KR20220129333A - Electronic device for managing password and operating method thereof - Google Patents

Abstract

Disclosed is an electronic device which is capable of automatically generating a password. The electronic device comprises: a processor; and a memory operatively connected to the processor and storing at least one instruction. The instructions are configured to, when executed by the processor, enable the electronic device to: identify a data generation request for an assigned field in an execution screen of an application; and generate data for the assigned field on the basis of information of the application and information input through at least one field included in the execution screen, wherein the data is generated through a node hierarchically determined by a master node of a hierarchical deterministic path, on the basis of the information of the application and the input information. Various other embodiments understood through the specification are possible.

Description

ELECTRONIC DEVICE FOR MANAGING PASSWORD AND OPERATING METHOD THEREOF

Various embodiments disclosed in this document relate to an electronic device for managing a password and an operating method thereof.

The auto-completion function may refer to a function of encrypting and storing information input by a user in an arbitrary field, and automatically inputting information by decrypting the encrypted information for the corresponding field. Due to the auto-complete function, an input time that occurs when a user directly inputs can be reduced, and an error that occurs when a user directly inputs can be reduced.

In addition, the auto-complete function may be provided for other electronic devices of the user. To this end, the service provider providing the auto-completion function may store the information input by the user in the server, and may synchronize the stored information with the other electronic device based on the user's request of the other electronic device. Thereafter, when there is a field that can be automatically input in another electronic device, the auto-complete function may decrypt information encrypted in the corresponding field and automatically input the information.

In order to provide the auto-complete function to a plurality of electronic devices of the user, the service provider may need to encrypt information input by the user and manage it in the server.

Even if the information input by the user is encrypted and managed, there may be a possibility of stealing information stored in the server. Accordingly, a method for reducing the user's confidential information in information stored in the server may be proposed.

An electronic device according to an embodiment disclosed in this document includes a processor and a memory operatively connected to the processor and storing at least one instruction, the instructions being executed by the processor, the electronic device Identifies a data generation request for a specified field of an execution screen of an application, and generates data for the specified field based on information of the application and information input through at least one field included in the execution screen and the data may be generated from the master node of the hierarchical deterministic path through the node hierarchically determined based on the information of the application and the input information.

An operation method of an electronic device according to an embodiment disclosed in this document includes an operation of identifying a data generation request for a specified field of an execution screen of an application of the electronic device, and information of the application and information included in the execution screen. and generating data for the specified field based on information input through at least one field, wherein the data is generated from the master node of the hierarchical deterministic path based on the information of the application and the input information. It can be created through hierarchically determined nodes.

The technical problems to be achieved in the various embodiments of this document are not limited to the technical problems mentioned above, and other technical problems not mentioned are clear to those of ordinary skill in the art to which the present disclosure belongs from the description below. will be able to understand

According to various embodiments disclosed in this document, only information other than the password is stored in the server, thereby reducing the possibility of stealing the password.

According to various embodiments disclosed in this document, by automatically generating a password, it is possible to reduce the user's burden on password memory.

Effects that can be obtained in various embodiments of the present disclosure are not limited to the above-mentioned effects, and other effects not mentioned are clearly to those of ordinary skill in the art to which the present disclosure belongs from the description below. can be understood

1 is a block diagram of an electronic device in a network environment according to various embodiments of the present disclosure.
2 is a diagram illustrating an operating environment of an electronic device according to an embodiment of the present disclosure.
3 is a diagram illustrating an execution screen of an application according to an embodiment of the present disclosure.
4 is a diagram illustrating a hierarchical deterministic path according to an embodiment of the present disclosure.
5 is a diagram illustrating an execution screen of an application according to an embodiment of the present disclosure.
6 is a flowchart illustrating a password input operation of an electronic device according to an embodiment of the present disclosure.
7 is a flowchart illustrating a backup operation of an electronic device according to an embodiment of the present disclosure.
In connection with the description of the drawings, the same or similar reference numerals may be used for the same or similar components.

1 is a block diagram of an electronic device 101 in a network environment 100 according to various embodiments of the present disclosure. Referring to FIG. 1 , in a network environment 100 , an electronic device 101 communicates with an electronic device 102 through a first network 198 (eg, a short-range wireless communication network) or a second network 199 . It may communicate with at least one of the electronic device 104 and the server 108 through (eg, a long-distance wireless communication network). According to an embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108 . According to an embodiment, the electronic device 101 includes a processor 120 , a memory 130 , an input module 150 , a sound output module 155 , a display module 160 , an audio module 170 , and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or an antenna module 197 . In some embodiments, at least one of these components (eg, the connection terminal 178 ) may be omitted or one or more other components may be added to the electronic device 101 . In some embodiments, some of these components (eg, sensor module 176 , camera module 180 , or antenna module 197 ) are integrated into one component (eg, display module 160 ). can be

The processor 120, for example, executes software (eg, a program 140) to execute at least one other component (eg, a hardware or software component) of the electronic device 101 connected to the processor 120. It can control and perform various data processing or operations. According to an embodiment, as at least part of data processing or operation, the processor 120 stores a command or data received from another component (eg, the sensor module 176 or the communication module 190 ) into the volatile memory 132 . may be stored in , process commands or data stored in the volatile memory 132 , and store the result data in the non-volatile memory 134 . According to an embodiment, the processor 120 is a main processor 121 (eg, a central processing unit or an application processor) or a secondary processor 123 (eg, a graphic processing unit, a neural network processing unit) a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor). For example, when the electronic device 101 includes the main processor 121 and the sub-processor 123 , the sub-processor 123 uses less power than the main processor 121 or is set to be specialized for a specified function. can The auxiliary processor 123 may be implemented separately from or as a part of the main processor 121 .

The secondary processor 123 may, for example, act on behalf of the main processor 121 while the main processor 121 is in an inactive (eg, sleep) state, or when the main processor 121 is active (eg, executing an application). ), together with the main processor 121, at least one of the components of the electronic device 101 (eg, the display module 160, the sensor module 176, or the communication module 190) It is possible to control at least some of the related functions or states. According to an embodiment, the auxiliary processor 123 (eg, image signal processor or communication processor) may be implemented as a part of another functionally related component (eg, camera module 180 or communication module 190). have. According to an embodiment, the auxiliary processor 123 (eg, a neural network processing device) may include a hardware structure specialized for processing an artificial intelligence model. Artificial intelligence models can be created through machine learning. Such learning may be performed, for example, in the electronic device 101 itself on which the artificial intelligence model is performed, or may be performed through a separate server (eg, the server 108). The learning algorithm may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but in the above example not limited The artificial intelligence model may include a plurality of artificial neural network layers. Artificial neural networks include deep neural networks (DNNs), convolutional neural networks (CNNs), recurrent neural networks (RNNs), restricted boltzmann machines (RBMs), deep belief networks (DBNs), bidirectional recurrent deep neural networks (BRDNNs), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the above example. The artificial intelligence model may include, in addition to, or alternatively, a software structure in addition to the hardware structure.

The memory 130 may store various data used by at least one component (eg, the processor 120 or the sensor module 176 ) of the electronic device 101 . The data may include, for example, input data or output data for software (eg, the program 140 ) and instructions related thereto. The memory 130 may include a volatile memory 132 or a non-volatile memory 134 .

The program 140 may be stored as software in the memory 130 , and may include, for example, an operating system 142 , middleware 144 , or an application 146 .

