CN114117367A

CN114117367A - Data protection method and electronic equipment

Info

Publication number: CN114117367A
Application number: CN202010890450.8A
Authority: CN
Inventors: 陆琦玮; 张大成; 李侃
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-08-29
Filing date: 2020-08-29
Publication date: 2022-03-01

Abstract

A data protection method and an electronic device are provided. In the method, when the screen locking states of all electronic equipment in an equipment group are locking states, the first electronic equipment sets protected data in the first electronic equipment as unavailable; when the screen locking state of any electronic device in the device group is the unlocking state, the first electronic device sets the protected data in the first electronic device to be available. By implementing the technical scheme provided by the application, the normal use of the protected data under the distributed cooperative scene is realized under the condition of carrying out safety protection on the data.

Description

Data protection method and electronic equipment

Technical Field

The present application relates to the field of terminal and communication technologies, and in particular, to a data protection method and an electronic device.

Background

In the field of protection of sensitive data, in order to prevent an unauthorized user from obtaining contents in an electronic device through physical attack on the electronic device (for example, directly reading data in a flash memory) after the electronic device is lost, user data leakage is caused. Therefore, the industry provides a data encryption protection mode for a user file system: file Based Encryption (FBE).

Currently, the mainstream FBE implementation is: whether the local sensitive data can be used or not is bound with the property state whether the local machine locks the screen or not, and the key for encrypting and protecting the sensitive data is discarded/loaded after the device locks/unlocks the screen. And the data is unavailable under the condition of locking the screen, and the data is available after unlocking.

However, with the continuous development of the communication industry, the computer network realizes the distributed collaboration among a plurality of electronic devices, the requirement for file protection in the distributed collaboration scene increases day by day, and users need to protect data in the distributed collaboration scene, and also need to improve the utilization rate of files, and use the protected data to complete business collaboration.

Whether the local sensitive data are available and whether the local electronic device locks the screen are bound in the attribute state, and the data are unavailable after the electronic device locks the screen, so that other electronic devices cannot use the protected data in a distributed collaborative scene. When other electronic equipment accesses the protected data in the electronic equipment in a cross-equipment mode, if the electronic equipment is in an unlocking state, the protected data can be normally used in a cooperative mode; however, if the electronic device is in the screen locking state, the protected data is unavailable, so that cross-device cooperation of the data cannot be realized, and normal operation of the cooperative service is affected.

Disclosure of Invention

The application provides a data protection method and electronic equipment, which can realize normal use of protected data in a distributed collaborative scene under the condition of carrying out safety protection on the data.

In a first aspect, the present application provides a data protection method, including: when the screen locking states of all electronic equipment in the equipment group are determined to be the locking states, the first electronic equipment sets first data as unavailable, and the first data are protected data in the first electronic equipment; when the screen locking state of any electronic equipment in the equipment group is determined to be the unlocking state, the first electronic equipment sets the first data to be available.

In the above embodiment, whether the protected first data in each electronic device in the device group is available is associated with the screen locking states of all the electronic devices. When the screen locking states of all the electronic devices are the locking states, the first data are unavailable, and the first data are protected. As long as the screen locking state of any electronic device is the unlocking state, the electronic device can set the first data as available, and each electronic device can cooperate to mutually access the protected first data in each electronic device, so that the normal use of the protected data in a distributed cooperation scene is realized under the condition of carrying out safety protection on the data.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: when the first electronic device determines that the screen locking states of all electronic devices recorded in the screen locking information of the devices in the group of the first electronic device are all locking states, the first electronic device determines that the screen locking states of all electronic devices in the device group are all locking states; the corresponding relation between the identification of the electronic equipment in the equipment group and the screen locking state is recorded in the screen locking information of the in-group equipment; when the first electronic device determines that the screen locking state of any electronic device recorded in the screen locking information of the devices in the group is the unlocking state, the first electronic device determines that the screen locking state of any electronic device in the device group is the unlocking state.

In the above embodiment, the screen locking state of each electronic device in the device group is determined according to the information recorded in the screen locking information of the in-group device in the first electronic device, so that the screen locking state determining efficiency of each electronic device is improved.

With reference to some embodiments of the first aspect, in some embodiments, when the screen locking states of all the electronic devices in the determined device group are locked states, the setting, by the first electronic device, of the first data as unavailable specifically includes: when the screen locking state of the virtual terminal is determined to be the locking state, the first electronic equipment sets the first data as unavailable; the screen locking state of the virtual terminal is determined according to the screen locking states of all electronic equipment in the equipment group; when the screen locking state of any electronic device in the device group is determined to be the unlocked state, the first electronic device sets the first data as available, and the method specifically includes: and when the screen locking state of the virtual terminal is determined to be the unlocking state, the first electronic equipment sets the first data to be available.

In the above embodiment, all the electronic devices in the device group can be regarded as a virtual terminal, and the first data is available according to the screen locking state of the virtual terminal, so that the efficiency and accuracy of the judgment are improved.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: when the first electronic device determines that the screen locking states of all electronic devices recorded in the screen locking information of the devices in the group are the locked states, the first electronic device determines that the screen locking state of the virtual terminal is the locked state; when the first electronic device determines that the screen locking state of any electronic device recorded in the screen locking information of the devices in the group is the unlocking state, the first electronic device determines that the screen locking state of the virtual terminal is the unlocking state.

In the above embodiment, a judgment strategy of the screen locking state of the virtual terminal is provided, so that the protected data can be normally used more conveniently and faster under the condition of performing security protection on the data in a distributed collaborative scene.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: and when the screen locking state of the first electronic equipment is the locking state, responding to the unlocking operation of a user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to be the unlocking state by the first electronic equipment.

In the above embodiment, the first electronic device may update the screen locking state of the first electronic device recorded in the screen locking information of the devices in the group according to the user operation, so that the accuracy of the recorded screen locking state of the electronic device is improved.

With reference to some embodiments of the first aspect, in some embodiments, after the step of updating, by the first electronic device, the screen locking state of the first electronic device recorded in the screen locking information of the devices in the group to the unlocked state, the method further includes: the first electronic device updates the screen locking state of the first electronic device into unlocking state information and sends the unlocking state information to a second electronic device, and the second electronic device is any electronic device different from the first electronic device in the device group.

In the foregoing embodiment, after the screen locking state of the first electronic device changes, the screen locking state may be sent to other electronic devices in the device group, so that the other electronic devices update the screen locking state of the first electronic device synchronously.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: and when the screen locking state of the first electronic equipment is the unlocking state, responding to the screen locking operation of a user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to the locking state by the first electronic equipment.

With reference to some embodiments of the first aspect, in some embodiments, after the step of updating, by the first electronic device, the lock screen state of the first electronic device recorded in the lock screen information of the devices in the group to the lock state, the method further includes: the first electronic device updates the screen locking state of the first electronic device to the information of the locking state and sends the information to the second electronic device.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: the first electronic equipment receives information which is sent by third electronic equipment and is used for updating the screen locking state of the third electronic equipment into an unlocking state; the third electronic device is any one electronic device in the device group, which is different from the first electronic device; and the screen locking information of the first electronic equipment in the group updates the screen locking state of the third electronic equipment to be an unlocking state.

In the above embodiment, the first electronic device may receive changes of the screen locking states of other electronic devices, update the screen locking information of the devices in the group in real time, and ensure the accuracy of the screen locking states of the electronic devices recorded.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: the first electronic equipment receives information which is sent by third electronic equipment and is used for updating the screen locking state of the third electronic equipment to be a locking state; and the screen locking information of the first electronic equipment in the group updates the screen locking state of the third electronic equipment to be a locking state.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: when the first electronic device determines that a fourth electronic device is accessed to the device group, or when the first electronic device is accessed to the device group where the fourth electronic device is located, the first electronic device adds an entry for recording the screen locking state of the fourth electronic device in the screen locking information of the device group, and the fourth electronic device is any one of the electronic devices in the device group, which is different from the first electronic device.

In the above embodiment, when other electronic devices are online or access to the device group, the first electronic device may add a record entry in the screen locking information of the devices in the group, so as to ensure that the screen locking states of all the electronic devices in the device group can be recorded.

With reference to some embodiments of the first aspect, in some embodiments, the adding, by the first electronic device, an entry recording a screen locking state of the fourth electronic device in the screen locking information of the set of internal devices specifically includes: and the first electronic equipment adds an initialization item for recording the screen locking state of the fourth electronic equipment in the screen locking information of the equipment in the group, and sets the screen locking state of the fourth electronic equipment to be a locking state in the initialization item.

In the above embodiment, in the initialized entry of the screen locking state of the added electronic device, the screen locking state of the electronic device is defaulted to the locked state, so that the security of the first data is improved.

With reference to some embodiments of the first aspect, in some embodiments, after the step of adding, by the first electronic device, an initialization entry recording a screen locking state of the fourth electronic device in the screen locking information of the devices in the group, the method further includes: the first electronic equipment receives information that the screen locking state of the fourth electronic equipment is an unlocking state and is sent by the fourth electronic equipment; and the first electronic equipment updates the screen locking state of the fourth electronic equipment to the unlocking state according to the screen locking information of the equipment in the group.

In the above embodiment, after the initialization entry is added to the screen locking information of the in-group device, the screen locking state of the electronic device can be updated synchronously, and the accuracy of the screen locking state of the electronic device recorded in the screen locking information of the in-group device is improved.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: when the first electronic device determines that the fifth electronic device exits the device group, the first electronic device deletes the entry recording the screen locking state of the fifth electronic device in the in-group device screen locking information, wherein the fifth electronic device is any one electronic device in the device group, which is different from the first electronic device.

In the above embodiment, if the electronic device is offline, the entry corresponding to the electronic device is deleted from the screen locking information of the in-group device, so that the requirement of the screen locking information of the in-group device on the storage space is reduced, and the efficiency of searching data in the screen locking information of the in-group device is improved.

In combination with some embodiments of the first aspect, in some embodiments, the method further comprises: when the first electronic device exits the device group, the first electronic device deletes all items recording the screen locking states of other electronic devices in the device group in the screen locking information of the devices in the group.

In the above embodiment, the electronic device deletes all items recording the screen locking states of other electronic devices in the screen locking information of the devices in the group when the electronic device is offline, so that the efficiency of searching data in the screen locking information of the devices in the group is improved, and the accuracy of the data in the screen locking information of the devices in the group is ensured.

With reference to some embodiments of the first aspect, in some embodiments, the setting, by the first electronic device, the first data as unavailable specifically includes: the first electronic device discards the class key, encrypts the first data, and makes the first data unavailable; the class key is used to decrypt the first data; the first electronic device makes the first data available, and specifically includes: the first electronic device loads the type key, decrypts the first data, and makes the first data available.

In the embodiment, the first data is enabled to be available by loading the class key, and the first data is disabled by discarding the class key, so that the security of the data is guaranteed.

With reference to some embodiments of the first aspect, in some embodiments, after the first electronic device makes the first data unavailable, the method further includes: the first electronic device refuses the access of a sixth electronic device to the first data, wherein the sixth electronic device is any electronic device in the device group, which is different from the first electronic device.

In the embodiment, the data cannot be accessed when the data is unavailable, so that the safety of the data is further guaranteed.

With reference to some embodiments of the first aspect, in some embodiments, after the first electronic device makes the first data available, the method further includes: the first electronic device accepts access to the first data by a seventh electronic device, and the seventh electronic device is any one electronic device in the device group, which is different from the first electronic device.

In the embodiment, when the data is available, the data can be accessed by other electronic devices in the device group, so that normal use of the protected data in a distributed collaboration scene is guaranteed.

In a second aspect, an embodiment of the present application provides a first electronic device, including: one or more processors and memory; the memory coupled with the one or more processors, the memory for storing computer program code, the computer program code including computer instructions, the one or more processors invoking the computer instructions to cause the first electronic device to perform: when the screen locking states of all electronic equipment in the equipment group are determined to be the locking states, setting first data as unavailable, wherein the first data are protected data in the first electronic equipment; and when the screen locking state of any electronic equipment in the equipment group is determined to be the unlocking state, the first data is set to be available.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: when the screen locking states of all the electronic devices recorded in the screen locking information of the devices in the group of the first electronic device are determined to be the locking states, determining that the screen locking states of all the electronic devices in the device group are the locking states; the corresponding relation between the identification of the electronic equipment in the equipment group and the screen locking state is recorded in the screen locking information of the in-group equipment; and when the screen locking state of any electronic equipment recorded in the screen locking information of the equipment in the group is determined to be the unlocking state, determining that the screen locking state of any electronic equipment in the equipment group is the unlocking state.

