CN103973437B

CN103973437B - The method, apparatus and system of RSA key mandate are obtained when a kind of terminal locking

Info

Publication number: CN103973437B
Application number: CN201410212280.2A
Authority: CN
Inventors: 鲁强; 余骢骢
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2014-05-19
Filing date: 2014-05-19
Publication date: 2018-07-20
Anticipated expiration: 2034-05-19
Also published as: CN103973437A

Abstract

The invention discloses a method, device and system for obtaining RSA key authorization when a terminal is locked. The method includes: obtaining the first encrypted data imported into the terminal and the original data before encryption, and combining the first encrypted data with the original data. Match, if the match is successful, the RSA key authorization will be performed on the terminal, otherwise the RSA key authorization will not be performed on the terminal. The present invention enables the terminal to automatically perform RSA authorization without unlocking the terminal by matching the data information of the terminal and the server when the terminal is locked and cannot pop up the RSA authorization window, establishes an ADB connection, and then proceeds through the ADB connection. Exporting data or clearing the terminal lock password does not require flashing or other complicated ways to unlock, which is more convenient to use and meets the needs of users.

Description

A method, device and system for obtaining RSA key authorization when a terminal is locked

技术领域technical field

本发明涉及智能终端的数据安全防护领域，具体涉及一种终端锁定时获取RSA密钥授权的方法、装置及系统。The invention relates to the field of data security protection of intelligent terminals, in particular to a method, device and system for obtaining RSA key authorization when a terminal is locked.

背景技术Background technique

Android系统，又名安卓系统，是一种基于Linux的自由及开放源代码的操作系统，主要应用于移动设备和各种智能终端，如智能手机和平板电脑，由Google公司和开放手机联盟领导及开发。目前，谷歌在新版本的Android系统中更新添加了RSA密钥授权，安装有Android系统的智能终端只有在通过RSA密钥授权的情况下才能正常建立ADB(AndroidDebug Bridge，安卓调试桥)连接。其中，通过ADB我们可以调试Android程序，是安卓系统的一种调试工具。Android system, also known as Android system, is a free and open source operating system based on Linux, mainly used in mobile devices and various intelligent terminals, such as smart phones and tablet computers, led by Google and the Open Handset Alliance develop. At present, Google has updated and added RSA key authorization in the new version of the Android system. The smart terminal installed with the Android system can only establish an ADB (Android Debug Bridge, Android Debug Bridge) connection normally if it is authorized by the RSA key. Among them, we can debug Android programs through ADB, which is a debugging tool for Android systems.

当智能终端在锁定状态或锁屏状态下，该授权弹窗是被屏蔽的，使智能终端在未经用户允许时无法获得用户数据的目的，起到数据安全防护的作用。When the smart terminal is in the locked state or the locked screen state, the authorization pop-up window is blocked, so that the smart terminal cannot obtain user data without the user's permission, which plays a role in data security protection.

虽然RSA密钥授权方案是基于保护用户数据而设计的。但是在实际使用过程中，可能会由于各种原因引起用户本身使用的不便，如用户忘记锁屏密码，此时手机送到售后，售后需要有其他路径进行RSA密钥授权，然后帮助用户通过ADB进行导出数据、清除锁屏密码等操作。因此需要有一种方法，能够在终端锁定时以其他途经进行RSA密钥授权。Although the RSA key authorization scheme is designed based on protecting user data. However, in actual use, it may be inconvenient for the user due to various reasons. For example, the user forgets the lock screen password. At this time, the mobile phone is sent to the after-sales service. The after-sales service needs to have other paths for RSA key authorization, and then help the user through ADB. Perform operations such as exporting data, clearing the lock screen password, etc. Therefore, there is a need for a method to perform RSA key authorization in other ways when the terminal is locked.

发明内容Contents of the invention

本发明的目的在于提供一种终端锁定时获取RSA密钥授权的方法、装置及系统，来解决以上技术问题。The purpose of the present invention is to provide a method, device and system for obtaining RSA key authorization when the terminal is locked, so as to solve the above technical problems.

为达此目的，本发明采用以下技术方案：For reaching this purpose, the present invention adopts following technical scheme:

第一方面，本发明提供一种终端锁定时获取RSA密钥授权的方法，包括：In the first aspect, the present invention provides a method for obtaining RSA key authorization when the terminal is locked, including:

获取导入终端的第一加密数据；Obtain the first encrypted data imported into the terminal;

获取加密前的原始数据；Obtain the original data before encryption;

将第一加密数据与原始数据进行匹配；matching the first encrypted data with the original data;

若匹配成功，则对终端进行RSA密钥授权；If the match is successful, RSA key authorization is performed on the terminal;

若匹配失败，则不对终端进行RSA密钥授权；If the matching fails, the RSA key authorization will not be performed on the terminal;

其中，所述原始数据为终端的唯一特征信息，所述第一加密数据为服务器对获取的终端的唯一特征信息进行加密后生成的数据。Wherein, the original data is unique characteristic information of the terminal, and the first encrypted data is data generated by the server after encrypting the obtained unique characteristic information of the terminal.

优选的，所述步骤：将所述第一加密数据与所述原始数据进行匹配，具体包括：Preferably, the step: matching the first encrypted data with the original data, specifically includes:

解密所述第一加密数据，获取解密数据信息；Decrypt the first encrypted data to obtain decrypted data information;

将所述解密数据信息与所述原始数据进行比较，判断两者是否相同；Comparing the decrypted data information with the original data to determine whether they are the same;

若相同，则匹配成功；If they are the same, the match is successful;

否则，则匹配失败。Otherwise, the match fails.

终端对所述原始数据进行数据加密，生成第二加密数据；The terminal performs data encryption on the original data to generate second encrypted data;

将所述第二加密数据与所述第一加密数据进行比较，判断两者是否相同；comparing the second encrypted data with the first encrypted data to determine whether they are the same;

若相同，则匹配成功；If they are the same, the match is successful;

否则，则匹配失败；Otherwise, the match fails;

其中，生成第二加密数据和生成第一加密数据采用的数据加密的方式或算法相同。Wherein, the data encryption method or algorithm adopted for generating the second encrypted data is the same as that used for generating the first encrypted data.

优选的，所述获取导入终端的第一加密数据之前，还包括：与服务器建立通信连接；Preferably, before acquiring the first encrypted data imported into the terminal, it also includes: establishing a communication connection with the server;

所述与服务器建立通信连接，具体包括：The establishment of a communication connection with the server specifically includes:

通过数据线使终端与服务器建立通信的物理连接；The terminal establishes a physical connection for communication with the server through a data line;

检测终端的USB调试功能是否已经开启；Detect whether the USB debugging function of the terminal is enabled;

若是，与服务器建立初步的数据通信，从服务器导入第一加密数据；If so, establish initial data communication with the server, and import the first encrypted data from the server;

否则，发出通信连接异常提示信息，提示用户终端未开启USB调试功能，无法连接服务器；继续检测终端的USB调试功能是否已经开启；Otherwise, a communication connection abnormality prompt message is issued to remind the user that the USB debugging function is not enabled on the terminal and cannot connect to the server; continue to detect whether the USB debugging function of the terminal has been enabled;

优选的，所述方法还包括：当终端锁定且终端的USB调试功能未开启时，若检测到终端的指令输入界面输入开启终端的USB调试功能的控制指令，立即开启终端的USB调试功能，具体包括：Preferably, the method further includes: when the terminal is locked and the USB debugging function of the terminal is not enabled, if it is detected that the command input interface of the terminal inputs a control command to enable the USB debugging function of the terminal, immediately enable the USB debugging function of the terminal, specifically include:

打开终端的指令输入界面；Open the command input interface of the terminal;

检测所述指令输入界面是否有输入开启USB调试功能的控制指令；若是，则开启终端的USB调试功能。Detecting whether the command input interface has a control command input to enable the USB debugging function; if so, enabling the USB debugging function of the terminal.

优选的，终端包括智能手机、电子书阅读器、MP3播放器、MP4播放器以及平板电脑。Preferably, the terminals include smart phones, e-book readers, MP3 players, MP4 players and tablet computers.

优选的，所述唯一特征信息包括：终端的设备身份标识号码和/或产品序列号和/或移动设备国际身份码和/或绑定终端的用户身份证号。Preferably, the unique characteristic information includes: the device identification number and/or product serial number of the terminal and/or the international identity code of the mobile device and/or the user ID number of the bound terminal.

第二方面，本发明提供一种终端锁定时获取RSA密钥授权的装置，包括：存储器、RSA授权功能模块以及数据处理模块；In the second aspect, the present invention provides a device for obtaining RSA key authorization when the terminal is locked, including: a memory, an RSA authorization function module, and a data processing module;

所述存储器用于存储导入终端的第一加密数据以及加密前的原始数据；所述数据处理模块分别连接所述存储器和所述RSA授权功能模块，用于将所述第一加密数据与所述原始数据进行匹配，并根据匹配结果输出相应的RSA授权控制指令；所述RSA授权功能模块用于根据收到的RSA授权控制指令决定是否对终端进行RSA密钥授权；The memory is used to store the first encrypted data imported into the terminal and the original data before encryption; the data processing module is respectively connected to the memory and the RSA authorization function module for combining the first encrypted data with the The original data is matched, and a corresponding RSA authorization control instruction is output according to the matching result; the RSA authorization function module is used to determine whether to perform RSA key authorization on the terminal according to the received RSA authorization control instruction;

优选的，所述数据处理模块包括：加解密转换模块以及数据匹配模块；Preferably, the data processing module includes: an encryption and decryption conversion module and a data matching module;

所述加解密转换模块连接所述存储器，用于解密所述第一加密数据，获取解密数据信息；所述数据匹配模块连接所述加解密转换模块，用于将所述解密数据信息与所述原始数据进行比较，并根据比较结果输出相应的RSA授权控制指令；The encryption and decryption conversion module is connected to the memory, and is used to decrypt the first encrypted data and obtain decrypted data information; the data matching module is connected to the encryption and decryption conversion module, and is used to combine the decrypted data information with the The original data is compared, and the corresponding RSA authorization control instruction is output according to the comparison result;

所述将所述解密数据信息与所述原始数据进行比较，并根据比较结果输出相应的RSA授权控制指令，具体包括：Said comparing said decrypted data information with said original data, and outputting a corresponding RSA authorization control instruction according to the comparison result, specifically includes:

所述数据匹配模块获取所述解密数据信息与所述原始数据；The data matching module acquires the decrypted data information and the original data;

若相同，则输出同意对终端进行RSA密钥授权的RSA授权控制指令；If they are the same, output an RSA authorization control command that agrees to authorize the RSA key to the terminal;

否则，则输出拒绝对终端进行RSA密钥授权的RSA授权控制指令。Otherwise, output an RSA authorization control instruction that refuses to authorize the RSA key to the terminal.

所述加解密转换模块连接所述存储器，用于对所述原始数据进行加密，生成第二加密数据；所述数据匹配模块连接所述加解密转换模块，用于将所述第二加密数据与所述第一加密数据进行比较，并根据比较结果输出相应的RSA授权控制指令；The encryption and decryption conversion module is connected to the memory, and is used to encrypt the original data to generate second encrypted data; the data matching module is connected to the encryption and decryption conversion module, and is used to compare the second encrypted data with the The first encrypted data is compared, and a corresponding RSA authorization control instruction is output according to the comparison result;

所述数据匹配模块获取所述第二加密数据与所述第一加密数据；The data matching module acquires the second encrypted data and the first encrypted data;

所述数据匹配模块将所述第二加密数据与所述第一加密数据进行比较，判断两者是否相同；The data matching module compares the second encrypted data with the first encrypted data to determine whether they are the same;

否则，则输出拒绝对终端进行RSA密钥授权的RSA授权控制指令；Otherwise, output an RSA authorization control instruction that refuses to authorize the RSA key to the terminal;

其中，生成所述第二加密数据和生成所述第一加密数据采用的数据加密的方式或算法相同。Wherein, the data encryption method or algorithm used to generate the second encrypted data is the same as that used to generate the first encrypted data.

优选的，所述根据所述RSA授权控制指令决定是否对终端进行RSA密钥授权；具体包括：Preferably, according to the RSA authorization control instruction, it is determined whether to perform RSA key authorization on the terminal; specifically includes:

若所述RSA授权功能模块收到同意对终端进行RSA密钥授权的RSA授权控制指令，则对终端进行RSA密钥授权；If the RSA authorization function module receives an RSA authorization control instruction agreeing to authorize the RSA key to the terminal, then authorize the terminal with the RSA key;

若所述RSA授权功能模块收到拒绝对终端进行RSA密钥授权的RSA授权控制指令，则不对终端进行RSA密钥授权。If the RSA authorization function module receives an RSA authorization control instruction refusing to authorize the RSA key to the terminal, it does not authorize the RSA key to the terminal.

优选的，所述装置还包括：通信连接模块，用于与服务器建立通信连接；Preferably, the device further includes: a communication connection module, configured to establish a communication connection with the server;

所述通信连接模块包括通信接口和通信连接管理模块；所述与服务器建立通信连接，具体包括：The communication connection module includes a communication interface and a communication connection management module; the establishment of a communication connection with the server specifically includes:

通过数据线连接所述通信接口与服务器的USB接口，建立数据通信的物理连接；Connect the communication interface and the USB interface of the server through a data line to establish a physical connection for data communication;

所述通信连接管理模块检测终端的USB调试功能是否已经开启；The communication connection management module detects whether the USB debugging function of the terminal has been opened;

若是，终端与服务器建立初步的数据通信，从服务器导入所述第一加密数据；If so, the terminal establishes preliminary data communication with the server, and imports the first encrypted data from the server;

否则，所述通信连接管理模块发出通信连接异常提示信息，提示用户终端未开启USB调试功能，无法连接服务器；继续检测终端的USB调试功能是否已经开启。Otherwise, the communication connection management module sends a communication connection abnormality prompt message, prompting the user terminal not to enable the USB debugging function, and unable to connect to the server; continue to detect whether the USB debugging function of the terminal has been turned on.

优选的，所述装置还包括指令输入界面以及控制指令处理模块；所述通信连接管理模块连接所述控制指令处理模块，所述控制指令处理模块连接所述指令输入界面；Preferably, the device further includes an instruction input interface and a control instruction processing module; the communication connection management module is connected to the control instruction processing module, and the control instruction processing module is connected to the instruction input interface;

当终端锁定且终端的USB调试功能未开启时，若检测到所述指令输入界面输入开启终端的USB调试功能的控制指令，立即开启终端的USB调试功能，具体包括：When the terminal is locked and the USB debugging function of the terminal is not enabled, if it is detected that the command input interface inputs a control command to enable the USB debugging function of the terminal, immediately enable the USB debugging function of the terminal, specifically including:

所述控制指令处理模块检测并判断所述指令输入界面输入的控制指令与预先设置的开启USB调试功能的控制指令是否相同；若相同，所述控制指令处理模块控制开启终端的USB调试功能；The control instruction processing module detects and judges whether the control instruction input by the instruction input interface is the same as the preset control instruction for enabling the USB debugging function; if they are the same, the control instruction processing module controls to enable the USB debugging function of the terminal;

其中，所述指令输入界面用于提供用户一输入开启USB调试功能的控制指令的操作界面。Wherein, the instruction input interface is used to provide an operation interface for the user to input a control instruction for enabling the USB debugging function.

优选的，所述指令输入界面包括终端锁定时可开启的号码拨号盘或紧急拨号盘。Preferably, the command input interface includes a number dial or an emergency dial that can be opened when the terminal is locked.

第三方面，本发明提供一种终端锁定时获取RSA密钥授权的系统，包括终端和服务器；In the third aspect, the present invention provides a system for obtaining RSA key authorization when the terminal is locked, including a terminal and a server;

所述终端包括：存储器、RSA授权功能模块以及数据处理模块；The terminal includes: a memory, an RSA authorization function module and a data processing module;

其中，所述原始数据为终端的唯一特征信息，所述第一加密数据为服务器对获取的终端的唯一特征信息进行加密后获得的数据。Wherein, the original data is the unique characteristic information of the terminal, and the first encrypted data is the data obtained after the server encrypts the acquired unique characteristic information of the terminal.

优选的，所述服务器包括：加密模块、信息存储模块以及特征信息输入界面；Preferably, the server includes: an encryption module, an information storage module, and a characteristic information input interface;

信息存储模块用于存储获取的终端的唯一特征信息以及所述第一加密数据；特征信息输入界面用于提供填充终端的唯一特征信息的输入界面；加密模块用于对填充的终端的唯一特征信息进行数据加密，生成第一加密数据。The information storage module is used to store the acquired unique characteristic information of the terminal and the first encrypted data; the characteristic information input interface is used to provide an input interface for filling the unique characteristic information of the terminal; the encryption module is used to store the unique characteristic information of the filled terminal Data encryption is performed to generate first encrypted data.

所述加解密转换模块连接所述存储器，用于对所述原始数据进行加密，获取第二加密数据；所述数据匹配模块连接所述加解密转换模块，用于将所述第二加密数据与所述第一加密数据进行比较，并根据比较结果输出相应的RSA授权控制指令；The encryption and decryption conversion module is connected to the memory, and is used to encrypt the original data to obtain second encrypted data; the data matching module is connected to the encryption and decryption conversion module, and is used to compare the second encrypted data with the The first encrypted data is compared, and a corresponding RSA authorization control instruction is output according to the comparison result;

优选的，所述根据所述RSA授权控制指令决定是否对终端进行RSA密钥授权；具体包括：Preferably, determining whether to perform RSA key authorization on the terminal according to the RSA authorization control instruction; specifically includes:

优选的，所述服务器还包括USB接口；所述终端还包括通信连接模块；Preferably, the server also includes a USB interface; the terminal also includes a communication connection module;

所述通信连接模块包括通信接口和通信连接管理模块，用于与服务器建立通信连接，具体包括：The communication connection module includes a communication interface and a communication connection management module for establishing a communication connection with the server, specifically including:

通过数据线连接所述通信接口与所述USB接口，建立数据通信的物理连接；Connecting the communication interface and the USB interface through a data line to establish a physical connection for data communication;

优选的，所述终端还包括指令输入界面以及控制指令处理模块；所述通信连接管理模块连接所述控制指令处理模块，所述控制指令处理模块连接所述指令输入界面；Preferably, the terminal further includes an instruction input interface and a control instruction processing module; the communication connection management module is connected to the control instruction processing module, and the control instruction processing module is connected to the instruction input interface;

所述控制指令处理模块检测并判断所述指令输入界面输入的控制指令与预先设置的开启USB调试功能的控制指令是否相同；若相同，所述控制指令处理模块控制开启终端的USB调试功能。The control instruction processing module detects and judges whether the control instruction input by the instruction input interface is the same as the preset control instruction for enabling the USB debugging function; if they are the same, the control instruction processing module controls to enable the USB debugging function of the terminal.

优选的，所述填充终端的唯一特征信息，具体包括：Preferably, the unique characteristic information of the filling terminal specifically includes:

终端与服务器建立初步的数据通信后，服务器往终端发送带有验证码的信息获取指令；After the terminal establishes preliminary data communication with the server, the server sends an information acquisition instruction with a verification code to the terminal;

终端接收到所述信息获取指令，对验证码进行验证；The terminal receives the information acquisition instruction, and verifies the verification code;

验证通过后，从所述存储器中获取终端的唯一特征信息并发送至服务器；After passing the verification, obtain the unique characteristic information of the terminal from the memory and send it to the server;

服务器接收到终端的唯一特征信息，自动填充至所述特征信息输入界面。The server receives the unique feature information of the terminal, and automatically fills in the feature information input interface.

在所述指令输入界面输入获取终端的唯一特征信息的控制指令；Inputting a control instruction for acquiring unique characteristic information of the terminal on the instruction input interface;

所述控制指令处理模块检测并判断在所述指令输入界面输入的控制指令与预先设置的唯一特征信息获取指令是否相同；若相同，所述指令输入界面从所述存储器中读取终端的唯一特征信息，并在所述指令输入界面中显示终端的唯一特征信息。The control command processing module detects and judges whether the control command input on the command input interface is the same as the preset unique feature information acquisition command; if they are the same, the command input interface reads the unique feature information of the terminal from the memory information, and display the unique characteristic information of the terminal on the instruction input interface.

将显示的终端的唯一特征信息手动填充至所述特征信息输入界面。Manually fill the displayed unique characteristic information of the terminal into the characteristic information input interface.

优选的，所述终端包括智能手机、电子书阅读器、MP3播放器、MP4播放器以及平板电脑。Preferably, the terminal includes a smart phone, an e-book reader, an MP3 player, an MP4 player and a tablet computer.

优选的，所述终端的唯一特征信息包括：终端的设备身份标识号码和/或产品序列号和/或移动设备国际身份码和/或绑定终端的用户身份证号。Preferably, the unique characteristic information of the terminal includes: the device identification number and/or product serial number of the terminal and/or the international identity code of the mobile device and/or the user ID number of the bound terminal.

优选的，所述终端还包括解锁界面，用于提供指令输入界面开启键，通过触发所述指令输入界面开启键开启所述指令输入界面。Preferably, the terminal further includes an unlocking interface for providing an instruction input interface opening key, and the instruction input interface is opened by triggering the instruction input interface opening key.

本发明的有益效果：终端从服务器获取服务器根据终端的唯一特征信息生成的第一加密数据，由于终端与服务器的数据加解密采用的是相同算法，保证了数据安全，使采用非本算法的其他服务器或终端无法获取本终端的数据信息，同时，在两者均采用本算法时，可以使终端在锁定而无法弹出RSA授权窗口时，通过匹配终端和服务器的数据信息，使终端在无需解除锁定的情形下也可以自动进行RSA授权，建立起ADB连接，然后通过ADB连接进行导出数据或清除终端锁定密码，而无需进行刷机或其他复杂的方式解锁，使用更方便，满足了用户的需求。Beneficial effects of the present invention: the terminal obtains from the server the first encrypted data generated by the server according to the unique characteristic information of the terminal, and since the data encryption and decryption of the terminal and the server use the same algorithm, the data security is guaranteed, and other encrypted data not using this algorithm can be encrypted. The server or the terminal cannot obtain the data information of the terminal. At the same time, when both of them adopt this algorithm, when the terminal is locked and cannot pop up the RSA authorization window, by matching the data information of the terminal and the server, the terminal does not need to be unlocked. Under certain circumstances, it can also automatically perform RSA authorization, establish an ADB connection, and then export data or clear the terminal lock password through the ADB connection, without flashing or other complicated ways to unlock, which is more convenient to use and meets the needs of users.

附图说明Description of drawings

图1为第一实施例的终端在屏幕锁定时的获取RSA密钥授权的方法流程图。Fig. 1 is a flow chart of a method for obtaining RSA key authorization when a terminal is locked on a screen according to a first embodiment.

图2为第一实施例的判断第一加密数据和终端的唯一特征信息是否匹配的方法流程图。Fig. 2 is a flow chart of the method for judging whether the first encrypted data matches the unique feature information of the terminal according to the first embodiment.

图3为第二实施例的终端在屏幕锁定时的获取RSA密钥授权的方法流程图。Fig. 3 is a flow chart of a method for acquiring RSA key authorization when the terminal screen is locked according to the second embodiment.

图4为第三实施例的终端在屏幕锁定时的获取RSA密钥授权的方法流程图。Fig. 4 is a flow chart of a method for acquiring RSA key authorization when the terminal screen is locked according to the third embodiment.

图5为第三实施例的锁屏状态下开启终端的USB调试功能的方法流程图。FIG. 5 is a flowchart of a method for enabling a USB debugging function of a terminal in a screen-locked state according to a third embodiment.

图6为第四实施例的服务器生成第一加密数据的第一种方法流程图。Fig. 6 is a flowchart of a first method for generating first encrypted data by a server according to a fourth embodiment.

图7为第四实施例的服务器生成第一加密数据的第二种方法流程图。Fig. 7 is a flowchart of a second method for generating first encrypted data by the server in the fourth embodiment.

图8为第五实施例的锁屏状态下获取RSA密钥授权的系统流程图。FIG. 8 is a flowchart of a system for acquiring RSA key authorization in a locked screen state according to the fifth embodiment.

图中：10、服务器；11、处理器；12、信息存储模块；13、加密模块；14、特征信息输入界面；15、USB接口；20、终端；21、通信连接模块；22、存储器；23、数据处理模块；24、控制指令处理模块；25、RSA授权功能模块；26、指令输入界面；27、解锁界面；211、通信接口；212、通信连接管理模块；231、加解密转换模块；232、数据匹配模块。In the figure: 10, server; 11, processor; 12, information storage module; 13, encryption module; 14, characteristic information input interface; 15, USB interface; 20, terminal; 21, communication connection module; 22, memory; 23 . Data processing module; 24. Control command processing module; 25. RSA authorization function module; 26. Command input interface; 27. Unlocking interface; 211. Communication interface; 212. Communication connection management module; 231. Encryption and decryption conversion module; , Data matching module.

具体实施方式Detailed ways

下面结合附图并通过具体实施例来进一步说明本发明的技术方案。可以理解的是，此处所描述的具体实施例仅用于解释本发明，而非对本发明的限定。另外还需要说明的是，为了便于描述，附图中仅示出了与本发明相关的部分而非全部内容。The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and through specific embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, but not to limit the present invention. In addition, it should be noted that, for the convenience of description, only parts related to the present invention are shown in the drawings but not all content.

下面结合附图并通过具体实施例来进一步说明本发明的技术方案。The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and through specific embodiments.

本发明的实施例中，终端20的唯一特征信息包括设备ID(Identification，身份标识号码)、SN(Serial Number，产品序列号)、IMEI(International Mobile EquipmentIdentification Number，移动设备国际身份码)、绑定终端20的用户身份证号等特征信息中的一种或多种，该唯一特征信息用于标示和识别终端20，即，终端20和唯一特征信息是一一对应的，唯一特征信息对应唯一的终端20，不存在混淆和重复的情况。In the embodiment of the present invention, the unique feature information of terminal 20 includes equipment ID (Identification, identity identification number), SN (Serial Number, product serial number), IMEI (International Mobile Equipment Identification Number, mobile equipment international identity code), binding One or more of the characteristic information such as the user ID number of the terminal 20, the unique characteristic information is used to identify and identify the terminal 20, that is, the terminal 20 and the unique characteristic information are in one-to-one correspondence, and the unique characteristic information corresponds to the unique Terminal 20, there is no confusion and repetition.

本发明的实施例中，终端20为具备数据处理功能的智能终端20，包括具备RSA密钥授权功能的系统的智能手机、电子书阅读器、MP3(Moving Picture Experts Group AudioLayer III，动态影像专家压缩标准音频层面3)播放器、MP4(Moving Picture ExpertsGroup Audio Layer IV，动态影像专家压缩标准音频层面4)播放器、个人电脑、平板电脑等。In the embodiment of the present invention, the terminal 20 is an intelligent terminal 20 with a data processing function, including a smart phone, an e-book reader, and an MP3 (Moving Picture Experts Group AudioLayer III, moving picture expert compression Standard audio layer 3) player, MP4 (Moving Picture ExpertsGroup Audio Layer IV, moving picture experts compressed standard audio layer 4) player, personal computer, tablet computer, etc.

本发明的实施例中，终端20的锁定是一种利用设置密码来对终端20的使用进行安全限制、个人信息加锁保密等安全防护的功能。表现形式可以有多种，如锁屏禁止用户操作等方式，终端20需要解锁时，需要输入指定的解锁密码，如固定的解锁手势或数字密码等。In the embodiment of the present invention, the locking of the terminal 20 is a security protection function such as setting a password to restrict the use of the terminal 20, and locking and keeping personal information confidential. There may be various forms of expression, such as locking the screen to prohibit user operations, etc. When the terminal 20 needs to be unlocked, it needs to input a specified unlock password, such as a fixed unlock gesture or a digital password.

其中，RSA为一种加密算法，是1977年由Ron Rivest、Adi Shamir和LeonardAdleman三人一起提出的，RSA就是他们三人姓氏开头字母拼在一起组成的。RSA是第一个能同时用于加密和数字签名的算法，也易于理解和操作。Among them, RSA is an encryption algorithm, which was proposed by Ron Rivest, Adi Shamir and Leonard Adleman in 1977. RSA is composed of the initial letters of their surnames. RSA is the first algorithm that can be used for encryption and digital signature at the same time, and it is also easy to understand and operate.

需要说明的是，不同的终端20可使用不同操作界面，如指令输入界面26的表现形式可能有所区别；键入指令所采用的手段有所区别，如可以为通过触摸屏的触控键入指令，也可以为通过键盘键入指令；对于本领域普通技术人员来说，其原理是相同或相近的，均属于本发明的保护范围。It should be noted that different terminals 20 can use different operation interfaces. For example, the expression forms of the command input interface 26 may be different; It may be to key in instructions through a keyboard; for those skilled in the art, the principles are the same or similar, and all belong to the protection scope of the present invention.

实施例一：Embodiment one:

当终端20处于未锁定状态时，此时终端20和服务器10之间连接时，RSA授权窗口可以正常显示，用户可正常操作进行RSA密钥授权，从而正常建立ADB连接，终端20和服务器10之间可进行正常的数据交互。When the terminal 20 is in an unlocked state, when the terminal 20 is connected to the server 10, the RSA authorization window can be displayed normally, and the user can operate normally to perform RSA key authorization, thereby establishing an ADB connection normally. Normal data interaction can be carried out between.

但是当终端20处于锁定状态时，终端20和服务器10连接时，RSA授权窗口是被屏蔽的，使服务器10无法获取终端20的数据，以起到保护用户数据或隐私的目的，需要先解锁才能对RSA授权窗口进行相关操作，以获取RSA授权。但是，若用户自己忘记终端20的解锁密码而无法解锁，可通过采用本实施例提供一种终端20在锁定时的获取RSA密钥授权的方法，使终端20在屏幕锁定时能实现获取RSA密钥授权，以获取终端20的数据或实现终端20的锁屏密码的消除等操作。However, when the terminal 20 is in the locked state, when the terminal 20 is connected to the server 10, the RSA authorization window is blocked, so that the server 10 cannot obtain the data of the terminal 20, in order to protect user data or privacy, it needs to be unlocked first. Perform related operations on the RSA authorization window to obtain RSA authorization. However, if the user forgets the unlock password of the terminal 20 and cannot unlock it, this embodiment can provide a method for obtaining RSA key authorization when the terminal 20 is locked, so that the terminal 20 can obtain the RSA key when the screen is locked. key authorization, to obtain the data of the terminal 20 or realize operations such as erasing the lock screen password of the terminal 20.

请参考图1，图1为第一实施例的终端20在屏幕锁定时的获取RSA密钥授权的方法流程图。该方法包括：Please refer to FIG. 1 . FIG. 1 is a flowchart of a method for obtaining RSA key authorization when the terminal 20 is locked on the screen according to the first embodiment. The method includes:

步骤S110、终端20与服务器10建立通信连接。Step S110 , the terminal 20 establishes a communication connection with the server 10 .

实现终端20和服务器10的通信连接的方式可以有多种，最常见的为有线连接和无线连接。无线连接包括蓝牙、NFC(Near Field Communication,近场通信)等。本实施例采用有线连接方式，通过数据线连接到服务器10，数据线采用的是USB数据线，通过数据线分别连接终端20和服务器10的USB接口，实现通信连接及数据通信。There are many ways to realize the communication connection between the terminal 20 and the server 10, and the most common ones are wired connection and wireless connection. Wireless connections include Bluetooth, NFC (Near Field Communication, near field communication) and the like. This embodiment adopts the wired connection mode, connects to the server 10 through the data line, what the data line adopts is the USB data line, connects the USB interface of the terminal 20 and the server 10 respectively through the data line, realizes communication connection and data communication.

步骤S120、输入获取第一加密数据的控制指令。Step S120, inputting a control instruction for acquiring the first encrypted data.

终端20与服务器10建立通信连接时，终端20的屏幕会自动进入解锁界面27，若此时终端20处于省电状态未进入解锁界面27，也可通过电源键、HOME键等按钮触发使终端20进入解锁界面27。When the terminal 20 establishes a communication connection with the server 10, the screen of the terminal 20 will automatically enter the unlocking interface 27. If the terminal 20 is in a power saving state and does not enter the unlocking interface 27, the terminal 20 can also be triggered by buttons such as a power button and a HOME button. Enter the unlocking interface 27.

若终端20进入解锁界面27，通过触控设置于解锁界面27的指令输入界面开启键，调出终端20的指令输入界面26。指令输入界面开启键的触控方式的设置可以有多种，如点击指令输入界面开启键即可开启指令输入界面26，拖动指令输入界面开启键的图标开启指令输入界面26等。If the terminal 20 enters the unlocking interface 27 , the command input interface 26 of the terminal 20 is called out by touching the command input interface start key provided on the unlocking interface 27 . The setting of the touch mode of the command input interface opening key can be various, such as clicking the command input interface opening key to open the command input interface 26, dragging the icon of the command input interface opening key to open the command input interface 26, etc.

指令输入界面26打开后，即可在指令输入界面26输入相关的控制指令。输入获取第一加密数据的控制指令，如预先设定的获取第一加密数据的控制指令为“*#67766776001#”，终端20检测到控制指令输入无误后，终端20开始从服务器10导入第一加密数据。After the command input interface 26 is opened, relevant control commands can be input on the command input interface 26 . Input the control instruction for obtaining the first encrypted data. For example, the preset control instruction for obtaining the first encrypted data is "*#67766776001#". After the terminal 20 detects that the control instruction is entered correctly, the terminal 20 starts to import the first Encrypt data.

步骤S130、从服务器10获取第一加密数据。Step S130 , obtaining first encrypted data from the server 10 .

终端20和服务器10未建立ADB连接前，服务器10无法从终端20获取用户的数据，终端20亦无法从服务器10获取数据，本实施例中，设定终端20和服务器10未建立ADB连接前建立特定的消息通道，通过特定的控制指令控制终端20与服务器10传输特定的数据，如终端20的唯一特征信息、服务器10的第一加密数据等。Before the terminal 20 and the server 10 establish an ADB connection, the server 10 cannot obtain user data from the terminal 20, and the terminal 20 cannot obtain data from the server 10. In this embodiment, it is set that the terminal 20 and the server 10 establish an ADB connection before A specific message channel controls the terminal 20 to transmit specific data with the server 10 through a specific control command, such as the unique characteristic information of the terminal 20, the first encrypted data of the server 10, and the like.

具体的，步骤S120中，若终端20检测到获取第一加密数据的控制指令输入无误，终端20发送第一加密数据的请求消息至服务器10，服务器10验证通过后，终端20开始从服务器10导入第一加密数据。Specifically, in step S120, if the terminal 20 detects that the input of the control command for obtaining the first encrypted data is correct, the terminal 20 sends a request message for the first encrypted data to the server 10, and after the server 10 passes the verification, the terminal 20 starts to import from the server 10. First encrypt the data.

步骤S140、判断第一加密数据和终端20的唯一特征信息是否匹配。Step S140, judging whether the first encrypted data matches the unique feature information of the terminal 20.

在第一加密数据导入到终端20后，终端20的数据处理模块23从本地的存储器22中读取终端20的唯一特征信息，并将第一加密数据和唯一特征信息进行匹配。After the first encrypted data is imported into the terminal 20, the data processing module 23 of the terminal 20 reads the unique feature information of the terminal 20 from the local memory 22, and matches the first encrypted data with the unique feature information.

请参考图2，图2为第一实施例的判断第一加密数据和终端20的唯一特征信息是否匹配的方法流程图。Please refer to FIG. 2 . FIG. 2 is a flowchart of a method for judging whether the first encrypted data matches the unique feature information of the terminal 20 according to the first embodiment.

步骤S140具体包括：Step S140 specifically includes:

S141、加解密转换模块231对第一加密数据进行解密，获取解密数据信息。S141. The encryption/decryption conversion module 231 decrypts the first encrypted data to obtain decrypted data information.

加解密转换模块231的解密方法和服务器10的加密方法对应，或两者采用的算法是相同的。The decryption method of the encryption/decryption conversion module 231 corresponds to the encryption method of the server 10, or the algorithms adopted by both are the same.

S142、将解密数据信息与终端20的唯一特征信息进行比较，判断两者是否相同。S142. Compare the decrypted data information with the unique characteristic information of the terminal 20, and determine whether the two are the same.

第一加密数据是服务器10根据终端20的唯一特征信息进行加密生成的，加解密转换模块231对第一加密数据进行解密后获得的解密数据信息应与终端20的唯一特征信息相同。The first encrypted data is generated by the server 10 according to the unique characteristic information of the terminal 20 .

S143、若相同，则表明第一加密数据与终端20的唯一特征信息匹配；进入步骤S150。S143. If they are the same, it means that the first encrypted data matches the unique feature information of the terminal 20; go to step S150.

S144、否则，表明第一加密数据与终端20的唯一特征信息不匹配；进入步骤S160。S144. Otherwise, it indicates that the first encrypted data does not match the unique feature information of the terminal 20; go to step S160.

加解密转换模块231和服务器10的加密模块13的加密或解密采用的算法或方式相同。即，针对一原始数据，经服务器10的加密模块13加密后传送到终端20上，终端20的加解密转换模块231经过解密后可获取此原始数据。若获取的原始数据有误或不同，表明终端20和服务器10不匹配。采用这种数据加解密的方式进行数据通讯可防止数据泄露的风险。The encryption and decryption conversion module 231 and the encryption module 13 of the server 10 adopt the same algorithm or method for encryption or decryption. That is, for an original data, it is encrypted by the encryption module 13 of the server 10 and transmitted to the terminal 20, and the encryption/decryption conversion module 231 of the terminal 20 can obtain the original data after decryption. If the acquired original data is wrong or different, it indicates that the terminal 20 and the server 10 do not match. Using this data encryption and decryption method for data communication can prevent the risk of data leakage.

步骤S150、若匹配，对终端20进行RSA密钥授权。Step S150 , if they match, perform RSA key authorization on the terminal 20 .

数据加密的算法或方式有很多，厂商一般都会有自己独特的数据加密方法。若第一加密数据和终端20的唯一特征信息匹配，表明服务器10为对应于终端20的售后服务设备，发送同意对终端20进行RSA密钥授权的RSA授权控制指令，对终端20进行RSA密钥授权。There are many algorithms or methods for data encryption, and manufacturers generally have their own unique data encryption methods. If the first encrypted data matches the unique characteristic information of the terminal 20, it indicates that the server 10 is an after-sales service equipment corresponding to the terminal 20, and sends an RSA authorization control instruction agreeing to perform RSA key authorization on the terminal 20, and performs RSA key authorization on the terminal 20. authorized.

步骤S160、若不匹配，则不对终端20进行RSA密钥授权。Step S160 , if they do not match, do not perform RSA key authorization on the terminal 20 .

若第一加密数据和终端20的唯一特征信息不匹配，说明服务器10为不对应于终端20的售后服务设备或唯一特征信息获取有误等异常原因，终端20认定当前情况为异常情况，不对终端20进行RSA密钥授权。If the first encrypted data does not match the unique characteristic information of the terminal 20, it means that the server 10 is an after-sales service device that does not correspond to the terminal 20 or the unique characteristic information is obtained incorrectly, etc. 20 Perform RSA key authorization.

本实施例中，同一类型的终端20对应相同的服务器10，服务器10为对应于终端20的售后服务设备，售后服务设备一般为官方的，不存在故意泄露用户隐私的情况，于是采用本实施例的方法只有在相应的终端20和服务器10之间才能生效，不会导致客户信息外泄，在用户自己忘记密码的情况下，无需通过刷机或其他复杂的手动进行密码清除等操作，可极大减轻了售后人员的工作量，大大节省了时间。In this embodiment, the same type of terminal 20 corresponds to the same server 10, and the server 10 is the after-sales service equipment corresponding to the terminal 20. The after-sales service equipment is generally official, and there is no intentional disclosure of user privacy, so this embodiment is adopted The method can only take effect between the corresponding terminal 20 and the server 10, and will not cause the leakage of customer information. In the case that the user forgets the password, there is no need to clear the password through flashing or other complicated manual operations, which can greatly improve the user experience. It reduces the workload of after-sales personnel and greatly saves time.

对于上述步骤，可以理解的是，其中，步骤S120是可省去的步骤，即终端20与服务器10建立通信连接后，可设置自动发送获取第一加密数据的控制信号，而无需收到输入获取指令，从服务器获取第一加密数据。For the above steps, it can be understood that, among them, step S120 is a step that can be omitted, that is, after the terminal 20 establishes a communication connection with the server 10, it can be set to automatically send a control signal to obtain the first encrypted data without receiving an input to obtain An instruction to obtain the first encrypted data from the server.

实施例二：Embodiment two:

请参考图3，图3为第二实施例的终端20在屏幕锁定时的获取RSA密钥授权的方法流程图。该方法包括：Please refer to FIG. 3 . FIG. 3 is a flowchart of a method for obtaining RSA key authorization when the terminal 20 is locked on the screen according to the second embodiment. The method includes:

实现终端20和服务器10的通信连接的方式可以有多种，最常见的为有线连接和无线连接。无线连接包括蓝牙、NFC(Near Field Communication,近场通信)等。本实施例采用的是有线连接方式，使用的是通过数据线连接到服务器10，数据线采用的是USB数据线，通过数据线分别连接终端20和服务器10的USB接口15，实现通信连接和数据通信。There are many ways to realize the communication connection between the terminal 20 and the server 10, and the most common ones are wired connection and wireless connection. Wireless connections include Bluetooth, NFC (Near Field Communication, near field communication) and the like. What this embodiment adopts is the wired connection mode, what use is to connect to server 10 by data wire, what data wire adopts is USB data wire, connect terminal 20 and USB interface 15 of server 10 respectively by data wire, realize communication connection and data communication.

步骤S140具体包括：Step S140 specifically includes:

S145、加解密转换模块231将终端20的唯一特征信息进行加密，生成第二加密数据。S145. The encryption/decryption conversion module 231 encrypts the unique feature information of the terminal 20 to generate second encrypted data.

加解密转换模块231的加密方法和服务器10的加密方法相同，或两者采用的算法是相同的。The encryption method of the encryption/decryption conversion module 231 is the same as that of the server 10, or the algorithms adopted by both are the same.

S146、将第二加密数据与第一加密数据进行比较，判断两者是否相同。S146. Compare the second encrypted data with the first encrypted data, and determine whether they are the same.

第一加密数据和第二加密数据都是采样相同算法的加密方式，若两者采用的未加密前的原始数据是相同的，第一加密数据和第二加密数据也应相同。若两者采用的未加密前的原始数据是不相同的，第一加密数据和第二加密数据也应不相同。Both the first encrypted data and the second encrypted data are encrypted by sampling the same algorithm. If the unencrypted original data used by both are the same, the first encrypted data and the second encrypted data should also be the same. If the unencrypted original data used by the two are different, the first encrypted data and the second encrypted data should also be different.

S147、若相同，则第一加密数据与终端20的唯一特征信息匹配；进入步骤S150。S147. If they are the same, match the first encrypted data with the unique feature information of the terminal 20; go to step S150.

S148、否则，加密数据与终端20的唯一特征信息不匹配；进入步骤S160。S148. Otherwise, the encrypted data does not match the unique feature information of the terminal 20; go to step S160.

其中，服务器10和终端20采用的加密数据的方式相同。Wherein, the methods of encrypting data adopted by the server 10 and the terminal 20 are the same.

若第一加密数据和终端20的唯一特征信息匹配，说明服务器10为对应于终端20的售后服务设备，终端20发送同意授权的RSA授权控制指令，对终端20进行RSA密钥授权。If the first encrypted data matches the unique characteristic information of the terminal 20, it means that the server 10 is an after-sales service device corresponding to the terminal 20, and the terminal 20 sends an RSA authorization control command agreeing to authorize, and authorizes the terminal 20 with an RSA key.

步骤S160、若不匹配，不对终端20进行RSA密钥授权。Step S160 , if they do not match, do not perform RSA key authorization on the terminal 20 .

实施例三：Embodiment three:

在第一实施例和第二实施例中，如果终端20未开启USB功能调试功能，终端20和服务器10无法建立USB的通信连接，不能建立特定的消息通道，无法传输如终端20的唯一特征信息、服务器10的第一加密数据等数据。因此，在终端20处于锁定状态，而USB功能调试功能未开启时，需要能够在锁定状态时开启USB功能调试功能的方法。In the first embodiment and the second embodiment, if the terminal 20 does not enable the USB function debugging function, the terminal 20 and the server 10 cannot establish a USB communication connection, cannot establish a specific message channel, and cannot transmit unique characteristic information such as the terminal 20 , the first encrypted data of the server 10 and other data. Therefore, when the terminal 20 is in the locked state and the USB function debugging function is not enabled, a method capable of enabling the USB function debugging function in the locked state is required.

请参考图4，图4第三实施例的终端20在屏幕锁定时的获取RSA密钥授权的方法流程图。Please refer to FIG. 4 , which is a flowchart of a method for obtaining RSA key authorization when the terminal 20 is locked on the screen according to the third embodiment of FIG. 4 .

终端20通过数据线连接到服务器10，数据线采用的是USB数据线，通过数据线分别连接终端20和服务器10的USB接口15，实现通信连接和数据通信。The terminal 20 is connected to the server 10 through a data line, and the data line is a USB data line, and the terminal 20 and the USB interface 15 of the server 10 are respectively connected through the data line to realize communication connection and data communication.

步骤S110具体包括：Step S110 specifically includes:

步骤S111、终端20通过数据线连接至服务器10的USB接口15。Step S111 , the terminal 20 is connected to the USB interface 15 of the server 10 through a data cable.

步骤S112、数据线连接成功，检测终端20的USB调试功能是否开启，若开启，进入步骤S113；否则，终端20和服务器10建立数据通信失败，进入步骤S114。Step S112 , the data cable is connected successfully, and it is detected whether the USB debugging function of the terminal 20 is enabled, and if enabled, proceed to step S113 ; otherwise, the establishment of data communication between the terminal 20 and the server 10 fails, and proceed to step S114 .

步骤S113、终端20和服务器10初步建立数据通信，进入步骤S120。In step S113, the terminal 20 and the server 10 initially establish data communication, and proceed to step S120.

若终端20的USB调试功能开启，终端20和服务器10初步建立数据通信后，可根据预先设定一些特定的指令相互传输特定的消息和数据，如第一加密数据的请求消息、终端20的唯一特征信息、第一加密数据等。If the USB debugging function of the terminal 20 is turned on, after the terminal 20 and the server 10 initially establish data communication, they can transmit specific messages and data to each other according to some specific instructions preset in advance, such as the request message of the first encrypted data, the unique Feature information, first encrypted data, etc.

步骤S114、发出USB连接异常提示信息，返回步骤S112。Step S114, sending out a USB connection abnormal prompt message, and returning to step S112.

若终端20的USB调试功能未开启，终端20和服务器10无法建立数据通信，终端20和服务器10不能进行信息交互，终端20会发出USB连接异常提示信息，该USB连接异常提示信息可在解锁界面27或屏幕中显示以提示用户USB调试功能未开启，同时返回步骤S112，继续检测终端20的USB调试功能是否开启。If the USB debugging function of the terminal 20 is not turned on, the terminal 20 and the server 10 cannot establish data communication, and the terminal 20 and the server 10 cannot perform information interaction, the terminal 20 will send a USB connection abnormal prompt message, and the USB connection abnormal prompt message can be found on the unlock interface 27 or displayed on the screen to remind the user that the USB debugging function is not enabled, and at the same time return to step S112, and continue to detect whether the USB debugging function of the terminal 20 is enabled.

步骤S120、输入获取第一加密数据的控制指令。具体包括：Step S120, inputting a control instruction for acquiring the first encrypted data. Specifically include:

步骤S121、打开终端20的指令输入界面26。Step S121 , open the instruction input interface 26 of the terminal 20 .

终端20与服务器10建立通信连接时，终端20的屏幕会自动进入解锁界面27。若此时终端20处于省电状态未进入解锁界面27，也可通过电源键、HOME键等按钮触发使终端20进入解锁界面27。When the terminal 20 establishes a communication connection with the server 10 , the screen of the terminal 20 will automatically enter the unlocking interface 27 . If the terminal 20 is in the power-saving state and does not enter the unlocking interface 27 at this time, the terminal 20 can also be triggered to enter the unlocking interface 27 through buttons such as a power button and a HOME button.

若终端20进入解锁界面27，通过触控设置于解锁界面27的指令输入界面开启键，调出终端20的指令输入界面26。指令输入界面开启键的触控方式的设置可以有多种，如点击指令输入界面开启键即可开启指令输入界面26、拖动指令输入界面开启键的图标开启指令输入界面26等。If the terminal 20 enters the unlocking interface 27 , the command input interface 26 of the terminal 20 is called out by touching the command input interface start key provided on the unlocking interface 27 . The setting of the touch mode of the command input interface opening key can be various, such as clicking the command input interface opening key to open the command input interface 26, dragging the icon of the command input interface opening key to open the command input interface 26, etc.

步骤S122、输入获取第一加密数据的控制指令。Step S122, inputting a control instruction for acquiring the first encrypted data.

指令输入界面26打开后，即可在指令输入界面26输入相关的控制指令。若此时在指令输入界面26输入获取第一加密数据的控制指令，终端20的控制指令处理模块确认输入无误后，终端20会往服务器10发出第一加密数据的请求消息，获取第一加密数据。After the command input interface 26 is opened, relevant control commands can be input on the command input interface 26 . If a control command for obtaining the first encrypted data is input on the command input interface 26 at this time, after the control command processing module of the terminal 20 confirms that the input is correct, the terminal 20 will send a request message for the first encrypted data to the server 10 to obtain the first encrypted data. .

指令输入界面26根据不同的硬件环境表现形式可不同，如采用带有外设键盘的终端20，进入指令输入界面26后，可允许用户使用键盘键入相关指令；若采用不带外设键盘的触摸屏的终端20，指令输入界面26附带触控键盘允许在触摸屏上通过触控输入相关指令。The command input interface 26 can be expressed in different forms according to different hardware environments. For example, if a terminal 20 with a peripheral keyboard is used, after entering the command input interface 26, the user can be allowed to use the keyboard to key in relevant commands; if a touch screen without a peripheral keyboard is adopted, In the terminal 20, the instruction input interface 26 is equipped with a touch keyboard to allow relevant instructions to be input through touch on the touch screen.

其中，指令输入界面26附带的触控键盘为号码拨号盘或紧急拨号盘。Wherein, the touch keyboard attached to the command input interface 26 is a number dial or an emergency dial.

步骤S123、从服务器10导入第一加密数据。Step S123 , importing the first encrypted data from the server 10 .

服务器10收到第一加密数据的请求消息，验证通过后，从信息存储模块12中获取第一加密数据，并将该数据导入终端10。After receiving the request message of the first encrypted data, the server 10 obtains the first encrypted data from the information storage module 12 and imports the data into the terminal 10 after passing the verification.

终端20和服务器10未建立ADB连接前，服务器10无法从终端20获取用户数据，本实施例中，可设定终端20和服务器10未建立ADB连接前建立特定的消息通道，使终端20和服务器10连接但未建立ADB连接前能传输特定的数据，如终端20的唯一特征信息、服务器10的第一加密数据等。Before the terminal 20 and the server 10 establish an ADB connection, the server 10 cannot obtain user data from the terminal 20. In this embodiment, the terminal 20 and the server 10 can be set to establish a specific message channel before the ADB connection is established, so that the terminal 20 and the server 10 is connected but specific data can be transmitted before the ADB connection is established, such as the unique characteristic information of the terminal 20, the first encrypted data of the server 10, and the like.

终端20从服务器10导入第一加密数据，第一加密数据导入成功后将该数据存储于本地的存储器22。The terminal 20 imports the first encrypted data from the server 10, and stores the data in the local memory 22 after the first encrypted data is successfully imported.

在第一加密数据导入到终端20后，终端20的数据处理模块23从本地的存储器22中读取终端20的唯一特征信息，判断第一加密数据和终端20的唯一特征信息是否匹配。After the first encrypted data is imported into the terminal 20, the data processing module 23 of the terminal 20 reads the unique characteristic information of the terminal 20 from the local memory 22, and judges whether the first encrypted data matches the unique characteristic information of the terminal 20.

若第一加密数据和终端20的唯一特征信息匹配，说明服务器10为对应于终端20的售后服务设备，终端20发送RSA授权控制指令，对终端20进行RSA密钥授权。If the first encrypted data matches the unique characteristic information of the terminal 20, it means that the server 10 is an after-sales service device corresponding to the terminal 20, and the terminal 20 sends an RSA authorization control command to authorize the terminal 20 with an RSA key.

若第一加密数据和终端20的唯一特征信息不匹配，说明服务器10为不对应于终端20的售后服务设备或唯一特征信息获取有误等，终端20认定当前情况为异常情况，不对终端20进行RSA密钥授权，起到保护用户数据的目的。If the first encrypted data does not match the unique characteristic information of the terminal 20, it means that the server 10 is an after-sales service device that does not correspond to the terminal 20 or the acquisition of the unique characteristic information is wrong. RSA key authorization serves the purpose of protecting user data.

步骤S114中，由于未开启终端20的USB调试功能，终端20和服务器10连接失败，此时若要开启终端20的USB调试功能，可进行如下方法实现。In step S114, because the USB debugging function of the terminal 20 is not enabled, the connection between the terminal 20 and the server 10 fails. At this time, if the USB debugging function of the terminal 20 is to be enabled, the following method can be implemented.

步骤S114也可以替换为：自动开启终端的USB调试功能。无需人为再去开启。Step S114 may also be replaced by: automatically enabling the USB debugging function of the terminal. No need to turn it on manually.

请参考图5，图5为第三实施例的锁屏状态下开启终端20的USB调试功能的方法流程图。Please refer to FIG. 5 , which is a flow chart of a method for enabling the USB debugging function of the terminal 20 in a locked screen state according to a third embodiment.

步骤S210、打开终端20的指令输入界面26。Step S210, open the instruction input interface 26 of the terminal 20.

操作步骤类似步骤S121，若终端20锁定时，终端20的USB调试功能未开启，在解锁界面27下打开终端20的指令输入界面26。The operation steps are similar to step S121. If the terminal 20 is locked and the USB debugging function of the terminal 20 is not enabled, open the command input interface 26 of the terminal 20 under the unlock interface 27 .

步骤S220、在指令输入界面26输入开启USB调试功能的控制指令。Step S220 , input a control command to enable the USB debugging function on the command input interface 26 .

在指令输入界面26输入开启USB调试功能的控制指令，该控制指令可通过预先设定，如：设定该控制指令为“*#66776676”。Input a control command to enable the USB debugging function on the command input interface 26, and the control command can be preset, for example, set the control command to "*#66776676".

步骤S230、开启USB调试功能。Step S230, enabling the USB debugging function.

终端20检测到指令输入界面26输入的指令是否和预先设置的开启USB调试功能的控制指令一致，如一致，立即开启USB调试功能。The terminal 20 detects whether the command input by the command input interface 26 is consistent with the preset control command for enabling the USB debugging function, and if so, immediately enables the USB debugging function.

实施例四：Embodiment four:

请参考图6，图6为第四实施例的服务器10生成第一加密数据的第一种方法流程图。该方法包括：Please refer to FIG. 6 , which is a flow chart of a first method for generating first encrypted data by the server 10 of the fourth embodiment. The method includes:

步骤S300、服务器10与终端20建立通信连接。Step S300 , the server 10 establishes a communication connection with the terminal 20 .

步骤S301、服务器10往终端20发送带有验证码的特征信息获取指令。Step S301 , the server 10 sends to the terminal 20 a feature information acquisition instruction with a verification code.

服务器10往终端20发送带有验证码的特征信息获取指令，终端20接收到该特征信息获取指令，对该指令附带的验证码进行验证；验证通过后往服务器10发送终端20的唯一特征信息；验证不通过后则不往服务器10发送终端20的唯一特征信息。The server 10 sends a characteristic information acquisition instruction with a verification code to the terminal 20, and the terminal 20 receives the characteristic information acquisition instruction, and verifies the verification code attached to the instruction; after the verification is passed, the unique characteristic information of the terminal 20 is sent to the server 10; If the verification fails, the unique feature information of the terminal 20 will not be sent to the server 10 .

步骤S302、服务器10接收到终端20的唯一特征信息，自动填充特征信息输入界面14。Step S302 , the server 10 receives the unique characteristic information of the terminal 20 and automatically fills the characteristic information input interface 14 .

步骤S303、启动加密模块13的加密功能，对填充于特征信息输入界面14的终端20的唯一特征信息进行数据加密，生成第一加密数据。Step S303, start the encryption function of the encryption module 13, perform data encryption on the unique characteristic information of the terminal 20 filled in the characteristic information input interface 14, and generate first encrypted data.

请参考图7，图7为第四实施例的服务器10生成第一加密数据的第二种方法流程图。该方法包括：Please refer to FIG. 7 , which is a flowchart of a second method for generating first encrypted data by the server 10 in the fourth embodiment. The method includes:

步骤S310、打开终端20的指令输入界面26。Step S310, open the instruction input interface 26 of the terminal 20.

步骤S311、在指令输入界面26输入特征信息获取指令。Step S311 , input a characteristic information acquisition instruction on the instruction input interface 26 .

特征信息获取指令可通过预先设定，如设定指令输入界面26输入“*#677666776001#”，终端20检测到指令输入界面26输入了如上信息，控制指令处理模块24检测输入无误后，指令输入界面26从本地的存储器22中读取终端20的唯一特征信息。The characteristic information acquisition instruction can be pre-set, such as setting the instruction input interface 26 to input "*#677666776001#", the terminal 20 detects that the above information is input on the instruction input interface 26, and the control instruction processing module 24 detects that the input is correct, and the instruction input The interface 26 reads the unique feature information of the terminal 20 from the local memory 22 .

步骤S312、终端20检测指令输入无误后，在指令输入界面26或解锁界面27上显示终端20的唯一特征信息。Step S312 , after the terminal 20 detects that the command input is correct, it displays the unique feature information of the terminal 20 on the command input interface 26 or the unlocking interface 27 .

步骤S310、S311及S312为获取终端20的唯一特征信息的方法步骤，此外，获取终端20的唯一特征信息的方式还有多种，如通过产品的包装盒等。Steps S310, S311, and S312 are method steps for obtaining the unique characteristic information of the terminal 20. In addition, there are many ways to obtain the unique characteristic information of the terminal 20, such as through the packaging box of the product.

步骤S313、在服务器10的特征信息输入界面14上，手动键入所显示的唯一特征信息。Step S313 , on the characteristic information input interface 14 of the server 10 , manually input the displayed unique characteristic information.

步骤S314、加密模块13启动数据加密的功能，对键入的唯一特征信息进行数据加密，生成第一加密数据。Step S314, the encryption module 13 activates the function of data encryption, performs data encryption on the keyed in unique feature information, and generates first encrypted data.

本实施例中，服务器10能通过手动在特征信息输入界面14输入唯一特征信息的方式，也能通过数据线从终端20获取唯一特征信息自动填充特征信息输入界面14并自动生成第一加密数据，使整个RSA密钥授权过程都能自动完成，满足用户的多样化需求。In this embodiment, the server 10 can manually input the unique characteristic information on the characteristic information input interface 14, and can also obtain the unique characteristic information from the terminal 20 through the data line to automatically fill the characteristic information input interface 14 and automatically generate the first encrypted data. The entire RSA key authorization process can be automatically completed to meet the diverse needs of users.

本实施例中，加密模块13为安装于服务器10上的一个售后服务工具软件，该软件带有人机交互界面，即本实施例中的特征信息输入界面14，在该界面中，特征信息的输入方式有两种，一种为自动填充特征信息，一种为手动输入特征信息，当完成特征信息的输入后，点击或触发该软件的加密数据生成按钮，即开始对输入的特征信息内容进行加密，生成第一加密数据。In this embodiment, the encryption module 13 is an after-sales service tool software installed on the server 10. This software has a human-computer interaction interface, that is, the feature information input interface 14 in this embodiment. In this interface, the input of feature information There are two ways, one is to automatically fill in feature information, and the other is to manually input feature information. After completing the input of feature information, click or trigger the encrypted data generation button of the software to start encrypting the input feature information. , to generate the first encrypted data.

实施例五：Embodiment five:

请参考图8，图8为第五实施例的锁屏状态下获取RSA密钥授权的系统流程图。该系统包括：带RSA授权功能的终端20以及能进行数据加密的服务器10。Please refer to FIG. 8 . FIG. 8 is a flowchart of a system for obtaining RSA key authorization in a locked screen state according to a fifth embodiment. The system includes: a terminal 20 with RSA authorization function and a server 10 capable of data encryption.

终端20包括：通信连接模块21、存储器22、数据处理模块23、控制指令处理模块24、RSA授权功能模块25、指令输入界面26以及解锁界面27。其中，数据处理模块23包括加解密转换模块231和数据匹配模块232。The terminal 20 includes: a communication connection module 21 , a memory 22 , a data processing module 23 , a control instruction processing module 24 , an RSA authorization function module 25 , an instruction input interface 26 and an unlocking interface 27 . Wherein, the data processing module 23 includes an encryption/decryption conversion module 231 and a data matching module 232 .

具体的，通信连接模块21包括通信接口211以及通信连接管理模块212，用于管理终端20与服务器10的通信连接。其中，通信接口211为USB类型的接口，与服务器10建立通信连接时，通信接口211通过数据线连接服务器10的USB接口15，用于传输数据，存储器22连接通信连接模块21，用于存储终端的唯一特征信息以及从服务器10获取的第一加密数据。加解密转换模块231采用的算法和在服务器10的加密模块13采用的算法相同，用于对数据进行加/解密。数据处理模块23用于对终端的数据进行相关处理，如判断第一加密数据与终端的唯一特征信息是否匹配、对数据进行加/解密等。控制指令处理模块24用于根据输入的信息生成相应的指令以及处理相关指令信息，输入的信息包括为指令输入界面26的键入信息，本实施例中，人机交互界面包括解锁界面27以及指令输入界面26。RSA授权功能模块25连接数据匹配模块232，用于根据数据匹配模块232发出的RSA授权控制指令确定是否对终端20进行RSA密钥授权。Specifically, the communication connection module 21 includes a communication interface 211 and a communication connection management module 212 for managing the communication connection between the terminal 20 and the server 10 . Wherein, the communication interface 211 is a USB type interface. When establishing a communication connection with the server 10, the communication interface 211 is connected to the USB interface 15 of the server 10 through a data cable for data transmission, and the memory 22 is connected to the communication connection module 21 for storing the terminal and the first encrypted data obtained from the server 10. The algorithm adopted by the encryption/decryption conversion module 231 is the same as that adopted by the encryption module 13 of the server 10, and is used for encrypting/decrypting data. The data processing module 23 is used to perform relevant processing on the data of the terminal, such as judging whether the first encrypted data matches the unique characteristic information of the terminal, encrypting/decrypting the data, and so on. The control instruction processing module 24 is used to generate corresponding instructions and process related instruction information according to the input information. The input information includes input information for the instruction input interface 26. In this embodiment, the human-computer interaction interface includes the unlocking interface 27 and the instruction input interface. interface26. The RSA authorization function module 25 is connected to the data matching module 232 for determining whether to perform RSA key authorization on the terminal 20 according to the RSA authorization control instruction issued by the data matching module 232 .

具体的，指令输入界面26包括终端20锁定时可开启的号码拨号盘或紧急拨号盘，该号码拨号盘或紧急拨号盘提供输入按钮，用于提供用户输入启动加解密转换模块231的控制指令。解锁界面27包括指令输入界面开启键，通过触发该指令输入界面开启键开启指令输入界面26。Specifically, the command input interface 26 includes a number dial or an emergency dial that can be opened when the terminal 20 is locked. The number dial or the emergency dial provides input buttons for providing the user with a control command for starting the encryption and decryption conversion module 231 . The unlocking interface 27 includes an instruction input interface opening key, and the instruction input interface 26 is opened by triggering the instruction input interface opening key.

具体的，加解密转换模块231用于解密第一加密数据，获取解密数据信息。数据匹配模块232用于判断第一加密数据与终端20的唯一特征信息是否匹配。其中，判断第一加密数据与终端20的唯一特征信息是否匹配的方法具体包括：Specifically, the encryption/decryption conversion module 231 is used to decrypt the first encrypted data and obtain decrypted data information. The data matching module 232 is used for judging whether the first encrypted data matches the unique feature information of the terminal 20 . Wherein, the method for judging whether the first encrypted data matches the unique feature information of the terminal 20 specifically includes:

数据匹配模块232将解密数据信息与终端20的唯一特征信息进行比较，判断两者是否相同；若相同，则表明所述第一加密数据与终端20的唯一特征信息匹配；否则，表明所述第一加密数据与终端20的唯一特征信息不匹配。The data matching module 232 compares the decrypted data information with the unique characteristic information of the terminal 20, and judges whether the two are the same; if they are the same, it indicates that the first encrypted data matches the unique characteristic information of the terminal 20; An encrypted data does not match the unique characteristic information of the terminal 20 .

具体的，加解密转换模块231连接终端20的存储器22，能从终端20的存储器22中读取终端20的唯一特征信息；加解密转换模块231还可用于对唯一特征信息进行数据加密，生成第二加密数据。数据匹配模块232判断所述第一加密数据与终端的唯一特征信息是否匹配，还包括：Specifically, the encryption and decryption conversion module 231 is connected to the memory 22 of the terminal 20, and can read the unique feature information of the terminal 20 from the memory 22 of the terminal 20; the encryption and decryption conversion module 231 can also be used to encrypt the unique feature information to generate the first Two encrypted data. The data matching module 232 judges whether the first encrypted data matches the unique characteristic information of the terminal, and further includes:

数据匹配模块232将第二加密数据与第一加密数据进行比较，判断两者是否相同；若相同，则表明所述第一加密数据与终端20的唯一特征信息匹配；否则，表明所述第一加密数据与终端20的唯一特征信息不匹配。The data matching module 232 compares the second encrypted data with the first encrypted data, and judges whether the two are identical; if identical, it indicates that the first encrypted data matches the unique feature information of the terminal 20; otherwise, it indicates that the first encrypted data The encrypted data does not match the unique characteristic information of the terminal 20 .

具体的，通信连接模块21包括通信接口211和通信连接管理模块212。通信接口211通过数据线连接服务器10的USB接口15，用于与服务器10建立通信连接。通信连接管理模块212用于管理终端20与服务器10的通信连接；具体包括：Specifically, the communication connection module 21 includes a communication interface 211 and a communication connection management module 212 . The communication interface 211 is connected to the USB interface 15 of the server 10 through a data cable, and is used to establish a communication connection with the server 10 . The communication connection management module 212 is used for managing the communication connection between the terminal 20 and the server 10; specifically includes:

通信连接管理模块212检测终端20的USB调试功能是否已经开启；若是，终端20与服务器10建立通信连接；否则，终端20发出通信连接异常提示信息，提示用户终端20未开启USB调试功能，无法连接服务器10；继续检测终端20的USB调试功能是否已经开启。The communication connection management module 212 detects whether the USB debugging function of the terminal 20 has been opened; if so, the terminal 20 establishes a communication connection with the server 10; otherwise, the terminal 20 sends a communication connection abnormal prompt message, prompting the user terminal 20 to not open the USB debugging function and cannot connect The server 10; continue to detect whether the USB debugging function of the terminal 20 has been turned on.

其中，RSA授权功能模块25得到数据匹配模块232发出的同意对终端20进行RSA密钥授权的RSA授权控制指令后，才进行RSA密钥授权。Wherein, the RSA authorization function module 25 performs RSA key authorization only after receiving an RSA authorization control instruction from the data matching module 232 agreeing to perform RSA key authorization on the terminal 20 .

具体的，控制指令处理模块24用于当收到开启终端20的USB调试功能的控制指令时，开启终端20的USB调试功能。Specifically, the control instruction processing module 24 is configured to enable the USB debugging function of the terminal 20 when receiving a control instruction for enabling the USB debugging function of the terminal 20 .

具体的，服务器10包括：处理器11、信息存储模块12、加密模块13、特征信息输入界面14以及USB接口15。Specifically, the server 10 includes: a processor 11 , an information storage module 12 , an encryption module 13 , a characteristic information input interface 14 and a USB interface 15 .

其中，信息存储模块12用于存储终端20的唯一特征信息以及服务器10生成的第一加密数据；特征信息输入界面14用于提供输入终端20的唯一特征信息的输入界面；加密模块13用于对在特征信息输入界面14输入的信息进行数据加密，生成第一加密数据。Wherein, the information storage module 12 is used for storing the unique feature information of the terminal 20 and the first encrypted data generated by the server 10; the feature information input interface 14 is used to provide an input interface for inputting the unique feature information of the terminal 20; the encryption module 13 is used for The information input on the feature information input interface 14 is encrypted to generate first encrypted data.

特征信息输入界面14提供两种输入信息的方式。The characteristic information input interface 14 provides two ways of inputting information.

第一种方式具体为：The first method is specifically:

服务器10往终端20发送带有验证码的信息获取指令；终端20接收到该信息获取指令，对验证码进行验证；验证通过后，终端20往服务器10发送终端20的唯一特征信息；服务器10接收到终端20的唯一特征信息，自动填充至加密模块13的特征信息输入界面14。The server 10 sends an information acquisition instruction with a verification code to the terminal 20; the terminal 20 receives the information acquisition instruction, and verifies the verification code; after the verification is passed, the terminal 20 sends the unique characteristic information of the terminal 20 to the server 10; the server 10 receives The unique feature information to the terminal 20 is automatically filled into the feature information input interface 14 of the encryption module 13 .

第二种方式具体为：The second method is specifically:

从终端20的指令输入界面26获取终端20的唯一特征信息；将终端20的唯一特征信息填充至特征信息输入界面14。Obtain the unique feature information of the terminal 20 from the instruction input interface 26 of the terminal 20 ; fill the unique feature information of the terminal 20 into the feature information input interface 14 .

从终端20的指令输入界面26获取终端20的唯一特征信息，具体包括：打开终端20的指令输入界面26；在指令输入界面26输入唯一特征信息获取指令；终端20收到该唯一特征信息获取指令后，在指令输入界面26显示终端的唯一特征信息。Obtaining the unique characteristic information of the terminal 20 from the instruction input interface 26 of the terminal 20 specifically includes: opening the instruction input interface 26 of the terminal 20; inputting a unique characteristic information acquisition instruction on the instruction input interface 26; terminal 20 receiving the unique characteristic information acquisition instruction Afterwards, the unique characteristic information of the terminal is displayed on the instruction input interface 26 .

本实施例的人机交互界面，可以由具有触摸屏的智能终端提供，该触摸屏包括电阻式触摸屏和电容式触摸屏。The human-computer interaction interface in this embodiment may be provided by an intelligent terminal with a touch screen, and the touch screen includes a resistive touch screen and a capacitive touch screen.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成，也可以通过程序来指令相关的硬件完成，该程序可以存储于一可读存储介质中，存储介质可以包括存储器、磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a readable storage medium, and the storage medium can include a memory. , disk or CD, etc.

以上所述仅为本发明的较佳实施例，并不用以限制本发明，凡在本发明的精神和原则之内，所作的任何修改、等同替换、改进等，均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims

1. A method for obtaining RSA key authorization when a terminal is locked, is characterized in that, comprising:

Obtain the first encrypted data imported into the terminal;

Obtain the original data before encryption;

matching the first encrypted data with the original data;

If the match is successful, RSA key authorization is performed on the terminal;

If the matching fails, the RSA key authorization will not be performed on the terminal;

Wherein, the original data is the unique characteristic information of the terminal, the first encrypted data is data generated by the server after encrypting the acquired unique characteristic information of the terminal, and the terminal is in a locked state;

Matching the first encrypted data with the original data specifically includes:

The terminal performs data encryption on the original data to generate second encrypted data;

comparing the second encrypted data with the first encrypted data to determine whether they are the same;

If they are the same, the match is successful;

Otherwise, the match fails;

Wherein, the data encryption method or algorithm adopted for generating the second encrypted data is the same as that used for generating the first encrypted data.

2. The method according to claim 1, wherein the step: matching the first encrypted data with the original data, specifically comprises:

Decrypt the first encrypted data to obtain decrypted data information;

Comparing the decrypted data information with the original data to determine whether they are the same;

If they are the same, the match is successful;

Otherwise, the match fails.

3. The method according to claim 1 or 2, wherein, before acquiring the first encrypted data imported into the terminal, further comprising: establishing a communication connection with a server;

The establishment of a communication connection with the server specifically includes:

The terminal establishes a physical connection for communication with the server through a data line;

Detect whether the USB debugging function of the terminal is enabled;

If so, establish initial data communication with the server, and import the first encrypted data from the server;

Otherwise, a communication connection abnormality prompt message is sent to remind the user that the USB debugging function is not enabled on the terminal and cannot connect to the server; continue to detect whether the USB debugging function of the terminal has been turned on.

4. The method according to claim 3, further comprising: when the terminal is locked and the USB debugging function of the terminal is not enabled, if it is detected that the command input interface of the terminal inputs a control command to enable the USB debugging function of the terminal, Immediately enable the USB debugging function of the terminal, including:

Open the command input interface of the terminal;

Detecting whether the command input interface has a control command input to enable the USB debugging function; if so, enabling the USB debugging function of the terminal.

5. The method according to claim 1, wherein the terminals include smart phones, e-book readers, MP3 players, MP4 players and tablet computers.

6. The method according to claim 1, wherein the unique characteristic information includes: the device identification number and/or product serial number of the terminal and/or the international identity code of the mobile device and/or the user bound to the terminal identity number.

7. A device for obtaining RSA key authorization when a terminal is locked, comprising: a memory, an RSA authorization function module and a data processing module;

The memory is used to store the first encrypted data imported into the terminal and the original data before encryption; the data processing module is respectively connected to the memory and the RSA authorization function module for combining the first encrypted data with the The original data is matched, and a corresponding RSA authorization control instruction is output according to the matching result; the RSA authorization function module is used to determine whether to perform RSA key authorization on the terminal according to the received RSA authorization control instruction;

The data processing module includes: an encryption and decryption conversion module and a data matching module;

The encryption and decryption conversion module is connected to the memory, and is used to encrypt the original data to generate second encrypted data; the data matching module is connected to the encryption and decryption conversion module, and is used to compare the second encrypted data with the The first encrypted data is compared, and a corresponding RSA authorization control instruction is output according to the comparison result;

Said comparing said decrypted data information with said original data, and outputting a corresponding RSA authorization control instruction according to the comparison result, specifically includes:

The data matching module acquires the second encrypted data and the first encrypted data;

The data matching module compares the second encrypted data with the first encrypted data to determine whether they are the same;

If they are the same, output an RSA authorization control command that agrees to authorize the RSA key to the terminal;

Otherwise, output an RSA authorization control instruction that refuses to authorize the RSA key to the terminal;

Wherein, the data encryption method or algorithm used to generate the second encrypted data is the same as that used to generate the first encrypted data.

8. The device according to claim 7, wherein the data processing module comprises: an encryption and decryption conversion module and a data matching module;

The encryption and decryption conversion module is connected to the memory, and is used to decrypt the first encrypted data and obtain decrypted data information; the data matching module is connected to the encryption and decryption conversion module, and is used to combine the decrypted data information with the The original data is compared, and the corresponding RSA authorization control instruction is output according to the comparison result;

The data matching module acquires the decrypted data information and the original data;

Otherwise, output an RSA authorization control instruction that refuses to authorize the RSA key to the terminal.

9. The device according to claim 7 or 8, wherein the determining whether to perform RSA key authorization on the terminal according to the RSA authorization control instruction; specifically includes:

If the RSA authorization function module receives an RSA authorization control instruction agreeing to authorize the RSA key to the terminal, then authorize the terminal with the RSA key;

If the RSA authorization function module receives an RSA authorization control instruction refusing to authorize the RSA key to the terminal, it does not authorize the RSA key to the terminal.

10. The device according to claim 9, further comprising: a communication connection module, configured to establish a communication connection with the server;

The communication connection module includes a communication interface and a communication connection management module; the establishment of a communication connection with the server specifically includes:

Connect the communication interface and the USB interface of the server through a data line to establish a physical connection for data communication;

The communication connection management module detects whether the USB debugging function of the terminal has been opened;

If so, the terminal establishes preliminary data communication with the server, and imports the first encrypted data from the server;

Otherwise, the communication connection management module sends a communication connection abnormality prompt message, prompting the user terminal not to enable the USB debugging function, and unable to connect to the server; continue to detect whether the USB debugging function of the terminal has been turned on.

11. The device according to claim 10, further comprising an instruction input interface and a control instruction processing module; the communication connection management module is connected to the control instruction processing module, and the control instruction processing module is connected to the instruction input interface;

When the terminal is locked and the USB debugging function of the terminal is not enabled, if it is detected that the command input interface inputs a control command to enable the USB debugging function of the terminal, immediately enable the USB debugging function of the terminal, specifically including:

Open the command input interface of the terminal;

The control instruction processing module detects and judges whether the control instruction input by the instruction input interface is the same as the preset control instruction for enabling the USB debugging function; if they are the same, the control instruction processing module controls to enable the USB debugging function of the terminal;

Wherein, the instruction input interface is used to provide an operation interface for the user to input a control instruction for enabling the USB debugging function.

12. The device according to claim 7, wherein the terminal comprises a smart phone, an e-book reader, an MP3 player, an MP4 player, and a tablet computer.

13. The device according to claim 7, wherein the unique characteristic information includes: the device identification number and/or product serial number of the terminal and/or the international identity code of the mobile device and/or the user bound to the terminal identity number.

14. The device according to claim 11, wherein the command input interface includes a number dial or an emergency dial that can be opened when the terminal is locked.

15. A system for obtaining RSA key authorization when a terminal is locked, characterized in that it includes a terminal and a server;

The terminal includes: a memory, an RSA authorization function module and a data processing module;

Wherein, the original data is the unique characteristic information of the terminal, the first encrypted data is the data obtained after the server encrypts the acquired unique characteristic information of the terminal, and the terminal is in a locked state;

The encryption and decryption conversion module is connected to the memory, and is used to encrypt the original data to obtain second encrypted data; the data matching module is connected to the encryption and decryption conversion module, and is used to compare the second encrypted data with the The first encrypted data is compared, and a corresponding RSA authorization control instruction is output according to the comparison result;

16. The system according to claim 15, wherein the server comprises: an encryption module, an information storage module, and a characteristic information input interface;

The information storage module is used to store the acquired unique characteristic information of the terminal and the first encrypted data; the characteristic information input interface is used to provide an input interface for filling the unique characteristic information of the terminal; the encryption module is used to store the unique characteristic information of the filled terminal Data encryption is performed to generate first encrypted data.

17. The system according to claim 16, wherein the data processing module comprises: an encryption/decryption conversion module and a data matching module;

18. The system according to claim 17, characterized in that, the said RSA authorization control instruction determines whether to perform RSA key authorization on the terminal; specifically comprising:

19. The system according to claim 18, wherein the server further comprises a USB interface; the terminal further comprises a communication connection module;

The communication connection module includes a communication interface and a communication connection management module for establishing a communication connection with the server, specifically including:

Connecting the communication interface and the USB interface through a data line to establish a physical connection for data communication;

20. The system according to claim 19, wherein the terminal further comprises an instruction input interface and a control instruction processing module; the communication connection management module is connected to the control instruction processing module, and the control instruction processing module is connected to The command input interface;

Open the command input interface of the terminal;

The control instruction processing module detects and judges whether the control instruction input by the instruction input interface is the same as the preset control instruction for enabling the USB debugging function; if they are the same, the control instruction processing module controls to enable the USB debugging function of the terminal.

21. The system according to claim 20, wherein the filling of the unique characteristic information of the terminal specifically includes:

After the terminal establishes preliminary data communication with the server, the server sends an information acquisition instruction with a verification code to the terminal;

The terminal receives the information acquisition instruction, and verifies the verification code;

After passing the verification, obtain the unique characteristic information of the terminal from the memory and send it to the server;

The server receives the unique feature information of the terminal, and automatically fills in the feature information input interface.

22. The system according to claim 20, wherein the filling of the unique characteristic information of the terminal specifically includes:

Open the command input interface of the terminal;

Inputting a control instruction for acquiring unique characteristic information of the terminal on the instruction input interface;

The control command processing module detects and judges whether the control command input on the command input interface is the same as the preset unique feature information acquisition command; if they are the same, the command input interface reads the unique feature information of the terminal from the memory information, and display the unique characteristic information of the terminal in the instruction input interface;

Manually fill the displayed unique characteristic information of the terminal into the characteristic information input interface.

23. The system according to claim 15, wherein the terminal comprises a smart phone, an e-book reader, an MP3 player, an MP4 player, and a tablet computer.

24. The system according to claim 15, wherein the unique characteristic information of the terminal includes: the device identification number and/or product serial number of the terminal and/or the international identity code of the mobile device and/or the bound terminal user ID number.

25. The system according to claim 21 or 22, wherein the terminal further comprises an unlock interface for providing an instruction input interface opening key, and the instruction input interface is opened by triggering the instruction input interface opening key.

26. The system according to claim 25, wherein the command input interface includes a number dial or an emergency dial that can be opened when the terminal is locked.