[go: up one dir, main page]

WO2009033431A1 - A method to erase terminal data and terminal device - Google Patents

A method to erase terminal data and terminal device Download PDF

Info

Publication number
WO2009033431A1
WO2009033431A1 PCT/CN2008/072360 CN2008072360W WO2009033431A1 WO 2009033431 A1 WO2009033431 A1 WO 2009033431A1 CN 2008072360 W CN2008072360 W CN 2008072360W WO 2009033431 A1 WO2009033431 A1 WO 2009033431A1
Authority
WO
WIPO (PCT)
Prior art keywords
erasure
erasing
data
management server
erase
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2008/072360
Other languages
French (fr)
Chinese (zh)
Inventor
Hui Zhao
Rui Wang
Yaoping Luo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Shenzhen Co Ltd
Original Assignee
Shenzhen Huawei Communication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNA2008100039190A external-priority patent/CN101389096A/en
Application filed by Shenzhen Huawei Communication Technologies Co Ltd filed Critical Shenzhen Huawei Communication Technologies Co Ltd
Publication of WO2009033431A1 publication Critical patent/WO2009033431A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W99/00Subject matter not provided for in other groups of this subclass

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method for erasing terminal data and a terminal device. Background technique
  • OMA Open mobile alliance device management
  • VI .2 is a unified device management specification developed by the OMA DM Working Group.
  • the DM system provides a low-cost solution for third-party management and setting of environment and configuration information in wireless network terminals such as mobile terminals and functional objects in terminals. Solve the problems encountered in the use of these network terminals, install and upgrade software and firmware through the over-the-air (OTA) mode, and provide more personalized and personalized services to enhance the user experience.
  • the third party can be the network management device of the information management department of the mobile operator, service provider or partner.
  • the device proxy (DMAgent) on the terminal is used to interpret and execute the management commands issued by the DM server.
  • the management tree stored on the terminal can be considered as an interface for the DM Server to manage the terminal through the DM protocol. It includes some basic management objects (MO, Management Object), and the DM Server achieves the purpose of controlling the terminal management object by operating the management tree object.
  • the operation commands are Get, Replace, Exec, Copy, Delete, and so on.
  • the method includes:
  • the management server sends a request for erasing user equipment data to the terminal;
  • the terminal receives the request and erases all user data by invoking a data erase program.
  • the terminal management object there is an operable Device Wipe node under the Terminal Security node.
  • the network can indicate the terminal. Perform the appropriate erase procedure to erase the data on the terminal.
  • the technical problem to be solved by the embodiments of the present invention is to provide a method for erasing terminal data and a terminal device, which can implement selective selective erasure or multi-level erasure of terminal data on the network side, and strengthen the network side to perform terminal operations on the terminal.
  • the control of the erase operation satisfies the user's need for refinement of the erase function.
  • the local data is correspondingly erased according to the erasure range.
  • the local data is erased accordingly according to the found erase level.
  • a terminal device provided by an embodiment of the present invention includes: a receiving unit, a data storage unit, and an erasing unit;
  • a receiving unit configured to receive an erasure instruction and an erasure range sent by the management server
  • a data storage unit for storing local data
  • an erasing unit configured to perform corresponding erasing on the local data stored by the data storage unit according to the erasing range.
  • a terminal device provided by the embodiment of the present invention includes: a receiving unit, an identity acquiring unit, a searching unit, a data storage unit, and an erasing unit;
  • a receiving unit configured to receive a data erasure request of the management server
  • An identity obtaining unit configured to acquire an identity of the management server after the receiving unit receives the data erasure request
  • a searching unit configured to search for an erasure level corresponding to the identity of the management server; and a data storage unit, configured to store local data; And an erasing unit, configured to perform corresponding erasure on the local data stored by the data storage unit according to the erasure level found by the searching unit.
  • the terminal receives the erasure instruction and the erasure range sent by the management server; and performs corresponding erasure on the local data according to the erasure range.
  • the network side performs selective or multi-level erasure on the terminal data, strengthens the control power of the network side to erase the terminal, and makes the erasing function more detailed, and satisfies the user's diverse erasing data. Claim.
  • FIG. 1 is a structural diagram of a management object of a terminal in the prior art
  • FIG. 2 is a flowchart of a method for erasing terminal data according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for erasing terminal data according to Embodiment 3 of the present invention.
  • FIG. 4 is a flowchart of a method for erasing terminal data according to Embodiment 4 of the present invention.
  • FIG. 5 is a schematic structural diagram of a terminal device according to Embodiment 5 of the present invention.
  • FIG. 6 is a schematic structural diagram of a terminal device according to Embodiment 6 of the present invention.
  • the embodiment of the invention provides a method for erasing terminal data and a terminal device, which can implement multi-level erasure of terminal data by the network side, and strengthens the control power of the network side to perform erasing operations on the terminal, and satisfies the user's wiping In addition to the need for functional refinement.
  • a method and a terminal device for erasing terminal data provided by the present invention are described in detail below.
  • Embodiment 1 is a method for erasing terminal data.
  • the flowchart is as shown in FIG. 2, and includes: al, the terminal receives an erasure instruction and an erasure range sent by the management server;
  • the erase command and the erase range sent by the management server may be: a data erase request sent by the management server including the erase command and the erase range.
  • the erase range may correspond to an erase level.
  • the management server sends an Exec management command carrying the erasure level information to the terminal:
  • ⁇ Data>1 indicates that the current erasure level is level 1, that is, all data of the terminal is erased, and the ⁇ 1 ⁇ 0 ⁇ 11 1> indicates the path of the program for performing erasure.
  • the management server can also separately issue the erasure level and the erasure command, for example, by issuing the erasure level through a replacement command, and issuing an erasure command through the Exec management command:
  • ⁇ Data>1 indicates that the current erasure level is level 1, that is, erases all data of the terminal, and the ⁇ LocURI> indicates the path of the program that performs erasure.
  • A2. The terminal performs corresponding erasure on the local data according to the erasure range.
  • the terminal device may perform a corresponding erasing operation according to the management server specified level. It can be understood that different levels of erasure levels correspond to different erasure ranges, and the specific correspondences refer to Table 1.
  • the terminal device can perform an erasing operation lower than the level, and feed back the result of the erasing to the management server.
  • the erasing operation for performing level 1 all erasing fails, the erasing operation of level 2 erasing user data is automatically performed.
  • Performing a low-level erasure operation may be performed automatically by the terminal side, or may be performed by the terminal under the control of the management server, for example, the data erasure request sent by the management server may include an erasure failure processing identifier;
  • the step of erasing below the level is performed if the erasure fails.
  • the management server can control the processing of the terminal after the failure of the erasure through the identifier.
  • step of returning the erasure result in the embodiment of the present invention may not be performed, and does not affect the implementation of the method of the embodiment of the present invention.
  • the terminal receives the data erasure request and the erasure level sent by the management server, and performs corresponding erasure on the local data according to the erasure level.
  • the network side performs multiple levels of erasure on the terminal data, and the simple control method of erasing the terminal data in the prior art strengthens the control of the erasing operation of the terminal on the network side, so that the erasing function is more detailed. To meet the requirements of users to diversify data.
  • the terminal receives a data erasure request and an erasure level sent by the management server;
  • the storage medium mentioned above may be a memory, a magnetic disk or an optical disk or the like.
  • the terminal when the erasure level is specified according to the Replace management command, the terminal performs the corresponding erasing operation.
  • the server sends a Replace management command to the WipeRange node, and sends an Exec management command to the Wipe under Operations:
  • the terminal can determine that the enterprise data needs to be erased according to the erasure level and the erasure command, then erase the enterprise data saved in the terminal, and return the erasure status information to the server.
  • the enterprise data is the data of the company or enterprise to which the user set or saved in the terminal belongs.
  • the erase level 2 and erase level 3 in the table can represent different, independent data, no This is different from the first embodiment in that they contain or cross each other. Of course, the present invention does not limit that there must be no intersection between the erased ranges.
  • the difference from the first embodiment is also that if the erasing failure of the execution level 2 enterprise data fails, the level 3 erase operation is not automatically performed because they have no inclusion relationship.
