processing unit is allowed to establish a connection with the processing unit, and the processing unit transmits a user identification code and a user password to the control module through the application, and the control module controls the control module according to the authority. The pipe data table queries a usage right of the user identification code, and determines that the user password matches the user password recorded in the password table, The processing unit uses the storage module within the purview use. 如請求項1所述內建權限控管機制的行動裝置,其中該控制模組記錄有該應用程式的一識別碼及一密碼,且該控制模組判斷該認證資訊中包含的一識別碼及一密碼與該控制模組記錄的該識別碼及密碼相同時,即判定該應用程式合法。The mobile device of the built-in privilege control mechanism of claim 1, wherein the control module records an identification code and a password of the application, and the control module determines an identification code included in the authentication information and When a password is the same as the identification code and password recorded by the control module, the application is determined to be legal. 如請求項1所述內建權限控管機制的行動裝置,其中該控制模組能對該儲存模組規劃一隱密資料區,且該控制模組判斷該使用權限允許存取該儲存模組的該隱密資料區時,則允許該處理單元存取該儲存模組的該隱密資料區。The mobile device of the built-in privilege control mechanism of claim 1, wherein the control module can plan a hidden data area for the storage module, and the control module determines that the use permission allows access to the storage module The hidden data area allows the processing unit to access the hidden data area of the storage module. 如請求項1所述內建權限控管機制的行動裝置,其中該控制模組判斷該使用權限允許設定與更新該權限控管資料表及/或該密碼表時,允許該處理單元對該權限控管資料表及/或該密碼表進行設定及更新。The action device of the built-in permission control mechanism according to claim 1, wherein the control module determines that the use permission allows setting and updating the permission control data table and/or the password table, and allows the processing unit to access the permission The control data sheet and/or the password table are set and updated. 如請求項3所述內建權限控管機制的行動裝置,其中該控制模組判斷該使用權限允許規劃該隱密資料區時,該處理單元能透過該控制模組對該隱密資料區規劃多個私密空間,且該控制模組判斷該使用權限允許存取該等私密空間至少其中之一時,允許該處理單元存取該私密空間,並將該處理單元傳來的資料進行加密後再存入該私密空間,或者將該處理單元需要的資料從該私密空間讀出並對其解密後,再傳送給該處理單元。The action device of the built-in permission control mechanism according to claim 3, wherein the control module determines that the use permission allows the hidden data area to be planned, and the processing unit can plan the hidden data area through the control module a plurality of private spaces, and the control module determines that the usage permission allows access to at least one of the private spaces, allows the processing unit to access the private space, and encrypts the data transmitted by the processing unit and then stores the data. The private space is entered, or the data required by the processing unit is read out from the private space and decrypted, and then transmitted to the processing unit. 如請求項1所述內建權限控管機制的行動裝置,其中該行動裝置包括一輸入單元,其接受輸入該使用者識別碼及該使用者密碼並將其傳送給該處理單元。The mobile device of the built-in privilege control mechanism of claim 1, wherein the mobile device comprises an input unit that accepts the user identification code and the user password and transmits the same to the processing unit. 如請求項1所述內建權限控管機制的行動裝置,其中該控制模組還包含一金融晶片,其中儲存一密鑰及一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片時,將該處理單元傳來的一要被押碼的資料傳送給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。The mobile device of the built-in permission control mechanism of claim 1, wherein the control module further comprises a financial chip, wherein a key and a code program are stored, and the control module determines that the use permission allows the process When the unit accesses the financial chip, the data to be debited from the processing unit is transmitted to the financial chip, so that the code execution program is executed, and the data to be hacked is coded by the key. A transaction code is generated, and the transaction code is returned to the processing unit. 如請求項3所述內建權限控管機制的行動裝置,其中該隱密資料區存有一密鑰,該控制模組具有一押碼程式,且該控制模組判斷該使用權限允許該處理單元存取該隱密資料區時,讀取儲存於該隱密資料區的該密鑰,且接受該處理單元傳來的一要被押碼的資料,並執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。