With reference to some embodiments of the second aspect, in some embodiments, the one or more processors are specifically configured to invoke the computer instructions to cause the first electronic device to perform: when the screen locking state of the virtual terminal is determined to be the locking state, setting the first data as unavailable; the screen locking state of the virtual terminal is determined according to the screen locking states of all electronic equipment in the equipment group; and when the screen locking state of the virtual terminal is determined to be the unlocking state, the first data is set to be available.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: when the screen locking states of all the electronic equipment recorded in the screen locking information of the equipment in the group are determined to be the locking states, determining that the screen locking state of the virtual terminal is the locking state; and when the screen locking state of any electronic equipment recorded in the screen locking information of the equipment in the group is determined to be the unlocking state, determining that the screen locking state of the virtual terminal is the unlocking state.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and when the screen locking state of the first electronic equipment is the locking state, responding to the unlocking operation of the user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to be the unlocking state.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and updating the screen locking state of the first electronic equipment into unlocking state information, and sending the unlocking state information to second electronic equipment, wherein the second electronic equipment is any one of the electronic equipment in the equipment group different from the first electronic equipment.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and when the screen locking state of the first electronic equipment is the unlocking state, responding to the screen locking operation of the user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to be the locking state.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and updating the screen locking state of the first electronic equipment into the information of the locking state, and sending the information to the second electronic equipment.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: receiving information which is sent by the third electronic equipment and is updated to be in an unlocked state by the third electronic equipment; the third electronic device is any one electronic device in the device group, which is different from the first electronic device; and updating the screen locking state of the third electronic equipment into an unlocking state in the screen locking information of the equipment in the group.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: receiving information that the screen locking state of the third electronic equipment is updated to a locking state and sent by the third electronic equipment; and updating the screen locking state of the third electronic equipment into a locking state in the screen locking information of the equipment in the group.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: when it is determined that the fourth electronic device is accessed to the device group or the device group where the fourth electronic device is located, an entry recording the screen locking state of the fourth electronic device is added to the screen locking information of the device in the group, wherein the fourth electronic device is any one of the electronic devices in the device group, which is different from the first electronic device.

With reference to some embodiments of the second aspect, in some embodiments, the one or more processors are specifically configured to invoke the computer instructions to cause the first electronic device to perform: and adding an initialization item for recording the screen locking state of the fourth electronic device in the screen locking information of the devices in the group, and setting the screen locking state of the fourth electronic device to be a locking state in the initialization item.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: receiving information that the screen locking state of the fourth electronic equipment is an unlocking state and sent by the fourth electronic equipment; and updating the screen locking state of the fourth electronic equipment in the screen locking information of the equipment in the group to be an unlocking state.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and when determining that the fifth electronic device exits the device group, deleting the entry recording the screen locking state of the fifth electronic device in the in-group device screen locking information, wherein the fifth electronic device is any electronic device in the device group, which is different from the first electronic device.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and when the device group exits, deleting all items recording the screen locking states of other electronic devices in the device group in the screen locking information of the devices in the group.

With reference to some embodiments of the second aspect, in some embodiments, the one or more processors are specifically configured to invoke the computer instructions to cause the first electronic device to perform: when the screen locking states of all electronic equipment in the equipment group are determined to be the locking states, discarding the class key, and encrypting the first data to make the first data unavailable; the class key is used to decrypt the first data; and when the screen locking state of any electronic equipment in the equipment group is determined to be the unlocking state, the type key is loaded, and the first data is decrypted so that the first data can be used.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and when the first data is unavailable, rejecting the access of sixth electronic equipment to the first data, wherein the sixth electronic equipment is any electronic equipment which is different from the first electronic equipment in the equipment group.

In some embodiments combined with some embodiments of the second aspect, the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform: and when the first data is available, receiving access to the first data by seventh electronic equipment, wherein the seventh electronic equipment is any electronic equipment in the equipment group, which is different from the first electronic equipment.

In some embodiments, the third electronic device, the fourth electronic device, the fifth electronic device, the sixth electronic device, the seventh electronic device, and the second electronic device may be the same electronic device or different electronic devices, and are not limited herein.

In a third aspect, an embodiment of the present application provides a chip system, where the chip system is applied to a first electronic device, and the chip system includes one or more processors, and the processor is configured to invoke a computer instruction to cause the first electronic device to perform a method as described in the first aspect and any possible implementation manner of the first aspect.

In a fourth aspect, an embodiment of the present application provides a computer program product including instructions, which, when run on a first electronic device, causes the first electronic device to perform the method described in the first aspect and any possible implementation manner of the first aspect.

In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium, which includes instructions that, when executed on a first electronic device, cause the first electronic device to perform a method as described in the first aspect and any possible implementation manner of the first aspect.

It is understood that the first electronic device provided by the second aspect, the chip system provided by the third aspect, the computer program product provided by the fourth aspect, and the computer storage medium provided by the fifth aspect are all used to execute the method provided by the embodiments of the present application. Therefore, the beneficial effects achieved by the method can refer to the beneficial effects in the corresponding method, and are not described herein again.

Drawings

FIG. 1 is a schematic diagram of an exemplary user interface for a lock screen status in an embodiment of the present application;

FIG. 2 is a diagram of an exemplary scenario for grouping devices in an embodiment of the present application;

fig. 3 is a schematic diagram of an exemplary scenario in which locking/unlocking and up/down line of electronic devices in a device group affect a state of a virtual terminal in the embodiment of the present application;

FIG. 4 is a diagram of a scenario of a data protection method in the prior art;

FIG. 5 is a diagram illustrating an exemplary scenario of a data protection method according to an embodiment of the present application;

FIG. 6 is a set of exemplary user interfaces for an electronic device to enable multi-device collaboration functionality in an embodiment of the present application;

7-12 are a set of exemplary user interfaces for data collaboration by an electronic device in embodiments of the present application;

fig. 13 is an exemplary structural diagram of an electronic device 100 provided in an embodiment of the present application;

fig. 14 is a block diagram of an exemplary software structure of the electronic device 100 provided in an embodiment of the present application;

FIG. 15 is a schematic diagram of an exemplary information flow in an embodiment of the present application;

fig. 16 is a schematic signaling interaction diagram of a data protection method in an embodiment of the present application;

fig. 17 is a schematic signaling interaction diagram of a data protection method in an embodiment of the present application;

fig. 18 is another signaling interaction diagram of the data protection method in the embodiment of the present application;

fig. 19 is another signaling interaction diagram of the data protection method in the embodiment of the present application;

FIG. 20 is a flow chart of dual-computer interaction information in the embodiment of the present application;

fig. 21 is another signaling interaction diagram of the data protection method in the embodiment of the present application;

fig. 22 is a schematic signaling interaction diagram of a data protection method in an embodiment of the present application;

fig. 23 is another dual-computer interaction information flow diagram in the embodiment of the present application;

fig. 24 is another signaling interaction diagram of the data protection method in the embodiment of the present application;

FIG. 25 is a flow chart illustrating a data protection method according to an embodiment of the present application;

fig. 26 is another schematic flow chart of the data protection method in the embodiment of the present application.

Detailed Description

The terminology used in the following embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in the specification of the present application and the appended claims, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the listed items.

In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature, and in the description of embodiments of the application, unless stated otherwise, "plurality" means two or more.

For ease of understanding, the related terms and concepts related to the embodiments of the present application will be described below.

(1) The screen locking state:

in the embodiment of the application, the screen locking state of the electronic device includes a locked state and an unlocked state.

In the locked state, the user can only use part of the functions of the electronic device. The electronic device may display a lock screen interface. Under the condition that the screen locking password is set, the user is required to input the password or unlock the screen through other modes to enter the unlocking state.

In the unlocked state, the user can use all functions of the electronic device.

Illustratively, fig. 1 is a schematic diagram of an exemplary user interface of a lock screen state in an embodiment of the present application.

Fig. 1 (a) shows an exemplary user interface in which the lock screen state of the electronic device is the lock state. As shown in fig. 1 (a), the screen locking state of the electronic device is a locked state. The electronic equipment displays a screen locking interface, and prompts a user to unlock the electronic equipment in the screen locking interface. In this locked state, the user can only use part of the functions of the electronic device. Such as answering a phone call, turning on a flashlight, emergency dialing, etc.

As shown in (b) of fig. 1, in response to an operation of the user unlocking, the electronic device may display an unlocking interface. If the unlocking mode of the electronic equipment is password unlocking, after a user inputs a correct password, the screen locking state of the electronic equipment is changed from the locking state to the unlocking state. The electronic device may display a user interface as shown in (c) of fig. 1.

Fig. 1 (c) shows an exemplary user interface in which the lock screen state of the electronic device is the unlock state. As shown in (c) of fig. 1, the screen-locked state of the electronic device is an unlocked state. The electronic device may display an application installed in the electronic device, and the user may use all functions of the electronic device. Such as opening an application, making function settings, etc.

(2) A device group:

in the embodiment of the application, multiple devices form a device group through network connection, and a distributed collaboration scene is formed. The electronic devices in the device group can perform data protection through the data protection method in the embodiment of the application.

The device group in the embodiment of the present application may be formed in a variety of ways:

in some embodiments, it may be set that a plurality of electronic devices logged in the same network account form the device group;

in some embodiments, a plurality of electronic devices in the same local area network may be configured to form the device group;

in some embodiments, a plurality of electronic devices with the same specific identifier may be set to form the device group;

in some embodiments, the above manners of forming the device group may be combined to obtain the device group.

It is understood that there may be other ways to form a group of devices, which are not limited herein.

Alternatively, in some embodiments, multiple electronic devices within a group of devices may form a trusted communications network. The trusted communications network may fulfill the following requirements:

1. the plurality of electronic devices are mutually authenticated;

there are many possible ways to authenticate, for example, by presetting a trusted authentication certificate, an account number, a device number, and the like, which is not limited herein.

2. After the authentication is completed, a communication session link is established when the plurality of electronic devices communicate with each other, so that the session security can be ensured.

Exemplarily, as shown in fig. 2, an exemplary scenario diagram of forming a device group in the embodiment of the present application is shown. As shown in fig. 2, the device group includes electronic devices such as a mobile phone, a tablet computer, and a computer. The electronic devices are connected through a network to form a device group, a distributed cooperation scene is formed, and data access can be carried out mutually.

(3) First data:

in the embodiment of the application, the first data is sensitive data which needs to be encrypted in the electronic equipment.

In some embodiments, the electronic device may set all stored data as sensitive data to be encrypted.

In some embodiments, the electronic device may set data relating to user privacy as sensitive data to be encrypted.

In some embodiments, the electronic device may set data related to the electronic device security information as sensitive data to be encrypted.

It is understood that the sensitive data to be encrypted in the electronic device may also be configured as a combination of the above data, or other data, and is not limited herein.

For example, mail data, health data, and the like in the electronic device may be set as sensitive data to be encrypted.

For example, a file in a file system of a user of the electronic device may be set as sensitive data to be encrypted.

(4) Encryption and decryption of data in an electronic device:

in the embodiment of the application, the first data is protected by encrypting the first data by using the key in the electronic equipment.

When the first data is encrypted, the first data cannot be accessed, simply referred to as the first data is unavailable.

After the first data is decrypted using the key, the first data may be accessed, referred to as first data available.

Alternatively, the key may be stored in a secure area of the electronic device, or may be stored in a secure chip of the electronic device, which is not limited herein.

It is to be understood that, in the embodiment of the present application, the electronic device has encrypted the first data by default using the key.

When the electronic device needs to decrypt the first data, the electronic device loads a key, and decrypts the first data by using the key, so that the first data is available.

When the electronic device needs to encrypt and protect the first data, the electronic device may discard the memory or the key loaded by the application layer. At this point, the first data is restored to the encrypted state, and the first data is not available.

In this embodiment of the application, the keys for encrypting and decrypting the first data in each electronic device that forms the device group may be collectively referred to as a class key.

(5) The online action and the offline action of the electronic equipment are as follows:

in the embodiment of the application, each electronic device in the device group can determine the online action and the offline action of other electronic devices.

Optionally, the electronic device may determine the online action and the offline action of the other electronic device in multiple ways:

for example, when the electronic device a in the device group is online, the electronic device a may send an online notification to other electronic devices in the device group, and after receiving the online notification, the other electronic devices may determine that the electronic device a has performed an online action. The electronic device a may send an offline notification to other electronic devices in the device group when the electronic device a is offline, and after receiving the offline notification, the other electronic devices may determine that the electronic device a has performed an offline action.

For example, each electronic device in the device group may periodically send a heartbeat detection signal to all other devices in the access device group, and determine an online action and an offline action of the other electronic devices by determining whether responses to the heartbeat detection signal from the other electronic devices are received. When the electronic device a initially receives a response of the electronic device B to the heartbeat detection signal, the electronic device a may determine that the electronic device B has performed an online action; when the electronic device a does not receive the response of the electronic device B to the heartbeat detection signal within a period of time, the electronic device a may determine that the electronic device B has performed the offline action.

For example, each electronic device in the device group may determine an online action and a offline action of the other electronic devices by determining a status of a communication link with the other electronic devices in the access device group. When the electronic device a establishes a communication link with the electronic device B, the electronic device a may determine that the electronic device B has performed an online action; when electronic device a determines that the communication link with electronic device B is disconnected, electronic device a may determine that electronic device B has performed a logout action.

It will be appreciated that there are many other different ways for an electronic device to determine the online and offline actions of other electronic devices in a device group, and are not limited herein.

It should be noted that the electronic device can enter the online state after executing the online action. After the electronic device executes the offline action, the electronic device can enter an offline state.

Optionally, after the electronic device a enters the online state, the electronic device a may be displayed as online on other electronic devices. After the electronic device a enters the offline state, the electronic device a may be displayed offline on other electronic devices.

(6) Virtual terminal:

in this embodiment, a virtual terminal refers to a set of all devices in a device group. And if the electronic equipment is online, the electronic equipment is added into the equipment group, and if the electronic equipment is offline, the electronic equipment is withdrawn from the equipment group and is not in the virtual terminal.

