CN110727940A - Electronic equipment password management method, device, equipment and storage medium - Google Patents

Electronic equipment password management method, device, equipment and storage medium Download PDF

Info

Publication number
CN110727940A
CN110727940A CN201910894332.1A CN201910894332A CN110727940A CN 110727940 A CN110727940 A CN 110727940A CN 201910894332 A CN201910894332 A CN 201910894332A CN 110727940 A CN110727940 A CN 110727940A
Authority
CN
China
Prior art keywords
password
storage space
unlocking
stored
electronic equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910894332.1A
Other languages
Chinese (zh)
Inventor
林进全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oppo Chongqing Intelligent Technology Co Ltd
Original Assignee
Oppo Chongqing Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo Chongqing Intelligent Technology Co Ltd filed Critical Oppo Chongqing Intelligent Technology Co Ltd
Priority to CN201910894332.1A priority Critical patent/CN110727940A/en
Publication of CN110727940A publication Critical patent/CN110727940A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Abstract

The embodiment of the application discloses a method, a device, equipment and a storage medium for password management of electronic equipment, wherein the method comprises the following steps: when password setting is carried out on a target unit of the electronic equipment, a new password of the target unit is obtained, and the new password is stored in a first storage space and a second storage space; the security level of the second storage space is higher than that of the first storage space; when the unlocking operation is detected, the first storage space password is the same as the second storage space password, and the unlocking operation is executed based on the first storage space password; the first storage space password is different from the second storage space password, the first storage space password is updated based on the second storage space password, and then the unlocking operation is executed based on the updated first storage space password. Therefore, when the electronic equipment is in the unlocking operation condition, the unlocking operation can be executed by updating the first storage space password by using the second storage space password, the condition that the screen locking operation is invalid is avoided, and the safety of the electronic equipment is improved.

Description

Electronic equipment password management method, device, equipment and storage medium
Technical Field
The present disclosure relates to control technologies, and in particular, to a method, an apparatus, a device, and a storage medium for managing passwords of an electronic device.
Background
At present, many electronic devices have a screen protection function, for example, by setting a screen locking password. In the prior art, some screen locking passwords stored in a mobile terminal execute an algorithm and protect data encryption storage based on a Trusted External Environment (TEE) secure environment, and a specific screen locking and unlocking manner of the screen locking password includes: firstly, setting a screen locking password at a mobile phone terminal and storing the screen locking password in a user partition; secondly, when the mobile phone terminal is unlocked, comparing the stored screen locking password with the screen locking password temporarily acquired from the sensor; and finally, determining whether unlocking is available according to the comparison result.
The original screen locking password has enough safety guarantee for the electronic equipment, but the mobile phone has the safety problem again along with the occurrence of the screen locking password cracking event. Specifically, a purpose-made application APP is installed on the mobile phone, and the APP can enable an unlocking password or an unlocking fingerprint of the mobile phone to be invalid through an instruction.
According to the mode of locking and unlocking the screen, even if a storage path of the screen locking password is modified or the security mechanism during storage of the screen locking password is updated and adjusted, after the mobile terminal is subjected to Root authority by using an abnormal means, password data stored in a user partition is replaced or deleted, so that the screen locking password of the terminal is replaced or invalid, and the privacy of a user is threatened.
Disclosure of Invention
In order to solve the foregoing technical problems, embodiments of the present application are intended to provide a method, an apparatus, a device, and a storage medium for password management of an electronic device.
The technical scheme of the application is realized as follows:
in a first aspect, a method for managing passwords of an electronic device is provided, and the method includes:
when password setting is carried out on a target unit of the electronic equipment, a new password of the target unit is obtained, and the new password is stored in a first storage space and a second storage space; wherein the security level of the second storage space is higher than that of the first storage space;
when the unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space;
if so, executing unlocking operation based on the password of the first storage space;
and if not, updating the password of the first storage space based on the password of the second storage space, and then executing the unlocking operation based on the updated password of the first storage space.
In a second aspect, an electronic device password management apparatus is provided, the apparatus including:
the acquisition unit is used for acquiring a new password of the target unit when password setting is carried out on the target unit of the electronic equipment, and storing the new password in the first storage space and the second storage space; wherein the security level of the second storage space is higher than that of the first storage space;
the comparison unit is used for comparing whether the password of the first storage space is the same as the password of the second storage space when the unlocking operation is detected;
the execution unit is used for executing unlocking operation based on the password of the first storage space when the password of the first storage space is the same as the password of the second storage space;
and the execution unit is also used for updating the password of the first storage space based on the password of the second storage space when the password of the first storage space is different from the password of the second storage space, and then executing the unlocking operation based on the updated password of the first storage space.
In a third aspect, an electronic device is provided, including: a processor and a memory configured to store a computer program operable on the processor, wherein the processor is configured to perform the steps of the aforementioned method when executing the computer program.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, wherein the computer program, when executed by a processor, implements the steps of the aforementioned method.