The input module 150 may receive a command or data to be used by a component (eg, the processor 120 ) of the electronic device 101 from the outside (eg, a user) of the electronic device 101 . The input module 150 may include, for example, a microphone, a mouse, a keyboard, a key (eg, a button), or a digital pen (eg, a stylus pen).

The sound output module 155 may output a sound signal to the outside of the electronic device 101 . The sound output module 155 may include, for example, a speaker or a receiver. The speaker can be used for general purposes such as multimedia playback or recording playback. The receiver can be used to receive incoming calls. According to an embodiment, the receiver may be implemented separately from or as a part of the speaker.

The display module 160 may visually provide information to the outside (eg, a user) of the electronic device 101 . The display module 160 may include, for example, a control circuit for controlling a display, a hologram device, or a projector and a corresponding device. According to an embodiment, the display module 160 may include a touch sensor configured to sense a touch or a pressure sensor configured to measure the intensity of a force generated by the touch.

The audio module 170 may convert a sound into an electric signal or, conversely, convert an electric signal into a sound. According to an embodiment, the audio module 170 acquires a sound through the input module 150 , or an external electronic device (eg, a sound output module 155 ) connected directly or wirelessly with the electronic device 101 . The electronic device 102) (eg, a speaker or headphones) may output a sound.

The sensor module 176 detects an operating state (eg, power or temperature) of the electronic device 101 or an external environmental state (eg, a user state), and generates an electrical signal or data value corresponding to the sensed state. can do. According to an embodiment, the sensor module 176 may include, for example, a gesture sensor, a gyro sensor, a barometric pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, a humidity sensor, or an illuminance sensor.

The interface 177 may support one or more specified protocols that may be used by the electronic device 101 to directly or wirelessly connect with an external electronic device (eg, the electronic device 102 ). According to an embodiment, the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.

The connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102 ). According to an embodiment, the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).

The haptic module 179 may convert an electrical signal into a mechanical stimulus (eg, vibration or movement) or an electrical stimulus that the user can perceive through tactile or kinesthetic sense. According to an embodiment, the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.

The camera module 180 may capture still images and moving images. According to an embodiment, the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.

The power management module 188 may manage power supplied to the electronic device 101 . According to an embodiment, the power management module 188 may be implemented as, for example, at least a part of a power management integrated circuit (PMIC).

The battery 189 may supply power to at least one component of the electronic device 101 . According to an embodiment, the battery 189 may include, for example, a non-rechargeable primary cell, a rechargeable secondary cell, or a fuel cell.

The communication module 190 is a direct (eg, wired) communication channel or a wireless communication channel between the electronic device 101 and an external electronic device (eg, the electronic device 102, the electronic device 104, or the server 108). It can support establishment and communication performance through the established communication channel. The communication module 190 may include one or more communication processors that operate independently of the processor 120 (eg, an application processor) and support direct (eg, wired) communication or wireless communication. According to an embodiment, the communication module 190 is a wireless communication module 192 (eg, a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (eg, : It may include a local area network (LAN) communication module, or a power line communication module). A corresponding communication module among these communication modules is a first network 198 (eg, a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (eg, legacy It may communicate with the external electronic device 104 through a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (eg, a telecommunication network such as a LAN or a WAN). These various types of communication modules may be integrated into one component (eg, a single chip) or may be implemented as a plurality of components (eg, multiple chips) separate from each other. The wireless communication module 192 uses subscriber information (eg, International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199 . The electronic device 101 may be identified or authenticated.

The wireless communication module 192 may support a 5G network after a 4G network and a next-generation communication technology, for example, a new radio access technology (NR). NR access technology includes high-speed transmission of high-capacity data (eMBB (enhanced mobile broadband)), minimization of terminal power and access to multiple terminals (mMTC (massive machine type communications)), or high reliability and low latency (URLLC (ultra-reliable and low-latency) -latency communications)). The wireless communication module 192 may support a high frequency band (eg, mmWave band) to achieve a high data rate, for example. The wireless communication module 192 uses various techniques for securing performance in a high-frequency band, for example, beamforming, massive multiple-input and multiple-output (MIMO), all-dimensional multiplexing. It may support technologies such as full dimensional MIMO (FD-MIMO), an array antenna, analog beam-forming, or a large scale antenna. The wireless communication module 192 may support various requirements defined in the electronic device 101 , an external electronic device (eg, the electronic device 104 ), or a network system (eg, the second network 199 ). According to an embodiment, the wireless communication module 192 includes a peak data rate (eg, 20 Gbps or more) for realizing eMBB, loss coverage (eg, 164 dB or less) for realizing mMTC, or U-plane latency for realizing URLLC ( Example: Downlink (DL) and uplink (UL) each 0.5 ms or less, or round trip 1 ms or less) can be supported.

The antenna module 197 may transmit or receive a signal or power to the outside (eg, an external electronic device). According to an embodiment, the antenna module 197 may include an antenna including a conductor formed on a substrate (eg, a PCB) or a radiator formed of a conductive pattern. According to an embodiment, the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is connected from the plurality of antennas by, for example, the communication module 190 . can be selected. A signal or power may be transmitted or received between the communication module 190 and an external electronic device through the selected at least one antenna. According to some embodiments, other components (eg, a radio frequency integrated circuit (RFIC)) other than the radiator may be additionally formed as a part of the antenna module 197 .

According to various embodiments, the antenna module 197 may form a mmWave antenna module. According to one embodiment, the mmWave antenna module comprises a printed circuit board, an RFIC disposed on or adjacent to a first side (eg, bottom side) of the printed circuit board and capable of supporting a designated high frequency band (eg, mmWave band); and a plurality of antennas (eg, an array antenna) disposed on or adjacent to a second side (eg, top or side) of the printed circuit board and capable of transmitting or receiving signals of the designated high frequency band. can do.

At least some of the components are connected to each other through a communication method between peripheral devices (eg, a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)) and signal (eg commands or data) can be exchanged with each other.

According to an embodiment, the command or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199 . Each of the external electronic devices 102 or 104 may be the same as or different from the electronic device 101 . According to an embodiment, all or part of the operations executed by the electronic device 101 may be executed by one or more external electronic devices 102 , 104 , or 108 . For example, when the electronic device 101 needs to perform a function or service automatically or in response to a request from a user or other device, the electronic device 101 may perform the function or service itself instead of executing the function or service itself. Alternatively or additionally, one or more external electronic devices may be requested to perform at least a part of the function or the service. One or more external electronic devices that have received the request may execute at least a part of the requested function or service, or an additional function or service related to the request, and transmit a result of the execution to the electronic device 101 . The electronic device 101 may process the result as it is or additionally and provide it as at least a part of a response to the request. For this purpose, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used. The electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device 104 may include an Internet of things (IoT) device. The server 108 may be an intelligent server using machine learning and/or neural networks. According to an embodiment, the external electronic device 104 or the server 108 may be included in the second network 199 . The electronic device 101 may be applied to an intelligent service (eg, smart home, smart city, smart car, or health care) based on 5G communication technology and IoT-related technology.

2 is a diagram illustrating an operating environment of the electronic device 101 according to an embodiment of the present disclosure. 3 is a diagram illustrating an execution screen 300 of an application according to an embodiment of the present disclosure. 4 is a diagram illustrating a hierarchical deterministic path 400 according to an embodiment of the present disclosure. 5 is a diagram illustrating an execution screen 500 of an application according to an embodiment of the present disclosure. Hereinafter, FIGS. 2 to 5 may be described with reference to the configurations of FIG. 1 .