The screen locking state of the virtual terminal also comprises a locking state and an unlocking state:

when the screen locking states of all the electronic devices in the virtual terminal are all the locking states, the screen locking state of the virtual terminal is also the locking state. When the screen locking state of the virtual terminal is the locking state, the first data in all the electronic devices in the virtual terminal are unavailable.

When the screen locking state of one or more electronic devices in the virtual terminal is the unlocking state, the screen locking state of the virtual terminal is the unlocking state. When the screen locking state of the virtual terminal is the unlocking state, the first data in all the electronic devices in the virtual terminal are available.

Fig. 3 is a schematic diagram of an exemplary scenario in which the locking/unlocking and the up/down line of the electronic device in the device group affect the state of the virtual terminal in the embodiment of the present application.

As shown in fig. 3 (a), a device group consisting of an electronic device a and an electronic device B constitutes a distributed collaborative scene, and thus, a virtual terminal of the device group includes the electronic device a and the electronic device B. Since the screen locking states of the electronic device a and the electronic device B are both the locked states, the screen locking state of the virtual terminal of the device group is also the locked state at this time. The first data is not available in both electronic device a and electronic device B. Neither electronic device a nor electronic device B can access the first data stored in the other electronic device in the device group in the distributed collaborative scenario.

As shown in fig. 3 (b), if the electronic device C is online, the electronic device C is added to the device group. Therefore, the virtual terminals of the device group include an electronic device a, an electronic device B, and an electronic device C. Although the lock state of the electronic device a and the lock state of the electronic device B are both the lock state, the lock state of the electronic device C is the unlock state. Therefore, at this time, the lock screen state of the virtual terminal of the device group is changed to the unlock state. The electronic device A and the electronic device B in the device group load the key to decrypt the first data in the electronic device, so that the first data in the electronic device is changed into usable data. At this time, any electronic device in the device group may access the first data stored in any electronic device in the device group in the distributed collaboration scenario.

As shown in fig. 3 (c), if the electronic device B is offline, the device infringement is exited. Therefore, the virtual terminals of the device group include the electronic device a and the electronic device C. Since the screen locking state of the electronic device a is the locked state and the screen locking state of the electronic device C is the unlocked state, the screen locking state of the virtual terminal of the device group is still maintained as the unlocked state. The electronic device a and the electronic device C do not discard the key and make the first data in the electronic device unusable. At this time, the electronic device a or the electronic device C in the device group may continue to access the first data stored in another electronic device in the device group in the distributed collaborative scenario.

(7) Screen locking information of the devices in the group:

in the embodiment of the application, the in-group device screen locking information is used for representing the corresponding relation between the identification of the electronic device in the device group and the screen locking state. The in-group device lock screen information may be stored in a memory of the electronic device.

The identification of the electronic device is used to uniquely identify an electronic device in the group of devices.

Optionally, the identifier of the electronic device may be one or a combination of a device name, a device physical address, a Mobile Equipment Identifier (MEID), an International Mobile Equipment Identifier (IMEI), and the like, which is not limited herein.

Exemplarily, taking an IMEI as an identifier of an electronic device as an example, the following table 1 is an example of screen locking information of devices in the group in the embodiment of the present application:

identification of electronic device	Lock screen state
		IMEI of equipment 1	Locked state
IMEI of device 2	Unlocked state
		IMEI of equipment 3	Unlocked state

TABLE 1

The electronic devices in the device group can determine from the intra-group device screen locking information shown in table 1: the screen locking state of the device 1 is a locking state; the lock screen state of the device 2 and the device 3 is the unlock state.

In some embodiments, the intra-group screen locking information stored in one electronic device may not have information of the screen locking state of the electronic device itself. In some embodiments, an electronic device includes information about its own lock screen status. And is not limited herein.

It is understood that table 1 is merely an exemplary illustration of the screen locking information of the devices in the group, and in practical applications, the screen locking information of the devices in the group may be stored in many other different forms, such as an array, a matrix, a database, and the like, which is not limited herein.

In the distributed collaboration scene in the prior art, whether first data in an electronic device is available is bound with a property state of whether the electronic device locks a screen. And when the screen locking state of the electronic equipment is the locking state, discarding the key for encrypting the first data, so that the first data of the electronic equipment is unavailable. And loading a key for encrypting the first data when the screen locking state of the electronic equipment is the unlocking state, so that the first data of the electronic equipment can be used. When the electronic device is in a locked state, due to the fact that the first data of the electronic device is unavailable, other electronic devices in a distributed collaboration scene cannot read the first data in the electronic device, cross-device collaboration of the data cannot be achieved, and normal operation of collaboration services is affected.

Fig. 4 is a schematic diagram illustrating an exemplary scenario of a data protection method in the prior art.

As shown in (a) and (C) of fig. 4, in a distributed collaboration scene composed of the electronic device a, the electronic device B, the electronic device C, and the electronic device D, the lock screen state of the electronic device a is a lock state. At this time, the key for encrypting the first data in the electronic device a is discarded, and the first data in the electronic device a is protected by encryption and is in an unavailable state. The screen locking state of the electronic device B as the cooperative electronic device of the electronic device a is a locked state, the screen locking state of the electronic device C is a locked state, and the screen locking state of the electronic device D is an unlocked state. Since the first data of the electronic device a is not available, the electronic device B, the electronic device C, and the electronic device D cannot access the first data encrypted and protected in the electronic device a, such as mail data or health data.

As shown in (b) and (c) of fig. 4, the lock screen state of the electronic apparatus a changes to the unlock state. At this time, the electronic device a loads the key to decrypt the encrypted first data, and the first data in the electronic device a is changed to a usable state. Only in this way, the electronic apparatus B, the electronic apparatus C, and the electronic apparatus D as the cooperative apparatuses can access the first data in the electronic apparatus a, such as mail data or health data.

However, in practical application in a distributed collaboration scenario, the screen locking state of the electronic device that needs to access data is in a locked state in most cases, so that a situation that data in the target device cannot be read due to screen locking of the target electronic device often occurs. Therefore, an FBE implementation mode in the prior art cannot be well adapted to a distributed collaboration scene, so that many collaboration services in the distributed collaboration scene cannot normally run.

By adopting the data protection method provided by the embodiment of the application, as long as the screen locking state of any electronic device in the device group forming the distributed collaborative scene is the unlocking state, each electronic device in the device group decrypts the encrypted first data by using the key, so that the first data in the electronic device can be used and can be accessed by other electronic devices in the device group, and the normal operation of the collaborative service in the distributed collaborative scene is ensured. Only when the screen locking states of all the electronic devices in the device group are the locking states, the electronic devices in the device group discard the loaded keys, the first data are restored to the encryption state, and the security protection of the first data can be realized while the normal operation of the collaborative service under the distributed collaborative scene is not influenced.

Fig. 5 is a schematic diagram of an exemplary scenario of a data protection method in the embodiment of the present application.

As shown in (a) in fig. 5, an electronic apparatus a, an electronic apparatus B, and an electronic apparatus C constitute an apparatus group. Although the lock state of the electronic device a and the lock state of the electronic device B are both the lock state, the lock state of the electronic device C is the unlock state. Therefore, in the distributed collaboration scenario formed by the device group, the first data in the electronic device a, the electronic device B, and the electronic device C is decrypted to be in a usable state, for example, the first data may be sensitive data such as mail data or health data. Although the lock screen state of the electronic device a and the electronic device B is the lock state, the electronic device B, and the electronic device C can access the first data with each other.

As shown in (B) of fig. 5, when the lock screen state of the electronic device C is changed to the lock state, the lock screen states of the electronic device a, the electronic device B, and the electronic device C constituting the device group are all the lock states. At this time, the electronic device a, the electronic device B, and the electronic device C all discard the key, so that the first data in the electronic device is restored to the encryption protection state and is unusable. Thereby making it impossible for electronic device a, electronic device B and electronic device C to access the first data from each other.

Therefore, by adopting the data protection method in the embodiment of the application, the normal use of the protected data in the distributed collaborative scene is realized under the condition of carrying out safety protection on the data.

The following describes a data protection method in the embodiment of the present application, taking a set of exemplary User Interfaces (UIs) as an example:

it can be understood that, in some embodiments, if an electronic device needs to form a device group with other electronic devices, and access data with each other in a distributed coordination scenario, the electronic device may start a multi-device coordination function in the device first, and the electronic device may execute the data protection method in the embodiment of the present application. In some embodiments, the electronic device may default to starting the multi-device cooperative function, or the electronic device may execute the data protection method in the embodiment of the present application without starting the multi-device cooperative function, which is not limited herein.

The following takes the example that a user needs to start the multi-device cooperation function of the electronic device, and an exemplary description is made on a relevant user interface:

FIG. 6 is a set of exemplary user interfaces for an electronic device to enable multi-device collaboration functionality in an embodiment of the present application.

The term "user interface" in the description and claims and drawings of the present application is a media interface for interaction and information exchange between an application or operating system and a user that enables conversion between an internal form of information and a form acceptable to the user. A commonly used presentation form of the user interface is a Graphical User Interface (GUI), which refers to a user interface related to computer operations and displayed in a graphical manner. It may be an interface element such as an icon, a window, a control, etc. displayed in the display screen of the electronic device, where the control may include a visual interface element such as an icon, a button, a menu, a tab, a text box, a dialog box, a status bar, a navigation bar, a Widget, etc.

Fig. 6 (a) illustrates an exemplary user interface 61 on an electronic device for exposing applications installed by the electronic device.

The user interface 61 may include: a status bar 601, a calendar indicator 602, a tray 603 with common application icons, and other application icons. Wherein:

the status bar 601 may include: one or more signal strength indicators 601A for mobile communication signals (which may also be referred to as cellular signals), one or more signal strength indicators 601B for wireless fidelity (Wi-Fi) signals, a battery status indicator 601C, and a time indicator 601D.

Calendar indicator 602 may be used to indicate a current time, such as a date, day of week, time division information, and the like.

The tray 603 with the common application icons may show: phone icon 603A, contact icon 603B, short message icon 603C, camera icon 603D.

Other application icons may be, for example: an icon 611 for a mailbox, an icon 612 for a memo, an icon 613 for a gallery, an icon 614 for settings, and the like. The user interface 61 may also include a page indicator 615. Other application icons may be distributed across multiple pages, and page indicator 615 may be used to indicate which page the user is currently browsing for applications in. The user may slide the area of the other application icons from side to browse the application icons in the other pages.

In some embodiments, the user interface 61 shown in (a) of fig. 6 may be a Home screen (Home screen).

In other embodiments, the electronic device may also include a home screen key of the entity. The home screen key may be used to receive a user's instruction to return the currently displayed UI to the home interface, which may facilitate the user to view the home screen at any time. The instruction may be an operation instruction for the user to press the home screen key once, an operation instruction for the user to press the home screen key twice in a short time, or an operation instruction for the user to press the home screen key for a long time. In other embodiments of the present application, the home screen key may also incorporate a fingerprint recognizer for fingerprint acquisition and recognition therewith when the home screen key is pressed.

It is to be understood that (a) in fig. 6 only illustrates the user interface on the electronic device by way of example, and should not be construed as limiting the embodiments of the present application.

In response to a user operation (e.g., a click operation) on the setting icon 614 in the user interface 61 shown in (a) of fig. 6, the electronic device may display the user interface 62 shown in (b) of fig. 6.

The user interface 62 exemplarily shown in (b) of fig. 6 may be provided by a "setup" application. The "setting" application is an application program installed on the electronic device and used for setting various functions of the electronic device, and the name of the application program is not limited in the embodiment of the present application.

As shown in (b) of fig. 6, the user interface 62 may include: a title bar 621, a search bar 622, an area 623 containing one or more setting items.

The title bar 621 may include a current page indicator 621A, which may be used to indicate the current page, e.g., the textual information "settings" may be used to indicate that the current page is used to present one or more settings. Not limited to text information, the current page indicator 722A may also be an icon.

The search bar 622 may include a search indicator 622A, and the search indicator 622A may be used to search for the setting items contained in the current page, for example, if "bluetooth" is input, the "bluetooth" setting item may appear in the current interface, and is not limited to text information, but the search indicator 622A may also be an icon.

Region 623 includes one or more settings items, which may include: user setting items, WIFI setting items, Bluetooth setting items, mobile network setting items, more connection setting items 623A, desktop and wallpaper setting items, display and brightness setting items and the like. The representation of each setting item may include an icon and/or text, which is not limited in this application. Each setting item can be used to listen for an operation (e.g., a touch operation) that triggers display of the setting content of the corresponding setting item, and in response to the operation, the electronic device can open a user interface for displaying the setting content of the corresponding setting item.

In response to a user's operation (e.g., a click operation) on the more connection setting item 623A in the user interface 62 shown in (b) of fig. 6, the electronic apparatus may display the user interface 63 shown in (c) of fig. 6.

As shown in (c) of fig. 6, the user interface 63 is used to present the corresponding contents of more connection management setting items. The user interface 63 may include: title bar 631, more connection management area 632.

The title bar 631 may include: a return key 631A, a current page indicator 631B. The return key 631A is an APP level return key that can be used to return to a level above the menu. The upper page of the user interface 63 may be the user interface 62 as shown in (b) of fig. 6. The current page indicator 631B may be used to indicate a current page, for example, the text information "more connection management" may be used to indicate that the current page is used to show the corresponding content of more connection setting items, not limited to the text information, but the current page indicator 632B may also be an icon.