By adopting the technical scheme, when the password setting is carried out on the target unit of the electronic equipment, the new password of the target unit is obtained and stored in the first storage space and the second storage space; the security level of the second storage space is higher than that of the first storage space, and the password of the second storage space is not easy to be abnormally replaced or abnormally cleared; when the electronic equipment is in a normal condition, namely the first storage space password is the same as the second storage space password, unlocking operation is executed based on the first storage space password; when the electronic equipment is under the abnormal condition, namely the first storage space password is different from the second storage space password, the first storage space password data can be changed or deleted, the screen locking operation of the electronic equipment is disabled, the privacy of the electronic equipment is further threatened, the first storage space password can be updated by utilizing the second storage space password at the moment, the unlocking operation is further executed, the condition that the screen locking operation is disabled is avoided, and the safety of the electronic equipment is improved.
Drawings
FIG. 1 is a first flowchart illustrating a method for password management of an electronic device according to an embodiment of the present disclosure;
FIG. 2 is a second flowchart of a method for password management of an electronic device according to an embodiment of the present disclosure;
fig. 3 is a third flowchart of a method for password management of an electronic device according to an embodiment of the present disclosure;
fig. 4 is a third flowchart of a method for password management of an electronic device according to an embodiment of the present disclosure;
FIG. 5 is a functional block diagram of software according to an embodiment of the present application;
fig. 6 is a schematic diagram of a password management flow when factory settings are restored in the embodiment of the present application;
FIG. 7 is a schematic diagram illustrating a password management process during software flashing in an embodiment of the present application;
FIG. 8 is a schematic diagram of a configuration of a password management apparatus in an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
So that the manner in which the features and elements of the present embodiments can be understood in detail, a more particular description of the embodiments, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings.
Example one
An embodiment of the present application provides a method for password management of an electronic device, where fig. 1 is a first flowchart of the method for password management of an electronic device in the embodiment of the present application, and as shown in fig. 1, the control method may specifically include:
step 101: when password setting is carried out on a target unit of electronic equipment, a new password of the target unit is obtained, and the new password is stored in a first storage space and a second storage space; wherein the security level of the second storage space is higher than the security level of the first storage space;
step 102: when the unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space; if the two are the same, step 103 is executed; if not, go to step 104;
step 103: if the password is the same, unlocking operation is executed based on the password of the first storage space;
step 104: and if not, updating the password of the first storage space based on the password of the second storage space, and then executing unlocking operation based on the updated password of the first storage space.
Here, the execution subject of steps 101 to 104 may be a processor of the electronic device. Here, the electronic device may be a mobile terminal or a fixed terminal provided with a combination lock. Such as smart phones, personal computers (e.g., tablet, desktop, notebook, netbook, palmtop), mobile phones, electronic book readers, portable multimedia players, audio/video players, cameras, virtual reality devices, wearable devices, and the like.
The original screen locking password has enough safety guarantee for the electronic equipment, but the mobile phone has the safety problem again along with the occurrence of the screen locking password cracking event. For example, after the mobile terminal is Root authorized by using an abnormal means, password data stored in a user partition is at risk of being replaced or deleted, so that a screen locking password of the terminal is replaced or invalid, and the privacy of the user is threatened. In order to avoid the threat, according to the technical scheme, a second storage space is set, and the password is also stored in the second storage space, wherein the security level of the second storage space is higher than that of the first storage space, the second storage space also needs to prevent various hardware attacks, and data is kept unchanged when the electronic equipment is restored to factory settings.
For example, for an electronic device of the android system, when the electronic device is configured with a password lock, the configured password is generally directly stored in a first storage space, for example, a data/system/gateway key. xxx. key file of which the first storage space is a user partition, and the configured password is also stored in a second storage space with a higher security level than the first storage space, for example, the second storage space may be an emmc (embedded multi media card) loopback protection partition rpmb (relay network block) file controlled by a TEE secure execution environment.
Further, the storing the new password in the first storage space and the second storage space includes: acquiring an old password stored in the second storage space; and when the old password stored in the second storage space is different from the new password, updating the old password in the second storage space and the old password in the first storage space by using the new password.
The electronic equipment setting password comprises a first time setting password or an Nth (N >1) time setting password. When the target unit of the electronic equipment is in the state of setting the password for the first time, directly storing the set new password in a first storage space and a second storage space; when the target unit of the electronic equipment is in the Nth (N >1) time password setting state, respectively acquiring an old password stored in the second storage space and a newly set password of the target unit, and updating the old password of the second storage space and the old password of the first storage space by using the new password when the old password and the newly set password are different; wherein updating the old password of the first storage space with the new password comprises: firstly, the electronic equipment acquires an old password stored in a first storage space, compares the old password with a new password to determine whether the old password is the same as the new password, and updates the old password in the first storage space by using the new password if the old password is not the same as the new password.
Illustratively, when password setting is carried out on a target unit of the electronic equipment, a new password of the target unit is obtained, the new password is stored in the first storage space and the second storage space, a stored old password is obtained in an RPMB file of an EMMC loop protection partition controlled by the TEE security execution environment, and when the old password is different from the new password, the old password in the RPMB and the old password in a data/system/gateway key.
Further, the storing the new password in the first storage space and the second storage space includes: encrypting the new password by using a preset encryption algorithm; and storing the encrypted new password in the first storage space and the second storage space.