  • Embodiment 3 is a method for erasing terminal data.
  • the flowchart is as shown in FIG. 3, and includes: bl, the terminal receives an erasure instruction and an erasure range sent by the management server;
  • the process in which the management server transmits the erase command and the erase range is referred to the first step of the embodiment al.
  • the erase range may correspond to an erase level.
  • step B2 The terminal authenticates whether the management server is allowed to perform the erasing level erasing operation, and if the authentication is passed, the process proceeds to step b3, and if the authentication fails, step b5 is performed.
  • the process of the authentication is:
  • the management server may send the identity of the management server to the terminal when the erasure command and the erasure level are issued, or may obtain the identity of the management server when the terminal accesses the network.
  • the identity identifier may be a management server address or a username, and the like.
  • the process of identity authentication can also adopt a simpler authentication mode, that is, the terminal device locally saves the correspondence between the identity of the management server and the erasure authority; the identity of the management server that requests the erasure operation is in the saved identity. Inside, the erase operation is allowed, and if not, the erase operation is not allowed. It can be understood that the process of identity authentication can also adopt a conventional authentication mode of multiple systems, and the specific authentication mode does not constitute a limitation of the present invention.
  • the identity of the management server may be the IP of the management server.
  • An address or a username or a domain address, etc. it can be understood that an identifier that can uniquely identify the identity of the management server in the network can be used as an identity.
  • the terminal device performs a corresponding erase operation according to the management server specified level.
  • the terminal device performs an erasing operation lower than the level, and feeds back the result of the erasing to the management server.
  • Performing a low-level erase operation may be performed automatically by the terminal side, or may be performed by the terminal under the control of the management server.
  • the data erasure request sent by the management server may include an erasure failure processing identifier;
  • the management server can control the processing of the terminal after the failure of the erasure through the identifier.
  • the difference between the third embodiment and the first embodiment is that the authentication server that requests the erasure is authenticated, and the erasing operation is performed after the authentication is passed, so that the security is higher, and the malicious erasing behavior is prevented from being brought to the user. The necessary loss.
  • Embodiment 4 is a method for erasing terminal data.
  • the flowchart is as shown in FIG. 4, and includes: cl, the terminal receives a data erasure request of the management server;
  • the data erasure request is an erasure instruction sent by the management server.
  • the management server issues an Exec management command to the terminal to instruct data erasure: ⁇ Exec>
  • the terminal acquires an identity of the management server.
  • the terminal device may obtain the identity of the management server in a session establishment phase with the management server, such as: obtaining, by the management server, the header information in the data erasure request to obtain the identity of the management server.
  • the identity identifier may be a management server address or a username, and the like.
  • the correspondence between the identity of the management server and the erasure level needs to be preset.
  • the correspondence between the identity of the management server and the erasure level may be set by the user locally, or may be registered by the terminal on the mobile network.
  • the network automatically pushes the information to the terminal; or the terminal acquires through the data network.
  • the present invention emphasizes that the terminal has the ability to obtain the correspondence between the identity of the management server and the erasure level.
  • the specific manner of obtaining the information may be implemented in a plurality of conventional manners, and does not constitute a limitation of the present invention.
  • the correspondence between the management server identity and the erasure level can be referred to Table 2, where the identity of the management server can be the address or user name of the management server.
  • the erasure level of the management server can be obtained by querying in Table 2 above.
  • the terminal device performs a corresponding erasing operation according to an erasure level corresponding to the management server identity.
  • step c5 of this embodiment may not be performed, and does not affect the implementation of the embodiment of the present invention. It can be understood that if the erasing operation fails in the step c4, the terminal device can perform an erasing operation lower than the level, and feed back the result of the erasing to the management server. Performing a low-level erase operation may be performed automatically by the terminal side, or may be performed by the terminal under the control of the management server.
  • the data erasure request sent by the management server may include an erasure failure processing identifier;
  • the management server can control the terminal's processing after the erasure failure through the identifier.
  • the step of the embodiment cl indicates that the processing of the erasure failure is performed in the data erasing request sent by the server.
  • the lower level of erasing operation is automatically performed by the replacement command indicating that the erasing is failed.
  • FailDegrade is the erase failure processing flag
  • ⁇ Data>True ⁇ /Data> is the value of FailDegrade.
  • the terminal judges that a complete erasure is required according to the erasure level and the erasing command, and erases all the data saved in the terminal; during the erasing process, for some reasons, such as some files are used mediumly, causing erasure Failed; the terminal judges that the lower level erase operation needs to be automatically performed according to the value of FailDegrade.
  • the erase operation with the erase level of 2 is performed, that is, only the user data is erased.
  • the terminal After the terminal successfully erases the user data, it returns to the server information that the predetermined erasure failed but the second erasure succeeds:
  • the fourth embodiment of the present invention is different from the first embodiment in that it provides that the erasure initiator of the erasure initiator is determined according to the identity of the management server, and the terminal device performs the erasure operation corresponding to the erasure authority, thereby implementing the network side pair.
  • the terminal data performs multiple levels of erasure, and the control method of erasing the terminal on the network side is strengthened compared with the simple method of erasing the terminal data in the prior art, so that the erasing function is more detailed and the user is diverse. The requirement to erase data.
  • a fifth embodiment of the present invention a terminal device 500, a schematic structural diagram shown in Figure 5, comprising: a receiving unit 510, a data storage unit 520 and an erasing unit 530;
  • the receiving unit 510 is configured to receive an erasure instruction and an erasure range sent by the management server, where the data storage unit 520 is configured to store local data.
  • the erasing unit 530 is configured to perform corresponding erasing on the local data stored by the data storage unit 520 according to the erasing range.
  • the erase range may correspond to an erase level.
  • the terminal device of the fifth embodiment of the present invention can run the method of the first embodiment of the present invention.
  • Embodiment 6 a terminal device 600, a schematic structural diagram shown in FIG. 6, comprising: a receiving unit 610, an identity obtaining unit 620, a searching unit 630, a data storage unit 640, and an erasing unit 650;
  • the receiving unit 610 is configured to receive a data erasure request of the management server
  • the identity identifier obtaining unit 620 is configured to acquire the identity identifier of the management server after receiving the data erasure request by the receiving unit 610;
  • the searching unit 630 is configured to search for an erasure level corresponding to the identity of the management server, and the data storage unit 640 is configured to store local data.
  • the erasing unit 650 is configured to perform corresponding erasure on the local data of the data storage unit storage 640 according to the erasure level found by the searching unit 630.
  • the sixth embodiment of the present invention can run the method of Embodiment 4 of the present invention.
  • the terminal receives an erase command and an erase level sent by the management server; and performs corresponding erasure on the local data according to the erasure level.
  • the network side performs multiple levels of erasure on the terminal data, and the simple control method of erasing the terminal data in the prior art strengthens the control of the erasing operation of the terminal on the network side, so that the erasing function is more detailed. To meet the diversification of users In addition to data requirements.
  • the authentication server that requests the erasure is authenticated, and the erasing operation is performed after the authentication is passed, so that the security is higher, and the malicious erasing behavior is prevented from causing unnecessary loss to the user.
  • the erasing initiator's erasing authority is determined according to the identity of the management server, and the terminal device performs the erasing operation corresponding to the erasing right, so that the network side performs multiple levels of erasure on the terminal data.
  • the control force of the erasing operation of the terminal on the network side is strengthened, the erasing function is more refined, and the user's diverse data erasing requirements are satisfied.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A method to erase terminal data and terminal device are disclosed. Said method includes the following steps. Terminal receives erasing instruction and erasing scope information from manage server. Local data is erased correspondingly based on said erasing scope information.