The more connection management area 632 includes one or more management items that may include: a multi-device cooperation management item 632A, a mobile phone sharing management item, a mobile phone screen-projection management item, a printing management item, a VPN management item, an encryption DNS management item, and the like. The representation of each management item may include an icon and/or text, which is not limited in this application. Each management item can be used for monitoring an operation (such as a touch operation) for triggering the display of the management content of the corresponding management item, and in response to the operation, the electronic equipment can open a user interface for displaying the management content of the corresponding management item.

In response to an operation (for example, a slide operation or a click operation or the like) by the user ON the multi-device cooperation management item in the user interface 63 shown in (c) in fig. 6, the electronic device may change the ON-OFF state of the multi-device cooperation management item 632A from OFF to ON. The electronic device initiates the multi-device cooperation function. The data protection method in the embodiment of the present application may be continuously performed.

With reference to the user interface shown in fig. 6, taking the electronic device with the multi-device cooperation function started and other electronic devices to form a device group, and perform data cooperation as an example, an exemplary description is performed on a related user interface:

fig. 7 to 12 are a set of exemplary user interfaces for data collaboration by an electronic device in an embodiment of the present application.

It should be understood that fig. 7 to 12 are only an exemplary scenario in which the electronic devices forming the device group perform data collaboration, and in practical applications, there may be many other scenarios and related user interfaces for performing data collaboration, as long as the electronic devices forming the device group perform access to the first data, which is not limited herein.

As shown in fig. 7 (a), after the multi-device cooperation function of the electronic device a is turned on, the online status of the electronic device that can form a device group with the electronic device a may be displayed in the user interface 71A of the electronic device a.

For example, when the electronic device a detects that the electronic device B that has logged in the same network account is online, a connection prompt box 701 may be displayed in the user interface 70A, a connection confirmation control 701a may be displayed in the connection prompt box, and the connection confirmation control 701a is used to accept a user operation to confirm whether to form a device group with the electronic device B. Illustratively, the electronic device B may be a tablet computer.

The electronic device a may further display a status prompt box 702 in the user interface 70A after detecting that the smart screen logged into the same network account is in an offline state, where the status prompt box 702 indicates that the smart screen is in the offline state.

The electronic device a may further display a status prompt box 703 in the user interface 70A after detecting that the notebook computer logged in the same network account is in the offline state, where the status prompt box 703 indicates that the notebook computer is in the offline state.

In response to the user clicking the connection confirmation control 701a in the user interface 70A, the electronic device a may form a device group with the electronic device B.

As shown in (B) of fig. 7, a connection prompt box 711 may be displayed in the user interface 71B of the electronic device B, and a connection indicator 711a may be included in the connection prompt box 711, where the connection indicator 711a may be used to indicate that the electronic device B and the electronic device a are being connected to form a device group.

After the electronic device a and the electronic device B form a device group, the electronic device a may display a user interface 80A as shown in fig. 8 (a). The user interface 80A may include a mail icon 801.

The electronic apparatus B may display the user interface 81B as shown in (B) in fig. 8. A mapping screen 811 of the electronic device a may be displayed in the user interface 81B, and the content displayed in the mapping screen 811 may be the same as the user interface 80A of the electronic device a.

In response to the user's operation on the mail icon 801 in the user interface 80A shown in (a) in fig. 8, the electronic apparatus a may display the user interface 90A as shown in (a) in fig. 9. In the user interface 90A, a mail information display area 901 may be included, and a plurality of pieces of mail information may be displayed in the mail information display area 901.

Accordingly, as shown in (B) of fig. 9, in the mapping screen 811 displayed in the user interface 81B of the electronic device B, the displayed content may be refreshed to be the same as the user interface 90A of the electronic device a.

In response to an operation (e.g., a drag operation) of the mail information 9011 in the mapping screen 811 shown in (B) of fig. 9 by the user, the electronic device B may read data corresponding to the mail information 9011 in the electronic device a and save the data in the electronic device B. Then, a user interface 101B as shown in (B) in fig. 10 may be displayed, in which user interface 101B a mail edit area 1011 may be included, and in which mail edit area 1011, information in the mail information 9011 may be displayed.

At this time, the electronic apparatus a may continue to display the user interface 90A as shown in (a) in fig. 10.

In response to the screen locking operation of the screen locking button 1001 shown in (a) of fig. 10 by the user, the electronic device a may display the user interface 110A shown in (a) of fig. 11, where the user interface 110A is a screen locking interface of the electronic device a, and the screen locking state of the electronic device a is changed from the unlocked state to the locked state.

At this time, as shown in (B) of fig. 11, the electronic device B may display a screen locking prompt message 1111 in the user interface 101B, where the screen locking prompt message 1111 is used to prompt the user that the electronic device a forming the device group with the electronic device B has locked the screen. But the connection with electronic device a is not broken, electronic device B can still continue to access the mail data of electronic device a, for example, drag out other mail information in electronic device a from mapping screen 811.

After electronic device B also locks the screen, electronic device a may continue to display user interface 110A as shown in (a) of fig. 12.

The electronic apparatus B may display a user interface 1201B as shown in (B) in fig. 12. In the user interface 1201B, the electronic device B cannot display the data in the electronic device a, and a prompt information 1211 can be displayed in an area of the original mapping screen 811, where the prompt information 1211 can be used to indicate that the user needs to have the screen locking state of the electronic device in the device group in the unlocked state, so that the electronic devices in the device group can access the encrypted data with each other.

As can be seen, by using the data protection method in the embodiment of the present application, in a distributed collaborative scene, even if the screen locking state of a certain electronic device is in the locked state, as long as the screen locking state of an electronic device in the device group is in the unlocked state, other electronic devices in the device group can access the first data in the electronic device whose screen locking state is in the locked state. When the screen locking states of all the electronic devices are locked states, the electronic devices encrypt the first data, so that the first data can not be randomly accessed any more, and the safety of the data is guaranteed.

An exemplary electronic device 100 provided by embodiments of the present application is first described below.

Fig. 13 is a schematic structural diagram of an electronic device 100 according to an embodiment of the present application.

The following describes an embodiment specifically by taking the electronic device 100 as an example. It should be understood that electronic device 100 may have more or fewer components than shown, may combine two or more components, or may have a different configuration of components. The various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.

The electronic device 100 may include: the mobile terminal includes a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, a Subscriber Identity Module (SIM) card interface 195, and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the illustrated structure of the embodiment of the present invention does not specifically limit the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

Processor 110 may include one or more processing units, such as: the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), etc. The different processing units may be separate devices or may be integrated into one or more processors.

The controller may be, among other things, a neural center and a command center of the electronic device 100. The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

A memory may also be provided in processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.

In some embodiments, processor 110 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a Pulse Code Modulation (PCM) interface, a universal asynchronous receiver/transmitter (UART) interface, a Mobile Industry Processor Interface (MIPI), a general-purpose input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.

The I2C interface is a bi-directional synchronous serial bus that includes a serial data line (SDA) and a Serial Clock Line (SCL). In some embodiments, processor 110 may include multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, the charger, the flash, the camera 193, etc. through different I2C bus interfaces, respectively. For example: the processor 110 may be coupled to the touch sensor 180K via an I2C interface, such that the processor 110 and the touch sensor 180K communicate via an I2C bus interface to implement the touch functionality of the electronic device 100.

The I2S interface may be used for audio communication. In some embodiments, processor 110 may include multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 via an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may communicate audio signals to the wireless communication module 160 via the I2S interface, enabling answering of calls via a bluetooth headset.

The PCM interface may also be used for audio communication, sampling, quantizing and encoding analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled by a PCM bus interface. In some embodiments, the audio module 170 may also transmit audio signals to the wireless communication module 160 through the PCM interface, so as to implement a function of answering a call through a bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.

The UART interface is a universal serial data bus used for asynchronous communications. The bus may be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is generally used to connect the processor 110 with the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit the audio signal to the wireless communication module 160 through a UART interface, so as to realize the function of playing music through a bluetooth headset.

MIPI interfaces may be used to connect processor 110 with peripheral devices such as display screen 194, camera 193, and the like. The MIPI interface includes a Camera Serial Interface (CSI), a Display Serial Interface (DSI), and the like. In some embodiments, processor 110 and camera 193 communicate through a CSI interface to implement the capture functionality of electronic device 100. The processor 110 and the display screen 194 communicate through the DSI interface to implement the display function of the electronic device 100.

The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal and may also be configured as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, an I2S interface, a UART interface, a MIPI interface, and the like.

The SIM interface may be used to communicate with the SIM card interface 195, implementing functions to transfer data to or read data from the SIM card.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 100, and may also be used to transmit data between the electronic device 100 and a peripheral device. And the earphone can also be used for connecting an earphone and playing audio through the earphone. The interface may also be used to connect other electronic devices, such as AR devices and the like.

It should be understood that the connection relationship between the modules according to the embodiment of the present invention is only illustrative, and is not limited to the structure of the electronic device 100. In other embodiments of the present application, the electronic device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.

The charging management module 140 is configured to receive charging input from a charger. The charger may be a wireless charger or a wired charger.

The power management module 141 is used to connect the battery 142, the charging management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 and provides power to the processor 110, the internal memory 121, the external memory, the display 194, the camera 193, the wireless communication module 160, and the like.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The

antennas

1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the electronic device 100. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The mobile communication module 150 may receive the electromagnetic wave from the antenna 1, filter, amplify, etc. the received electromagnetic wave, and transmit the electromagnetic wave to the modem processor for demodulation. The mobile communication module 150 may also amplify the signal modulated by the modem processor, and convert the signal into electromagnetic wave through the antenna 1 to radiate the electromagnetic wave. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the same device as at least some of the modules of the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating a low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then passes the demodulated low frequency baseband signal to a baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs a sound signal through an audio device (not limited to the speaker 170A, the receiver 170B, etc.) or displays an image or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional modules, independent of the processor 110.

The wireless communication module 160 may provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), Global Navigation Satellite System (GNSS), Frequency Modulation (FM), Near Field Communication (NFC), Infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering processing on electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, perform frequency modulation and amplification on the signal, and convert the signal into electromagnetic waves through the antenna 2 to radiate the electromagnetic waves.

In some embodiments, antenna 1 of electronic device 100 is coupled to mobile communication module 150 and antenna 2 is coupled to wireless communication module 160 so that electronic device 100 can communicate with networks and other devices through wireless communication techniques. The wireless communication technology may include global system for mobile communications (GSM), General Packet Radio Service (GPRS), code division multiple access (code division multiple access, CDMA), Wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division code division multiple access, TD-SCDMA), Long Term Evolution (LTE), LTE, BT, GNSS, WLAN, NFC, FM, and/or IR technologies, etc. The GNSS may include a Global Positioning System (GPS), a global navigation satellite system (GLONASS), a beidou navigation satellite system (BDS), a quasi-zenith satellite system (QZSS), and/or a Satellite Based Augmentation System (SBAS).

The electronic device 100 implements display functions via the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel. The display panel may adopt a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), and the like. In some embodiments, the electronic device 100 may include 1 or N display screens 194, with N being a positive integer greater than 1.

The electronic device 100 may implement a shooting function through the ISP, the camera 193, the video codec, the GPU, the display 194, the application processor, and the like.

The ISP is used to process the data fed back by the camera 193. For example, when a photo is taken, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing and converting into an image visible to naked eyes. The ISP can also carry out algorithm optimization on the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in camera 193.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing element converts the optical signal into an electrical signal, which is then passed to the ISP where it is converted into a digital image signal. And the ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into image signal in standard RGB, YUV and other formats. In some embodiments, the electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

The digital signal processor is used for processing digital signals, and can process digital image signals and other digital signals. For example, when the electronic device 100 selects a frequency bin, the digital signal processor is used to perform fourier transform or the like on the frequency bin energy.

Video codecs are used to compress or decompress digital video. The electronic device 100 may support one or more video codecs. In this way, the electronic device 100 may play or record video in a variety of encoding formats, such as: moving Picture Experts Group (MPEG) 1, MPEG2, MPEG3, MPEG4, and the like.

The NPU is a neural-network (NN) computing processor that processes input information quickly by using a biological neural network structure, for example, by using a transfer mode between neurons of a human brain, and can also learn by itself continuously. Applications such as intelligent recognition of the electronic device 100 can be realized through the NPU, for example: image recognition, face recognition, speech recognition, text understanding, and the like.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to extend the memory capability of the electronic device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as music, video, etc. are saved in an external memory card.

The internal memory 121 may be used to store computer-executable program code, which includes instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121. The internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application (such as a face recognition function, a fingerprint recognition function, a mobile payment function, and the like) required by at least one function, and the like. The storage data area may store data (such as face information template data, fingerprint information template, etc.) created during the use of the electronic device 100, and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory, such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (UFS), and the like.

In this embodiment, the internal memory 121 may store screen locking information of the devices in the group. The corresponding relation between the identification of the electronic equipment in the equipment group and the screen locking state is stored in the screen locking information of the equipment in the group. The device group may be formed by a networking technology through the mobile communication module 150 or the wireless communication module 160.

Alternatively, the internal memory 121 may also store key information for encrypting the first data, and the like, which is not limited herein.

The electronic device 100 may implement audio functions via the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone interface 170D, and the application processor. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or some functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also called a "horn", is used to convert the audio electrical signal into an acoustic signal. The electronic apparatus 100 can listen to music through the speaker 170A or listen to a handsfree call.