In an embodiment, the electronic device 101 may operate an execution environment having a plurality of security levels to enhance security.

Referring to FIG. 2 , the electronic device 101 may include a first environment 201 and a second environment 203 . In an embodiment, the first environment 201 may be a rich execution environment (REE). In one embodiment, the second environment 203 may be a trusted execution environment (TEE). In an embodiment, the first environment 201 may be an execution environment having a first security level. In one embodiment, the second environment 203 may be an execution environment having a second security level higher than the first security level.

In an embodiment, the electronic device 101 may separate the operating system 142 into the first environment 201 and the second environment 203 to operate. For example, the second environment 203 and the first environment 201 may be separated from each other through hardware restrictions, or may operate separately from the first environment 201 by software on the same hardware. In an embodiment, a general OS (eg, a non-secure OS) may be driven in the first environment 201 , and a secure OS may be driven in the second environment 203 . In an embodiment, the secure OS is separated from the general OS, and operates based on a separate resource, and may be an environment in which unauthorized programs or applications cannot access. In this case, data used in the second environment 203 may be encrypted so that it can be decrypted only by the secure OS and stored in a resource (eg, general memory) of the first environment 201 .

In an embodiment, at least one application 211 , 213 operating in the first environment 201 sends data (or messages) to the framework 225 in the second environment 203 using the framework 221 . ) can be transmitted. In an embodiment, the framework 225 of the second environment 203 may transmit the data (or message) received from the framework 221 to the application 215 related to the data (or message). In one embodiment, the application 215 of the second environment 203 may be a trusted application (TA) running in a trusted execution environment (TEE). For example, a trusted application (TA) may include one or more applications that may perform functions such as digital rights management (DRM), security, payment, or biometric authentication. In an embodiment, the application 215 of the second environment 203 may process data (or a message) and transmit the processing result to the framework 221 through the framework 225 . For example, the application 215 of the second environment 203 processes data (or messages) requiring a second security level higher than the first security level, and sends the processing result to the framework 225 . through the framework 221 . In an embodiment, the framework 221 of the first environment 201 may transmit a processing result to at least one application 211 or 213 that has transmitted data (or a message).

In an embodiment, the application 211 operating in the first environment 201 may display the execution screen 300 on at least a partial area of the display module 160 . In an embodiment, the application 211 may identify at least one field 310 and 330 in the execution screen 300 .

In an embodiment, the application 211 provides the auto-complete function to the auto-complete framework 230 of the framework 221 based on identifying at least one field 310 , 330 in the execution screen 300 . You can request execution. In another embodiment, the application 211 is based on input of data (eg, ID) into any one of the at least one fields 310 and 330 (eg, the ID field 310), the framework 221 ) of the auto-complete framework 230 may request execution of the auto-complete function.

In one embodiment, the application 211 is a field (eg, field 330) to request automatic completion based on information (eg, hint information) of at least one of the fields 310 and 330 on the execution screen 300 . ), and may request execution of an auto-complete function from the auto-complete framework 230 for the identified field.

In an embodiment, the auto-complete framework 230 may identify whether data related to the at least one auto-completed fields 310 and 330 are stored. In one embodiment, the auto-complete framework 230 may identify whether the ID of the user associated with the ID field 310 is stored. In an embodiment, the auto-complete framework 230 may identify whether the user's password associated with the PW field 330 is stored.

In an embodiment, when data related to at least one of the fields 310 and 330 is stored, the auto-complete framework 230 converts data related to the at least one fields 310 and 330 to at least one field. It can be input to the fields 310 and 330 . For example, when the user's ID related to the ID field 310 is stored, the auto-complete framework 230 may input the user's ID into the ID field 310 . For example, the auto-complete framework 230 displays a UI (user interface) requesting selection of IDs of two or more users when two or more user IDs related to the ID field 310 are stored, Among the IDs of two or more users, an ID of a user corresponding to a user input through the UI may be input into the ID field 310 . For example, when the user's password related to the PW field 330 is stored, the auto-complete framework 230 may input the user's password into the field 330 . For example, the auto-complete framework 230 may input a password for an ID of a user corresponding to a user input through the UI among IDs of two or more users in the PW field 330 .

In an embodiment, data related to the one or more fields 310 and 330 may be stored in the second environment 203 . In an embodiment, when data related to at least one of the fields 310 , 330 is stored in the second environment 203 , the auto-complete framework 230 performs the application 215 via the framework 225 . data related to at least one of the fields 310 and 330 may be requested from the user, and data returned through the framework 225 may be input to the at least one of the fields 310 and 330 based on the request. In an embodiment, the data request includes identification information of the application 211 , identification information of the execution screen 300 , and identification information of fields 310 and 330 included in the execution screen 300 (eg, field ID). . According to an embodiment, the update count information may mean the update count of data related to a field (eg, the PW field 330 ) for which an input is requested.

In an embodiment, when data related to at least one of the fields 310 and 330 is not stored, the autocomplete framework 230 provides the at least one field to the application 215 through the framework 225 . Generation of data related to (310, 330) may be requested. In an embodiment, the data generation request includes identification information of the application 211 , identification information of the execution screen 300 , and identification information of fields 310 and 330 included in the execution screen 300 (eg, field ID, hint information), data input to the fields 310 and 330 , information on a field requiring input (eg, the PW field 330 ), or a combination thereof.

For example, when the auto-complete framework 230 requests generation of data (ie, ID) related to the ID field 310 , the data generation request includes identification information of the application 211 , the execution screen 300 . Identification information, identification information of fields 310 and 330 included in the execution screen 300, information on a field requiring input (eg, ID field 310), user identification information (eg, user's account) ID), or a combination thereof.

For example, when the auto-complete framework 230 requests generation of data (ie, password) related to the PW field 330 , the data generation request includes identification information of the application 211 , the execution screen 300 . Identification information, identification information of fields 310 and 330 included in the execution screen 300, data input to the ID field 310, information about a field requiring input (eg, PW field 330); It may include user identification information (eg, user account ID), or a combination thereof.

In an embodiment, the application 215 may generate data to be input into the one or more fields 310 and 330 based on the data generation request. For example, based on a data generation request for the ID field 310 , the application 215 may generate an ID to be input into the ID field 310 . For example, based on a data generation request for the PW field 330 , the application 215 may generate a password to be input into the PW field 330 .

In an embodiment, the application 215 may generate data (hereinafter, requested data) corresponding to the data generation request through the hierarchical deterministic path 400 . In an embodiment, the application 215 identifies a node on a hierarchy deterministic path (HD) 400 based on a request for generating data, and generates the requested data based on the identified node. have.

In one embodiment, the hierarchical deterministic path 400 may be composed of a master node 421 identified from the root seed 411 and descendant nodes identified stepwise from the master node 421 . In an embodiment, descendant nodes may be divided into one or more levels according to the number of levels included in the hierarchical deterministic path 400 . In an embodiment, the nodes 431 , 433 , and 435 may be nodes of the second level (level 2) identified from the master node 421 of the first level (level 1). In an embodiment, the nodes 441 , 443 , and 445 may be nodes of a third level (level 3) identified from the nodes 431 , 433 , and 435 of the second level (level 2). In an embodiment, the nodes 451 , 453 , and 455 may be nodes of a fourth level (level 4) identified from the nodes 441 , 443 , and 445 of the third level (level 3). In an embodiment, the nodes 461 , 463 , and 465 may be nodes of a fifth level (level 5) identified from the nodes 451 , 453 , and 455 of the fourth level (level 4). In an embodiment, when the hierarchical deterministic path 400 consists of four steps, the nodes 461 , 463 , and 465 may be omitted in the hierarchical deterministic path 400 . In another embodiment, when the hierarchical deterministic path 400 consists of six or more steps, the hierarchical deterministic path 400 may include descendants of the nodes 461 , 463 , and 465 .