In practical application, after password setting is effective, the original password is generally directly stored or is stored in a data/system/gateway Key. xxx. Key file and an RPMB file of a user partition after being processed, where the original password processing may be to encrypt the new password by using a preset encryption algorithm for the original password, for example, the encryption algorithm may be a Hash algorithm or an RSA algorithm (asymmetric encryption algorithm), where the Hash algorithm is used to perform Hash operation on the original password, and an obtained operation result includes a Hash-Hash value and a type, where Key of the Hash operation refers to the original password corresponding to the user-set password lock, and the Hash processing is performed on the data to obtain a Key-Hash of a fixed length; type refers to a combination lock type, for example, the type may refer to a data password and a jiugong format password. And setting a new password lock by the user through the electronic equipment, processing the new password lock to generate a new key-hash value, and storing the new key-hash value in the data/system/gateway.
Further, when an unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space includes: and comparing whether the password of the first storage space is the same as the password of the second storage space or not based on the key-hash values of the first storage space and the second storage space. When the key-hash values of the first storage space and the second storage space of the electronic device are the same, determining that the password of the first storage space is the same as that of the second storage space; when the key-hash values of the first storage space and the second storage space of the electronic device are different, determining that the password of the first storage space is different from the password of the second storage space.
Illustratively, the electronic device obtains an original password or a key-hash value in a first storage space, namely, a user partition/data/system/gateway key. Comparing the original passwords or the key-hash values of the two storage spaces, and if the original passwords or the key-hash values are the same, executing unlocking operation by a target unit of the electronic equipment based on the original passwords in the/data/system/gateway key. And if the key-hash value is not the same as the original password or the key-hash value in the RPMB file, updating the original password or the key-hash value in the/data/system/gateway.
Further, the performing an unlocking operation based on the password of the first storage space includes: acquiring an unlocking password for the target unit; when the unlocking password is different from the password of the first storage space, unlocking fails; and when the unlocking password is the same as the password of the first storage space, the unlocking is successful.
Specifically, when the password stored in the first storage space is not encrypted, the target unit unlocking password is directly acquired and compared with the password in the first storage space, and when the passwords are different, the unlocking fails; when the password is the same, the unlocking is successful.
When the password stored in the first storage space is stored after being processed through an encryption algorithm, whether the unlocking operation is successful or not can be judged by comparing the unlocking password encryption with the password in the first storage space; or the password of the first storage space is decrypted and compared with the unlocking password to judge whether the unlocking operation is successful.
For example, hash operation is selected for encryption, an unlocking password of the target unit is obtained, the hash operation is performed on the unlocking password to generate a key-hash value, the key-hash value is compared with the key-hash value of the first storage space, and when the key-hash values of the key-hash value and the key-hash value are not equal, unlocking fails; when the key-hash values of the two are equal, unlocking is successful. Since the hash operation is irreversible, i.e. not decryptable, the operation of decrypting the password of the first storage space and then comparing the decrypted password with the unlocking password is not performed.
By adopting the technical scheme, when the password setting is carried out on the target unit of the electronic equipment, the new password of the target unit is obtained and stored in the first storage space and the second storage space; the security level of the second storage space is higher than that of the first storage space, and the password of the second storage space is not easy to be abnormally replaced or abnormally cleared; when the electronic equipment is in a normal condition, namely the first storage space password is the same as the second storage space password, unlocking operation is executed based on the first storage space password; when the electronic equipment is under the abnormal condition, namely the first storage space password is different from the second storage space password, the first storage space password data can be changed or deleted, the screen locking operation of the electronic equipment is disabled, the privacy of the electronic equipment is further threatened, the first storage space password can be updated by utilizing the second storage space password at the moment, the unlocking operation is further executed, the condition that the screen locking operation is disabled is avoided, and the safety of the electronic equipment is improved.
Fig. 2 is a schematic flowchart of an unlocking operation in an embodiment of the present application, and as shown in fig. 2, the unlocking operation flow may specifically include:
step 201: when the unlocking operation is detected, whether a password is stored in the second storage space is detected, and if the password exists, the step 202 is executed; if not, go to step 205;
illustratively, when the electronic device detects an unlocking operation, it detects whether a stored password is contained in the RPMB file, and if the password exists in the RPMB file, step 202 is executed; if the password does not exist in the RPMB file, step 205 is executed.
Step 202: comparing whether the password of the first storage space is the same as the password of the second storage space, if so, executing step 203; if yes, go to step 204;
exemplarily, when the electronic device detects that the RPMB file contains the stored password, the password stored in the user partition/data/system/gateway key. xxx. key file is obtained, and the passwords in the two files are compared, if the passwords in the two files are different, step 203 is executed; if the passwords in the two files are the same, step 204 is executed.
Step 203: updating the password of the first storage space based on the password of the second storage space, and then executing unlocking operation based on the updated password of the first storage space;
for example, in the presence of a password stored in an RPMB file of the electronic device, and when the password is different from the password stored in the user partition/data/system/gateway, xxx, key file, the electronic device indicates that the password stored in the user partition/data/system/gateway, xxx, key file is invalid (e.g., deleted or replaced), the electronic device updates the password stored in the user partition/data/system/gateway, xxx, key file with the password stored in the RPMB file, and then performs an unlocking operation with the password in the updated/data/system/gateway, xxx, key file.
Step 204: performing an unlocking operation based on the password of the first storage space;
illustratively, in the presence of a password stored in an RPMB file of the electronic device, and when the password is the same as the password stored in the user partition/data/system/gateway.
Step 205: and when the first storage space stores the password, unlocking operation is executed based on the password of the first storage space.