The receiver 170B, also called "earpiece", is used to convert the electrical audio signal into an acoustic signal. When the electronic apparatus 100 receives a call or voice information, it can receive voice by placing the receiver 170B close to the ear of the person.

The microphone 170C, also referred to as a "microphone," is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can input a voice signal to the microphone 170C by speaking the user's mouth near the microphone 170C. The electronic device 100 may be provided with at least one microphone 170C. In other embodiments, the electronic device 100 may be provided with two microphones 170C to achieve a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device 100 may further include three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, perform directional recording, and so on.

The headphone interface 170D is used to connect a wired headphone. The headset interface 170D may be the USB interface 130, or may be a 3.5mm open mobile electronic device platform (OMTP) standard interface, a cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

The pressure sensor 180A is used for sensing a pressure signal, and converting the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A can be of a wide variety, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a sensor comprising at least two parallel plates having an electrically conductive material. When a force acts on the pressure sensor 180A, the capacitance between the electrodes changes. The electronic device 100 determines the strength of the pressure from the change in capacitance. When a touch operation is applied to the display screen 194, the electronic apparatus 100 detects the intensity of the touch operation according to the pressure sensor 180A. The electronic apparatus 100 may also calculate the touched position from the detection signal of the pressure sensor 180A. In some embodiments, the touch operations that are applied to the same touch position but different touch operation intensities may correspond to different operation instructions. For example: and when the touch operation with the touch operation intensity smaller than the first pressure threshold value acts on the short message application icon, executing an instruction for viewing the short message. And when the touch operation with the touch operation intensity larger than or equal to the first pressure threshold value acts on the short message application icon, executing an instruction of newly building the short message.

The gyro sensor 180B may be used to determine the motion attitude of the electronic device 100. In some embodiments, the angular velocity of electronic device 100 about three axes (i.e., the x, y, and z axes) may be determined by gyroscope sensor 180B. The gyro sensor 180B may be used for photographing anti-shake. For example, when the shutter is pressed, the gyro sensor 180B detects a shake angle of the electronic device 100, calculates a distance to be compensated for by the lens module according to the shake angle, and allows the lens to counteract the shake of the electronic device 100 through a reverse movement, thereby achieving anti-shake. The gyroscope sensor 180B may also be used for navigation, somatosensory gaming scenes.

The air pressure sensor 180C is used to measure air pressure. In some embodiments, electronic device 100 calculates altitude, aiding in positioning and navigation, from barometric pressure values measured by barometric pressure sensor 180C.

The magnetic sensor 180D includes a hall sensor. The electronic device 100 may detect the opening and closing of the flip holster using the magnetic sensor 180D. In some embodiments, when the electronic device 100 is a flip phone, the electronic device 100 may detect the opening and closing of the flip according to the magnetic sensor 180D. And then according to the opening and closing state of the leather sheath or the opening and closing state of the flip cover, the automatic unlocking of the flip cover is set.

The acceleration sensor 180E may detect the magnitude of acceleration of the electronic device 100 in various directions (typically three axes). The magnitude and direction of gravity can be detected when the electronic device 100 is stationary. The method can also be used for recognizing the posture of the electronic equipment, and is applied to horizontal and vertical screen switching, pedometers and other applications.

A distance sensor 180F for measuring a distance. The electronic device 100 may measure the distance by infrared or laser. In some embodiments, taking a picture of a scene, electronic device 100 may utilize range sensor 180F to range for fast focus.

The proximity light sensor 180G may include, for example, a Light Emitting Diode (LED) and a light detector, such as a photodiode. The light emitting diode may be an infrared light emitting diode. The electronic device 100 emits infrared light to the outside through the light emitting diode. The electronic device 100 detects infrared reflected light from nearby objects using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the electronic device 100. When insufficient reflected light is detected, the electronic device 100 may determine that there are no objects near the electronic device 100. The electronic device 100 can utilize the proximity light sensor 180G to detect that the user holds the electronic device 100 close to the ear for talking, so as to automatically turn off the screen to achieve the purpose of saving power. The proximity light sensor 180G may also be used in a holster mode, a pocket mode automatically unlocks and locks the screen.

The ambient light sensor 180L is used to sense the ambient light level. Electronic device 100 may adaptively adjust the brightness of display screen 194 based on the perceived ambient light level. The ambient light sensor 180L may also be used to automatically adjust the white balance when taking a picture. The ambient light sensor 180L may also cooperate with the proximity light sensor 180G to detect whether the electronic device 100 is in a pocket to prevent accidental touches.

The fingerprint sensor 180H is used to collect a fingerprint. The electronic device 100 can utilize the collected fingerprint characteristics to unlock the fingerprint, access the application lock, photograph the fingerprint, answer an incoming call with the fingerprint, and so on.

In some embodiments, the fingerprint characteristics captured by the fingerprint sensor 180H to effect fingerprint unlocking may cause the electronic device to enter the unlocked state from the locked state.

The temperature sensor 180J is used to detect temperature. In some embodiments, electronic device 100 implements a temperature processing strategy using the temperature detected by temperature sensor 180J. For example, when the temperature reported by the temperature sensor 180J exceeds a threshold, the electronic device 100 performs a reduction in performance of a processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection. In other embodiments, the electronic device 100 heats the battery 142 when the temperature is below another threshold to avoid the low temperature causing the electronic device 100 to shut down abnormally. In other embodiments, when the temperature is lower than a further threshold, the electronic device 100 performs boosting on the output voltage of the battery 142 to avoid abnormal shutdown due to low temperature.

The touch sensor 180K is also referred to as a "touch panel". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is used to detect a touch operation applied thereto or nearby. The touch sensor can communicate the detected touch operation to the application processor to determine the touch event type. Visual output associated with the touch operation may be provided through the display screen 194. In other embodiments, the touch sensor 180K may be disposed on a surface of the electronic device 100, different from the position of the display screen 194.

The keys 190 include a power-on key, a volume key, and the like. The keys 190 may be mechanical keys. Or may be touch keys. The electronic apparatus 100 may receive a key input, and generate a key signal input related to user setting and function control of the electronic apparatus 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration cues, as well as for touch vibration feedback. For example, touch operations applied to different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also respond to different vibration feedback effects for touch operations applied to different areas of the display screen 194. Different application scenes (such as time reminding, receiving information, alarm clock, game and the like) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.

Indicator 192 may be an indicator light that may be used to indicate a state of charge, a change in charge, or a message, missed call, notification, etc.

The SIM card interface 195 is used to connect a SIM card. The SIM card can be brought into and out of contact with the electronic apparatus 100 by being inserted into the SIM card interface 195 or being pulled out of the SIM card interface 195. The electronic device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 195 may support a Nano SIM card, a Micro SIM card, a SIM card, etc. The same SIM card interface 195 can be inserted with multiple cards at the same time. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The electronic device 100 interacts with the network through the SIM card to implement functions such as communication and data communication.

Fig. 14 is a block diagram of a software configuration of the electronic device 100 according to the embodiment of the present application.

The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the system is divided into four layers, an application layer, an application framework layer, a Runtime (Runtime) and system library, and a kernel layer, from top to bottom.

The application layer may include a series of application packages.

As shown in fig. 14, the application package may include applications (also referred to as applications) such as camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc.

In this embodiment, the application layer may further include a local screen locking/unlocking module, where the local screen locking/unlocking module is configured to detect and respond to a screen locking/unlocking event of the electronic device, and notify the screen locking state of the electronic device to the following virtual terminal locking state management module and/or screen locking state synchronization/reception module.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 14, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide communication functions of the electronic device 100. Such as management of call status (including on, off, etc.).

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog interface. For example, prompting text information in the status bar, sounding a prompt tone, vibrating the electronic device, flashing an indicator light, etc.

In this embodiment, the application framework layer may further include a user management module, a screen locking state synchronization/reception module, a virtual terminal locking state management module, and a group key management module.

The user management module is used for providing services such as user modification of an unlocking password, verification of the unlocking password, first unlocking and the like.

And the screen locking state synchronization/receiving module is used for receiving the screen locking state of the electronic equipment in the equipment group, updating the screen locking state into the screen locking information of the equipment in the group, and synchronizing the screen locking state of the electronic equipment to other electronic equipment in the equipment group.

In some embodiments, the lock screen state synchronization/reception module may further trigger other modules in the electronic device to operate by sending information to the other modules in the electronic device, which is not limited herein.

The virtual terminal locking state management module is used for storing screen locking information of the devices in the group and judgment strategies of the screen locking state of the virtual terminal, and can judge and update the screen locking state of the virtual terminal according to the screen locking state information of all electronic devices in the device group stored in the screen locking information of the devices in the group and in combination with the judgment strategies of the screen locking state of the virtual terminal.

In some embodiments, the virtual terminal lock state management module may further notify other modules in the electronic device of the lock screen state of the virtual terminal, which is not limited herein.

And the group class key management module is used for managing the class key of the first data according to the screen locking state of the virtual terminal. And when the screen locking state of the virtual terminal is the locking state, discarding the class key in the kernel file system to make the first data unavailable.

The Runtime (Runtime) includes a core library and a virtual machine. Runtime is responsible for scheduling and management of the system.

The core library comprises two parts: one part is the function that the programming language (e.g. java language) needs to call, and the other part is the core library of the system.

The application layer and the application framework layer run in a virtual machine. The virtual machine executes programming files (e.g., java files) of the application layer and the application framework layer as binary files. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface managers (surface managers), Media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., OpenGL ES), two-dimensional graphics engines (e.g., SGL), and the like.

The surface manager is used to manage the display subsystem and provides a fusion of two-Dimensional (2-Dimensional, 2D) and three-Dimensional (3-Dimensional, 3D) layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, and the like.

The three-dimensional graphic processing library is used for realizing 3D graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The kernel layer at least comprises a display driver, a camera driver, an audio driver, a sensor driver and a virtual card driver.

In this embodiment, the kernel layer may further include a communication and networking management module and a kernel file system.

The communication and networking management module is used for realizing networking of the electronic equipment, communication among the electronic equipment in the equipment group after networking and other functions. For example, the screen lock state between the electronic devices in the device group and the on/off notification of the electronic devices may be performed, and the present invention is not limited herein.

The kernel file system is used for managing a file system of the electronic equipment, and can decrypt the first data by using the key after the group key management module controls the loading of the key so as to enable the first data to be available. After the group class key management module controls to discard the class key, the first data is encrypted, so that the first data is unavailable. The data may also be sent to other electronic devices in the device group through the communication and networking management module, which is not limited herein.

In some embodiments of the present application, in combination with the software architecture diagram shown in fig. 14, the screen locking state synchronization/receiving module may include an intra-group screen locking event receiving module and an intra-group screen locking event synchronization module.

The in-group screen locking event receiving module can be used for receiving the screen locking state of each electronic device in the device group and updating the screen locking state into in-group device screen locking information stored in the virtual terminal locking state management module.

The intra-group screen locking event synchronization module may be used for the screen locking state of each electronic device, and may also be used for synchronizing the online/offline state of each electronic device in the device group, which is not limited herein.

In this embodiment, the virtual terminal lock state management module may include an intra-group lock screen state storage module, a virtual terminal lock state determination module, and a policy management module.

The intra-group screen locking state storage module can be used for storing and updating intra-group equipment screen locking information;

the policy management module may be configured to set a decision policy for a screen locking state of the virtual terminal. In some embodiments of the present application, the decision policy of the screen locking state of the virtual terminal is that the virtual terminal is in the locked state if all the devices in the device group are in the locked state, and the virtual terminal is in the unlocked state if any one device in the device group is unlocked.

The virtual terminal locking state judgment module is used for judging and updating the screen locking state of the virtual terminal according to the screen locking states of all electronic equipment in the equipment group in the screen locking information of the equipment in the group stored in the screen locking state storage module and by combining the judgment strategy of the screen locking state of the virtual terminal set in the strategy management module.

Illustratively, in conjunction with the software architecture diagram shown in fig. 14, fig. 15 is an exemplary information flow diagram in an embodiment of the present application.

Fig. 15 is an exemplary information flow diagram illustrating that when the virtual terminal is in the locked state, the first electronic device in the device group loads the class key to decrypt the first data after detecting an unlocking event triggered by the user.

It is to be understood that fig. 15 shows only some of the software modules in the electronic device, and the software architecture of the electronic device should not be limited.

The user management module 1507 of the first electronic device in the device group may receive the setting of the unlock password by the user.

In response to an unlocking operation by the user, the local screen locking/unlocking module 1501 in the first electronic device unlocks the first electronic device.

The lock screen state of the first electronic device is changed from the lock state to the unlock state, and the local lock screen/unlock module 1501 notifies the intra-group lock screen event receiving module 1502A in the lock screen state synchronization/reception module 1502 that the lock screen state of the first electronic device is changed to the unlock state.

After receiving the information that the screen locking state of the first electronic device is changed to the unlocking state, the intra-group screen locking event receiving module 1502A sends the information to the intra-group screen locking event synchronizing module 1502B in the screen locking state synchronizing/receiving module 1502.

After receiving the information, the intra-group screen-locking event synchronization module 1502B may change the screen-locking state of the first electronic device into the unlocked state through the communication and networking management module 1504, and send the information to the other electronic devices in the device group.

In some embodiments, the intra-group lock screen event receiving module 1502A may send information that the lock screen state of the first electronic device is changed to the unlock state to the intra-group lock screen state storage module 1503A in the virtual terminal lock state management module 1503.