In an embodiment, the master node 421 and descendant nodes of the master node 421 may include a private key, a public key, a symmetric key, or a combination thereof. In one embodiment, the symmetric key may correspond to a value identified based on the node's private key, the node's public key, or a combination thereof. In an embodiment, the symmetric key may correspond to a symmetric key derived through a Diffie-Hellman key exchange method based on the node's private key and the node's public key.

In an embodiment, the root seed 411 may be a bit string of a specified length (eg, 512 bits). In one embodiment, the root seed 411 is to be obtained through an operation 415 based on a specified number (eg, 12) of mnemonics (eg, mnemonic) 412 and/or user code 413 . can In an embodiment, the root seed 411 inputs a mnemonic (eg, mnemonic) 412 and/or user code 413 to a key stretching function (eg, password-based key derivation function version 2 (PBKDF2)). can be created by In an embodiment, the root seed 411 may be generated by inputting a hash value of the mnemonic (eg, mnemonic) 412 and/or the user code 413 into a key stretching function (eg, PBKDF2). In one embodiment, the root seed 411 is a hash algorithm (eg, hash-based message authentication code (HMAC) - secure hash (SHA) for the mnemonic (eg, mnemonic) 412 and / or user code 413 algorithm)-512) can be generated by repeating the specified number of times and inputting the result value to the key stretching function (eg PBKDF2).

In an embodiment, the mnemonic (eg, mnemonic) 412 may be identified from the random number 419 . In an embodiment, the mnemonic (eg, a mnemonic) 412 may be identified based on data obtained by adding a checksum of the random number 419 to the random number 419 . In one embodiment, the mnemonic (eg, mnemonic) 412 divides the data obtained by adding the checksum of the random number 419 to the random number 419 into a specified number (eg, 12) of bit strings, and divides the specified number (eg, : 12) can be identified by mapping an arbitrary word to each of the bit strings. For example, when each of the specified number (eg, 12) of bit strings is 11 bits, a mnemonic (eg, mnemonic) 412 may be identified based on 2048 different words. For example, when the bit string of the first 11 bits is “00000000000”, the first mnemonic (eg, mnemonic) may be “price”. For example, when the bit string of the second 11 bits is "00000000011", the second mnemonic (eg, mnemonic) may be "possible". For example, when the bit string of the third 11-bit is "11111111110", the third mnemonic (eg, mnemonic) may be "white".

In an embodiment, the user code 413 may include a character string input by the user to recover the password. In an embodiment, the user code 413 may be data obtained by adding a character string input by the user to the word “MNEMONIC”.

In an embodiment, the master node 421 may be identified by performing an operation specified in the root seed 411 . In an embodiment, the master node 421 may be identified by inputting the root seed 411 into a designated function (eg, a child key derivation function (CKD), HMAC-SHA-512).

In an embodiment, the private key of the master node 421 may be identified based on at least a part of a result of a specified operation for the root seed 411 . For example, some bit strings of a specified length among the results of a specified operation for the root seed 411 may be identified as the private key of the master node 421 . For example, among the bit strings of the specified length (eg 512 bits) according to the specified operation result for the root seed 411, the bit string of the specified length (eg 256 bits) is to be identified as the private key of the master node 421. can In an embodiment, a bit string excluding the private key among the bit strings according to the specified operation result for the root seed 411 may also be referred to as a chain code. In one embodiment, the private key and the chain code may be bit strings of the same length.

In an embodiment, the public key of the master node 421 may be identified based on the private key of the master node 421 . For example, the public key of the master node 421 may be identified by applying elliptic curve cryptography (ECC) to the private key of the master node 421 . In an embodiment, the symmetric key of the master node 421 may correspond to a symmetric key derived through the Diffie-Hellman key exchange method based on the private key of the master node 421 and the public key of the master node 421 .

In an embodiment, a child node of an arbitrary parent node may be identified based on information on the parent node and identification information on the child node. In an embodiment, a child node of an arbitrary parent node may be identified by inputting information of the parent node and identification information of the child node into a specified function (eg, CKD, HMAC-SHA-512). In an embodiment, information included in the data generation request may be used as identification information for identifying a child node (or a descendant node). For example, identification information of the application 211 , identification information of the execution screen 300 , identification information of fields 310 and 330 included in the execution screen 300 , and input to the fields 310 and 330 . Data, information on a field that requires input (eg, the PW field 330 ), or a combination thereof may be used as identification information for identifying a child node (or a descendant node).

In an embodiment, the private key of the child node may be identified based on at least a part of information on the parent node (eg, the private key of the parent node) and an operation result on the identification information of the child node. For example, some bit strings of a specified length among the operation results on the information of the parent node and the identification information of the child node may be identified as the private key of the child node.

In an embodiment, the public key of the child node may be identified based on the private key of the child node. For example, the public key of a child node may be identified by applying elliptic curve cryptography (ECC) to the child node's private key.

In an embodiment, the symmetric key of the child node may correspond to a symmetric key derived through the Diffie-Hellman key exchange method based on the private key of the child node and the public key of the child node.

For example, the private key of the node 431 is the information of the master node 421 (eg, the private key of the master node 421) and the identification information of the node 431 to a specified function (eg, CKD, HMAC-SHA) -512) can be identified by entering For example, node 431's public key may be identified by applying elliptic curve cryptography (ECC) to node 431's private key. For example, the symmetric key of the node 431 may be derived through a Diffie-Hellman key exchange scheme based on the private key of the node 431 and the public key of the node 431 .

For another example, the private key of the node 441 is the information of the node 431 (eg, the private key of the node 431 ) and the identification information of the node 441 is a specified function (eg, CKD, HMAC-SHA-) 512) can be identified. For example, the public key of node 441 may be identified by applying elliptic curve cryptography (ECC) to the private key of node 441 . For example, the symmetric key of the node 441 may be derived through a Diffie-Hellman key exchange scheme based on the private key of the node 441 and the public key of the node 441 .

In an embodiment, the application 215 may identify nodes in the hierarchical deterministic path 400 step by step using identification information included in the data generation request. In an embodiment, the application 215 identifies one node (eg, node 431 ) among the nodes 431 , 433 , and 435 of the second stage using the identification information included in the data generation request, and , identify one node (eg, node 441 ) among the child nodes 441 , 443 , 445 of the node identified in the second step (eg, node 431 ), and the node identified in the third step (eg node 441)) identifies one node (eg node 451 ) among the child nodes 451 , 453 , 455 , and is a child of the node identified in the fourth step (eg node 451 )) One node (eg, node 461 ) among the nodes 461 , 463 , and 465 may be identified.

In an embodiment, identification information required to identify a node in each step may be different. In an embodiment, according to a rule for generating the hierarchical deterministic path 400 , identification information required to identify a node in each step may be different from each other.

For example, when the application 215 manages the hierarchical deterministic path 400 in four stages, the application 215 may identify nodes in each stage based on at least three pieces of identification information.