Illustratively, when the electronic device detects an unlocking operation, it detects that the RPMB file does not contain a stored password, but detects that the password exists in the data/system/gateway.
Further, the performing an unlocking operation based on the password of the first storage space includes: acquiring an unlocking password for the target unit; when the unlocking password is different from the password of the first storage space, unlocking fails; and when the unlocking password is the same as the password of the first storage space, the unlocking is successful.
Specifically, when the password stored in the first storage space is not encrypted, the target unit unlocking password is directly acquired and compared with the password in the first storage space, and when the passwords are different, the unlocking fails; when the password is the same, the unlocking is successful.
When the password stored in the first storage space is stored after being processed through an encryption algorithm, whether the unlocking operation is successful or not can be judged by comparing the unlocking password encryption with the password in the first storage space; or the password of the first storage space is decrypted and compared with the unlocking password to judge whether the unlocking operation is successful.
For example, hash operation is selected for encryption, an unlocking password of the target unit is obtained, the hash operation is performed on the unlocking password to generate a key-hash value, the key-hash value is compared with the key-hash value of the first storage space, and when the key-hash values of the key-hash value and the key-hash value are not equal, unlocking fails; when the key-hash values of the two are equal, unlocking is successful. Since the hash operation is irreversible, i.e. not decryptable, the operation of decrypting the password of the first storage space and then comparing the decrypted password with the unlocking password is not performed.
By adopting the technical scheme, when the password setting is carried out on the target unit of the electronic equipment, the new password of the target unit is obtained and stored in the first storage space and the second storage space; the security level of the second storage space is higher than that of the first storage space, and the password of the second storage space is not easy to be abnormally replaced or abnormally cleared; when the electronic equipment is in a normal condition, namely the first storage space password is the same as the second storage space password, unlocking operation is executed based on the first storage space password; when the electronic equipment is under the abnormal condition, namely the first storage space password is different from the second storage space password, the first storage space password data can be changed or deleted, the screen locking operation of the electronic equipment is disabled, the privacy of the electronic equipment is further threatened, the first storage space password can be updated by utilizing the second storage space password at the moment, the unlocking operation is further executed, the condition that the screen locking operation is disabled is avoided, and the safety of the electronic equipment is improved.
Fig. 3 is a second flow chart of the method for managing the password of the electronic device in the embodiment of the present application, and as shown in fig. 3, the method may further include:
step 301: when password setting is carried out on a target unit of electronic equipment, a new password of the target unit is obtained, and the new password is stored in a first storage space and a second storage space; wherein the security level of the second storage space is higher than the security level of the first storage space;
step 302: when the first operation is detected, judging whether a clearing zone bit of the second storage space is valid; if the clear flag is valid, go to step 303; if the clear flag is not valid, go to step 304;
in practical applications, the first operation may include multiple types, and multiple types of the first operation may correspond to the same clear flag or different clear flags.
Illustratively, the first operation may be: the method comprises the following steps of starting up operation, flashing operation or factory setting restoration operation of the electronic equipment. When multiple first operations correspond to the same clearing zone bit, the electronic equipment detects whether the clearing zone bit in the RPMB file is valid while detecting the first operations, and if the clearing zone bit is valid, step 303 is executed; if the clear flag is not valid, go to step 304. When the multiple first operations correspond to different clearing zone bits respectively, the electronic device first detects which kind of first operation is, detects whether the clearing zone bit in the corresponding RPMB file is valid or not according to the type of the first operation, and if the clearing zone bit is valid, executes step 303; if the clear flag is not valid, go to step 304.
Step 303: clearing the password of the second storage space, and meanwhile, setting the clearing mark position as invalid;
illustratively, the password stored in the RPMB file and/data/system/gateway key. And meanwhile, the clearing flag position is invalid, so that the electronic equipment enters a normal unlocking flow when the electronic equipment detects the unlocking operation again.
Step 304: without clearing the password of the second storage space, then execute step 305;
illustratively, the password stored in the RPMB file is not cleared, the condition that the screen locking operation is invalid is avoided, and the safety of the electronic equipment is improved. Step 305 is then performed.
Step 305: when the unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space; if the passwords are not the same, go to step 306; if the password is the same, go to step 307;
step 306: updating the password of the first storage space based on the password of the second storage space, and then executing unlocking operation based on the updated password of the first storage space;
step 307: and executing unlocking operation based on the password of the first storage space.
The embodiment of the present application specifically provides a password management operation flow when the first operation is a power-on operation or factory reset is restored, and fig. 4 is a third flow diagram of a method for password management of an electronic device in the embodiment of the present application, where a clear flag corresponding to the power-on operation is an Nvram flag, and a clear flag corresponding to the factory reset is a Misc flag. As shown in fig. 4, the method includes:
step 401: judging whether a key value is written in the RPMB file; if so, go to step 402; if not, go to step 413;
step 402: judging whether the flag bit of the Nvram flag is 1; if so, go to step 403; if yes, go to step 404;
here, the Nvram flag bit is 1, and the clear flag bit is valid, and is 0, and is invalid.