In some embodiments, when the local screen locking/unlocking module 1501 notifies the intra-group screen locking event receiving module 1502A that the screen locking state of the first electronic device is changed to the unlocked state, the information that the screen locking state of the first electronic device is changed to the unlocked state may be directly sent to the intra-group screen locking state storage module 1503A at the same time. It may not be necessary for the intra-group lock screen event reception module 1502A to send the change information of the lock screen state of the electronic device to the intra-group lock screen state storage module 1503A. The intra-group screen-locking event receiving module 1502A may send only the information of the change of the screen-locking states of the other electronic devices in the group to the intra-group screen-locking state storage module 1503A, which is not limited herein.

After receiving the information that the screen locking state of the first electronic device is changed to the unlocking state, the intra-group screen locking state storage module 1503A may update the stored intra-group device screen locking information. After the screen locking state of the electronic device is reversed in the screen locking information of the in-group device stored in the in-group screen locking state storage module 1503A, the virtual terminal locking state determination module 1503B in the virtual terminal locking state management module 1503 may be triggered.

Then, the virtual terminal lock state determining module 1503B may determine that the lock state of the virtual terminal is changed to the unlock state at this time according to the lock states of all the electronic devices in the lock screen information of the devices in the group at this time and the determination policy of the virtual terminal lock state stored in the policy management module 1503C in the virtual terminal lock state management module 1503.

After the virtual terminal lock state determination module 1503B updates the lock state of the virtual terminal from the lock state to the unlock state, the group key management module 1505 may be triggered to load the key of the first data to the kernel file system 1506.

The kernel file system 1506, upon receiving the key of the first data loaded by the group key management module 1505, may decrypt the first data in the user file system of the first electronic device so that the first data in the first electronic device is available.

It is understood that after the kernel file system 1506 decrypts the first data, the data may be sent to other electronic devices in the device group through the communication and networking management module 1504; the first electronic device may also obtain data from other electronic devices in the device group to the kernel file system 1506 via the communication and networking management module 1504, which is not limited herein.

The following describes the data protection method in the embodiment of the present application with reference to the software and hardware architecture of the electronic device 100:

the data protection method in the embodiment of the application comprises three stages, wherein the first stage is a stage of forming an equipment group, the second stage is a stage of updating and synchronizing the screen locking state, and the third stage is a stage of linking the virtual terminal state with the key.

The first stage is as follows: and establishing a device group stage. At this stage, more than one electronic device is connected through a network to form a device group, the whole device group can be regarded as a virtual terminal, and the electronic devices in the device group can form a distributed collaboration scene. The electronic devices in the device group can perform data protection through the data protection method in the embodiment of the application.

The manner of forming the device group by a plurality of devices may be various, and reference may be made to the description in (2) device group in the above description, and details are not described herein again.

And a second stage: and a screen locking state updating synchronization stage. The stage is a process that the electronic equipment in the equipment group updates the screen locking information of the equipment in the group stored in the local machine according to the local machine and other electronic equipment in the equipment group.

In some embodiments, the operation of updating the lock screen information of the devices in the group in the electronic device may be triggered by an unlocking/locking action of the electronic device.

In other embodiments, the operation of updating the screen locking information of the devices in the group in the electronic device may be triggered by an online/offline action of the electronic device.

And a third stage: and a screen locking state linkage type key management stage. And at the stage, the electronic equipment manages the class key of the first data in a linkage manner according to the screen locking states of all the online electronic equipment in the group recorded in the screen locking information of the equipment in the group.

In the third stage, if the screen locking states of all the online electronic devices in the device group are locked states, the class key of the first data is discarded, and the first data is unavailable. If the screen locking state of any electronic equipment in all the online electronic equipment in the equipment group is the unlocking state, the class key of the first data is loaded, and the first data is available.

In the following, by taking different specific scenarios as examples, three stages of implementing the data protection method in the present application are respectively described in detail:

(1) establishing an equipment group stage:

application scenario 1: starting a device-free group, and newly building a device group by more than one electronic device.

Fig. 16 is a schematic signaling interaction diagram of a data protection method in the embodiment of the present application.

As shown in fig. 16, the first electronic device and the second electronic device establish a device group through network connection. The process may include steps S1601 to S1603.

S1601, the first electronic device responds to user operation and logs in a first network account;

s1602, the second electronic device responds to user operation and logs in a first network account;

s1603, the first electronic equipment and the second electronic equipment establish an equipment group;

after the first electronic device and the second electronic device log in the same network account, the first electronic device and the second electronic device perform authentication.

After the authentication is completed, the first electronic device and the second electronic device establish a device group, and devices in the device group establish a communication session link when communicating with each other, so that the session security can be ensured.

It is understood that the sequence of S1601 and S1602 is not sequential, and may also be performed simultaneously, and is not limited herein.

Application scenario 2: an existing device group is started, and other electronic devices join the device group through network connection.

Fig. 17 is another schematic signaling interaction diagram of a data protection method in the embodiment of the present application.

As shown in fig. 17, the third electronic device establishes a group relationship with the first electronic device and the second electronic device through a network connection. The process includes steps S1701 to S1703.

S1701, establishing a device group by the first electronic device and the second electronic device;

fig. 11 and the description of the drawing may be referred to for a process of establishing a device group by a first electronic device and a second electronic device, and details are not described here.

S1702, the third electronic device responds to the user operation and logs in a first network account;

the first network account is the same as the first network accounts of the first electronic device and the second electronic device.

S1703, the third electronic device joins the device group.

After the third electronic device and the first electronic device and the second electronic device log in the same network account, the third electronic device and the first electronic device and the second electronic device can be authenticated respectively.

After the authentication is completed, the first electronic device, the second electronic device and the third electronic device establish a device group, and devices in the device group establish a communication session link when communicating with each other, so that the session security can be ensured.

It is understood that the process of joining the device group by the electronic device may also be referred to as bringing the electronic device online.

Application scenario 3: and starting the existing equipment group, and exiting the equipment group by other electronic equipment through disconnecting the network connection.

Fig. 18 is a schematic signaling interaction diagram of another data protection method in the embodiment of the present application.

As shown in fig. 18, the second electronic device logs out of the original device group by logging out of the first network account. The process includes steps S1801 to S1803.

S1801, the first electronic device, the second electronic device, and the third electronic device form a device group;

fig. 12 and the description of the drawing may be referred to for the device group formed by the first electronic device, the second electronic device, and the third electronic device, and details are not repeated here.

S1802, the third electronic device responds to user operation and quits the login of the first network account;

in some implementations, the electronic device may also enable exiting the device group by disconnecting the network connection, which is not limited herein.

S1803, the first electronic device and the second electronic device form a device group.

In some embodiments, when the second electronic device exits the device group, a logoff notification may be sent to the first electronic device and the third electronic device, which is not limited herein.

In the above three application scenarios, the electronic devices establish a device group by logging in the same network account, and in some embodiments, other device group forming manners may also be adopted, which are not limited herein.

It is understood that the process of the electronic device exiting the device group may also be referred to as the electronic device going offline.

Alternatively, in some embodiments, the entirety of the plurality of electronic devices constituting the device group may be regarded as one virtual terminal.

(2) And a screen locking state updating synchronization stage:

application scenario 1: the electronic equipment screen locking causes the screen locking state to be synchronous.

For example, the device group includes a first electronic device and a second electronic device, and both the first electronic device and the second electronic device are in a locked state. At the moment, the first electronic device unlocks and synchronizes the screen locking state of the first electronic device to the second electronic device.

Fig. 19 is another signaling interaction diagram of the data protection method in the embodiment of the present application.

The process of updating and synchronizing the lock screen state is shown in fig. 19, and the process includes steps S1901 to S1904, and the steps S1901 to S1904 are specifically described below with reference to the dual-computer interaction information flow diagram shown in fig. 20.

S1901, the first electronic device responds to user operation and unlocks;

the local screen lock/unlock module 1501 of the first electronic device unlocks the first electronic device in response to an unlock operation by the user.

S1902, after the first electronic device is unlocked, updating the screen locking state of the local device in the screen locking information of the devices in the group to be an unlocking state;

as shown in fig. 20, after the first electronic device is unlocked, the lock/unlock module 1501 of the first electronic device may notify the intra-group lock event receiving module 1502A in the lock state synchronization/reception module 1502 that the lock state of the first electronic device is changed to the unlock state. After the intra-group screen locking event receiving module 1502A receives the information that the screen locking state of the first electronic device is changed to the unlocked state, the screen locking state of the first electronic device may be updated to the unlocked state in the intra-group device screen locking information stored in the intra-group screen locking state storage module 1503A in the virtual terminal locking state management module 1503.

For example, in an implementation manner, if a Mobile Equipment Identity (MEID) is used as a correspondence between a unique identification record of an electronic device and a screen locking state of the electronic device in the in-group device screen locking information, it is assumed that the electronic device is identified by a binary code 1 in a locked state, the electronic device is identified by a binary code 0 in an unlocked state, and the MEID of the first electronic device is a00000B42381 FD. The first electronic device may update the entry recording the screen locking state of the first electronic device in the intra-group screen locking information to [ a00000B42381FD, 0 ] after the first electronic device enters the unlocked state.

S1903, the first electronic device informs the second electronic device that the local computer is unlocked;

as shown in fig. 20, after the screen locking event receiving module 1502A of the first electronic device receives the information that the screen locking state of the first electronic device is changed to the unlocked state, the information that the screen locking state of the first electronic device is changed to the unlocked state may also be sent to the intra-group screen locking event synchronizing module 1502B in the screen locking state synchronizing/receiving module 1502. After receiving the information, the intra-group screen-locking event synchronization module 1502B may transmit the information that the screen-locking state of the first electronic device is changed to the unlocked state to the communication and networking management module 1504 of the first electronic device. The communication and networking management module 1504 may send the information to the communication and networking management module 1904 of the second electronic device. Therefore, the second electronic device receives the information that the first electronic device has unlocked the local device.

S1904, updating the screen locking state of the first electronic device in the screen locking information of the second electronic device to be an unlocking state;

as shown in fig. 20, in the second electronic device, the communication and networking management module 1504 may send information that the lock screen state of the first electronic device is changed to the unlock state to the intra-group lock screen event synchronization module 1902B in the lock screen state synchronization/reception module 1902 of the second electronic device. The intra-group screen-locking event synchronization module 1902B may send the information to the intra-group screen-locking event receiving module 1902A, and the intra-group screen-locking event receiving module 1902A updates and stores the information that the screen-locking state of the first electronic device is changed into the unlocked state in the intra-group screen-locking state storage module 1903A of the second electronic device.

It can be understood that the storage manner of the screen locking information of the devices in the group of the second electronic device, the correspondence between the unique identifier of the electronic device and the screen locking state of the electronic device are not affected by the first electronic device, and may be the same as or different from the first electronic device, and this is not limited here.

For example, in an implementation manner, if the second electronic device also uses the MEID as the unique identifier of the electronic device in the in-group device lock screen information, the lock state is identified by the binary code 1, and the unlock state is identified by the binary code 0. After the intra-group screen locking state storage module 1903A receives the information that the screen locking state of the first electronic device is changed to the unlocking state, the item that records the screen locking state of the first electronic device in the intra-group device screen locking information may be updated to [ a00000B42381FD, 0 ] in the intra-group screen locking state storage module 1903A.

Application scenario 2: unlocking the electronic device causes synchronization of the screen locking state.

For example, the device group includes a first electronic device and a second electronic device, the first electronic device is in an unlocked state, and the second electronic device is in a locked state. At the moment, the first electronic device locks the screen, and the screen locking state of the first electronic device in the screen locking information of the devices in the updating group of the first electronic device and the second electronic device is a locking state.

Fig. 21 is another schematic signaling interaction diagram of a data protection method in the embodiment of the present application.

S2101, responding to user operation by the first electronic device, and locking a screen;

s2102, after the first electronic device locks the screen, updating the screen locking state of the local device in the screen locking information of the devices in the group to be a locking state;

s2103, the first electronic device informs the second electronic device that the local computer is locked;

s2104, the second electronic device updates the screen locking state of the first electronic device in the screen locking information of the devices in the group to be a locking state.

It can be understood that, in the process of executing steps S2101 to S2104, a flow direction of information between modules in the first electronic device and the second electronic device is similar to the flow direction of information shown in fig. 20, and reference may be made to the description of fig. 20, except that information transmitted between modules is changed from the screen locking state of the first electronic device to the unlocking state, and is changed from the screen locking state of the first electronic device to the locking state, which is not described herein again.

For example, in an implementation manner, if the second electronic device and the second electronic device also use the MEID as the unique identifier of the electronic device in the in-group device lock screen information, the lock state is identified by the binary code 1, and the unlock state is identified by the binary code 0. After the intra-group lock screen state storage module 1503A of the first electronic device or the intra-group lock screen state storage module 1903A of the second electronic device receives the information that the lock screen state of the first electronic device is changed to the lock state, an entry that records the lock screen state of the first electronic device in the intra-group device lock screen information may be updated to [ a00000B42381FD, 1 ].

Application scenario 3: the electronic equipment is on line to cause the screen locking state to be synchronized.

For example, the device group includes a first electronic device and a second electronic device. And the third electronic equipment is on line and added into the equipment group. And the first electronic equipment and the second electronic equipment add an entry for recording the screen locking state of the third electronic equipment in the screen locking information of the devices in the group. And the third electronic equipment adds an entry for recording the screen locking states of the first electronic equipment and the second electronic equipment in the screen locking information of the in-group equipment.