For example, in the second step, the application 215 may identify nodes based on the identification information of the application 211 and/or the identification information of the execution screen 300 . For example, the application 215 may identify nodes based on data (ie, ID) input to the ID field 310 in the third step. For example, in the fourth step, the application 215 may identify nodes based on the number of updates and/or purpose of use.

As another example, in the second step, the application 215 may identify nodes based on the identification information of the application 211 and/or the identification information of the execution screen 300 . As another example, the application 215 may identify nodes based on the user's account ID in a third step. As another example, the application 215 may identify nodes based on the number of updates and/or purpose of use in the fourth step.

For example, when the application 215 manages the hierarchical deterministic path 400 in five stages, the application 215 may identify nodes in each stage based on at least four pieces of identification information.

For example, the application 215 may identify nodes based on the user's account ID in a second step. For example, in the third step, the application 215 may identify nodes based on the identification information of the application 211 and/or the identification information of the execution screen 300 . For example, the application 215 may identify nodes based on data (ie, ID) input to the ID field 310 in the fourth step. For example, in the fifth step, the application 215 may identify nodes based on the number of updates and/or purpose of use.

In an embodiment, according to a rule for generating the hierarchical deterministic path 400 , there may be one or more pieces of identification information required to identify a node in each step. For example, the application 215 may identify nodes by combining at least two pieces of information in an arbitrary step.

In one embodiment, the application 215 may generate the requested data based on the node identified in the last step of the hierarchical deterministic path 400 . In one embodiment, the application 215 may generate the requested data based on the symmetric key of the node identified in the last step of the hierarchical deterministic path 400 .

For example, when the application 215 manages the hierarchical deterministic path 400 in five stages, the application 215 requests based on one of the nodes 461, 463, and 465 of the fifth stage. data can be created. For example, when the application 215 manages the hierarchical deterministic path 400 in four stages, the application 215 makes a request based on one of the nodes 451 , 453 , and 455 of the fourth stage. data can be created.

In an embodiment, the application 215 may generate data to be input by encoding the symmetric key of the identified last stage node.

In an embodiment, the application 215 divides the identified symmetric key of the node of the last stage into a specified number (or a specified length) of bit strings, and characters (eg, mapped to each of the bit strings of the specified length) You can generate data to enter based on uppercase, lowercase, numbers, and/or symbols). In an embodiment, when the first bit string of the symmetric key is “0000000000001”, the first character may be “a”. In an embodiment, when the second bit string of the symmetric key is “000000000010”, the second character may be “b”. In an embodiment, when the third bit string of the symmetric key is “100000000010”, the third character may be “!”.

In an embodiment, the application 215 may generate input data by encoding the symmetric key of the identified last node according to a set encoding condition.

For example, referring to FIG. 5 , the user may set encoding conditions based on the execution screen 500 of the application 215 . In an embodiment, the execution screen 500 includes a user interface (UI) 510 for adjusting the length (eg, number of characters) of data to be input, a UI 530 for adjusting user recognition of data to be input, or A UI 550 for setting an allowable condition for characters may be included.

In an embodiment, the application 215 divides the symmetric key of the node of the last stage into bit strings according to the length of data to be input set through the UI 510, and a character mapped to each bit string of a specified length. You can create data to be input based on these.

In an embodiment, the application 215 may map words to each of the bit strings according to the user recognition level set through the UI 530 .

In an embodiment, the application 215 may map an uppercase letter, a lowercase letter, a number, a symbol, or a combination thereof to each of the bit strings according to an allowable condition for characters set through the UI 550 .

In an embodiment, the application 215 may transmit the generated data to the auto-complete framework 230 through the framework 225 . In an embodiment, the auto-complete framework 230 may input the received data into an auto-complete request field (eg, the PW field 330 ).

In one embodiment, the application 215 may back up at least some data of the data related to the hierarchical deterministic path 400 to the server 108 . In one embodiment, the application 215 may back up the identification information used to identify the node in each step of the hierarchical deterministic path 400 to the server 108 . In an embodiment, the application 215 may back up the set encoding condition to the server 108 . In an embodiment, at least some data of data related to the hierarchical deterministic path 400 may also be referred to as backup data. In one embodiment, the backup data may include identification information used to identify a node in each step of the hierarchical deterministic path 400 . In an embodiment, the backup data may include an encoding condition.

In an embodiment, the application 215 may back up the table shown in Table 1 below to the server 108 .

account ID APP ID (or URL) user ID number of updates Encoding conditions account_1 URL_1 enc_ID_1 0 enc_rule_1 account_1 APP_1 enc_ID_2 One enc_rule_2

Table 1 may show an example of backup data. In an embodiment, Table 1 may indicate information about an account ID, an APP ID (or uniform resource locator (URL)), a user ID, the number of updates, and an encoding condition. In one embodiment, the server 108 may further be backed up with information on the steps in which each entity is used together with Table 1. For example, the server 108 may be further backed up with account ID, APP ID (or URL), user ID, or information about the steps at which the update count is used to identify a node.

In one embodiment, the application 215 may store the backup data (eg, data in Table 1) backed up in the server 108 in a memory (eg, the memory 130 of FIG. 1 ). For example, the application 215 may store the backup data in a physically separated separate memory for operation of the second environment 203 or in a security area of a general memory. As another example, the application 215 may store the backup data in an external memory of the electronic device 101 and may support an additional authentication operation so that it can be used through separate authentication. As another example, the application 215 may encrypt and store the backup data in the memory of the electronic device 101 , and may allow only the application 215 of the second environment 203 to be used.

In an embodiment, when the backup data stored in the electronic device 101 is updated, the application 215 may transmit the updated backup data to the server 108 . In this case, the server 108 may update the backup data of the server 108 based on the backup data transmitted from the application 215 . Thereafter, when the backup data of the server 108 is updated, the server 108 may transmit the updated backup data to other electronic devices of the user (eg, the electronic device 104 ).

In an embodiment, when the password is updated, the application 215 may update backup data stored in the electronic device 101 . For example, when the password of account_1 for URL_1 is updated (see Table 1), the application 215 may change the number of times of updating the password of account_1 from 0 to 1. In this case, the application 215 may transmit the updated backup data to the server 108 .

In an embodiment, the application 215 may update backup data stored in the electronic device 101 when the user registers for membership. For example, when the user performs a new membership registration with account_2 for URL_1, the application 215 includes an account ID (eg, account_2), APP ID related to account_2 of URL_1 in the backup data stored in the electronic device 101 . (or URL) (eg, URL_1), user ID (eg, enc_ID_3), the number of updates (eg, 0), and encoding conditions (eg, enc_rule_3) can be newly recorded. In this case, the application 215 may transmit the updated backup data to the server 108 .

In an embodiment, the application 215 may update backup data stored in the electronic device 101 when a member withdraws from membership or when a management exclusion is requested for an arbitrary password. For example, when a user requests to exclude account_1 of URL_1 from management, the application 215 may delete data related to account_1 of URL_1 from backup data stored in the electronic device 101 . In this case, the application 215 may transmit the updated backup data to the server 108 .