The mobile device of the built-in permission control mechanism of claim 3, wherein the secret data area has a key, the control module has a code execution program, and the control module determines that the use permission allows the processing unit When accessing the hidden data area, reading the key stored in the hidden data area, accepting a data to be hacked from the processing unit, and executing the riddling code to use the key A bet code is generated for the data to be debited, and the transaction code is returned to the processing unit. 如請求項3所述內建權限控管機制的行動裝置,其中該控制模組還包含一儲存一押碼程式的金融晶片,該隱密資料區存有一密鑰,且該控制模組判斷該使用權限允許該處理單元存取該金融晶片及該隱密資料區時,該控制模組讀取儲存於該隱密資料區的該密鑰,並將該密鑰及該處理單元傳來的一要被押碼的資料提供給該金融晶片,使執行該押碼程式,以該密鑰對該要被押碼的資料押碼而產生一交易押碼,並回傳該交易押碼給該處理單元。The mobile device of the built-in permission control mechanism of claim 3, wherein the control module further comprises a financial chip storing a code program, wherein the secret data area stores a key, and the control module determines the When the usage permission allows the processing unit to access the financial chip and the hidden data area, the control module reads the key stored in the hidden data area, and transmits the key and the processing unit The data to be escorted is provided to the financial chip, so that the escrow code program is executed, and the data of the code to be plucked is coded by the key to generate a transaction code, and the transaction code is returned to the processing. unit. 如請求項1所述內建權限控管機制的行動裝置,其中該行動裝置具有一主機板,該處理單元設置在該主機板上,且該權限控管單元是一設置在該主機板上的晶片。The mobile device of the built-in privilege control mechanism of claim 1, wherein the mobile device has a motherboard, the processing unit is disposed on the motherboard, and the privilege control unit is disposed on the motherboard Wafer. 如請求項1所述內建權限控管機制的行動裝置,其中該行動裝置具有一主機板,該處理單元設置在該主機板上,且該控制模組是一設置在該主機板上的第一晶片,該儲存模組是一設置在該主機板上的第二晶片。The mobile device of the built-in privilege control mechanism of claim 1, wherein the mobile device has a motherboard, the processing unit is disposed on the motherboard, and the control module is a first set on the motherboard A wafer, the storage module is a second wafer disposed on the motherboard. 如請求項1所述內建權限控管機制的行動裝置,其中該行動裝置具有一主機板及一與該主機板電連接的電路板,該處理單元設置在該主機板上,且該權限控管單元是設置在該電路板上。The mobile device of the built-in privilege control mechanism of claim 1, wherein the mobile device has a motherboard and a circuit board electrically connected to the motherboard, the processing unit is disposed on the motherboard, and the authority controls The tube unit is disposed on the circuit board. 如請求項1所述內建權限控管機制的行動裝置,其中該行動裝置具有一主機板及一與該主機板電連接的電路板,該處理單元設置在該主機板上,且該控制模組設置在該電路板上,該儲存模組設置在該主機板上。The mobile device of the built-in privilege control mechanism of claim 1, wherein the mobile device has a motherboard and a circuit board electrically connected to the motherboard, the processing unit is disposed on the motherboard, and the control module is The group is disposed on the circuit board, and the storage module is disposed on the motherboard. 如請求項1至13其中任一所述內建權限控管機制的行動裝置,其中該行動裝置是一智慧型手機、一平板電腦或一筆記型電腦。The mobile device of the built-in rights control mechanism according to any one of claims 1 to 13, wherein the mobile device is a smart phone, a tablet computer or a notebook computer.
TW106102831A 2017-01-25 2017-01-25 Built-in smart security mobile device TWI673667B (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
TW106102831A TWI673667B (en) 2017-01-25 2017-01-25 Built-in smart security mobile device
CN201710187742.3A CN108345785B (en) 2017-01-25 2017-03-27 Built-in smart security mobile device
US15/600,143 US10216913B2 (en) 2017-01-25 2017-05-19 Mobile device with built-in access control functionality
JP2017121167A JP6591495B2 (en) 2017-01-25 2017-06-21 Mobile device with built-in access control function
EP17177219.7A EP3355221B1 (en) 2017-01-25 2017-06-21 Mobile device with built-in access control functionality
HK19101397.6A HK1258920B (en) 2017-01-25 2019-01-28 Mobile device with built-in access control functionality

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106102831A TWI673667B (en) 2017-01-25 2017-01-25 Built-in smart security mobile device

Publications (2)

Publication Number Publication Date
TW201828186A true TW201828186A (en) 2018-08-01
TWI673667B TWI673667B (en) 2019-10-01

Family

ID=63960228

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106102831A TWI673667B (en) 2017-01-25 2017-01-25 Built-in smart security mobile device

Country Status (1)

Country Link
TW (1) TWI673667B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI716056B (en) * 2018-10-25 2021-01-11 開曼群島商創新先進技術有限公司 Identity authentication, number storage and sending, and number binding method, device and equipment

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MXPA04002494A (en) * 2001-08-13 2004-07-30 Qualcomm Inc Application level access privilege to a storage area on a computer device.
CN100353787C (en) * 2004-06-23 2007-12-05 华为技术有限公司 A security guarantee method for data information stored in a mobile terminal
US9104618B2 (en) * 2008-12-18 2015-08-11 Sandisk Technologies Inc. Managing access to an address range in a storage device
CN101916388B (en) * 2010-07-27 2013-06-05 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
US8549656B2 (en) * 2011-02-11 2013-10-01 Mocana Corporation Securing and managing apps on a device
TW201245956A (en) * 2011-05-04 2012-11-16 Chien-Kang Yang Memory card and its access, data encryption, golden key generation and changing method
US8949929B2 (en) * 2011-08-10 2015-02-03 Qualcomm Incorporated Method and apparatus for providing a secure virtual environment on a mobile device
US9077769B2 (en) * 2011-12-29 2015-07-07 Blackberry Limited Communications system providing enhanced trusted service manager (TSM) verification features and related methods
US20160117673A1 (en) * 2012-02-24 2016-04-28 Cryptomathic Limited System and method for secured transactions using mobile devices
KR101308351B1 (en) * 2012-02-24 2013-09-17 주식회사 팬택 Terminal and method for assigning a permission to application
US8844032B2 (en) * 2012-03-02 2014-09-23 Sri International Method and system for application-based policy monitoring and enforcement on a mobile device
TWI461958B (en) * 2012-06-22 2014-11-21 Wistron Corp Permission management method for applications, electronic device thereof, and computer readable medium
US20140108793A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
CN102917346B (en) * 2012-10-17 2015-01-07 浙江大学城市学院 Security policy management system and method for Android-based application program during operation
CN103902862B (en) * 2012-12-30 2018-04-27 联想(北京)有限公司 A kind of mobile device management method, apparatus and a kind of mobile equipment
EP2840755A1 (en) * 2013-08-22 2015-02-25 British Telecommunications public limited company Processing device and method of operation thereof
US9323511B1 (en) * 2013-02-28 2016-04-26 Google Inc. Splitting application permissions on devices
RU2546585C2 (en) * 2013-08-07 2015-04-10 Закрытое акционерное общество "Лаборатория Касперского" System and method of providing application access rights to computer files
US20160205082A1 (en) * 2013-08-12 2016-07-14 Graphite Software Corporation Secure authentication and switching to encrypted domains
TWI625684B (en) * 2015-04-17 2018-06-01 Yang Jian Gang Mobile payment method and mobile payment device
CN104424724A (en) * 2013-09-11 2015-03-18 杨建纲 Plug-and-play transaction method and system, computer device and portable payment device thereof
CN104156637B (en) * 2014-07-11 2018-03-02 北京奇虎科技有限公司 A kind of method and apparatus of privacy content in protection intelligent terminal
CN106157037B (en) * 2014-09-11 2020-06-30 杨建纲 Mobile payment method and mobile payment equipment
US9736166B2 (en) * 2015-06-08 2017-08-15 Microsoft Technology Licensing, Llc System and method for using per-application profiles in a computing device
CN105160239A (en) * 2015-08-11 2015-12-16 小米科技有限责任公司 Application program access restriction method and apparatus
CN105956426A (en) * 2016-04-26 2016-09-21 上海斐讯数据通信技术有限公司 Application program authority authentication and authorization method and intelligent equipment
TWM540328U (en) * 2017-01-25 2017-04-21 Chien-Kang Yang Built-in intelligence security mobile device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI716056B (en) * 2018-10-25 2021-01-11 開曼群島商創新先進技術有限公司 Identity authentication, number storage and sending, and number binding method, device and equipment
US11177956B2 (en) 2018-10-25 2021-11-16 Advanced New Technologies Co., Ltd. Identity authentication, number saving and sending, and number binding method, apparatus and device
US11677555B2 (en) 2018-10-25 2023-06-13 Advanced New Technologies Co., Ltd. Identity authentication, number saving and sending, and number binding method, apparatus and device

Also Published As

Publication number Publication date
TWI673667B (en) 2019-10-01

Similar Documents

Publication Publication Date Title
CN102084373B (en) Back up digital content stored in secure storage
KR101214497B1 (en) Memory System with versatile content control
US8966580B2 (en) System and method for copying protected data from one secured storage device to another via a third party
KR101238848B1 (en) Versatile Content Control With Partitioning
US8051052B2 (en) Method for creating control structure for versatile content control
US8601283B2 (en) Method for versatile content control with partitioning
CN108345785B (en) Built-in smart security mobile device
EP3355231B1 (en) Mobile data storage device with access control functionality
US20090276474A1 (en) Method for copying protected data from one secured storage device to another via a third party
TW201530344A (en) Application program access protection method and application program access protection device
KR20090052321A (en) Content Control System and Method Using Multifunctional Control Structure
KR20070091349A (en) Control generation system for multifunctional content control
TWM540328U (en) Built-in intelligence security mobile device
KR20070087175A (en) Control Structure for Multifunctional Content Control and Method Using the Structure
TWI673667B (en) Built-in smart security mobile device
TW200846972A (en) Method for generating and using a key for encryption and decryption in a computer device
KR20230044952A (en) Computing method and system for file security based on ipfs
TWI651624B (en) Smart hardware safety carrier
HK1258920B (en) Mobile device with built-in access control functionality
TWM540327U (en) Smart hardware safety carrier
HK1259233B (en) Mobile data storage device with access control functionality