Fig. 22 is a schematic signaling interaction diagram of a data protection method in the embodiment of the present application.

The process of updating and synchronizing the lock screen status is shown in fig. 22, and the process includes steps S2201 to S2206, and the steps S2201 to S2206 are specifically described below with reference to the dual-computer interaction information flow diagram shown in fig. 23.

It is to be understood that fig. 22 and 23 only show the information flow between the first electronic device and the third electronic device, and a similar information flow may also exist between the second electronic device and the third electronic device, which is not limited herein.

S2201, adding a third electronic device into a device group consisting of the first electronic device and the second electronic device;

as shown in fig. 23, when a third electronic device joins a device group formed by the first electronic device and the second electronic device, the communication and networking management module 1504 of the first electronic device may determine that the third electronic device in the device group is online.

Specifically, the manner in which the first electronic device determines that the third electronic device is online may refer to (5) the description of the online action and the offline action of the electronic device in the above description, and details are not described here again.

S2202, the first electronic device adds an initialization item of the screen locking state of the third electronic device in the screen locking information of the devices in the group;

as shown in fig. 23, after the communication and networking management module 1504 of the first electronic device determines that the third electronic device is online, the intra-group screen-locking event synchronization module 1502B may notify the intra-group screen-locking event receiving module 1502A that the third electronic device is online. The intra-group screen-locking event receiving module 1502A may add an initialization entry recording the screen-locking state of the third electronic device in the intra-group device screen-locking information stored in the intra-group screen-locking state storage module 1503A.

In some embodiments, the lock screen state in the initialized entry of the lock screen state of the electronic device is the lock state.

Illustratively, as shown in table 2 below, is an exemplary example of the lock screen information of the devices in the group in the first electronic device when the third electronic device is not online:

identification of electronic device	Lock screen state
		Identification of a first electronic device	Locked state
Identification of the second electronic device	Unlocked state

TABLE 2

For example, as shown in table 3 below, the exemplary example is that after the third electronic device is online, the first electronic device adds an initialization entry for recording the screen locking state of the third electronic device in the in-group device screen locking information:

identification of electronic device	Lock screen state
		Identification of a first electronic device	Locked state
Identification of the second electronic device	Unlocked state
		Identification of third electronic device	Locked state

TABLE 3

S2203, adding initialization items of screen locking states of the first electronic device and the second electronic device in screen locking information of the devices in the group by the third electronic device;

as shown in fig. 23, after the third electronic device joins the device group formed by the first electronic device and the second electronic device through the communication and networking management module 2304, the screen locking event synchronization module 2302B in the screen locking state synchronization/reception module 2302 of the third electronic device may notify the screen locking event reception module 2302A that the first electronic device and the second electronic device are online in the device group. The intra-group lock screen event receiving module 2302A may add an initialization entry for recording the lock screen states of the first electronic device and the second electronic device in the intra-group device lock screen information stored in the intra-group lock screen state storage module 2302A of the third electronic device.

Exemplarily, as shown in table 4 below, the following is an exemplary example of the intra-group device lock screen information in the third electronic device when the third electronic device is not online:

identification of electronic device	Lock screen state
		Identification of third electronic device	Unlocked state

TABLE 4

For example, as shown in table 5 below, the method is an exemplary example that after the third electronic device is online, the third electronic device adds an initialization entry for recording the screen locking states of the first electronic device and the second electronic device in the in-group device screen locking information:

identification of electronic device	Lock screen state
		Identification of third electronic device	Unlocked state
Identification of a first electronic device	Locked state
		Identification of the second electronic device	Locked state

TABLE 5

S2204, synchronizing screen locking states among electronic devices in the device group;

the current screen locking state of each electronic device can be synchronized among the electronic devices in the device group through the communication and networking management module, the intra-group screen locking time synchronization module and the intra-group screen locking event receiving module.

S2205, updating the screen locking state of the third electronic equipment in the screen locking information of the equipment in the group by the first electronic equipment;

s2206, the third electronic device sets the screen locking state of the first electronic device and the second electronic device in the in-group device screen locking information.

The in-group screen locking event receiving module of each electronic device in the device group can update the current screen locking state of each electronic device to in-group device screen locking information stored in the in-group screen locking state storage module of each electronic device.

The specific process of synchronizing the screen locking states among the device groups in S2204 to S2206 may refer to the descriptions in steps S1901 to S1904 and S2101 to S2104, which are not described herein again.

For example, if the first electronic device is in the locked state, the second electronic device is in the unlocked state, and the third electronic device is in the unlocked state. As shown in table 6 below, one illustrative example of the intra-group device lock screen information of the first electronic device, the second electronic device, and the third electronic device after performing steps S2204 to S2206 is:

identification of electronic device	Lock screen state
		Identification of a first electronic device	Locked state
Identification of the second electronic device	Unlocked state
		Identification of third electronic device	Unlocked state

TABLE 6

Application scenario 4: and the electronic equipment is offline to cause screen locking state synchronization.

For example, the device group includes a first electronic device, a second electronic device, and a third electronic device. And the third electronic equipment is offline, and the first electronic equipment and the second electronic equipment delete the entry recording the screen locking state of the third electronic equipment in the screen locking information of the equipment in the local equipment.

Fig. 24 is another signaling interaction diagram of a data protection method in the embodiment of the present application;

the process of updating and synchronizing the screen locking status is shown in fig. 24, and the process includes steps S2401 to S2403, and steps S2401 to S2403 are specifically described below with reference to the dual-computer interaction information flow diagram shown in fig. 23.

It is to be understood that fig. 24 only shows the information flow between the first electronic device and the third electronic device, and a similar information flow may be between the second electronic device and the third electronic device, which is not limited herein.

S2401, the third electronic device quits the device group;

when the third electronic device exits the device group, the communication and networking management module 1504 of the first electronic device may determine that the third electronic device is offline.

S2402, deleting the entry recording the screen locking state of the third electronic equipment in the screen locking information of the equipment in the group by the first electronic equipment;

as shown in fig. 23, after the communication and networking management module 1504 of the first electronic device determines that the third electronic device is online, the intra-group screen-locking event synchronization module 1502B may notify the intra-group screen-locking event receiving module 1502A that the third electronic device is offline. The intra-group screen-locking event receiving module 1502A may delete the entry recording the screen-locking state of the third electronic device from the intra-group device screen-locking information stored in the intra-group screen-locking state storage module 1503A.

Illustratively, as shown in table 6 above, the screen locking information of the devices in the group in the first electronic device is an exemplary example when the third electronic device is not offline. As shown in table 7 below, an exemplary example is shown after the first electronic device deletes the entry recording the screen locking state of the third electronic device in the in-group device screen locking information after the third electronic device is offline:

TABLE 7

S2403, deleting, by the second electronic device, entries recording screen locking states of the first electronic device and the second electronic device in the in-group device screen locking information.

As shown in fig. 23, after the third electronic device goes offline, the lock screen event synchronization module 2302B in the lock screen state synchronization/reception module 2302 of the third electronic device may notify the in-group lock screen event reception module 2302A that the device is offline. The intra-group lock screen event receiving module 2302A may delete entries of all electronic devices except the local electronic device from the intra-group device lock screen information stored in the intra-group lock screen state storage module 2302A of the third electronic device.

Table 6 above is an exemplary example of the screen locking information of the in-group device in the first electronic device when the third electronic device is not offline. As shown in table 8 below, an exemplary example is shown after the third electronic device deletes the entry recording the screen locking statuses of the first electronic device and the second electronic device in the in-group device screen locking information after the third electronic device is offline:

TABLE 8

(3) And screen locking state linkage type key management stage:

application scenario 1: and when all the electronic equipment in the screen locking information of the equipment in the group are in the locked state, the screen locking state of one electronic equipment is turned into the similar key loading caused by the unlocked state.

For example, in a device group consisting of a first electronic device and a second electronic device. The screen locking states of all the electronic devices in the screen locking information of the devices in the group of the first electronic device and the second electronic device are locking states. At this time, the screen locking state of the first electronic device is turned into an unlocking state, so that the first electronic device and the second electronic device are caused to load the class key, and the first data in the first electronic device and the second electronic device are decrypted, so that the first data can be used.

Fig. 25 is a flowchart illustrating a data protection method according to an embodiment of the present application.

The process of managing the lock screen status linkage key is shown in fig. 25, and the process includes steps S2501 to S2503, and the steps S2501 to S2503 are specifically described below with reference to the information flow diagram shown in fig. 15.

It is understood that each electronic device in the device group can perform the following steps:

s2501, when the screen locking states of all electronic devices in the screen locking information of the devices in the group are locking states, updating the screen locking state of the first electronic device to be an unlocking state;

the process that the screen locking state of the first electronic device in the screen locking information of the devices in the update group of the first electronic device and the second electronic device is the unlocking state may refer to the description in the screen locking state update synchronization stage in the step (2), and details are not described here.

S2502, determining that the screen locking state of the electronic equipment in the screen locking information of the equipment in the group is an unlocking state;

as shown in fig. 15, the virtual terminal lock state determination module 1503B in the first electronic device may monitor the inversion of the lock state of each electronic device in the intra-group device lock screen information stored in the intra-group lock screen state storage module 1503A, or when the lock screen state of the electronic device is inverted in the intra-group device lock screen information, the intra-group lock screen state storage module 1503A may notify the virtual terminal lock state determination module 1503B.

It is understood that the screen locking state of the electronic device is turned over, and the screen locking state of the electronic device is changed from the locking state to the unlocking state or from the unlocking state to the locking state.

In some embodiments, when it is determined that the screen locking state of the electronic device is turned over, the virtual terminal locking state determination module 1503B may be triggered to determine whether the screen locking state of the electronic device is the unlocked state in the screen locking information of the devices in the group. When it is determined that the screen locking state of the electronic device is the unlocked state, step S2503 may be performed.

For example, when the screen locking state of the first electronic device is updated to the unlocked state, the virtual terminal locking state determination module 1503B may determine that the screen locking state of the electronic device is in the screen locking information of the devices in the group as the unlocked state, and may execute step S2503.

In some embodiments, when it is determined that the screen locking state of the electronic device is turned over, the virtual terminal locking state determination module 1503B may be triggered to determine the screen locking state of the virtual terminal in combination with the policy for determining the screen locking state of the virtual terminal stored in the policy management module 1503C. When it is determined that the screen locking state of the virtual terminal is the unlocked state, step S2503 may be performed.

For example, when the judgment policy of the screen locking state of the virtual terminal stored in the policy management module 1503C is that the screen locking states of the electronic devices in the device group are all locked states, the virtual terminal is in a locked state; when the screen locking state of any electronic equipment is the unlocking state, the virtual terminal is the unlocking state. When it is determined that the screen locking state of the electronic device is the unlocked state in the screen locking information of the devices in the group, the virtual terminal locking state determination module 1503B may determine that the screen locking state of the virtual terminal is the unlocked state, and may execute step S2503.

In some embodiments, in addition to the screen locking state of the electronic device being turned over in the screen locking information of the devices in the group, and the electronic device being on-line or off-line in the device group, the virtual terminal locking state determining module 1503B may also be triggered to re-determine the screen locking state of the virtual terminal, which is not limited herein.

It can be understood that, in some embodiments, the policy for determining the screen locking state of the virtual terminal may also be other policies, for example, when the electronic device exceeding the preset percentage is in the locked state, the virtual terminal is in the locked state; when the electronic device is in the locked state, the virtual terminal is in the unlocked state, and the like, which is not limited herein.

It is understood that the second electronic device may have a similar information flow therein, and is not limited thereto.

S2503, loading the class key and decrypting the first data of the computer.

As shown in fig. 15, when the virtual terminal lock state determination module 1503B determines that the lock screen state of the electronic device is the unlock state, or the lock screen state of the virtual terminal is the unlock state, the group class key management module 1505 may be triggered to load the class key of the first data to the kernel file system 1506. After the class key is loaded in the kernel file system 1506, the first data may be decrypted so that the first data is available. In this way, the first data can be accessed by other electronic devices in the device group even if the native device is in the locked state.

Application scenario 2: and when the screen locking state of one electronic device in the screen locking information of the devices in the group is turned into the locking state, the class key is discarded, wherein the class key is caused when all the electronic devices are in the locking state.

For example, in a device group consisting of a first electronic device and a second electronic device. The screen locking state of the first electronic equipment in the screen locking information of the devices in the group of the first electronic equipment and the second electronic equipment is an unlocking state, and the screen locking state of the second electronic equipment is a locking state. At this time, the screen locking state of the first electronic device is turned into a locking state, so that the first electronic device and the second electronic device discard the key, and encrypt the first data in the first electronic device and the second electronic device, so that the first data is unavailable.

FIG. 26 is a schematic flow chart of another data protection method in the practice of the present application;

fig. 26 shows a process of managing the lock screen state linkage key, which includes steps S2601 to S2603, and the following describes steps S2601 to S2603 in detail with reference to the information flow diagram shown in fig. 15.

s2601, updating the screen locking state of the first electronic device in the screen locking information of the devices in the group to be a locking state, so that the screen locking states of all the electronic devices are all locking states;

the description of (2) the screen locking state updating synchronization stage may be referred to in the process that the screen locking state of the first electronic device in the screen locking information of the devices in the update group of the first electronic device and the second electronic device is the locked state, and details are not described here again.

S2602, determining that the screen locking states of all electronic devices in the screen locking information of the devices in the group are all locking states;

In some embodiments, when it is determined that the screen locking state of the electronic device is turned over, the virtual terminal locking state determination module 1503B may be triggered to determine whether the screen locking state of the electronic device is the unlocked state in the screen locking information of the devices in the group. When it is determined that the screen locking state of no electronic device is the unlocked state, that is, the screen locking states of all electronic devices in the screen locking information of the devices in the group are all the locked states, step S2603 may be performed.

For example, when the screen locking state of the first electronic device is updated to the locked state, the virtual terminal lock state determination module 1503B may determine that the screen locking states of all electronic devices in the screen locking information of the devices in the group are the locked states, and may execute step S2603.

In some embodiments, when it is determined that the screen locking state of the electronic device is turned over, the virtual terminal locking state determination module 1503B may be triggered to determine the screen locking state of the virtual terminal in combination with the policy for determining the screen locking state of the virtual terminal stored in the policy management module 1503C. When it is determined that the lock screen state of the virtual terminal is the unlock state, step S2603 may be performed.

For example, when the judgment policy of the screen locking state of the virtual terminal stored in the policy management module 1503C is that the screen locking states of the electronic devices in the device group are all locked states, the virtual terminal is in a locked state; when the screen locking state of any electronic equipment is the unlocking state, the virtual terminal is the unlocking state. When it is determined that the screen locking state of the electronic device is not in the screen locking information of the devices in the group, the virtual terminal locking state determination module 1503B may determine that the screen locking state of the virtual terminal is the locking state, and may execute step S2603.

S2603, discarding the class key, and encrypting the first data of the device.

As shown in fig. 15, when the virtual terminal lock state determination module 1503B determines that there is no lock screen state of the electronic device in the unlock state, or the lock screen state of the virtual terminal is in the lock state, the group class key management module 1505 may be triggered to indicate the class key of the first data in the kernel file system 1506. After the kernel file system 1506 discards the class key, the encryption of the first data may be restored, making the first data unusable. In this way, the first data is no longer accessible to other electronic devices in the device group.

It should be noted that, although only two or three electronic devices form a device group in the above example, in practical applications, more electronic devices may form a device group, and the present invention is not limited herein.

It is understood that, based on the scenario example, some steps in the above embodiments are performed by a first electronic device, some steps are performed by a second electronic device, and some steps are performed by a third electronic device, but each electronic device forming the device group has the capability of performing all the steps, and is not limited herein.

The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

As used in the above embodiments, the term "when …" may be interpreted to mean "if …" or "after …" or "in response to a determination of …" or "in response to a detection of …", depending on the context. Similarly, depending on the context, the phrase "at the time of determination …" or "if (a stated condition or event) is detected" may be interpreted to mean "if the determination …" or "in response to the determination …" or "upon detection (a stated condition or event)" or "in response to detection (a stated condition or event)".

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, digital subscriber line) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), among others.

One of ordinary skill in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the above method embodiments. And the aforementioned storage medium includes: various media capable of storing program codes, such as ROM or RAM, magnetic or optical disks, etc.

Claims

1. A method for protecting data, comprising:

when the screen locking states of all electronic equipment in the equipment group are determined to be the locking states, the first electronic equipment sets first data as unavailable, and the first data are protected data in the first electronic equipment;

when the screen locking state of any electronic equipment in the equipment group is determined to be the unlocking state, the first electronic equipment sets the first data to be available.

2. The method of claim 1, further comprising:

when the first electronic device determines that the screen locking states of all electronic devices recorded in the screen locking information of the devices in the group of the first electronic device are all locked states, the first electronic device determines that the screen locking states of all electronic devices in the device group are all locked states; the corresponding relation between the identification of the electronic equipment in the equipment group and the screen locking state is recorded in the screen locking information of the in-group equipment;

when the first electronic device determines that the screen locking state of any electronic device recorded in the screen locking information of the devices in the group is the unlocking state, the first electronic device determines that the screen locking state of any electronic device in the device group is the unlocking state.

3. The method according to claim 1 or 2, wherein when it is determined that the screen locking states of all the electronic devices in the device group are the locked state, the first electronic device sets the first data as unavailable, specifically comprising:

when the screen locking state of the virtual terminal is determined to be the locking state, the first electronic equipment sets the first data as unavailable; the screen locking state of the virtual terminal is determined according to the screen locking states of all electronic equipment in the equipment group;

when it is determined that the screen locking state of any electronic device in the device group is the unlocked state, the first electronic device sets the first data as available, specifically including:

and when the screen locking state of the virtual terminal is determined to be the unlocking state, the first electronic equipment sets the first data to be available.

4. The method of claim 3, further comprising:

when the first electronic device determines that the screen locking states of all electronic devices recorded in the screen locking information of the devices in the group are the locked states, the first electronic device determines that the screen locking state of the virtual terminal is the locked state;

when the first electronic device determines that the screen locking state of any electronic device recorded in the screen locking information of the devices in the group is the unlocking state, the first electronic device determines that the screen locking state of the virtual terminal is the unlocking state.

5. The method according to any one of claims 2 to 4, further comprising:

when the screen locking state of the first electronic equipment is the locking state, responding to the unlocking operation of a user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to be the unlocking state by the first electronic equipment;

the first electronic device updates the screen locking state of the first electronic device into unlocking state information and sends the unlocking state information to a second electronic device, and the second electronic device is any one electronic device different from the first electronic device in the device group.

6. The method according to any one of claims 2 to 5, further comprising:

when the screen locking state of the first electronic equipment is an unlocking state, responding to screen locking operation of a user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to a locking state by the first electronic equipment;

and the first electronic equipment updates the screen locking state of the first electronic equipment into the information of the locking state and sends the information to the second electronic equipment.

7. The method according to any one of claims 2 to 6, further comprising:

when the first electronic device receives information that the screen locking state of the third electronic device is updated to the unlocking state, wherein the information is sent by the third electronic device, the screen locking state of the third electronic device is updated to the unlocking state in the screen locking information of the devices in the group by the first electronic device; the third electronic device is any electronic device in the device group, which is different from the first electronic device;

when the first electronic device receives information that the screen locking state of the third electronic device sent by the third electronic device is updated to the locking state, the first electronic device updates the screen locking state of the third electronic device to the locking state in the screen locking information of the devices in the group.

8. The method according to any one of claims 2 to 7, further comprising:

when the first electronic device determines that a fourth electronic device is accessed to a device group, or when the first electronic device is accessed to the device group where the fourth electronic device is located, the first electronic device adds an entry recording a screen locking state of the fourth electronic device in the in-group device screen locking information, and the fourth electronic device is any one of the electronic devices in the device group, which is different from the first electronic device.

9. The method according to claim 8, wherein the adding, by the first electronic device, an entry that records the screen locking state of the fourth electronic device in the in-group device screen locking information specifically includes:

the first electronic device adds an initialization entry for recording the screen locking state of the fourth electronic device in the screen locking information of the devices in the group, and sets the screen locking state of the fourth electronic device to be a locking state in the initialization entry.

10. The method of claim 9, wherein after the step of the first electronic device adding an initialization entry to record the lock screen status of the fourth electronic device in the in-group device lock screen information, the method further comprises:

the first electronic equipment receives information that the screen locking state of the fourth electronic equipment is an unlocking state and is sent by the fourth electronic equipment;

and the first electronic equipment updates the screen locking state of the fourth electronic equipment in the screen locking information of the equipment in the group to an unlocking state.

11. The method according to any one of claims 2 to 10, further comprising:

when the first electronic device determines that a fifth electronic device exits the device group, deleting, by the first electronic device, an entry recording a screen locking state of the fifth electronic device in the in-group device screen locking information, where the fifth electronic device is any one of the electronic devices in the device group different from the first electronic device.

12. The method according to any one of claims 2 to 11, further comprising:

when the first electronic device exits the device group, the first electronic device deletes all entries recording screen locking states of other electronic devices in the device group in the in-group device screen locking information.

13. The method according to any one of claims 1 to 12, wherein the first electronic device making the first data unavailable specifically comprises:

the first electronic device discarding a class key, encrypting the first data, making the first data unavailable; the class key is used for decrypting the first data;

the first electronic device sets the first data as available, and specifically includes:

and the first electronic equipment loads the class key and decrypts the first data to make the first data available.

14. A first electronic device, wherein the first electronic device comprises: one or more processors and memory;

the memory coupled with the one or more processors, the memory to store computer program code, the computer program code including computer instructions, the one or more processors to invoke the computer instructions to cause the first electronic device to perform:

when the screen locking states of all electronic equipment in the equipment group are determined to be locking states, setting first data as unavailable, wherein the first data are protected data in the first electronic equipment;

and when the screen locking state of any electronic equipment in the equipment group is determined to be the unlocking state, setting the first data as available.

15. The first electronic device of claim 14, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when it is determined that the screen locking states of all the electronic devices recorded in the in-group device screen locking information of the first electronic device are all locked states, determining that the screen locking states of all the electronic devices in the device group are all locked states; the corresponding relation between the identification of the electronic equipment in the equipment group and the screen locking state is recorded in the screen locking information of the in-group equipment;

and when the screen locking state of any electronic equipment recorded in the screen locking information of the equipment in the group is determined to be the unlocking state, determining that the screen locking state of any electronic equipment in the equipment group is the unlocking state.

16. The first electronic device of claim 14 or 15, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when the screen locking state of the virtual terminal is determined to be the locking state, setting the first data as unavailable; the screen locking state of the virtual terminal is determined according to the screen locking states of all electronic equipment in the equipment group;

and when the screen locking state of the virtual terminal is determined to be the unlocking state, setting the first data as available.

17. The first electronic device of claim 16, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when it is determined that the screen locking states of all the electronic devices recorded in the screen locking information of the devices in the group are all the locking states, determining that the screen locking state of the virtual terminal is the locking state;

and when the screen locking state of any electronic equipment recorded in the screen locking information of the in-group equipment is determined to be the unlocking state, determining that the screen locking state of the virtual terminal is the unlocking state.

18. The first electronic device of any of claims 15-17, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when the screen locking state of the first electronic equipment is the locking state, responding to the unlocking operation of a user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to be the unlocking state;

and updating the screen locking state of the first electronic equipment into unlocking state information, and sending the unlocking state information to second electronic equipment, wherein the second electronic equipment is any one of the electronic equipment in the equipment group different from the first electronic equipment.

19. The first electronic device of any of claims 15-18, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when the screen locking state of the first electronic equipment is an unlocking state, responding to screen locking operation of a user, and updating the screen locking state of the first electronic equipment recorded in the screen locking information of the equipment in the group to a locking state;

and updating the screen locking state of the first electronic equipment into the information of the locking state, and sending the information to the second electronic equipment.

20. The first electronic device of any of claims 15-19, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when information that the screen locking state of the third electronic equipment is updated to the unlocking state and sent by the third electronic equipment is received, updating the screen locking state of the third electronic equipment to the unlocking state by the screen locking information of the equipment in the group; the third electronic device is any electronic device in the device group, which is different from the first electronic device;

and when receiving information that the screen locking state of the third electronic equipment sent by the third electronic equipment is updated to the locking state, updating the screen locking state of the third electronic equipment to the locking state in the group by the screen locking information of the equipment in the group.

21. The first electronic device of any of claims 15-20, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when it is determined that a fourth electronic device is accessed to a device group or is accessed to a device group where the fourth electronic device is located, an entry recording a screen locking state of the fourth electronic device is added to the in-group device screen locking information, wherein the fourth electronic device is any one electronic device in the device group, which is different from the first electronic device.

22. The first electronic device of claim 21, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

adding an initialization item for recording the screen locking state of the fourth electronic device in the screen locking information of the devices in the group, and setting the screen locking state of the fourth electronic device to be a locking state in the initialization item.

23. The first electronic device of claim 22, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

receiving information that the screen locking state of the fourth electronic equipment is an unlocking state and sent by the fourth electronic equipment;

and updating the screen locking state of the fourth electronic equipment in the screen locking information of the devices in the group to be an unlocking state.

24. The first electronic device of any of claims 15-23, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

and when determining that a fifth electronic device exits the device group, deleting an entry recording a screen locking state of the fifth electronic device in the in-group device screen locking information, wherein the fifth electronic device is any electronic device in the device group, which is different from the first electronic device.

25. The first electronic device of any of claims 15-24, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

and when the equipment group exits, deleting all items recording the screen locking states of other electronic equipment in the equipment group in the in-group equipment screen locking information.

26. The first electronic device of any of claims 14-25, wherein the one or more processors are further configured to invoke the computer instructions to cause the first electronic device to perform:

when the screen locking states of all electronic equipment in the equipment group are determined to be the locking states, discarding the class key, and encrypting the first data to make the first data unavailable; the class key is used for decrypting the first data;

and when the screen locking state of any electronic equipment in the equipment group is determined to be the unlocking state, loading the class key, and decrypting the first data to enable the first data to be available.

27. A chip system for application to a first electronic device, the chip system comprising one or more processors for invoking computer instructions to cause the first electronic device to perform the method of any of claims 1-13.

28. A computer program product comprising instructions for causing a first electronic device to perform the method of any one of claims 1-13 when the computer program product is run on the first electronic device.

29. A computer-readable storage medium comprising instructions that, when executed on a first electronic device, cause the first electronic device to perform the method of any of claims 1-13.