Step 403: determining that the screen refreshing operation is performed before starting, and deleting RPMB screen locking data, and meanwhile, marking the position 0 with an Nvram flag;
step 404: judging whether the Misc flag bit is 1 or not; if so, go to step 405; if yes, go to step 406;
step 405: determining that RPMB screen locking data needs to be deleted after factory setting restoration operation is carried out before starting, and marking the position 0 with a Miscflag;
step 406: judging whether a key-hash in the RPMB exists; if yes, go to step 408; if not, go to step 407;
step 407: judging whether a gateway.xxx.key in the mobile phone exists and is 58 bytes; if yes, go to step 409; if not, go to step 411;
step 408: comparing the key value in the RPMB with the gatekeeper. xxx. key; if so, executing 409; if not, go to step 410;
step 409: entering a normal unlocking flow, and then executing step 412;
exemplarily, the normal unlocking flow refers to performing an unlocking operation based on a password stored in a/data/system/gatekeeper. xxx.key file; when the obtained unlocking password of the target unit is the same as the password stored in the/data/system/gateway key. And when the obtained unlocking password of the target unit is different from the password stored in the/data/system/gateway key.
Step 410: copying a key-hash value of the RPMB to cover a gatekeeper. xxx. key, and then executing the step 409;
step 411: if there is no screen lock, then go to step 412;
step 412: and (6) ending.
Fig. 5 is a functional block diagram of software according to an embodiment of the present application. As shown in fig. 5, the solution described in this application is implemented based on the fact that the currently valid screen locking password is securely stored in an EMMC secure storage area controlled by a TEE secure execution environment, for example, in an RPMB file, the screen locking password stored in the RPMB is applied in the following three scenarios:
(1) the electronic equipment is in a factory reset state, and factory reset is realized through the following three ways: the method is realized through a menu item of 'factory setting recovery' in the electronic equipment setting; sending an instruction for clearing screen locking data to the electronic equipment in a mode of issuing the instruction by network cloud control, namely in a mode of network account, and forcibly entering a factory recovery flow after the electronic equipment receives the instruction; and forcibly restoring factory settings through a hardware combination key screen locking key and a volume key. After the three modes are executed, the Misc flag mark position 1 is restored to factory settings, the writing state processing, RPMB numerical value processing and Misc flag state processing of keys in the RPMB are judged, an Android interface Language (AIDL) is adopted in a program, the bottom layer realizes remote service cross-process instant communication through a Binder (cross-process communication mechanism), and passwords are stored in the RPMB through a series of reading/writing operations.
(2) When the screen locking password is updated, judging key writing state processing in the RPMB and updating data in the RPMB;
(3) the electronic equipment is in a flashing operation state, flashing operation is completed in four modes of a formatting mode, a software upgrading mode, a downloading mode, a data clearing mode or a downloading mode and no data clearing mode, the position 1 of an Nvarm flag is marked in the first three modes, and the default of the Nvarm flag bit in the fourth mode is 0. And setting the Nvarm flag bit to complete the flashing operation. Judging the writing state processing, RPMB numerical value processing and Nvarm flag state processing of keys in the RPMB, wherein an Android Interface Language (AIDL) is adopted in a program, a bottom layer realizes remote service cross-process instant communication through a Binder (cross-process communication mechanism), and a password is stored in the RPMB through a series of read/write operations.
Specifically, based on the software functional block diagram shown in fig. 5, a password management flow for factory reset is specifically shown in the embodiment of the present application, and fig. 6 is a schematic view of the password management flow for factory reset in the embodiment of the present application, as shown in fig. 6:
step 601: restoring factory settings; a factory reset operation is executed through step 602, step 603 or step 604 respectively;
step 602: factory setting restoration operation is performed through a factory setting restoration menu, and then step 605 is performed;
step 603: restoring factory setting operation in a mode of issuing an instruction under network cloud control, and then executing step 605;
step 604: forcibly restoring factory setting operation through a screen locking key and a volume key, and then executing step 605;
step 605: entering a recovery system to delete the user data;
step 606: marking the Misc flag at position 1;
step 607: the electronic equipment carries out restarting operation;
step 608: judging whether the Misc flag bit is 1 or not; if so, go to step 609; if not, go to step 610;
step 609: deleting gatekeeper data in the RPMB and data in/data/system/gatekeeper. xxx. key, and then executing step 610;
step 610: and (6) ending.
Exemplarily, a data storage partition Misc below a user partition/data/system/gateway, xxx, key does not clear data in the Misg partition when a conventional process of factory setting is restored, so that a flag indicating whether to clear the lock screen data can be written to the Misg partition when the factory setting of the electronic device is restored, and whether to process the lock screen data can be determined according to the flag value when the factory setting is restored and the electronic device is restarted. The clear flag Misc flag is default 0, when screen locking data is needed, the clear flag Misc flag is set 0, namely the password data in the RPMB file and/data/system/gateway. When the screen locking data is not needed, clearing the flag bit Misc flag to be 1, namely clearing the password data in the RPMB file and/data/system/gatekeeper.
Specifically, based on the software functional block diagram shown in fig. 5, a password management flow for the flush operation is specifically shown in the embodiment of the present application, and fig. 7 is a schematic view of the password management flow during the flush operation in the embodiment of the present application, as shown in fig. 7:
step 701: starting a machine refreshing operation; performing a flashing operation through step 702, step 703, step 704 or step 705 respectively;
step 702: the flashing operation is carried out in a formatting mode, and then step 706 is executed;
step 703: performing a flashing operation in a software upgrading mode, and then executing step 706;
step 704: the data partition is cleared for flashing operation in a downloading mode, and then step 706 is executed;
step 705: performing a flashing operation in a downloading mode without cleaning the data partitions, and setting the position 0 of an Nvram flag mark at the moment;
step 706: marking the position 1 of an Nvram flag;
step 707: the electronic equipment carries out starting operation;
step 708: judging whether the flag bit of the Nvram flag is 1; if yes, go to step 709; if not, go to step 710;
step 709: deleting the data in the RPMB and the data in the/data/system/gateway keeper. xxx. key, and then executing step 710;
step 710: and (6) ending.