Description

擦除终端数据的方法及终端设备  Method for erasing terminal data and terminal device

本申请要求于 2007 年 9 月 13 日提交中国专利局、 申请号为 200710145695.2、 发明名称为 "擦除终端数据的方法及终端设备" 的中国专利 申请的优先权, 以及要求于 2008 年 1 月 11 日提交中国专利局、 申请号为 200810003919.0、 发明名称为 "擦除终端数据的方法及终端设备" 的中国专利 申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims priority to Chinese Patent Application No. 200710145695.2, titled "Method and Terminal Equipment for Erasing Terminal Data", filed on September 13, 2007, and the requirements of January 1, 2008 The priority of the Chinese Patent Application No. 200810003919.0, the entire disclosure of which is hereby incorporated by reference in its entirety in its entirety in the the the the the the the the the

技术领域 Technical field

本发明涉及通信技术领域, 具体涉及擦除终端数据的方法及终端设备。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a method for erasing terminal data and a terminal device. Background technique

开放移动同盟设备管理 ( open mobile alliance device management, OMA Open mobile alliance device management (OMA)

DM ) VI .2, 是 OMA DM 工作组制定的设备管理统一规范。 DM) VI .2, is a unified device management specification developed by the OMA DM Working Group.

DM系统提供了一种低成本方案,用于第三方管理和设置无线网络终端如: 手机终端及终端中的功能对象, 中的环境和配置信息。 解决这些网络终端在 使用过程中遇到的问题, 通过无线网络(over the air, OTA)方式进行软件和固 件的安装、 升级等操作, 并提供更加人性化和个性化的服务, 提高用户体验。 第三方可以是移动运营商、业务提供商或者合作方的信息管理部门的网络管理 设备。  The DM system provides a low-cost solution for third-party management and setting of environment and configuration information in wireless network terminals such as mobile terminals and functional objects in terminals. Solve the problems encountered in the use of these network terminals, install and upgrade software and firmware through the over-the-air (OTA) mode, and provide more personalized and personalized services to enhance the user experience. The third party can be the network management device of the information management department of the mobile operator, service provider or partner.

在整体结构图中, 终端上的设备代理(DMAgent )用于解释和执行 DM^ 务器(server ) 下发的管理命令。 终端上存储的管理树可以被认为是一个 DM Server通过 DM协议对终端进行管理的接口。其中包括一些基本管理对象( MO, Management Object ), DM Server通过对管理树对象的操作达到控制终端管理对 象的目的。 操作命令有 Get (获取)、 Replace (替换)、 Exec (执行)、 Copy (复 制)、 Delete (删除)等。  In the overall structure diagram, the device proxy (DMAgent) on the terminal is used to interpret and execute the management commands issued by the DM server. The management tree stored on the terminal can be considered as an interface for the DM Server to manage the terminal through the DM protocol. It includes some basic management objects (MO, Management Object), and the DM Server achieves the purpose of controlling the terminal management object by operating the management tree object. The operation commands are Get, Replace, Exec, Copy, Delete, and so on.

基于 OMA DM技术, 现有的有一种方法可以是实现擦除终端的数据。 该 方法包括:  Based on the OMA DM technology, there is a method available to implement erasing data of a terminal. The method includes:

管理服务器向所述终端下发擦除用户设备数据的请求;  The management server sends a request for erasing user equipment data to the terminal;

所述终端接收所述请求, 通过调用数据擦除程序擦除所有用户数据。  The terminal receives the request and erases all user data by invoking a data erase program.

参阅图 1 , 终端管理对象中, 终端安全(TerminalSecurity ) 节点下有一个 可操作的设备擦除(DeviceWipe )节点, 通过执行该节点, 网络可以指示终端 执行相应的擦除程序, 擦除终端上的数据。 Referring to Figure 1, in the terminal management object, there is an operable Device Wipe node under the Terminal Security node. By executing the node, the network can indicate the terminal. Perform the appropriate erase procedure to erase the data on the terminal.

在对现有技术的研究和实践过程中 , 发明人发现现有技术存在以下问题: 简单的数据的擦除, 网络侧对擦除操作的控制力不足。 In the research and practice of the prior art, the inventors found that the prior art has the following problems: Simple data erasure, and the network side has insufficient control over the erasing operation.

发明内容 Summary of the invention

本发明实施例解决的技术问题是提供擦除终端数据的方法及终端设备,可 以实现网络侧对终端数据进行有选择性的范围的擦除或多级别的擦除,加强了 网络侧对终端进行擦除操作的控制力 , 满足用户对擦除功能细化的需求。  The technical problem to be solved by the embodiments of the present invention is to provide a method for erasing terminal data and a terminal device, which can implement selective selective erasure or multi-level erasure of terminal data on the network side, and strengthen the network side to perform terminal operations on the terminal. The control of the erase operation satisfies the user's need for refinement of the erase function.

本发明实施例提供的一种擦除终端数据的方法, 包括:  A method for erasing terminal data provided by an embodiment of the present invention includes:

接收管理服务器发送的擦除指令和擦除范围;  Receiving an erase command and an erase range sent by the management server;

根据所述擦除范围对本地数据进行相应的擦除。  The local data is correspondingly erased according to the erasure range.

本发明实施例提供的一种擦除终端数据的方法, 包括:  A method for erasing terminal data provided by an embodiment of the present invention includes:

接收管理服务器的数据擦除请求;  Receiving a data erase request from the management server;

获得所述管理服务器身份标识;  Obtaining the management server identity identifier;

查找所述管理服务器身份标识对应的擦除级别;  Finding an erasure level corresponding to the management server identity;

按照所述查找到的擦除级别对本地数据进行相应的擦除。  The local data is erased accordingly according to the found erase level.

本发明实施例提供的一种终端设备, 其特征在于, 包括: 接收单元、 数据 存储单元和擦除单元;  A terminal device provided by an embodiment of the present invention includes: a receiving unit, a data storage unit, and an erasing unit;

接收单元, 用于接收管理服务器发送的擦除指令和擦除范围;  a receiving unit, configured to receive an erasure instruction and an erasure range sent by the management server;

数据存储单元, 用于存储本地数据;  a data storage unit for storing local data;

擦除单元,用于根据所述擦除范围对所述数据存储单元存储的本地数据进 行相应的擦除。  And an erasing unit, configured to perform corresponding erasing on the local data stored by the data storage unit according to the erasing range.

本发明实施例提供的一种终端设备, 包括:接收单元、身份标识获取单元、 查找单元、 数据存储单元和擦除单元;  A terminal device provided by the embodiment of the present invention includes: a receiving unit, an identity acquiring unit, a searching unit, a data storage unit, and an erasing unit;

接收单元, 用于接收管理服务器的数据擦除请求;  a receiving unit, configured to receive a data erasure request of the management server;

身份标识获取单元, 用于在接收单元收到所述数据擦除请求后,获取所述 管理服务器的身份标识;  An identity obtaining unit, configured to acquire an identity of the management server after the receiving unit receives the data erasure request;

查找单元, 用于查找所述管理服务器的身份标识对应的擦除级别; 数据存储单元, 用于存储本地数据; 擦除单元,用于按照所述查找单元查找到的擦除级别对所述数据存储单元 存储的本地数据进行相应的擦除。 a searching unit, configured to search for an erasure level corresponding to the identity of the management server; and a data storage unit, configured to store local data; And an erasing unit, configured to perform corresponding erasure on the local data stored by the data storage unit according to the erasure level found by the searching unit.

采用上述技术方案, 本发明实施例有益的技术效果在于:  With the above technical solutions, the beneficial technical effects of the embodiments of the present invention are as follows:

本发明实施例中, 终端接收管理服务器发送的擦除指令和擦除范围; 并根 据所述擦除范围对本地数据进行相应的擦除。实现了网络侧对终端数据进行有 选择性的范围或多级别的擦除, 强化了网络侧对终端进行擦除操作的控制力, 使擦除功能更加细致化, 满足用户多样化擦除数据的要求。  In the embodiment of the present invention, the terminal receives the erasure instruction and the erasure range sent by the management server; and performs corresponding erasure on the local data according to the erasure range. The network side performs selective or multi-level erasure on the terminal data, strengthens the control power of the network side to erase the terminal, and makes the erasing function more detailed, and satisfies the user's diverse erasing data. Claim.

附图说明 DRAWINGS

图 1为现有技术中终端的管理对象的结构图;  1 is a structural diagram of a management object of a terminal in the prior art;

图 2为本发明实施例一擦除终端数据的方法的流程图;  2 is a flowchart of a method for erasing terminal data according to an embodiment of the present invention;

图 3为本发明实施例三擦除终端数据的方法的流程图;  3 is a flowchart of a method for erasing terminal data according to Embodiment 3 of the present invention;

图 4为本发明实施例四擦除终端数据的方法的流程图;  4 is a flowchart of a method for erasing terminal data according to Embodiment 4 of the present invention;

图 5为本发明实施例五终端设备的结构示意图;  FIG. 5 is a schematic structural diagram of a terminal device according to Embodiment 5 of the present invention; FIG.

图 6为本发明实施例六终端设备的结构示意图。  FIG. 6 is a schematic structural diagram of a terminal device according to Embodiment 6 of the present invention.

具体实施方式 detailed description

本发明实施例提供了一种擦除终端数据的方法及终端设备,可以实现网络 侧对终端数据进行多级别的擦除, 加强了网络侧对终端进行擦除操作的控制 力, 满足用户对擦除功能细化的需求。 下面对本发明提供的一种擦除终端数据 的方法及终端设备进行详细描述。  The embodiment of the invention provides a method for erasing terminal data and a terminal device, which can implement multi-level erasure of terminal data by the network side, and strengthens the control power of the network side to perform erasing operations on the terminal, and satisfies the user's wiping In addition to the need for functional refinement. A method and a terminal device for erasing terminal data provided by the present invention are described in detail below.