In another embodiment, the application 215 may periodically synchronize the backup data with the server 108 . For example, the application 215 may periodically report the backup data of the electronic device 101 to the server 108 . In an embodiment, the server 108 may update the backup data of the server 108 based on the backup data reported from the user's electronic devices (eg, the electronic device 101 or the electronic device 104 ). have. In an embodiment, after updating the backup data of the server 108 , the server 108 transfers the backup data of the server 108 to the user's electronic devices (eg, the electronic device 101 , the electronic device 104 ). can send

In an embodiment, the electronic device 104 may request the server 108 for backup data and obtain the backup data from the server 108 . In an embodiment, the electronic device 104 may obtain backup data from the server 108 after being authenticated by the server 108 . In an embodiment, authentication may include an operation for confirming whether the user of the electronic device 104 is the same as the user of the electronic device 101 . For example, the server 108 compares the pre-registered biometric information and/or pin number of the user of the electronic device 101 with the biometric information and/or pin number input from the user of the electronic device 104 . Thus, the authentication operation can be performed.

In an embodiment, the electronic device 104 may obtain a specified number (eg, 12) of mnemonic symbols (eg, mnemonics) 412 and/or user codes 413 from the user.

In an embodiment, the electronic device 104 acquires the root seed 411 based on the obtained specified number (eg, 12) of the mnemonic (eg, mnemonic) 412 and/or the user code 413 . can In an embodiment, the electronic device 104 repeats the hash algorithm (eg, HMAC-SHA-512) for the mnemonic (eg, mnemonic) 412 and/or the user code 413 a specified number of times. The root seed 411 can be obtained by inputting .

In an embodiment, the electronic device 104 may identify the master node 421 by inputting the obtained root seed 411 into a specified function (eg, CKD, HMAC-SHA-512).

In an embodiment, the electronic device 104 may identify descendant nodes of the master node 421 based on the master node 421 and backup data.

6 is a flowchart illustrating a password input operation of the electronic device 101 according to an embodiment of the present disclosure. The operations of FIG. 6 may be described with reference to FIGS. 2 to 5 .

Referring to FIG. 6 , in operation 610 , the application 211 may identify a password input request. In an embodiment, the application 211 may identify a password input request when the PW field 330 is included in the execution screen 300 . In an embodiment, the application 211 may identify a password input request when the PW field 330 is included in the execution screen 300 and data is input in another field (eg, the ID field 310). .

In operation 620 , the application 211 may request the automatic completion framework 230 to input a password. In an embodiment, the application 211 may request automatic completion of the PW field 330 . In an embodiment, the password input request includes identification information of the application 211 , identification information of the execution screen 300 , identification information of fields 310 and 330 included in the execution screen 300 , and a field requiring input. (eg, PW field 330), user identification information (eg, user's account ID), or a combination thereof may be included.

In operation 630 , the auto-complete framework 230 may identify whether a password related to the auto-complete requested PW field 330 exists.

In an embodiment, when the password is managed in the first environment 201 , the auto-complete framework 230 is configured to automatically complete the requested PW field ( 330), it can be identified whether there is a related password.

In one embodiment, when the password is managed in the second environment 203 , the auto-complete framework 230 may automatically complete the password associated with the PW field 330 requested to the application 215 through the framework 225 . By querying , it is possible to identify whether a password exists. In one embodiment, when the password is managed in the second environment 203 , the auto-complete framework 230 may automatically complete the password associated with the PW field 330 requested to the application 215 through the framework 225 . may be requested, and a password may be received from the application 215 based on the request. In an embodiment, the data request includes identification information of the application 211 , identification information of the execution screen 300 , and identification information of fields 310 and 330 included in the execution screen 300 (eg, field ID). . According to an embodiment, the update count information may mean the update count of data related to a field (eg, the PW field 330 ) for which an input is requested.

In an embodiment, when there is a password associated with the auto-completed requested PW field 330 (operation 630 - 'Yes'), the auto-complete framework 230 may perform operation 670 . In an embodiment, when the password associated with the auto-completed requested PW field 330 does not exist (operation 630 - 'No'), the auto-complete framework 230 may perform operation 640 .

In operation 640 , the auto-complete framework 230 may request the framework 225 to generate a password. In an embodiment, the password generation request includes identification information of the application 211 , identification information of the execution screen 300 , identification information of fields 310 and 330 included in the execution screen 300 , and a field requiring input. (eg, PW field 330), user identification information (eg, user's account ID), or a combination thereof may be included.

In operation 645 , the framework 225 may request the application 215 to generate a password. In an embodiment, the password generation request includes identification information of the application 211 , identification information of the execution screen 300 , identification information of fields 310 and 330 included in the execution screen 300 , and a field requiring input. (eg, PW field 330), user identification information (eg, user's account ID), or a combination thereof may be included.

In operation 650 , the application 215 may identify the node based on information received from the framework 225 . In an embodiment, the application 215 may identify the node based on information included in the password generation request.

In an embodiment, the application 215 may identify a node on the hierarchical deterministic path 400 based on information included in the password generation request.

In operation 655, the application 215 may generate a password based on the identified node information.

In one embodiment, the application 215 may identify the public key based on the identified node's private key. In one embodiment, the application 215 may identify the symmetric key based on the identified node's private key and public key. In one embodiment, the application 215 may identify the password based on the symmetric key of the identified node.

In an embodiment, the application 215 may generate a password by encoding the symmetric key of the identified node. In an embodiment, the application 215 may generate input data by encoding the symmetric key of the identified node according to a set encoding condition.

In operation 660 , the application 215 may return the generated password to the framework 225 .

At operation 665 , the framework 225 may return the password to the autocomplete framework 230 .

In operation 670 , the auto-complete framework 230 may input a password to the application 211 .

In FIG. 6 , the generation and input of data has been described with a focus on the password input request, but this is only an example. In another embodiment, the application 211 may generate a user ID and/or password as well as a password. For example, the application 211 requests the auto-completion framework 230 to auto-complete the ID field 310 and the PW field 330 , and the auto-complete framework 230 via the framework 225 . The application 215 may request generation of data to be input to the ID field 310 and data to be input to the PW field 330 . In this case, data to be input to the ID field 310 and data to be input to the PW field 330 may be identified through the same hierarchical deterministic path 400 or may be identified through different hierarchical deterministic paths 400 . .

For example, when identified through the same hierarchical deterministic path 400, data to be input into the ID field 310 is identified by the 0th node among sibling nodes of the last stage, and the PW field 330 ) may be identified by nodes other than the 0th node among the sibling nodes. Here, the parent nodes of the sibling nodes may be the same.

In another embodiment, the application 211 may generate not only the user's ID and password, but also other additional information. In an embodiment, the application 211 may generate additional information based on an encoding rule for the additional information to be generated. For example, when the additional information to be generated is related to an address, the encoding rule may indicate a conversion rule between a bit sequence and an address element (eg, a name of a city or a name of a road). For example, when the additional information to be generated is a phone number, the encoding rule may indicate a conversion rule between a bit sequence and a number. For example, when the additional information to be generated is an email address, the encoding rule may indicate a conversion rule between a bit sequence and a character and/or a domain (eg, @samsung.com). In an embodiment, the additional information may be information for preventing the theft of a user's personal information. For example, the additional information may include an address, phone number, email address, or a combination thereof.

Although it has been described that operation 630 is included in FIG. 6 , this is only an example. In another embodiment, the auto-complete framework 230 may request a password from the application 215 through the framework 225 based on a password input request from the application 211 . In this case, the application 215 may determine whether a node corresponding to the password input request is identified. When the node corresponding to the password input request is identified, the application 215 may encode the password based on the identified node and then transmit the encoded password to the auto-complete framework 230 . In addition, the application 215 generates a node corresponding to the password input request when the node corresponding to the password input request is not identified, encodes the password based on the generated node, and then automatically completes the encoded password. It can be forwarded to (230).

7 is a flowchart illustrating a backup operation of the electronic device 101 according to an embodiment of the present disclosure. The operations of FIG. 7 may be described with reference to FIGS. 2 to 5 .

Referring to FIG. 7 , in operation 701 , the electronic device 101 may identify a backup event.

In an embodiment, the electronic device 101 may identify a case in which the hierarchical deterministic path 400 is changed as a backup event. In an embodiment, when at least one node of the hierarchical deterministic path 400 is generated, the electronic device 101 may identify a backup event.

According to an embodiment, the electronic device 101 may identify a case in which an encoding condition is changed as a backup event.

In operation 702 , according to an embodiment, the electronic device 101 may transmit backup data to the server 108 . In one embodiment, the backup data may include identification information used to identify a node in each step of the hierarchical deterministic path 400 . In an embodiment, the backup data may include an encoding condition. In an embodiment, the backup data may include a table as shown in Table 1.

In operation 703 , the server 108 may store the backup data.

In operation 710 , the other electronic device 104 of the user of the electronic device 101 may identify a password input request. In an embodiment, the electronic device 104 may identify a password input request based on a field included in the execution screen.

In operation 720 , the electronic device 104 may identify whether the hierarchical deterministic path 400 exists.

In an embodiment, when the hierarchical deterministic path 400 exists in the electronic device 104 (operation 720 - 'Yes'), operation 760 may be performed. In an embodiment, when the hierarchical deterministic path 400 does not exist in the electronic device 104 (operation 720 - 'No'), operation 730 may be performed.

In operation 730 , the electronic device 104 may restore the root seed 411 . In an embodiment, the electronic device 104 may restore the root seed 411 based on the mnemonic (eg, mnemonic) 412 and/or the user code 413 input from the user. In an embodiment, the electronic device 104 may restore the root seed 411 by concatenating the bit string corresponding to the mnemonic (eg, mnemonic) 412 and/or the user code 413 .

In operation 740 , the electronic device 104 may request backup data from the server 108 .

In operation 750 , the server 108 may transmit backup data to the electronic device 104 . In an embodiment, the server 108 may transmit the backup data after authenticating the electronic device 104 .

In operation 760 , the electronic device 104 may identify a password based on the root seed 411 and backup data.

In an embodiment, the electronic device 104 identifies the master node 421 based on the root seed 411 , and the hierarchical deterministic path 400 based on information included in the master node 421 and the password input request. node can be identified.

In an embodiment, the electronic device 104 may encode the symmetric key of the identified node into a password based on an encoding condition.

In operation 770 , the electronic device 104 may input the identified password.

The electronic device 101 according to various embodiments of the present disclosure includes a processor 120 and a memory 130 operatively connected to the processor 120 and storing at least one instruction, wherein the instructions are When executed by the processor 120 , the electronic device 101 identifies a data generation request for a specified field (eg, the PW field 330 ) of the execution screen 300 of the application 211 , and the application Based on the information of 211 and information input through at least one of the fields 310 and 330 included in the execution screen 300, data for the designated field (eg, the PW field 330) is retrieved. and the data may be generated from the master node 421 of the hierarchical deterministic path 400 through the node hierarchically determined based on the information of the application 211 and the input information.

In one embodiment, the data may be generated based on a public key and/or a private key identified through the node.

In an embodiment, the data may be generated based on a symmetric key of the public key and the private key.

In an embodiment, when the instructions are executed by the processor 120 , the electronic device 101 may be configured to generate the data by encoding the symmetric key based on a specified encoding condition.

In an embodiment, when the instructions are executed by the processor 120 , the electronic device 101 receives an automatic completion request for the specified field (eg, the PW field 330 ) from the application 211 . When there is no data to be input in the designated field (eg, PW field 330), the data generation request for the designated field (eg, PW field 330) is identified, and the generated It may be configured to input data into the designated field (eg, the PW field 330 ).

In an embodiment, when the instructions are executed by the processor 120 , the electronic device 101 uses the information of the application 211 and the input information in a specified number from the master node 421 . identify descendant nodes of the stages of , and generate the data through a node of a last stage among the descendent nodes.

In an embodiment, different types of information may be used in different steps to identify descendant nodes.

In an embodiment, when the instructions are executed by the processor 120 , the electronic device 101 uses the information of the application 211 to 433, 435 are identified, and second child nodes 441, 443, 445 of the first child node 431, 433, 435 are identified using the input information, and using the stored update count, identify a third child node (441, 443, 445) of the second child node (441, 443, 445), and generate the data through the third child node (441, 443, 445) have.

In an embodiment, when the instructions are executed by the processor 120 , the electronic device 101 identifies at least one word through a user input requesting password recovery, and adds each of the identified words. and identify the master node 421 based on a corresponding value.

In an embodiment, the method further includes a communication module 190 , wherein when the instructions are executed by the processor 120 , the electronic device 101 generates the data through the hierarchically determined node. Thus, it is configured to back up the hierarchically determined node-related information to the server 108 through the communication module 190, and the data backed up to the server 108 includes the information of the application 211, The input information, the number of updates of the hierarchically determined node, encoding conditions, or a combination thereof may be included.

In the method of operating the electronic device 101 according to various embodiments of the present disclosure, data for a designated field (eg, the PW field 330 ) of the execution screen 300 of the application 211 of the electronic device 101 is performed. Based on the operation of identifying the creation request, and information of the application 211 and information input through at least one of the fields 310 and 330 included in the execution screen 300 , the designated field (eg: and generating data for the PW field 330), wherein the data is layered based on the information of the application 211 from the master node 421 of the hierarchical deterministic path 400 and the input information. It can be created through nodes that are determined by nature.

In one embodiment, the data may be generated based on a public key and/or a private key identified through the node.

In an embodiment, the data may be generated based on a symmetric key of the public key and the private key.

In an embodiment, the generating of the data may include generating the data by encoding the symmetric key based on a specified encoding condition.

In an embodiment, the method of operating the electronic device 101 includes an operation of identifying an autocomplete request for the specified field (eg, PW field 330 ) from the application 211 , and the specified field (eg, PW). When there is no data to be input in the field 330), an operation of identifying the data generation request for the specified field (eg, the PW field 330), and converting the generated data into the specified field (eg: It may include an operation of inputting into the PW field 330).

In an embodiment, the generating of the data includes identifying descendant nodes of a specified number of steps from the master node 421 using the information of the application 211 and the input information, and the descendant It may include generating the data through a node of the last stage among the nodes.

In an embodiment, in the method of operating the electronic device 101 , different types of information may be used in different steps in identifying descendant nodes.

In an embodiment, the operation of generating the data includes the operation of identifying the first child nodes 431 , 433 , 435 of the master node 421 using the information of the application 211 , the input information The operation of identifying the second child nodes 441, 443, 445 of the first child nodes 431, 433, 435 using It may include an operation of identifying 441 , 443 , and 445 , and an operation of generating the data through the third child node 441 , 443 , 445 .

In an embodiment, the method of operating the electronic device 101 includes the operation of identifying at least one word through a user input requesting password recovery, and the master node based on a value corresponding to each of the identified words. and identifying 421 .

In an embodiment, the method of operating the electronic device 101 hierarchically uses the communication module 190 of the electronic device 101 based on generating the data through the hierarchically determined node. It is configured to back up information related to the determined node to the server 108, and the data backed up to the server 108 includes the information of the application 211, the input information, and the update of the hierarchically determined node. The number of times, encoding conditions, or a combination thereof may be included.

The electronic device according to various embodiments disclosed in this document may be a device of various types. The electronic device may include, for example, a portable communication device (eg, a smart phone), a computer device, a portable multimedia device, a portable medical device, a camera, a wearable device, or a home appliance device. The electronic device according to the embodiment of the present document is not limited to the above-described devices.

The various embodiments of this document and the terms used therein are not intended to limit the technical features described in this document to specific embodiments, and should be understood to include various modifications, equivalents, or substitutions of the embodiments. In connection with the description of the drawings, like reference numerals may be used for similar or related components. The singular form of the noun corresponding to the item may include one or more of the item, unless the relevant context clearly dictates otherwise. As used herein, "A or B", "at least one of A and B", "at least one of A or B", "A, B or C", "at least one of A, B and C", and "A , B, or C," each of which may include any one of the items listed together in the corresponding one of the phrases, or all possible combinations thereof. Terms such as "first", "second", or "first" or "second" may simply be used to distinguish an element from other elements in question, and may refer elements to other aspects (e.g., importance or order) is not limited. It is said that one (eg, first) component is “coupled” or “connected” to another (eg, second) component, with or without the terms “functionally” or “communicatively”. When referenced, it means that one component can be connected to the other component directly (eg by wire), wirelessly, or through a third component.

The term “module” used in various embodiments of the present document may include a unit implemented in hardware, software, or firmware, for example, and interchangeably with terms such as logic, logic block, component, or circuit. can be used A module may be an integrally formed part or a minimum unit or a part of the part that performs one or more functions. For example, according to an embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

According to various embodiments of the present document, one or more instructions stored in a storage medium (eg, internal memory 136 or external memory 138) readable by a machine (eg, electronic device 101) may be implemented as software (eg, the program 140) including For example, the processor (eg, the processor 120 ) of the device (eg, the electronic device 101 ) may call at least one of the one or more instructions stored from the storage medium and execute it. This makes it possible for the device to be operated to perform at least one function according to the called at least one command. The one or more instructions may include code generated by a compiler or code executable by an interpreter. The device-readable storage medium may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not contain a signal (eg, electromagnetic wave), and this term is used in cases where data is semi-permanently stored in the storage medium and It does not distinguish between temporary storage cases.

According to an embodiment, the method according to various embodiments disclosed in this document may be provided by being included in a computer program product. Computer program products may be traded between sellers and buyers as commodities. The computer program product is distributed in the form of a device-readable storage medium (eg compact disc read only memory (CD-ROM)), or via an application store (eg Play Store™) or on two user devices ( It can be distributed (eg downloaded or uploaded) directly, online between smartphones (eg: smartphones). In the case of online distribution, at least a portion of the computer program product may be temporarily stored or temporarily created in a machine-readable storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

According to various embodiments, each component (eg, module or program) of the above-described components may include a singular or a plurality of entities, and some of the plurality of entities may be separately disposed in other components. . According to various embodiments, one or more components or operations among the above-described corresponding components may be omitted, or one or more other components or operations may be added. Alternatively or additionally, a plurality of components (eg, a module or a program) may be integrated into one component. In this case, the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component among the plurality of components prior to the integration. . According to various embodiments, operations performed by a module, program, or other component are executed sequentially, in parallel, repeatedly, or heuristically, or one or more of the operations are executed in a different order, omitted, or , or one or more other operations may be added.

Claims (20)

In an electronic device,
processor, and
a memory operatively coupled to the processor and storing at least one instruction, wherein the instructions, when executed by the processor, cause the electronic device to:
Identifies a data generation request for a specified field on the application's launch screen;
configured to generate data for the designated field based on the information of the application and information input through at least one field included in the execution screen,
The data is generated from the master node of the hierarchical deterministic path through the node hierarchically determined based on the information of the application and the input information.
The method according to claim 1,
wherein the data is generated based on a public key and/or a private key identified through the node.
3. The method according to claim 2,
The data is generated based on a symmetric key of the public key and the private key.
4. The method of claim 3,
When the instructions are executed by the processor, the electronic device
and generate the data by encoding the symmetric key based on a specified encoding condition.
The method according to claim 1,
When the instructions are executed by the processor, the electronic device
identify an autocomplete request for the specified field from the application;
If there is no data to be entered in the specified field, identify the data creation request for the specified field;
an electronic device configured to input the generated data into the designated field.
The method according to claim 1,
When the instructions are executed by the processor, the electronic device
Identifies descendant nodes of a specified number of steps from the master node using the information of the application and the input information,
and generate the data through a node of a last stage among the descendant nodes.
7. The method of claim 6,
An electronic device in which different types of information are used in different steps in identifying descendant nodes.
8. The method of claim 7,
When the instructions are executed by the processor, the electronic device
Identifies the first child node of the master node using the information of the application,
identifying a second child node of the first child node using the input information;
using the stored update count to identify a third child node of the second child node;
and generate the data via the third child node.
The method according to claim 1,
When the instructions are executed by the processor, the electronic device
Identifies at least one word through a user input requesting password recovery,
and identify the master node based on a value corresponding to each of the identified words.
The method according to claim 1,
Further comprising a communication module,
When the instructions are executed by the processor, the electronic device
Based on generating the data through the hierarchically determined node, it is configured to back up information related to the hierarchically determined node to a server through the communication module,
The data backed up in the server includes the application information, the input information, the number of updates of the hierarchically determined node, an encoding condition, or a combination thereof.
A method of operating an electronic device, comprising:
identifying a data generation request for a specified field of an execution screen of an application of the electronic device; and
generating data for the specified field based on the information of the application and information input through at least one field included in the execution screen;
The data is generated through a node hierarchically determined based on the information of the application and the input information from the master node of the hierarchical deterministic path.
12. The method of claim 11,
wherein the data is generated based on a public key and/or a private key identified through the node.
12. The method of claim 11,
wherein the data is generated based on a symmetric key of the public key and the private key.
12. The method of claim 11,
The operation of generating the data is
and generating the data by encoding the symmetric key based on a specified encoding condition.
12. The method of claim 11,
identifying an autocomplete request for the specified field from the application;
identifying the data creation request for the designated field when there is no data to be input in the designated field; and
and inputting the generated data into the designated field.
12. The method of claim 11,
The operation of generating the data is
identifying descendant nodes of a specified number of steps from the master node using the information of the application and the input information, and
and generating the data through a node of a last stage among the descendant nodes.
12. The method of claim 11,
A method in which different kinds of information are used at different stages in identifying descendant nodes.
12. The method of claim 11,
The operation of generating the data is
identifying a first child node of the master node using the information of the application;
identifying a second child node of the first child node using the input information;
identifying a third child node of the second child node using the stored update count; and
and generating the data via the third child node.
12. The method of claim 11,
identifying at least one word through a user input requesting password recovery, and
and identifying the master node based on a value corresponding to each of the identified words.
12. The method of claim 11,
configured to back up information related to the hierarchically determined node to a server through a communication module of the electronic device based on generating the data through the hierarchically determined node,
The data backed up to the server includes the application information, the input information, the number of updates of the hierarchically determined node, an encoding condition, or a combination thereof.

Images