Illustratively, the flashing operation comprises normal flashing and abnormal flashing, the default setting of the flag bit Nvram flag is 0, the user experience effect is considered during the normal flashing operation, and the password data in the RPMB file and/data/system/gateway. When the electronic device is in abnormal flashing operation, the password data in the RPMB file and/data/system/gateway, xxx, key file may not be cleared according to the clear flag bit Nvram flag set to 0, and an unlocking operation flow must be entered, and a specific unlocking operation flow refers to fig. 4, which is not described again here.
By adopting the technical scheme, when the password setting is carried out on the target unit of the electronic equipment, the new password of the target unit is obtained and stored in the first storage space and the second storage space; the security level of the second storage space is higher than that of the first storage space, and the password of the second storage space is not easy to be abnormally replaced or abnormally cleared; when the electronic equipment is in a normal condition, namely the first storage space password is the same as the second storage space password, unlocking operation is executed based on the first storage space password; when the electronic equipment is under the abnormal condition, namely the first storage space password is different from the second storage space password, the first storage space password data can be changed or deleted, the screen locking operation of the electronic equipment is disabled, the privacy of the electronic equipment is further threatened, the first storage space password can be updated by utilizing the second storage space password at the moment, the unlocking operation is further executed, the condition that the screen locking operation is disabled is avoided, and the safety of the electronic equipment is improved.
An embodiment of the present application further provides a password management apparatus, and as shown in fig. 8, the apparatus includes:
the storage unit 801 is used for acquiring a new password of a target unit of the electronic device when password setting is performed on the target unit, and storing the new password in a first storage space and a second storage space; wherein the security level of the second storage space is higher than the security level of the first storage space;
a comparing unit 802, configured to compare whether the password of the first storage space is the same as the password of the second storage space when an unlocking operation is detected;
an execution unit 803, configured to execute an unlocking operation based on the password of the first storage space when the password of the first storage space is the same as the password of the second storage space;
the execution unit 803 is further configured to, when the password of the first storage space is different from the password of the second storage space, update the password of the first storage space based on the password of the second storage space, and then execute an unlocking operation based on the updated password of the first storage space.
In some embodiments, the storage unit 801, specifically configured to store the new password in the first storage space and the second storage space, includes: acquiring an old password stored in the second storage space; and when the old password stored in the second storage space is different from the new password, updating the old password in the second storage space and the old password in the first storage space by using the new password.
In some embodiments, the storing unit 801 is specifically further configured to store the new password in the first storage space and the second storage space, including: encrypting the new password by using a preset encryption algorithm; and storing the encrypted new password in the first storage space and the second storage space.
In some embodiments, the comparing unit 802 is specifically configured to, when the unlocking operation is detected, compare whether the password of the first storage space is the same as the password of the second storage space, where the comparing includes: when the unlocking operation is detected, whether a password is stored in the second storage space is detected; when the password is stored in the second storage space, comparing whether the password of the first storage space is the same as the password of the second storage space; the method further comprises the following steps: and when the password is not stored in the second storage space and the password is stored in the first storage space, the unlocking operation is executed based on the password in the first storage space.
In some embodiments, the executing unit 803, specifically configured to execute the unlocking operation based on the password of the first storage space, includes: acquiring an unlocking password for the target unit; when the unlocking password is different from the password of the first storage space, unlocking fails; and when the unlocking password is the same as the password of the first storage space, the unlocking is successful.
In some embodiments, when the first operation is detected, determining whether a clear flag of the second storage space is valid; if the clearing flag bit is valid, clearing the password of the second storage space, and meanwhile, setting the clearing flag bit to be invalid; and if the clearing mark is invalid, the password of the second storage space is not cleared. The first operation includes: the method comprises the following steps of starting up operation, flashing operation or factory setting restoration operation of the electronic equipment.
An embodiment of the present application further provides an electronic device, as shown in fig. 9, where the electronic device includes: a processor 901 and a memory 902 configured to store a computer program capable of running on the processor; the processor 901 realizes the following steps when running the computer program in the memory 902:
when password setting is carried out on a target unit of electronic equipment, a new password of the target unit is obtained, and the new password is stored in a first storage space and a second storage space; wherein the security level of the second storage space is higher than the security level of the first storage space;
when the unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space;
if the password is the same, unlocking operation is executed based on the password of the first storage space;
and if not, updating the password of the first storage space based on the password of the second storage space, and then executing unlocking operation based on the updated password of the first storage space.
In some embodiments, the processor 901, when running the computer program in the memory 902, implements the following steps: the storing the new password in a first storage space and a second storage space includes: acquiring an old password stored in the second storage space; and when the old password stored in the second storage space is different from the new password, updating the old password in the second storage space and the old password in the first storage space by using the new password.