实施例一, 一种擦除终端数据的方法, 流程图如图 2所示, 包括: al , 终端接收管理服务器发送的擦除指令和擦除范围;  Embodiment 1 is a method for erasing terminal data. The flowchart is as shown in FIG. 2, and includes: al, the terminal receives an erasure instruction and an erasure range sent by the management server;

管理服务器发送的擦除指令和擦除范围可以是:所述管理服务器发送的包 含所述擦除指令和擦除范围的数据擦除请求。  The erase command and the erase range sent by the management server may be: a data erase request sent by the management server including the erase command and the erase range.

所述擦除范围可以对应有擦除级别。  The erase range may correspond to an erase level.

例如: 管理服务器在向终端发出携带擦除级别信息的 Exec管理命令: For example: The management server sends an Exec management command carrying the erasure level information to the terminal:

<Exec> <Exec>

<CmdID>4</CmdID>  <CmdID>4</CmdID>

<Item>  <Item>

<Target> <LocURI>J WipeMO/Operations/Wipe</LocURI> </Target> <Target> <LocURI>J WipeMO/Operations/Wipe</LocURI></Target>

<Data>K/Data><! -擦除级别 ― >  <Data>K/Data><! -Erase level ― >

</Item>  </Item>

</Exec>  </Exec>

其中, <Data>l指示当前的擦除级别为 1级, 即擦除终端的所有数据, 所 述<1^0^11 1>指示了执行擦除的程序所在路径。  Where <Data>1 indicates that the current erasure level is level 1, that is, all data of the terminal is erased, and the <1^0^11 1> indicates the path of the program for performing erasure.

可以理解的是,所述管理服务器也可以将擦除级别和擦除指令分别单独下 发, 例如通过替代命令(Replace )下发所述擦除级别, 通过 Exec管理命令下 发擦除指令:  It can be understood that the management server can also separately issue the erasure level and the erasure command, for example, by issuing the erasure level through a replacement command, and issuing an erasure command through the Exec management command:

<Replace>  <Replace>

<CmdID>3 </CmdID>  <CmdID>3 </CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./WipeMO/WipeLevel</LocURI>  <LocURI>./WipeMO/WipeLevel</LocURI>

</Target>  </Target>

<Data>l</Data><!—最高级别 , 完全擦除- >  <Data>l</Data><!—Highest level, completely erased ->

</Item>  </Item>

</ Replace >  </ Replace >

<Exec>  <Exec>

<CmdID>4</CmdID>  <CmdID>4</CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./ WipeMO/Operations/Wipe</LocURI>  <LocURI>./ WipeMO/Operations/Wipe</LocURI>

</Target>  </Target>

</Item>  </Item>

</Exec>  </Exec>

其中, <Data>l指示当前的擦除级别为 1级, 即擦除终端的所有数据, 所述 <LocURI>指示了执行擦除的程序所在路径。 a2 , 所述终端根据所述擦除范围对本地数据进行相应的擦除。 所述终端设备可以按照所述管理服务器指定级别执行对应的擦除操作。 可以理解的是, 不同级别的擦除级别对应不同的擦除范围,具体的对应关 系参照表 1。 Where <Data>1 indicates that the current erasure level is level 1, that is, erases all data of the terminal, and the <LocURI> indicates the path of the program that performs erasure. A2. The terminal performs corresponding erasure on the local data according to the erasure range. The terminal device may perform a corresponding erasing operation according to the management server specified level. It can be understood that different levels of erasure levels correspond to different erasure ranges, and the specific correspondences refer to Table 1.

表 1  Table 1

Figure imgf000007_0001
Figure imgf000007_0001

a3 , 向所述管理服务器返回擦除的结果。  A3, returning the result of the erasure to the management server.

可以理解的是, 若所述步骤 a2的擦除操作失败, 则可以所述终端设备执 行低于所述级别的擦除操作 , 并将擦除的结果反馈给所述管理服务器。  It can be understood that if the erasing operation of the step a2 fails, the terminal device can perform an erasing operation lower than the level, and feed back the result of the erasing to the management server.

例如表 1所示, 若执行级别 1全部擦除的擦除操作失败, 则自动执行级别 2擦除用户数据的擦除操作。 执行低级别的擦除操作可以是终端侧自动执行, 也可以是终端在管理服务器的控制下进行,如: 在管理服务器下发的数据擦除 请求中, 可以包括一个擦除失败处理标识;  For example, as shown in Table 1, if the erasing operation for performing level 1 all erasing fails, the erasing operation of level 2 erasing user data is automatically performed. Performing a low-level erasure operation may be performed automatically by the terminal side, or may be performed by the terminal under the control of the management server, for example, the data erasure request sent by the management server may include an erasure failure processing identifier;

所述终端收到所述擦除失败处理标识后 ,若所述擦除失败才会执行低于所 述级别的擦除操作的步骤。这样, 管理服务器就可以通过该标识控制终端在擦 除失败后的处理。  After the terminal receives the erasure failure processing identifier, the step of erasing below the level is performed if the erasure fails. In this way, the management server can control the processing of the terminal after the failure of the erasure through the identifier.

可以理解的是,本发明实施例中将擦除结果返回的步骤也可以不执行, 并 不影响本发明实施例方法的实现。  It can be understood that the step of returning the erasure result in the embodiment of the present invention may not be performed, and does not affect the implementation of the method of the embodiment of the present invention.

本发明实施例一中, 终端接收管理服务器发送的数据擦除请求和擦除级 另, J ; 并根据所述擦除级别对本地数据进行相应的擦除。 实现了网络侧对终端数 据进行多级别的擦除,相对于现有技术中的简单的擦除终端数据的方式, 强化 了网络侧对终端进行擦除操作的控制力,使擦除功能更加细致化, 满足用户多 样化擦除数据的要求。  In the first embodiment of the present invention, the terminal receives the data erasure request and the erasure level sent by the management server, and performs corresponding erasure on the local data according to the erasure level. The network side performs multiple levels of erasure on the terminal data, and the simple control method of erasing the terminal data in the prior art strengthens the control of the erasing operation of the terminal on the network side, so that the erasing function is more detailed. To meet the requirements of users to diversify data.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤 是可以通过程序来请求相关的硬件完成,所述的程序可以存储于一种计算机可 读存储介质中, 该程序在执行时, 包括如下步骤:  A person skilled in the art can understand that all or part of the steps in the method of implementing the above embodiments can be completed by a program requesting related hardware, and the program can be stored in a computer readable storage medium, when the program is executed. , including the following steps:

终端接收管理服务器发送的数据擦除请求和擦除级别; 上述提到的存储介质可以是存储器, 磁盘或光盘等。 The terminal receives a data erasure request and an erasure level sent by the management server; The storage medium mentioned above may be a memory, a magnetic disk or an optical disk or the like.

实施例二, 当根据 Replace管理命令指定擦除级别, 终端执行相应擦除操 作时。服务器在向终端发出的设备管理信息中,针对 WipeRange节点发 Replace 管理命令, 针对 Operations下的 Wipe发送 Exec管理命令:  In the second embodiment, when the erasure level is specified according to the Replace management command, the terminal performs the corresponding erasing operation. In the device management information sent to the terminal, the server sends a Replace management command to the WipeRange node, and sends an Exec management command to the Wipe under Operations:

<Replace>  <Replace>

<CmdID>3 </CmdID>  <CmdID>3 </CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./WipeMO/WipeRange</LocURI>  <LocURI>./WipeMO/WipeRange</LocURI>

</Target>  </Target>

<Data>2</Data><!—级别 2 , 擦除企业数据- >  <Data>2</Data><!—Level 2, Erase Enterprise Data ->

</Item>  </Item>

</ Replace >  </ Replace >

<Exec>  <Exec>

<CmdID>4</CmdID>  <CmdID>4</CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./ WipeMO/Operations/Wipe</LocURI>  <LocURI>./ WipeMO/Operations/Wipe</LocURI>

</Target>  </Target>

</Item>  </Item>

</Exec>  </Exec>

终端可以按照擦除级别及擦除命令, 判断出需要擦除企业数据, 则将终端 中保存的企业数据擦除, 并向服务器返回擦除状态信息。其中企业数据为在终 端中设置或保存的用户所属的公司或企业的相关数据。  The terminal can determine that the enterprise data needs to be erased according to the erasure level and the erasure command, then erase the enterprise data saved in the terminal, and return the erasure status information to the server. The enterprise data is the data of the company or enterprise to which the user set or saved in the terminal belongs.

擦除级别和擦除范围的对应如下所示:  The correspondence between the erase level and the erase range is as follows:

擦除级别 擦除范围  Erase level erase range

1 擦除用户数据及企业数据  1 Erase user data and corporate data

2 擦除企业数据 3 擦除用户数据 2 Erase corporate data 3 Erase user data

由于不同的擦除级别可以对应不同的擦除范围,而不同的擦除范围之间可 以没有交集, 因此表中擦除级别 2和擦除级别 3代表的可以是不同的、独立的 数据, 没有相互包含或相互交叉的关系, 这与实施例一是不同的。 当然, 本发 明也不限定擦除范围之间一定没有交集。  Since different erase levels can correspond to different erase ranges, and there is no intersection between different erase ranges, the erase level 2 and erase level 3 in the table can represent different, independent data, no This is different from the first embodiment in that they contain or cross each other. Of course, the present invention does not limit that there must be no intersection between the erased ranges.

与实施例一不同还在于,若本例在执行级别 2企业数据的擦除失败时不自 动执行级别 3的擦除操作, 因为它们没有包含关系。  The difference from the first embodiment is also that if the erasing failure of the execution level 2 enterprise data fails, the level 3 erase operation is not automatically performed because they have no inclusion relationship.

实施例三, 一种擦除终端数据的方法, 流程图如图 3所示, 包括: bl , 终端接收管理服务器发送的擦除指令和擦除范围;  Embodiment 3 is a method for erasing terminal data. The flowchart is as shown in FIG. 3, and includes: bl, the terminal receives an erasure instruction and an erasure range sent by the management server;

所述管理服务器发送擦除指令和擦除范围的过程参考实施例一步骤 al。 所述擦除范围可以对应有擦除级别。  The process in which the management server transmits the erase command and the erase range is referred to the first step of the embodiment al. The erase range may correspond to an erase level.

b2,终端对是否允许所述管理服务器进行所述擦除级别的擦除操作进行认 证, 认证通过则继续步骤 b3 , 认证失败, 则执行步骤 b5。  B2: The terminal authenticates whether the management server is allowed to perform the erasing level erasing operation, and if the authentication is passed, the process proceeds to step b3, and if the authentication fails, step b5 is performed.

本发明实施例中, 所述认证的过程为:  In the embodiment of the present invention, the process of the authentication is:

查找所述管理服务器身份标识对应的擦除权限;  Finding an erasure permission corresponding to the management server identifier;

获得所述擦除权限对应的最高擦除级别;  Obtaining a highest erasure level corresponding to the erasure authority;

若所述管理服务器请求的擦除级别不高于所述查找到的擦除级别;则认证 通过; 否则认证失败。 可以理解的是, 所述管理服务器可以在下发擦除指令和 擦除级别时将管理服务器的身份标识下发给终端 ,也可以是终端接入网络的时 候获得管理服务器的身份标识。所述身份标识可以是管理服务器地址或用户名 等。  If the erasure level requested by the management server is not higher than the found erasure level; then the authentication is passed; otherwise, the authentication fails. It is to be understood that the management server may send the identity of the management server to the terminal when the erasure command and the erasure level are issued, or may obtain the identity of the management server when the terminal accesses the network. The identity identifier may be a management server address or a username, and the like.

具体的终端获取管理服务器身份标识的方式可能有多种, 本发明不作限 定。  There may be multiple ways for a specific terminal to obtain a management server identity, which is not limited by the present invention.

身份认证的过程还可以采取更为简单的认证方式, 即: 终端设备本地保存 管理服务器的身份标识和擦除权限的对应关系;请求擦除操作的管理服务器的 身份标识在所述保存的身份标识内, 则允许擦除操作, 不在, 则不允许擦除操 作。 可以理解的是, 身份认证的过程还可以采取多种系统的常规认证方式, 具 体的认证方式不构成对本发明的限制。  The process of identity authentication can also adopt a simpler authentication mode, that is, the terminal device locally saves the correspondence between the identity of the management server and the erasure authority; the identity of the management server that requests the erasure operation is in the saved identity. Inside, the erase operation is allowed, and if not, the erase operation is not allowed. It can be understood that the process of identity authentication can also adopt a conventional authentication mode of multiple systems, and the specific authentication mode does not constitute a limitation of the present invention.

本发明实施例中,所述管理服务器的身份标识可以是所述管理服务器的 IP 地址或用户名或域地址等,可以理解的是可以在网络中唯一标识该管理服务器 身份的标识都可以作为身份标识。 所述终端设备根据所述管理服务器指定级别执行对应的擦除操作。 In the embodiment of the present invention, the identity of the management server may be the IP of the management server. An address or a username or a domain address, etc., it can be understood that an identifier that can uniquely identify the identity of the management server in the network can be used as an identity. The terminal device performs a corresponding erase operation according to the management server specified level.

可以理解的是, 不同级别的擦除级别对应不同的擦除范围,具体的对应关 系参照表 1。  It can be understood that different levels of erasure levels correspond to different erasure ranges, and the specific correspondences refer to Table 1.

b4, 向所述管理服务器返回擦除的结果。  B4, returning the result of the erasure to the management server.

可以理解的是, 若所述步骤 b3的擦除操作失败, 则所述终端设备执行低 于所述级别的擦除操作, 并将擦除的结果反馈给所述管理服务器。执行低级别 的擦除操作可以是终端侧自动执行, 也可以是终端在管理服务器的控制下进 行, 如: 在管理服务器下发的数据擦除请求中, 可以包括一个擦除失败处理标 识;  It can be understood that if the erasing operation of the step b3 fails, the terminal device performs an erasing operation lower than the level, and feeds back the result of the erasing to the management server. Performing a low-level erase operation may be performed automatically by the terminal side, or may be performed by the terminal under the control of the management server. For example, the data erasure request sent by the management server may include an erasure failure processing identifier;

所述终端收到所述擦除失败处理标识后, 若所述擦除失败, 则执行低于所 述级别的擦除操作的步骤。这样, 管理服务器就可以通过该标识控制终端在擦 除失败后的处理。  After the terminal receives the erasure failure processing flag, if the erasing fails, a step of performing an erasing operation lower than the level is performed. In this way, the management server can control the processing of the terminal after the failure of the erasure through the identifier.

b5 , 向所述管理服务器反馈身份认证失败。  B5. The identity authentication failure is fed back to the management server.

本发明实施例三与实施例一的区别在于,对请求擦除的管理服务器进行身 份认证, 认证通过后才执行擦除操作, 安全性更高, 防止了恶意的擦除行为给 用户带来不必要的损失。  The difference between the third embodiment and the first embodiment is that the authentication server that requests the erasure is authenticated, and the erasing operation is performed after the authentication is passed, so that the security is higher, and the malicious erasing behavior is prevented from being brought to the user. The necessary loss.

实施例四, 一种擦除终端数据的方法, 流程图如图 4所示, 包括: cl , 终端接收管理服务器的数据擦除请求;  Embodiment 4 is a method for erasing terminal data. The flowchart is as shown in FIG. 4, and includes: cl, the terminal receives a data erasure request of the management server;

本发明实施例中, 所述数据擦除请求为所述管理服务器发送的擦除指令。 例如, 管理服务器在向终端发出 Exec管理命令, 指示进行数据擦除: <Exec>  In the embodiment of the present invention, the data erasure request is an erasure instruction sent by the management server. For example, the management server issues an Exec management command to the terminal to instruct data erasure: <Exec>

<CmdID>4</CmdID>  <CmdID>4</CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./ WipeMO/Operations/Wipe</LocURI>  <LocURI>./ WipeMO/Operations/Wipe</LocURI>

</Target> </Item> </Target> </Item>

</Exec>  </Exec>

其中 , <LocURI>指明了执行擦除操作的程序所在路径。  Where <LocURI> indicates the path to the program that performs the erase operation.

c2, 终端获取所述管理服务器的身份标识;  C2. The terminal acquires an identity of the management server.

所述终端设备在与所述管理服务器的会话建立阶段,可以获得所述管理服 务器的身份标识,如: 通过所述管理服务器下发数据擦除请求中的头信息获得 所述管理服务器的身份标识。 所述身份标识可以是管理服务器地址或用户名 等。  The terminal device may obtain the identity of the management server in a session establishment phase with the management server, such as: obtaining, by the management server, the header information in the data erasure request to obtain the identity of the management server. . The identity identifier may be a management server address or a username, and the like.

c3 , 获得所述管理服务器身份标识对应的擦除级别;  C3, obtaining an erasure level corresponding to the identity of the management server;

本发明实施例中, 需要预置管理服务器身份标识与擦除级别的对应关系, 所述管理服务器身份标识与擦除级别的对应关系可以是用户自行本地设 置, 也可以是或终端在移动网络注册时, 网络自动向终端推送该信息; 或终端 通过数据网络获取等方式。本发明强调终端有能力获得所述管理服务器身份标 识与擦除级别的对应关系,具体的获得方式可以有多种常规方式实现, 不构成 对本发明的限制。  In the embodiment of the present invention, the correspondence between the identity of the management server and the erasure level needs to be preset. The correspondence between the identity of the management server and the erasure level may be set by the user locally, or may be registered by the terminal on the mobile network. The network automatically pushes the information to the terminal; or the terminal acquires through the data network. The present invention emphasizes that the terminal has the ability to obtain the correspondence between the identity of the management server and the erasure level. The specific manner of obtaining the information may be implemented in a plurality of conventional manners, and does not constitute a limitation of the present invention.

例如: 管理服务器身份标识与擦除级别的对应关系可以参照表 2, 其中管 理服务器的身份标识可以是管理服务器的地址或用户名。 For example, the correspondence between the management server identity and the erasure level can be referred to Table 2, where the identity of the management server can be the address or user name of the management server.

Figure imgf000011_0001
Figure imgf000011_0001

Figure imgf000011_0002
Figure imgf000011_0002

通过所述获得的身份标识, 则可以在上述表 2中查询获得该管理服务器的 擦除级别。  Through the obtained identity, the erasure level of the management server can be obtained by querying in Table 2 above.

c4, 根据所述擦除级别对本地数据进行相应的擦除。  C4, correspondingly erasing the local data according to the erasure level.

所述终端设备根据所述管理服务器身份标识对应的擦除级别执行对应的 擦除操作。  The terminal device performs a corresponding erasing operation according to an erasure level corresponding to the management server identity.

可以理解的是, 不同级别的擦除级别对应不同的擦除范围,具体的对应关 系参照表 1。 c5 , 所述终端设备将擦除的结果返回给所述管理服务器。 It can be understood that different levels of erasure levels correspond to different erasure ranges, and the specific correspondences refer to Table 1. C5. The terminal device returns the result of the erasure to the management server.

可以理解的是,本实施例步骤 c5可以不执行,不影响本发明实施例的实现。 可以理解的是, 若所述步骤 c4擦除操作失败, 则可以所述终端设备执行低 于所述级别的擦除操作, 并将擦除的结果反馈给所述管理服务器。执行低级别 的擦除操作可以是终端侧自动执行, 也可以是终端在管理服务器的控制下进 行, 如: 在管理服务器下发的数据擦除请求中, 可以包括一个擦除失败处理标 识;  It can be understood that step c5 of this embodiment may not be performed, and does not affect the implementation of the embodiment of the present invention. It can be understood that if the erasing operation fails in the step c4, the terminal device can perform an erasing operation lower than the level, and feed back the result of the erasing to the management server. Performing a low-level erase operation may be performed automatically by the terminal side, or may be performed by the terminal under the control of the management server. For example, the data erasure request sent by the management server may include an erasure failure processing identifier;

所述终端收到所述擦除失败处理标识后, 若所述擦除失败, 则会执行低于 所述级别的擦除操作的步骤。这样, 管理服务器就可以通过该标识控制终端在 擦除失败后的处理。  After the terminal receives the erasure failure processing identifier, if the erasure fails, a step of erasing operation lower than the level is performed. In this way, the management server can control the terminal's processing after the erasure failure through the identifier.

本实施例的步骤 cl管理服务器下发的数据擦除请求中对擦除失败的处理 进行了指示, 例如: 通过 Replace命令指示擦除失败则自动执行低一级别的擦 除操作。 这里的 FailDegrade为擦除失败处理标识, <Data>True</Data>为 FailDegrade的值。  The step of the embodiment cl indicates that the processing of the erasure failure is performed in the data erasing request sent by the server. For example, the lower level of erasing operation is automatically performed by the replacement command indicating that the erasing is failed. Here FailDegrade is the erase failure processing flag, and <Data>True</Data> is the value of FailDegrade.

<Replace>  <Replace>

<CmdID>3 </CmdID>  <CmdID>3 </CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./WipeMO/FailDegrade</LocURI>  <LocURI>./WipeMO/FailDegrade</LocURI>

</Target>  </Target>

<Data>True</Data> <! 4丸行擦除操作失败时自动执行低一级别 的擦除操作- >  <Data>True</Data> <! 4 Low-level erase operation is automatically performed when the shot erase operation fails ->

</Item>  </Item>

<Item>  <Item>

<Target>  <Target>

<LocURI>./WipeMO/WipeLevel</LocURI>  <LocURI>./WipeMO/WipeLevel</LocURI>

</Target>  </Target>

<Data>K/Data> <! -最高级别 , 完全擦除— >  <Data>K/Data> <! - highest level, completely erased ->

</Item> </ Replace > </Item> </ Replace >

<Exec>  <Exec>

<CmdID>4</CmdID>  <CmdID>4</CmdID>

<Item>  <Item>

<Target>  <Target>

<LocURI>./ WipeMO/Operations/Wipe</LocURI>  <LocURI>./ WipeMO/Operations/Wipe</LocURI>

</Target>  </Target>

</Item>  </Item>

</Exec>  </Exec>

终端根据擦除级别及擦除命令, 判断出需要进行完全擦除, 则将终端中保 存的所有数据擦除; 在擦除过程中, 由于某些原因, 如某些文件使用中等, 导 致擦除失败; 终端根据 FailDegrade的值为 True, 判断出需要自动执行低一级别 的擦除操作, 结合表 1 , 则执行擦除级别为 2的擦除操作, 即仅擦除用户数据。  The terminal judges that a complete erasure is required according to the erasure level and the erasing command, and erases all the data saved in the terminal; during the erasing process, for some reasons, such as some files are used mediumly, causing erasure Failed; the terminal judges that the lower level erase operation needs to be automatically performed according to the value of FailDegrade. In combination with Table 1, the erase operation with the erase level of 2 is performed, that is, only the user data is erased.

当终端擦除用户数据成功后 ,向服务器返回预定擦除失败但低一级擦除成 功的信息:  After the terminal successfully erases the user data, it returns to the server information that the predetermined erasure failed but the second erasure succeeds:

<Status>  <Status>

<CmdRef>3 </CmdRef>  <CmdRef>3 </CmdRef>

<CmdID>7</CmdID>  <CmdID>7</CmdID>

<Cmd>Replace</Cmd>  <Cmd>Replace</Cmd>

<Data>200</Data> <!— Replace命令执行成功 ― >  <Data>200</Data> <!— Replace command executed successfully ― >

</Status>  </Status>

<Status>  <Status>

<CmdRef>4</CmdRef>  <CmdRef>4</CmdRef>

<CmdID>8</CmdID>  <CmdID>8</CmdID>

<Cmd>Exec</Cmd>  <Cmd>Exec</Cmd>

<TargetRef>./ WipeMO/Operations/Wipe</TargetRef>  <TargetRef>./ WipeMO/Operations/Wipe</TargetRef>

<Data>222</Data><! -使用这个状态码表示 "预定擦除失败但低一级 擦除成功" - >  <Data>222</Data><! - Use this status code to indicate "Scheduled erase failed but low level erased successfully" ->

</Status> 本发明实施例四与实施例一的区别在于,提供了根据管理服务器的身份标 识判断擦除发起者的擦除权限, 终端设备执行所述擦除权限对应的擦除操作, 实现了网络侧对终端数据进行多级别的擦除,相对于现有技术中的简单的擦除 终端数据的方式, 强化了网络侧对终端进行擦除操作的控制力,使擦除功能更 加细致化, 满足用户多样化擦除数据的要求。 </Status> The fourth embodiment of the present invention is different from the first embodiment in that it provides that the erasure initiator of the erasure initiator is determined according to the identity of the management server, and the terminal device performs the erasure operation corresponding to the erasure authority, thereby implementing the network side pair. The terminal data performs multiple levels of erasure, and the control method of erasing the terminal on the network side is strengthened compared with the simple method of erasing the terminal data in the prior art, so that the erasing function is more detailed and the user is diverse. The requirement to erase data.

本发明实施例五, 一种终端设备 500, 结构示意图如图 5所示, 包括: 接收 单元 510、 数据存储单元 520和擦除单元 530;  A fifth embodiment of the present invention, a terminal device 500, a schematic structural diagram shown in Figure 5, comprising: a receiving unit 510, a data storage unit 520 and an erasing unit 530;

所述接收单元 510, 用于接收管理服务器发送的擦除指令和擦除范围; 所述数据存储单元 520, 用于存储本地数据;  The receiving unit 510 is configured to receive an erasure instruction and an erasure range sent by the management server, where the data storage unit 520 is configured to store local data.

所述擦除单元 530,用于根据所述擦除范围对数据存储单元 520存储的本地 数据进行相应的擦除。  The erasing unit 530 is configured to perform corresponding erasing on the local data stored by the data storage unit 520 according to the erasing range.

所述擦除范围可以对应有擦除级别。  The erase range may correspond to an erase level.

本发明实施例五的终端设备可以运行本发明实施例一的方法。  The terminal device of the fifth embodiment of the present invention can run the method of the first embodiment of the present invention.

实施例六,一种终端设备 600,结构示意图如图 6所示,包括:接收单元 610、 身份标识获取单元 620、 查找单元 630、 数据存储单元 640和擦除单元 650;  Embodiment 6, a terminal device 600, a schematic structural diagram shown in FIG. 6, comprising: a receiving unit 610, an identity obtaining unit 620, a searching unit 630, a data storage unit 640, and an erasing unit 650;

所述接收单元 610, 用于接收管理服务器的数据擦除请求;  The receiving unit 610 is configured to receive a data erasure request of the management server;

所述身份标识获取单元 620, 用于在接收单元 610收到所述数据擦除请求 后, 获取所述管理服务器的身份标识;  The identity identifier obtaining unit 620 is configured to acquire the identity identifier of the management server after receiving the data erasure request by the receiving unit 610;

所述查找单元 630, 用于查找所述管理服务器身份标识对应的擦除级别; 所述数据存储单元 640, 用于存储本地数据;  The searching unit 630 is configured to search for an erasure level corresponding to the identity of the management server, and the data storage unit 640 is configured to store local data.

所述擦除单元 650,用于根据所述查找单元 630查找到的擦除级别对对数据 存储单元存储 640的本地数据进行相应的擦除。  The erasing unit 650 is configured to perform corresponding erasure on the local data of the data storage unit storage 640 according to the erasure level found by the searching unit 630.

本发明实施例六可以运行本发明实施例四的方法。  The sixth embodiment of the present invention can run the method of Embodiment 4 of the present invention.

以上对本发明所提供的一种擦除终端数据的方法及终端设备 ,进行了详细 介绍, 其中:  The method and the terminal device for erasing terminal data provided by the present invention are described in detail above, wherein:

本发明一实施例中, 终端接收管理服务器发送的擦除指令和擦除级别; 并 根据所述擦除级别对本地数据进行相应的擦除。实现了网络侧对终端数据进行 多级别的擦除,相对于现有技术中的简单的擦除终端数据的方式, 强化了网络 侧对终端进行擦除操作的控制力,使擦除功能更加细致化, 满足用户多样化擦 除数据的要求。 In an embodiment of the invention, the terminal receives an erase command and an erase level sent by the management server; and performs corresponding erasure on the local data according to the erasure level. The network side performs multiple levels of erasure on the terminal data, and the simple control method of erasing the terminal data in the prior art strengthens the control of the erasing operation of the terminal on the network side, so that the erasing function is more detailed. To meet the diversification of users In addition to data requirements.

本发明另一实施例中,对请求擦除的管理服务器进行身份认证,认证通过 后才执行擦除操作,安全性更高, 防止了恶意的擦除行为给用户带来不必要的 损失。  In another embodiment of the present invention, the authentication server that requests the erasure is authenticated, and the erasing operation is performed after the authentication is passed, so that the security is higher, and the malicious erasing behavior is prevented from causing unnecessary loss to the user.

本发明再一实施例提供了根据管理服务器的身份标识判断擦除发起者的 擦除权限, 终端设备执行所述擦除权限对应的擦除操作, 实现了网络侧对终端 数据进行多级别的擦除,相对于现有技术中的简单的擦除终端数据的方式, 强 化了网络侧对终端进行擦除操作的控制力,使擦除功能更加细致化, 满足用户 多样化擦除数据的要求。  According to still another embodiment of the present invention, the erasing initiator's erasing authority is determined according to the identity of the management server, and the terminal device performs the erasing operation corresponding to the erasing right, so that the network side performs multiple levels of erasure on the terminal data. In addition, compared with the simple method of erasing terminal data in the prior art, the control force of the erasing operation of the terminal on the network side is strengthened, the erasing function is more refined, and the user's diverse data erasing requirements are satisfied.

对于本领域的一般技术人员,依据本发明实施例的思想,在具体实施方式 及应用范围上均会有改变之处, 综上所述,本说明书内容不应理解为对本发明 的限制。  For those skilled in the art, the present invention is not limited by the scope of the present invention, and the scope of the present invention is not limited by the scope of the present invention.

Claims

权 利 要 求 Rights request 1. 一种擦除终端数据的方法, 其特征在于, 包括:  A method for erasing terminal data, comprising: 接收管理服务器发送的擦除指令和擦除范围;  Receiving an erase command and an erase range sent by the management server; 根据所述擦除范围对本地数据进行相应的擦除。  The local data is correspondingly erased according to the erasure range. 2. 如权利要求 1所述的擦除终端数据的方法, 其特征在于, 所述擦除范 围对应有擦除级别; 所述根据擦除范围对本地数据进行相应的擦除包括:  2. The method of erasing terminal data according to claim 1, wherein the erasing range corresponds to an erasure level; and the erasing the local data according to the erasure range comprises: 按照擦除范围对应的擦除级别对本地数据进行相应的擦除。  The local data is erased correspondingly according to the erasure level corresponding to the erasure range. 3. 如权利要求 2所述的擦除终端数据的方法, 其特征在于, 所述接收管 理服务器发送的擦除指令和擦除范围是接收数据擦除请求,所述数据擦除请求 包括所述擦除指令和擦除范围。  3. The method of erasing terminal data according to claim 2, wherein the erasure command and the erasure range sent by the receiving management server are received data erasure requests, and the data erasure request includes the Erase instruction and erase range. 4. 如权利要求 3所述的擦除终端数据的方法, 其特征在于, 所述接收的 数据擦除请求中还包含擦除失败处理标识;  The method for erasing terminal data according to claim 3, wherein the received data erasure request further includes an erasure failure processing identifier; 收到所述擦除失败处理标识后,若所述按照擦除范围对应的擦除级别对本 地数据进行擦除失败, 则执行低于所述级别的擦除操作。  After receiving the erasure failure processing flag, if the local data is erased in accordance with the erasure level corresponding to the erasure range, an erase operation lower than the level is performed. 5. 如权利要求 1至 4任意一项所述的擦除终端数据的方法,其特征在于, 擦除完成后, 还包括: 向所述管理服务器返回擦除的结果。  The method for erasing terminal data according to any one of claims 1 to 4, wherein after the erasing is completed, the method further comprises: returning the result of the erasing to the management server. 6. 如权利要求 2至 4任意一项所述的擦除终端数据的方法,其特征在于, 所述按照擦除范围对应的擦除级别对本地数据进行相应的擦除之前进一步包 括:  The method for erasing terminal data according to any one of claims 2 to 4, wherein the erasing of the local data according to the erasure level corresponding to the erasure range further comprises: 对所述管理服务器是否允许进行所述擦除级别的擦除操作进行认证,认证 通过则继续按照擦除范围对应的擦除级别对本地数据进行相应的擦除的步骤。  Whether the management server allows the erasing level of the erasing operation to be authenticated, and the authentication succeeds to continue the corresponding erasing of the local data according to the erasing level corresponding to the erasing range. 7. 如权利要求 6所述的擦除终端数据的方法, 其特征在于, 所述对所述 管理服务器是否允许进行所述擦除级别的擦除操作进行认证的过程包括:  7. The method of erasing terminal data according to claim 6, wherein the process of authenticating whether the management server allows the erasing level of the erasing operation comprises: 查找所述管理服务器身份标识对应的擦除权限;  Finding an erasure permission corresponding to the management server identifier; 获得所述擦除权限对应的最高擦除级别;  Obtaining a highest erasure level corresponding to the erasure authority; 若所述管理服务器请求的擦除级别不高于所述查找到的擦除级别;则认证 通过; 否则认证失败。  If the erasure level requested by the management server is not higher than the found erasure level; then the authentication is passed; otherwise, the authentication fails. 8. 一种擦除终端数据的方法, 其特征在于, 包括:  A method for erasing terminal data, comprising: 接收管理服务器的数据擦除请求; 获得所述管理服务器身份标识; Receiving a data erase request from the management server; Obtaining the management server identity identifier; 查找所述管理服务器身份标识对应的擦除级别;  Finding an erasure level corresponding to the management server identity; 按照所述查找到的擦除级别对本地数据进行相应的擦除。  The local data is erased accordingly according to the found erase level. 9. 如权利要求 8所述的擦除终端数据的方法, 其特征在于, 所述接收管 理服务器的数据擦除请求之前包括:  9. The method of erasing terminal data according to claim 8, wherein the receiving the data erasure request of the management server comprises: 预置管理服务器身份标识与擦除级别的对应关系。  Preset management server identity and erasure level correspondence. 10. 如权利要求 9所述的擦除终端数据的方法, 其特征在于, 所述接收的 数据擦除请求中包含擦除失败处理标识;  10. The method of erasing terminal data according to claim 9, wherein the received data erasure request includes an erasure failure processing identifier; 收到所述擦除失败处理标识后 ,若所述按照所述查找到的擦除级别对本地 数据进行相应的擦除失败, 则执行低于所述级别的擦除操作。  After receiving the erasure failure processing flag, if the corresponding data fails to be erased according to the found erasure level, an erase operation lower than the level is performed. 11. 如权利要求 8至 10任意一项所述的擦除终端数据的方法, 其特征在 于, 擦除操作完成后, 向所述管理服务器返回擦除的结果。  The method of erasing terminal data according to any one of claims 8 to 10, characterized in that after the erasing operation is completed, the result of the erasing is returned to the management server. 12. 一种终端设备, 其特征在于, 包括: 接收单元、 数据存储单元和擦除 单元;  12. A terminal device, comprising: a receiving unit, a data storage unit, and an erasing unit; 接收单元, 用于接收管理服务器发送的擦除指令和擦除范围;  a receiving unit, configured to receive an erasure instruction and an erasure range sent by the management server; 数据存储单元, 用于存储本地数据;  a data storage unit for storing local data; 擦除单元,用于根据所述擦除范围对所述数据存储单元存储的本地数据进 行相应的擦除。  And an erasing unit, configured to perform corresponding erasing on the local data stored by the data storage unit according to the erasing range. 13. 如权利要求 12所述的终端设备, 其特征在于, 还包括:  The terminal device according to claim 12, further comprising: 认证单元, 用于在接收单元接收管理服务器发送的擦除指令和擦除范围 后,对所述管理服务器进行身份认证,认证通过则通知擦除单元进行擦除操作。  And an authentication unit, configured to perform identity authentication on the management server after the receiving unit receives the erasure command and the erasure range sent by the management server, and notify the erasing unit to perform the erasing operation after the authentication is passed. 如权利要求 12或 13所述的终端设备, 其特征在于, 还包括:  The terminal device according to claim 12 or 13, further comprising: 擦除结果反馈单元, 用于在擦除单元的执行的擦除操作完成后, 向管理服 务器反馈擦除结果。  The erase result feedback unit is configured to feed back the erase result to the management server after the erasing operation of the execution of the erase unit is completed. 14. 一种终端设备, 其特征在于, 包括: 接收单元、 身份标识获取单元、 查找单元、 数据存储单元和擦除单元;  A terminal device, comprising: a receiving unit, an identity acquiring unit, a searching unit, a data storage unit, and an erasing unit; 接收单元, 用于接收管理服务器的数据擦除请求;  a receiving unit, configured to receive a data erasure request of the management server; 身份标识获取单元, 用于在接收单元收到所述数据擦除请求后,获取所述 管理服务器的身份标识; 查找单元, 用于查找所述管理服务器的身份标识对应的擦除级别; 数据存储单元, 用于存储本地数据; An identity obtaining unit, configured to acquire an identity of the management server after the receiving unit receives the data erasure request; a searching unit, configured to search for an erasure level corresponding to the identity of the management server; and a data storage unit, configured to store local data; 擦除单元,用于按照所述查找单元查找到的擦除级别对所述数据存储单元 存储的本地数据进行相应的擦除。  And an erasing unit, configured to perform corresponding erasure on the local data stored by the data storage unit according to the erasure level found by the searching unit. 15. 如权利要求 14所述的终端设备, 其特征在于, 还包括:  The terminal device according to claim 14, further comprising: 擦除结果反馈单元, 用于在擦除单元的执行的擦除操作完成后, 向管理服 务器反馈擦除结果。  The erase result feedback unit is configured to feed back the erase result to the management server after the erasing operation of the execution of the erase unit is completed.
PCT/CN2008/072360 2007-09-13 2008-09-12 A method to erase terminal data and terminal device Ceased WO2009033431A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200710145695 2007-09-13
CN200710145695.2 2007-09-13
CN200810003919.0 2008-01-11
CNA2008100039190A CN101389096A (en) 2007-09-13 2008-01-11 Method and terminal device for erasing terminal data

Publications (1)

Publication Number Publication Date
WO2009033431A1 true WO2009033431A1 (en) 2009-03-19

Family

ID=40451592

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072360 Ceased WO2009033431A1 (en) 2007-09-13 2008-09-12 A method to erase terminal data and terminal device

Country Status (1)

Country Link
WO (1) WO2009033431A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1685316A (en) * 2002-08-09 2005-10-19 威斯托公司 System and method for preventing access to data on a compromised remote device
CN1684048A (en) * 2004-04-07 2005-10-19 美国博通公司 Method and system for secure erasure of information in non-volatile memory in an electronic device
CN1929397A (en) * 2005-09-09 2007-03-14 广东省电信有限公司研究院 Network management system and method for realizing decentralized domain split management of soft exchanging network
CN101119557A (en) * 2007-09-07 2008-02-06 深圳华为通信技术有限公司 Data deletion method and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1685316A (en) * 2002-08-09 2005-10-19 威斯托公司 System and method for preventing access to data on a compromised remote device
CN1684048A (en) * 2004-04-07 2005-10-19 美国博通公司 Method and system for secure erasure of information in non-volatile memory in an electronic device
CN1929397A (en) * 2005-09-09 2007-03-14 广东省电信有限公司研究院 Network management system and method for realizing decentralized domain split management of soft exchanging network
CN101119557A (en) * 2007-09-07 2008-02-06 深圳华为通信技术有限公司 Data deletion method and terminal

Similar Documents

Publication Publication Date Title
US11277306B2 (en) Sending information of a network repository function instance storing network function instance information
CN104767715B (en) Access control method and equipment
CN101686458B (en) Terminal configuration, management method and terminal device
CN103875211B (en) An Internet account management method, manager, server and system
JP6785773B2 (en) Data update methods, equipment, and embedded general purpose integrated circuit cards
CN101360121B (en) Authority control method, system and terminal in apparatus management
CN108293181B (en) A method and terminal for processing communication identification binding
CN111107537B (en) Accessing telecommunications blockchain based services using digital passports
WO2007045170A1 (en) Method and system for sharing memory area of mobile terminal
WO2017024842A1 (en) Internet access authentication method, client, computer storage medium
WO2007115488A1 (en) Device parameters configuring method, system and device in digital subscriber line access network
CN110944319B (en) 5G communication identity verification method, equipment and storage medium
US20230232228A1 (en) Method and apparatus for establishing secure communication
WO2011038628A1 (en) Method, access node and system for obtaining data
CN109196891B (en) A management method, terminal and server for contracting data set
CN103581882A (en) Data card APN locking state control method and device and data card
WO2015127889A1 (en) Profile association management method and device
WO2018001023A1 (en) Virtual desktop login method and device for cloud terminal
WO2012016519A1 (en) Method, apparatus and system for software management
WO2008071109A1 (en) A method and system for realizing the third-party mail account management
CN104079437B (en) Realize the method and terminal of rights management control
CN102377589A (en) Method and terminal for realizing authority management control
CN107113320A (en) A method, related equipment and system for downloading contract documents
CN105162769A (en) Gateway authority transfer method and gateway authority transfer device
CN106773797A (en) A kind of information processing method, system and management platform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08831143

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08831143

Country of ref document: EP

Kind code of ref document: A1