In some embodiments, the processor 901, when running the computer program in the memory 902, implements the following steps: the storing the new password in a first storage space and a second storage space includes: encrypting the new password by using a preset encryption algorithm; and storing the encrypted new password in the first storage space and the second storage space.
In some embodiments, the processor 901, when running the computer program in the memory 902, implements the following steps: when the unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space, including: when the unlocking operation is detected, whether a password is stored in the second storage space is detected; when the password is stored in the second storage space, comparing whether the password of the first storage space is the same as the password of the second storage space; the method further comprises the following steps: and when the password is not stored in the second storage space and the password is stored in the first storage space, the unlocking operation is executed based on the password in the first storage space.
In some embodiments, the processor 901, when running the computer program in the memory 902, implements the following steps: the unlocking operation is executed based on the password of the first storage space, and comprises the following steps: acquiring an unlocking password for the target unit; when the unlocking password is different from the password of the first storage space, unlocking fails; and when the unlocking password is the same as the password of the first storage space, the unlocking is successful.
In some embodiments, when the first operation is detected, determining whether a clear flag of the second storage space is valid; if the clearing flag bit is valid, clearing the password of the second storage space, and meanwhile, setting the clearing flag bit to be invalid; and if the clearing mark is invalid, the password of the second storage space is not cleared. The first operation includes: the method comprises the following steps of starting up operation, flashing operation or factory setting restoration operation of the electronic equipment.
Of course, in actual practice, the various components of the electronic device are coupled together by a bus system 903, as shown in FIG. 9. It is understood that the bus system 903 is used to enable communications among the components. The bus system 903 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as the bus system 903 in FIG. 9.
In practical applications, the processor may be at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a controller, a microcontroller, and a microprocessor. It is understood that the electronic devices for implementing the above processor functions may be other devices, and the embodiments of the present application are not limited in particular.
The Memory may be a volatile Memory (volatile Memory), such as a Random-Access Memory (RAM); or a non-volatile Memory (non-volatile Memory), such as a Read-Only Memory (ROM), a flash Memory (flash Memory), a Hard Disk (HDD), or a Solid-State Drive (SSD); or a combination of the above types of memories and provides instructions and data to the processor.
By adopting the technical scheme, when the password setting is carried out on the target unit of the electronic equipment, the new password of the target unit is obtained and stored in the first storage space and the second storage space; the security level of the second storage space is higher than that of the first storage space, and the password of the second storage space is not easy to be abnormally replaced or abnormally cleared; when the electronic equipment is in a normal condition, namely the first storage space password is the same as the second storage space password, unlocking operation is executed based on the first storage space password; when the electronic equipment is under the abnormal condition, namely the first storage space password is different from the second storage space password, the first storage space password data can be changed or deleted, the screen locking operation of the electronic equipment is disabled, the privacy of the electronic equipment is further threatened, the first storage space password can be updated by utilizing the second storage space password at the moment, the unlocking operation is further executed, the condition that the screen locking operation is disabled is avoided, and the safety of the electronic equipment is improved.
The embodiment of the application also provides a computer readable storage medium for storing the computer program.
Optionally, the computer-readable storage medium may be applied to any electronic device in the embodiments of the present application, and the computer program enables a computer to execute corresponding processes implemented by a processor in the methods in the embodiments of the present application, which are not described herein again for brevity.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit. Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments.
Features disclosed in several of the product embodiments provided in the present application may be combined in any combination to yield new product embodiments without conflict.
The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A method for password management, the method comprising:
when password setting is carried out on a target unit of electronic equipment, a new password of the target unit is obtained, and the new password is stored in a first storage space and a second storage space; wherein the security level of the second storage space is higher than the security level of the first storage space;
when the unlocking operation is detected, comparing whether the password of the first storage space is the same as the password of the second storage space;
if the password is the same, unlocking operation is executed based on the password of the first storage space;
and if not, updating the password of the first storage space based on the password of the second storage space, and then executing unlocking operation based on the updated password of the first storage space.
2. The method of claim 1, wherein storing the new password in the first memory space and the second memory space comprises:
acquiring an old password stored in the second storage space;
and when the old password stored in the second storage space is different from the new password, updating the old password in the second storage space and the old password in the first storage space by using the new password.
3. The method of claim 1, wherein storing the new password in the first memory space and the second memory space comprises:
encrypting the new password by using a preset encryption algorithm;
and storing the encrypted new password in the first storage space and the second storage space.
4. The method of claim 1, wherein comparing whether the password of the first storage space is the same as the password of the second storage space when the unlocking operation is detected comprises:
when the unlocking operation is detected, whether a password is stored in the second storage space is detected;
when the password is stored in the second storage space, comparing whether the password of the first storage space is the same as the password of the second storage space;
the method further comprises the following steps:
and when the password is not stored in the second storage space and the password is stored in the first storage space, the unlocking operation is executed based on the password in the first storage space.
5. The method according to any one of claims 1 to 4, wherein the performing an unlocking operation based on the password of the first storage space comprises:
acquiring an unlocking password for the target unit;
when the unlocking password is different from the password of the first storage space, unlocking fails;
and when the unlocking password is the same as the password of the first storage space, the unlocking is successful.
6. The method according to any one of claims 1-4, further comprising:
when the first operation is detected, judging whether a clearing zone bit of the second storage space is valid;
if the clearing flag bit is valid, clearing the password of the second storage space, and meanwhile, setting the clearing flag bit to be invalid;
and if the clearing mark is invalid, the password of the second storage space is not cleared.
7. The method of claim 6, wherein the first operation comprises: the method comprises the following steps of starting up operation, flashing operation or factory setting restoration operation of the electronic equipment.
8. A password management apparatus, characterized in that the apparatus comprises:
the electronic equipment comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is used for acquiring a new password of a target unit when password setting is carried out on the target unit of the electronic equipment, and storing the new password in a first storage space and a second storage space; wherein the security level of the second storage space is higher than the security level of the first storage space;
the comparison unit is used for comparing whether the password of the first storage space is the same as the password of the second storage space when the unlocking operation is detected;
the execution unit is used for executing unlocking operation based on the password of the first storage space when the password of the first storage space is the same as the password of the second storage space;
the execution unit is further used for updating the password of the first storage space based on the password of the second storage space when the password of the first storage space is different from the password of the second storage space, and then executing unlocking operation based on the updated password of the first storage space.
9. An electronic device, the electronic device comprising: a processor and a memory configured to store a computer program capable of running on the processor,
wherein the processor is configured to perform the steps of the method of any one of claims 1 to 7 when running the computer program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN201910894332.1A 2019-09-20 2019-09-20 Electronic equipment password management method, device, equipment and storage medium Pending CN110727940A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910894332.1A CN110727940A (en) 2019-09-20 2019-09-20 Electronic equipment password management method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910894332.1A CN110727940A (en) 2019-09-20 2019-09-20 Electronic equipment password management method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN110727940A true CN110727940A (en) 2020-01-24

Family

ID=69219323

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910894332.1A Pending CN110727940A (en) 2019-09-20 2019-09-20 Electronic equipment password management method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110727940A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117668936A (en) * 2024-01-31 2024-03-08 荣耀终端有限公司 Data processing method and related device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970414A (en) * 2012-10-30 2013-03-13 广东欧珀移动通信有限公司 Cell phone password protection method based on Android system
CN104182667A (en) * 2014-08-26 2014-12-03 广东欧珀移动通信有限公司 Screen lock based data protection method and device
CN105681032A (en) * 2016-01-08 2016-06-15 腾讯科技(深圳)有限公司 Key storage method and device as well as key management method and device
CN106021027A (en) * 2016-05-24 2016-10-12 广东欧珀移动通信有限公司 Terminal data processing method and system
CN109064596A (en) * 2018-07-25 2018-12-21 云丁智能科技(北京)有限公司 Cipher management method, device and electronic equipment
CN110971741A (en) * 2018-09-29 2020-04-07 深圳市诚壹科技有限公司 Management method and management device for screen locking password and terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970414A (en) * 2012-10-30 2013-03-13 广东欧珀移动通信有限公司 Cell phone password protection method based on Android system
CN104182667A (en) * 2014-08-26 2014-12-03 广东欧珀移动通信有限公司 Screen lock based data protection method and device
CN105681032A (en) * 2016-01-08 2016-06-15 腾讯科技(深圳)有限公司 Key storage method and device as well as key management method and device
CN106021027A (en) * 2016-05-24 2016-10-12 广东欧珀移动通信有限公司 Terminal data processing method and system
CN109064596A (en) * 2018-07-25 2018-12-21 云丁智能科技(北京)有限公司 Cipher management method, device and electronic equipment
CN110971741A (en) * 2018-09-29 2020-04-07 深圳市诚壹科技有限公司 Management method and management device for screen locking password and terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117668936A (en) * 2024-01-31 2024-03-08 荣耀终端有限公司 Data processing method and related device

Similar Documents

Publication Publication Date Title
US10049215B2 (en) Apparatus and method for preventing access by malware to locally backed up data
KR101699998B1 (en) Secure storage of temporary secrets
JP6595822B2 (en) Information processing apparatus and control method thereof
KR101852724B1 (en) Computer programs, secret management methods and systems
US7925879B2 (en) Information processing unit with information division recording function
US20020157010A1 (en) Secure system and method for updating a protected partition of a hard drive
CN111819561B (en) Integrated circuit data protection
JP5020857B2 (en) Computer system and terminal
US20100058073A1 (en) Storage system, controller, and data protection method thereof
US20030140238A1 (en) Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
EP3525127B1 (en) System for blocking phishing or ransomware attack
WO2011066331A2 (en) Approaches for a location aware client
US20070250547A1 (en) Log Preservation Method, and Program and System Thereof
EP2835997B1 (en) Cell phone data encryption method and decryption method
WO2014167721A1 (en) Data erasing device, data erasing method, program, and storage medium
CN107066298B (en) Method and device for running application program without traces
CN113672878A (en) System and method for preventing rollback attack
CN113626803A (en) BMC firmware protection method, system and device and readable storage medium
US8683088B2 (en) Peripheral device data integrity
CN110727940A (en) Electronic equipment password management method, device, equipment and storage medium
CN112613011A (en) USB flash disk system authentication method and device, electronic equipment and storage medium
KR20190033930A (en) Electronic device for encrypting security information and method for controlling thereof
US11231988B1 (en) Systems and methods for secure deletion of information on self correcting secure computer systems
CN111008389B (en) Data processing method and device based on file system in satellite
CN112800492A (en) Control method and device for decrypting disk data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination