CN115033899B - Application data migration method, terminal equipment and storage medium - Google Patents

Application data migration method, terminal equipment and storage medium Download PDF

Info

Publication number
CN115033899B
CN115033899B CN202111426154.3A CN202111426154A CN115033899B CN 115033899 B CN115033899 B CN 115033899B CN 202111426154 A CN202111426154 A CN 202111426154A CN 115033899 B CN115033899 B CN 115033899B
Authority
CN
China
Prior art keywords
terminal device
server
identifier
application data
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111426154.3A
Other languages
Chinese (zh)
Other versions
CN115033899A (en
Inventor
韩业飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202111426154.3A priority Critical patent/CN115033899B/en
Publication of CN115033899A publication Critical patent/CN115033899A/en
Application granted granted Critical
Publication of CN115033899B publication Critical patent/CN115033899B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/185Hierarchical storage management [HSM] systems, e.g. file migration or policies thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Human Computer Interaction (AREA)
  • Data Mining & Analysis (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application provides a migration method of application data, terminal equipment and a storage medium, wherein the method comprises the following steps: receiving first information sent by other equipment in response to the first request; the first request is used for indicating that the application data in the first terminal equipment is requested to be migrated, and the first information comprises a second public key of the second terminal equipment; the other devices are servers or second terminal devices; encrypting the application data in the first terminal equipment by adopting a second public key to obtain encrypted application data; and sending the encrypted application data to the second terminal equipment, wherein the encrypted application data is used for being decrypted and then stored in the second terminal equipment. Therefore, the automatic migration of the application data in the terminal equipment can be completed, and the migration efficiency of the application data is improved.

Description

Application data migration method, terminal equipment and storage medium
Technical Field
The present application relates to the field of terminal technologies, and in particular, to a migration method of application data, a terminal device, and a storage medium.
Background
At present, with the development of terminal technology, a plurality of applications can be set in the terminal equipment, and then the terminal equipment adopts different applications to complete corresponding functions.
In the prior art, a user may have a need to replace a terminal device. The new terminal device has no application and application data in the old terminal device, and thus the user is required to manually download and set the application in the new terminal device again, and the user is required to manually download and set the application data in the new terminal device.
But requires the user to frequently operate the terminal equipment, and then download and set application data in the new terminal equipment; the migration speed of the application data is slower, and the user experience is poorer.
Disclosure of Invention
The embodiment of the application provides an application data migration method, terminal equipment and a storage medium, which can finish automatic migration of application data in the terminal equipment and improve migration efficiency of the application data.
In a first aspect, an embodiment of the present application provides a method for migrating application data, where the method is applied to a first terminal device, and the method includes:
Receiving first information sent by other equipment in response to the first request; the first request is used for indicating to request to migrate application data in the first terminal equipment, and the first request comprises a first identifier of the first terminal equipment and a second identifier of the second terminal equipment; the first information comprises a second public key of the second terminal equipment; the other devices are servers or second terminal devices; encrypting the application data in the first terminal equipment by adopting a second public key to obtain encrypted application data; and sending the encrypted application data to the second terminal equipment, wherein the encrypted application data is used for being decrypted and then stored in the second terminal equipment.
Thus, the automatic migration of the application data in the first terminal equipment is completed, and the application data in the first terminal equipment is automatically migrated to the second terminal equipment; and the migration efficiency of the application data is improved.
In one possible implementation, before receiving the first information sent by the other device in response to the first request, the method further includes: and acquiring the second identifier, and sending a first request to other equipment according to the second identifier and the pre-stored first identifier. In this way, the migration of the application data can be triggered based on the first terminal device, and the second identifier of the second terminal device that needs to store the application data can be obtained.
In one possible implementation, obtaining the second identifier includes: responding to a first triggering operation of a user on a first page of first terminal equipment, and acquiring a second identifier indicated by the first triggering operation; or responding to the first voice information sent by the user, and determining a second identifier indicated by the first voice information; or receiving a second identifier sent by the second terminal equipment through the server; or receiving a second identifier sent by the second terminal device through a short-distance communication mode. In this way, a plurality of ways of obtaining the second identifier are provided, so that the second terminal equipment needing to store the application data can be conveniently determined
In one possible implementation, the first request further includes third signature information; the other devices store a first public key of the first terminal device; before sending the first request to the other device according to the second identifier and the pre-stored first identifier, the method further comprises: according to a pre-stored first private key of the first terminal equipment, carrying out signature processing on the first identifier and the second identifier to obtain third signature information; the third signature information is used for verifying the third signature information according to the first public key; the first information is received after verification of the third signature information. In this way, the first public key is adopted to confirm and verify the third signature information, so that the security of information interaction between the first terminal equipment and the server is ensured.
In one possible implementation, the first request is generated after the second terminal device obtains the second identifier. In this way, the migration of the application data can be triggered based on the second terminal device, and the second identifier of the second terminal device that needs to store the application data can be obtained.
In one possible implementation manner, the second identifier is acquired based on a second trigger operation on a second page of the second terminal device by the user, where the second trigger operation is used to indicate the second identifier; or the second identifier is acquired based on second voice information sent by the user, and the second voice information is used for indicating the second identifier; or the second identifier is sent to the second terminal equipment by the first terminal equipment through a short-distance communication mode; or the second identifier is sent to the second terminal device by the first terminal device through the server. In this way, a plurality of ways of obtaining the second identifier are provided, so that the second terminal device needing to store the application data can be conveniently determined.
In a possible implementation manner, the first request further includes fourth signature information, where the fourth signature information is obtained by performing signature processing on the first identifier and the second identifier according to a second private key of the second terminal device; the other devices store second public keys of the second terminal device, and the first information is received after verification of the fourth signature information is passed. In this way, the second public key can be used for determining and verifying the fourth signature information, so that the security of information interaction between the second terminal equipment and the server is ensured.
In one possible implementation manner, if the other device is a server, a preset identifier list is stored in the server, and the preset identifier list includes at least one identifier of the terminal device; the first identifier and the second identifier in the first request are used for performing identifier verification according to a preset identifier list; wherein the first information is received after verification of the first identifier and the second identifier in the first request is passed. In this way, the received first identifier and second identifier can be judged to exist in the preset identifier list, and further whether the second certificate and the second public key of the second terminal equipment can be sent to the first terminal equipment or not is judged, so that the safety of data interaction is ensured.
In one possible implementation manner, if the other device is a server, the server stores a second certificate of the second terminal device, where the second certificate is generated according to a second public key and carries second signature information, and the second signature information is obtained by signing the second certificate according to a third private key of the server; the first terminal device has stored therein a third public key of the server. The method further comprises the steps of: receiving a second certificate sent by a server; or the first information further includes a second certificate. And if the second certificate passes the verification according to the third public key and the second signature information, executing the step of encrypting the application data in the first terminal equipment by adopting the second public key to obtain encrypted application data. In this way, the second certificate is verified according to the third public key and the second signature information, and further the security of information interaction between the first terminal device and the server is guaranteed.
In one possible implementation manner, if the other device is a second terminal device, the second terminal device stores a second certificate of the second terminal device, where the second certificate is generated according to a second public key and carries fifth signature information, and the fifth signature information is obtained by signing the second certificate according to a second private key of the second terminal device; the method further comprises the steps of: receiving a second certificate sent by second terminal equipment; or the first information also comprises a second certificate; and if the second certificate passes the verification according to the second public key and the fifth signature information, executing the step of encrypting the application data in the first terminal equipment by adopting the second public key to obtain encrypted application data. In this way, the second certificate is verified according to the second public key and the fifth signature information, and further the safety of information interaction between the first terminal device and the second terminal device is guaranteed.
In one possible implementation manner, encrypting the application data in the first terminal device by using the second public key to obtain encrypted application data includes: encrypting application data of each application in the first terminal equipment by adopting a second public key to obtain encrypted application data; or responding to a third instruction, wherein the third instruction is used for indicating the application data in the first terminal equipment, and encrypting the application data indicated by the third instruction by adopting the second public key to obtain encrypted application data. In this way, all or part of the application data in the first terminal device can be migrated.
In one possible implementation, before responding to the third instruction, the method further includes: responding to a third triggering operation of a user on a third page of the first terminal equipment, wherein the third triggering operation is used for indicating application data in the first terminal equipment and generating a third instruction; or receiving a third instruction sent by the second terminal equipment through the server, wherein the third instruction is generated based on a fourth triggering operation of a user on a fourth page of the second terminal equipment, and the fourth triggering operation is used for indicating application data in the first terminal equipment; or receiving a third instruction sent by the second terminal equipment through a short-distance communication mode, wherein the third instruction is generated by a fourth triggering operation of a user on a fourth page of the second terminal equipment, and the fourth triggering operation is used for indicating application data in the first terminal equipment. In this way, the application data that needs to be migrated can be indicated by the first terminal device or the second terminal device.
In one possible implementation, sending the encrypted application data to the second terminal device includes: the encrypted application data is sent to the second terminal equipment through the server; or sending the encrypted application data to the second terminal device through a short-distance communication mode. In this way, the first terminal device and the second terminal device can transmit the application data with the server or in a short-distance communication mode, and signaling expenditure can be saved when the application data is transmitted in the short-distance communication mode.
In one possible implementation, the method further includes: receiving a second message sent by a second terminal device through a server, wherein the second message represents whether migration of application data is successful or not; or receiving a second message sent by the second terminal equipment through a short-distance communication mode. Thus, the second terminal device informs the first terminal device of the migration result.
In one possible implementation, the method further includes: and deleting the application data sent by the first terminal equipment. In this way, the first terminal device deletes the migrated application data, and saves the storage space of the first terminal device.
In one possible implementation, the server stores a third public-private key pair of the server, the third public-private key pair including a third public key and a third private key; the method further comprises the steps of: generating a first public-private key pair and a first identifier, wherein the first public-private key pair comprises a first public key and a first private key; responding to the first instruction sent by the server, and sending a fifth message to the server; the first instruction is used for indicating to acquire a first public key of the first terminal equipment, and the fifth message comprises the first public key and a first identifier; the first public key is used for generating a first certificate of the first terminal equipment, and the third private key is used for signing the first certificate to obtain first signature information; receiving a third public key and a first certificate carrying first signature information sent by a server; and if the verification of the first signature information according to the third public key is confirmed to pass, storing the first certificate and the third public key. In this way, the server completes the interaction procedure with the first terminal device in advance, so that the first terminal device can store the first certificate and the third public key.
In one possible implementation, the first request is a message encrypted with a first key of a first embedded security module chip of the first terminal device; the first information is information encrypted using the first key. The signaling interaction between the first terminal equipment and the server is encrypted through the first key, so that the information security is ensured.
In one possible implementation manner, the first terminal device stores a first public-private key pair, where the first public-private key pair is a public-private key pair of a first embedded security module chip of the first terminal device, and the first public-private key pair includes a first public key and a first private key; the second terminal equipment stores a second public-private key pair, wherein the second public-private key pair is a public-private key pair of a second embedded security module chip of the second terminal equipment, and the second public-private key pair comprises a second public key and a second private key.
In a second aspect, an embodiment of the present application provides a method for migrating application data, where the method is applied to a second terminal device, and the method includes:
receiving encrypted application data sent by a first terminal device; the encrypted application data is obtained by encrypting a second public key of the second terminal equipment; the second public key is sent to the first terminal equipment through first information by the server or the second terminal equipment, and the first information is sent in response to the first request; the first request is used for indicating to request to migrate the application data in the first terminal equipment, and the first request comprises a first identifier of the first terminal equipment and a second identifier of the second terminal equipment;
and decrypting the encrypted application data according to a pre-stored second private key of the second terminal equipment to obtain and store the application data of the first terminal equipment.
In one possible implementation, the first request is generated after the first terminal device obtains the second identifier.
In one possible implementation manner, the second identifier is obtained based on a first trigger operation on a first page of the first terminal device by the user, where the first trigger operation is used to indicate the second identifier; or the second identifier is acquired based on the first voice information sent by the user, and the first voice information is used for indicating the second identifier; or the second identifier is sent to the first terminal equipment by the second terminal equipment through a short-distance communication mode; or the second identifier is sent to the first terminal device by the server.
In one possible implementation, the first request further includes third signature information; the server or the first terminal device stores a first public key of the first terminal device, and the first information is sent after verification of the third signature information by the first public key is passed.
In one possible implementation manner, before receiving the encrypted application data sent by the first terminal device, the method further includes: and acquiring the second identifier, and sending a first request to the server or the first terminal equipment according to the second identifier and the pre-stored first identifier.
In one possible implementation, obtaining the second identifier includes: responding to a second triggering operation of a user on a second page of second terminal equipment, and acquiring a second identifier indicated by the second triggering operation; or responding to the second voice information sent by the user, and determining a second identifier indicated by the second voice information; or receiving a second identifier sent by the first terminal equipment through the server; or receiving a second identifier sent by the first terminal device through a short-distance communication mode.
In one possible implementation, the first request further includes fourth signature information; the server or the first terminal device stores a second public key of the second terminal device; before sending the first request to the server or the first terminal device according to the second identifier and the pre-stored first identifier, the method further comprises: carrying out signature processing on the first identifier and the second identifier according to a pre-stored second private key of the second terminal equipment to obtain fourth signature information; the fourth signature information is used for verifying the fourth signature information according to the first public key of the first terminal equipment; the first information is transmitted after the verification of the fourth signature information is passed.
In one possible implementation manner, a preset identification list is stored in the server, wherein the preset identification list comprises at least one identification of the terminal equipment; the first identifier and the second identifier in the first request are used for performing identifier verification according to a preset identifier list; the first information is sent after verification of the first identifier and the second identifier in the first request is passed.
In one possible implementation manner, the server stores a second certificate of the second terminal device, the second certificate is generated according to a second public key, and the second certificate carries second signature information, and the second signature information is obtained by signing the second certificate according to a third private key of the server; the first terminal equipment stores a third public key of the server; the server is further configured to send the second certificate, or the first information includes the second certificate; the encrypted application data is received after the second certificate is verified according to the third public key and the second signature information.
In one possible implementation manner, the second terminal device stores a second certificate of the second terminal device, where the second certificate is generated according to a second public key, and the second certificate carries fifth signature information, and the fifth signature information is obtained by signing the second certificate according to a second private key of the second terminal device. The method further comprises the steps of: sending a second certificate to the first terminal device; or the first information includes the second certificate. The encrypted application data is received after the second certificate is verified according to the third public key and the fifth signature information of the server.
In one possible implementation manner, the encrypted application data is application data of each application in the first terminal device; or the encrypted application data is the application data in the first terminal device indicated by the third instruction.
In one possible implementation, the method further includes: responding to a fourth triggering operation of the user on a fourth page of the second terminal equipment, wherein the fourth triggering operation is used for indicating application data in the first terminal equipment, and sending a third instruction to the first terminal equipment through a short-distance communication mode or a server.
In one possible implementation manner, receiving encrypted application data sent by the first terminal device includes: receiving encrypted application data sent by a first terminal device through a server; or receiving the encrypted application data sent by the first terminal device through the short-distance communication mode.
In one possible implementation of the present invention, the method further comprises the steps of: sending a second message to the first terminal device through the server, wherein the second message characterizes whether migration of the application data is successful or not; or sending the second message to the first terminal device through a short-distance communication mode.
In one possible implementation, the server stores a third public-private key pair of the server, the third public-private key pair including a third public key and a third private key; the method further comprises the steps of: generating a second public-private key pair and a second identifier, wherein the second public-private key pair comprises a second public key and a second private key; transmitting a sixth message to the server in response to the second instruction transmitted by the server; the second instruction is used for indicating to acquire a second public key of the second terminal equipment, and the sixth message comprises the second public key and a second identifier; the second public key is used for generating a second certificate of the second terminal equipment, and the third private key is used for signing the second certificate to obtain second signature information; receiving a third public key and a second certificate carrying second signature information sent by a server; and if the verification of the second signature information according to the third public key is confirmed to pass, storing the second certificate and the third public key. In this way, the server completes the interaction procedure with the first terminal device in advance, so that the second terminal device can store the second certificate and the third public key.
In one possible implementation, the first request is a message encrypted with a first key of a first embedded security module chip of the first terminal device; the first information is information encrypted using the first key.
In one possible implementation manner, the first terminal device stores a first public-private key pair, where the first public-private key pair is a public-private key pair of a first embedded security module chip of the first terminal device, and the first public-private key pair includes a first public key and a first private key; the second terminal equipment stores a second public-private key pair, wherein the second public-private key pair is a public-private key pair of a second embedded security module chip of the second terminal equipment, and the second public-private key pair comprises a second public key and a second private key.
In one possible implementation manner, before decrypting the encrypted application data according to the pre-stored second private key of the second terminal device to obtain and store the application data of the first terminal device, the method further includes: sending a third message to the server, wherein the third message comprises a second key, and the second key is a second key of a second embedded security module chip of the second terminal equipment; and receiving a fourth message sent by the server, wherein the fourth message characterizes that the second key in the third message is consistent with the second key prestored by the server. Thus, when the second terminal device decrypts the encrypted application data, interaction between the second terminal device and the server is required to verify the validity of the data storage of the second terminal device.
In a third aspect, an embodiment of the present application provides a migration method of application data, where the method is applied to a server, and the method includes:
responding to a first request initiated by the first terminal equipment or the second terminal equipment, and sending first information to the first terminal equipment; the first request is used for indicating to request to migrate application data in the first terminal equipment, and the first request comprises a first identifier of the first terminal equipment and a second identifier of the second terminal equipment; the first information comprises a second public key of the second terminal equipment; receiving encrypted application data sent by a first terminal device, wherein the encrypted application data is obtained by encrypting the application data in the first terminal device according to a second public key; and sending the encrypted application data to the second terminal equipment, wherein the encrypted application data is used for being decrypted and then stored in the second terminal equipment.
In one possible implementation manner, if the first request is initiated by the first terminal device, the first request further includes third signature information; the server stores a first public key of the first terminal device; transmitting first information to a first terminal device, including: verifying the third signature information according to the first public key; and if the verification of the third signature information is confirmed to pass, the first information is sent to the first terminal equipment.
In one possible implementation manner, if the first request is initiated by the second terminal device, the first request further includes fourth signature information; the fourth signature information is obtained by carrying out signature processing on the first identifier and the second identifier according to a second private key of the second terminal equipment; the server stores a second public key of the second terminal device; transmitting first information to a first terminal device, including: verifying the fourth signature information according to the second public key; and if the verification of the fourth signature information is confirmed to pass, the first information is sent to the first terminal equipment.
In one possible implementation manner, a preset identification list is stored in the server, wherein the preset identification list comprises at least one identification of the terminal equipment; before sending the first information to the first terminal device, the method further comprises: according to a preset identification list, carrying out identification verification on a first identification and a second identification in a first request; and if the verification of the first identifier and the second identifier in the first request is confirmed to pass, executing the step of sending the first information to the first terminal equipment.
In one possible implementation manner, the server stores a second certificate of the second terminal device, the second certificate is generated according to a second public key, and the second certificate carries second signature information, and the second signature information is obtained by signing the second certificate according to a third private key of the server; the first terminal equipment stores a third public key of the server; the method further comprises the steps of: sending a second certificate to the first terminal device; or the first information also comprises a second certificate; wherein the third public key and the second signature information are used to verify the second certificate.
In one possible implementation manner, the encrypted application data is application data of each application in the first terminal device; or the encrypted application data is the application data in the first terminal device indicated by the third instruction.
In one possible implementation, the method further includes: receiving a second message sent by a second terminal device, wherein the second message represents whether migration of application data is successful or not; and sending the second message to the first terminal equipment.
In one possible implementation, the server stores a third public-private key pair of the server, the third public-private key pair including a third public key and a third private key; the first terminal device stores a first public-private key pair and a first identifier, wherein the first public-private key pair comprises a first public key and a first private key; the method further comprises the steps of: sending a first instruction to first terminal equipment; the first instruction is used for indicating to acquire a first public key of the first terminal equipment; receiving a fifth message sent by the first terminal equipment; wherein the fifth message comprises the first public key and the first identifier; generating a first certificate of the first terminal equipment according to the first public key, and carrying out signature processing on the first certificate according to the third private key to obtain first signature information; transmitting the third public key and a first certificate carrying first signature information to the first terminal equipment; wherein the first signature information is for being verified, the first certificate and the third public key are for being stored.
In one possible implementation, the server stores a third public-private key pair of the server, the third public-private key pair including a third public key and a third private key; the second terminal equipment stores a second public-private key pair and a second identifier, wherein the second public-private key pair comprises a second public key and a second private key; the method further comprises the steps of: sending a second instruction to second terminal equipment; the second instruction is used for indicating to acquire a second public key of the second terminal equipment; receiving a sixth message sent by the second terminal equipment; wherein the sixth message includes the second public key and the second identifier; generating a second certificate of the second terminal equipment according to the second public key, and carrying out signature processing on the second certificate according to the third private key to obtain second signature information; transmitting the third public key and a second certificate carrying second signature information to a second terminal device; wherein the second signature information is for being verified, the second certificate and the third public key are for being stored.
In one possible implementation, the first request is a message encrypted with a first key of a first embedded security module chip of the first terminal device; the first information is information encrypted using the first key.
In one possible implementation manner, the first terminal device stores a first public-private key pair, where the first public-private key pair is a public-private key pair of a first embedded security module chip of the first terminal device, and the first public-private key pair includes a first public key and a first private key; the second terminal equipment stores a second public-private key pair, wherein the second public-private key pair is a public-private key pair of a second embedded security module chip of the second terminal equipment, and the second public-private key pair comprises a second public key and a second private key.
In one possible implementation manner, after sending the encrypted application data to the second terminal device, the method further includes: receiving a third message sent by the second terminal equipment, wherein the third message comprises a second key, and the second key is a second key of a second embedded security module chip of the second terminal equipment; and if the second key in the third message is consistent with the second key prestored in the server, sending a fourth message to the second terminal equipment, wherein the fourth message represents that the second key in the third message is consistent with the second key prestored in the server.
In a fourth aspect, an embodiment of the present application provides an application data migration apparatus, where the application data migration apparatus may be an electronic device, or may be a chip or a chip system in the electronic device; the electronic equipment is a first terminal equipment, a second terminal equipment or a server. The migration device of the application data may include a display unit and a processing unit; or the migration device of the application data may include a receiving unit, a display unit, and a processing unit. When the migration device of the application data is an electronic device, the display unit may be a display screen. The display unit is configured to perform the step of displaying, so that the electronic device implements a migration apparatus of application data described in the first aspect or any one of the possible implementations of the first aspect. When the migration means of the application data is an electronic device, the processing unit may be a processor. The migration means of application data may further comprise a storage unit, which may be a memory. The storage unit is configured to store instructions, and the processing unit executes the instructions stored in the storage unit, so that the electronic device implements an application data migration apparatus described in the first aspect or any one of possible implementation manners of the first aspect. When the migration means of the application data is a chip or a system of chips within the electronic device, the processing unit may be a processor. The processing unit executes the instructions stored by the storage unit to cause the electronic device to implement the first aspect or a migration apparatus of application data as described in any one of the possible implementations of the first aspect. The memory unit may be a memory unit (e.g., a register, a cache, etc.) within the chip, or a memory unit (e.g., a read-only memory, a random access memory, etc.) within the electronic device that is external to the chip.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: means for performing any of the aspects above or any of the possible implementations of any of the aspects above. The electronic equipment is a first terminal equipment, a second terminal equipment or a server.
In a sixth aspect, an embodiment of the present application provides an electronic device, including: a display unit, a processor and an interface circuit; wherein the interface circuit is for communicating with other devices; the display unit is used for executing the step of display; the processor is configured to execute code instructions or a computer program to perform the method of any one of the possible implementations of the first aspect. The electronic equipment is a first terminal equipment, a second terminal equipment or a server.
In one possible implementation, the electronic device further includes: a memory; the memory is used to store code instructions or computer programs.
In a seventh aspect, an embodiment of the present application provides an application data migration system, including a server, a first terminal device, and a second terminal device in any one of the above aspects; or comprises the first terminal device and the second terminal device of any of the above aspects.
In an eighth aspect, embodiments of the present application provide a computer-readable storage medium having stored therein a computer program or instructions which, when run on a computer, cause the computer to perform the method performed by the electronic device described in any one of the possible implementations of the first aspect.
In a ninth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when run on a computer, causes the computer to perform the method performed by the electronic device described in any one of the possible implementations of the first aspect.
It should be understood that, the second aspect to the ninth aspect of the present application correspond to the technical solutions of the first aspect of the present application, and the advantages obtained by each aspect and the corresponding possible embodiments are similar, and are not repeated.
Drawings
Fig. 1 shows a first schematic view of a scenario to which the migration method of application data according to the embodiment of the present application is applicable;
fig. 2 shows a second scenario diagram to which the migration method of application data according to the embodiment of the present application is applicable;
Fig. 3 shows a third scenario diagram to which the migration method of application data according to the embodiment of the present application is applicable;
Fig. 4 shows a schematic structural diagram of the terminal device 100;
fig. 5 is a block diagram of a software structure of a terminal device 100 according to an embodiment of the present application;
fig. 6 is a second software architecture block diagram of the terminal device 100 according to the embodiment of the present application;
fig. 7 is a software architecture block diagram III of the terminal device 100 according to the embodiment of the present application;
fig. 8 is a signaling diagram of a migration method of application data according to an embodiment of the present application;
FIG. 9 is a first interface diagram of a migration method of application data according to an embodiment of the present application;
FIG. 10 is a second interface schematic diagram of a migration method of application data according to an embodiment of the present application;
FIG. 11 is a third interface schematic diagram of a migration method of application data according to an embodiment of the present application;
fig. 12 is a signaling diagram of a server storing a first public key in a migration method of application data according to an embodiment of the present application;
fig. 13 is a second signaling diagram of storing a first public key by a server in the migration method of application data according to the embodiment of the present application;
fig. 14 is a signaling diagram one of a server storing a second public key in a migration method of application data according to an embodiment of the present application;
Fig. 15 is a signaling diagram two of a server storing a second public key in the migration method of application data according to the embodiment of the present application;
FIG. 16 is a fourth interface schematic diagram of a migration method of application data according to an embodiment of the present application;
FIG. 17 is a fifth interface schematic diagram of a migration method of application data according to an embodiment of the present application;
FIG. 18 is a first software structure diagram of a migration method of application data according to an embodiment of the present application;
FIG. 19 is a second software structure diagram of a migration method of application data according to an embodiment of the present application;
FIG. 20 is a third software structure diagram of a migration method of application data according to an embodiment of the present application;
FIG. 21 is a fourth software structure diagram of a migration method of application data according to an embodiment of the present application;
FIG. 22 is a signaling diagram of another method for migrating application data according to an embodiment of the present application;
FIG. 23 is a signaling diagram of another method for migrating application data according to an embodiment of the present application;
fig. 24 is a signaling diagram of another migration method of application data according to an embodiment of the present application;
FIG. 25 is a signaling diagram of another method for migrating application data according to an embodiment of the present application;
FIG. 26 is a signaling diagram of another method for migrating application data according to an embodiment of the present application;
fig. 27 is a schematic structural diagram of a chip according to an embodiment of the present application;
Fig. 28 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In embodiments of the present application, the words "first," "second," and the like are used to distinguish between identical or similar items that have substantially the same function and effect. For example, the first chip and the second chip are merely for distinguishing different chips, and the order of the different chips is not limited. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the embodiments of the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
Terminal devices have become an indispensable tool in the life of people. A plurality of applications may be set in the terminal device. And the terminal equipment adopts different applications to complete corresponding functions.
With the development and progress of the living standard of people, the user may have a need to replace the terminal device. The new terminal device has no application and application data in the old terminal device, and thus the user is required to manually download and set the application in the new terminal device again, and the user is required to manually download and set the application data in the new terminal device.
However, in the above process, the user is required to frequently operate the terminal device, and then download and set application data in the new terminal device; wherein the application data comprises: program files of the application, data of the application, etc. And cannot automatically migrate application data from one terminal device to another. The migration speed of the application data is slower, and the user experience is poorer.
In view of this, the method for migrating application data provided by the embodiment of the present application can complete automatic migration of application data in the first terminal device, and automatically migrate application data in the first terminal device to the second terminal device; and the migration efficiency of the application data is improved.
Fig. 1 shows a first schematic view of a scenario to which the migration method of application data according to the embodiment of the present application is applicable. As shown in fig. 1, the first terminal device 100a and the second terminal device 100b interact through the electronic device 101, so that application data in the first terminal device 100a is migrated to the second terminal device 100b, and migration of the application data is automatically completed.
Fig. 2 shows a second scenario diagram to which the migration method of application data according to the embodiment of the present application is applicable. As shown in fig. 2, the first terminal device 100a and the second terminal device 100b directly interact with each other, for example, the first terminal device 100a and the second terminal device 100b interact with each other through a short-distance communication manner, so that application data in the first terminal device 100a is migrated to the second terminal device 100b, and migration of the application data is automatically completed. The short-range communication method is, for example: bluetooth communication, infrared transmission data (THE INFRARED DATA, IRDA) communication, and the like.
Fig. 3 shows a third scenario diagram to which the migration method of application data according to the embodiment of the present application is applicable. As shown in fig. 3, the first terminal device 100a and the second terminal device 100b interact with each other through the electronic device 101, and the first terminal device 100a and the second terminal device 100b interact directly with each other (for example, the first terminal device 100a and the second terminal device 100b interact with each other through a short-distance communication manner), through the above interaction process, application data in the first terminal device 100a is further migrated to the second terminal device 100b, and migration of the application data is automatically completed.
Wherein the application data comprises: program files of the application, data of the application, etc.
The first terminal device 100a and the second terminal device 100b may be represented by the terminal device 100.
The terminal device 100 may also be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), or the like. The terminal device may be a mobile phone, a smart television, a wearable device, a tablet (Pad), a computer with wireless transceiving function, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self-driving), a wireless terminal in teleoperation (remote medical surgery), a wireless terminal in smart grid (SMART GRID), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (SMART CITY), a wireless terminal in smart home (smart home), or the like. The embodiment of the application does not limit the specific technology and the specific equipment form adopted by the terminal equipment.
The electronic device 101 may be a terminal device or a server.
In order to better understand the embodiments of the present application, the following describes the structure of the terminal device according to the embodiments of the present application:
Fig. 4 shows a schematic structural diagram of the terminal device 100. The terminal device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a key 190, a motor 191, an indicator 192, a camera 193, a display 194, a subscriber identity module (subscriberidentification module, SIM) card interface 195, and an embedded security module (embedded secure element, eSE) chip 196, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
It is to be understood that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the terminal device 100. In other embodiments of the application, terminal device 100 may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processingunit, GPU), an image signal processor (IMAGE SIGNAL processor, ISP), a controller, a video codec, a digital signal processor (DIGITAL SIGNAL processor, DSP), a baseband processor, and/or a neural-Network Processor (NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.
A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it may be called from memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.
In some embodiments, the processor 110 may include one or more interfaces. The interfaces may include an integrated circuit (inter-INTEGRATED CIRCUIT, I2C) interface, an integrated circuit built-in audio (inter-INTEGRATED CIRCUITSOUND, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purposeinput/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.
It should be understood that the interfacing relationship between the modules illustrated in the embodiment of the present application is illustrated schematically, and does not constitute a structural limitation of the terminal device 100. In other embodiments of the present application, the terminal device 100 may also use different interfacing manners, or a combination of multiple interfacing manners in the foregoing embodiments.
The wireless communication function of the terminal device 100 can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.
The terminal device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.
The display screen 194 is used to display images, videos, and the like. The display 194 includes a display panel. The display panel may employ a Liquid Crystal Display (LCD) screen (liquid CRYSTAL DISPLAY), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED) or an active-34 diode, a flexible light-emitting diode (FLED), miniled, microLed, micro-oLed, a quantum dot light-emitting diode (quantum dot lightemitting diodes, QLED), or the like. In some embodiments, the terminal device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.
The software system of the terminal device 100 may employ a layered architecture, an event driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture, etc. In the embodiment of the application, taking an Android system with a layered architecture as an example, a software structure of the terminal device 100 is illustrated.
Fig. 5 is a block diagram of a software structure of the terminal device 100 according to an embodiment of the present application.
The layered architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun rows (Android runtime) and system libraries, and a kernel layer, respectively.
The application layer may include a series of application packages.
As shown in fig. 5, the application package may include camera, calendar, phone, map, phone, music, settings, mailbox, video, social, etc. applications.
As shown in FIG. 5, the application framework layer may include a window manager, a content provider, a resource manager, a view system, a notification manager, and the like.
The window manager is used for managing window programs. The window manager may obtain the display screen size, determine if there is a status bar, lock the screen, touch the screen, drag the screen, intercept the screen, etc.
The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.
The notification manager allows the application to display notification information in a status bar, can be used to communicate notification type messages, can automatically disappear after a short dwell, and does not require user interaction. Such as notification manager is used to inform that the download is complete, message alerts, etc. The notification manager may also be a notification in the form of a chart or scroll bar text that appears on the system top status bar, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, a text message is prompted in a status bar, a prompt tone is emitted, the terminal equipment vibrates, and an indicator light blinks.
The system library may include a plurality of functional modules. For example: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), etc.
The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio and video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.
The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.
The 2D graphics engine is a drawing engine for 2D drawing.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver. The terminal device is deployed with a rich execution environment (rich execution environment, REE) system and a trusted execution environment (trusted execution environment, TEE) system; the TEE system runs in a kernel layer of the terminal equipment.
Fig. 6 is a second software architecture block diagram of the terminal device 100 according to the embodiment of the present application. As shown in fig. 6, an eSE chip is provided in the terminal device, and at least one application (Applet) is provided in the eSE chip; the terminal equipment is deployed with a trusted execution environment system. In order to implement the migration method of application data in the embodiment of the present application, a migration application program needs to be set in a terminal device, where the migration application program is used for interaction between a user and the terminal device, and the migration application program sends data transmitted by a trusted execution environment system of the terminal device to other devices, and sends data sent by other devices to a trusted execution environment system of the terminal device; the eSE module is used for sending the data in the eSE chip to a trusted execution environment system of the terminal equipment, and the migration module is used for receiving the instructions and the data sent by the trusted execution environment system.
Fig. 7 is a software configuration block diagram III of the terminal device 100 according to the embodiment of the present application. As shown in fig. 7, an eSE chip is provided in the terminal device, in which a primary security domain (issuer security domain, ISD) and a secondary security domain (supplementary security domain, SSD) are deployed; each auxiliary security domain has at least one application (Applet), for example, as shown in fig. 7, a plurality of applications are installed in the auxiliary security domain 1 and a plurality of applications are installed in the auxiliary security domain 2. The terminal equipment is deployed with a trusted execution environment system. In order to implement the migration method of application data in the embodiment of the present application, a migration application program needs to be set in a terminal device, where the migration application program is used for interaction between a user and the terminal device, and the migration application program sends data transmitted by a trusted execution environment system of the terminal device to other devices, and sends data sent by other devices to a trusted execution environment system of the terminal device; the eSE chip of the terminal equipment is also required to be provided with a migration module, the migration module is used for sending the data of the auxiliary security domain in the eSE chip to the trusted execution environment system of the terminal equipment, and the migration module is used for receiving the instruction and the data sent by the trusted execution environment system.
The following describes in detail an operation procedure of application data migration and a display procedure of an interface in the application data migration procedure according to an embodiment of the present application with reference to the accompanying drawings. It should be noted that "at … …" in the embodiment of the present application may be an instant when a certain situation occurs, or may be a period of time after a certain situation occurs, which is not particularly limited in the embodiment of the present application.
Fig. 8 is a signaling diagram of a migration method of application data according to an embodiment of the present application. As shown in fig. 8, the method may include:
S801, a first terminal device acquires a second identifier of a second terminal device; the first terminal device is pre-stored with a first public-private key pair of the first terminal device, a first identifier of the first terminal device and a third public key of the server, wherein the first public-private key pair comprises a first public key and a first private key.
In one example, the first public key is a public key of a first eSE chip of the first terminal device and the first private key is a private key of the first eSE chip of the first terminal device.
For example, when application data in the first terminal device needs to be migrated to the second terminal device, the first terminal device may be triggered to initiate a migration procedure. Wherein the application data of each application includes: program files of the applications, data of the applications, a fourth public-private key pair of each application, and so on; the fourth public-private key pair comprises a fourth public key and a fourth private key.
The first terminal device needs to acquire the second identifier of the second terminal device. The manner in which the first terminal device obtains the second identifier of the second terminal device may include the following.
First way for the first terminal device to obtain the second identifier of the second terminal device: the first terminal equipment starts a migration application program, and then a first interface is displayed based on the migration application program; the user inputs a second identifier of the second terminal device in the first interface, and the first terminal device obtains the second identifier of the second terminal device, so that the first terminal device determines that application data in the first terminal device needs to be migrated to the second terminal device corresponding to the second identifier.
For example, fig. 9 is a schematic interface diagram of a migration method of application data according to an embodiment of the present application, as shown in fig. 9 (a), a first terminal device starts a migration application program, and further displays a first interface, where the first interface provides an input box for a user to input an identifier of the terminal device. As shown in fig. 9 (b), the user inputs a second identifier of the second terminal device in the first interface, and the first terminal device acquires the second identifier, for example, the second identifier is bbbbbb. Then, as shown in the diagram (c) in fig. 9, the first terminal device automatically closes the input box or closes the first interface after acquiring the second identification. Optionally, as shown in the diagram (d) in fig. 9, after the first terminal device acquires the second identifier, a second interface may be displayed, where the second interface includes first prompt information, and the first prompt information characterizes that migration processing is being performed on application data in the first terminal device. The first interface is a first page.
Wherein the first interface corresponds to the interface of fig. 9 (a), and the first interface corresponds to the interface of fig. 9 (b); the second interface corresponds to the interface of the diagram (d) in fig. 9.
For another example, fig. 10 is a schematic diagram of an interface of a migration method of application data, as shown in fig. 10, and as shown in fig. 10 (a), a first terminal device starts a migration application program, and further displays a third interface, where the third interface provides an input box for a user to input an identifier of the terminal device; the third interface comprises a first key, a second key and a third key; the first key is a 'confirm' key, and the first key is used for confirming the input identification of the terminal equipment by the user; the second key is a delete key, and the second key is used for deleting the input identification of the terminal equipment by the user; the third key is a cancel key, and the third key is used for canceling the current input operation by the user. As shown in fig. 10 (b), the user inputs a second identifier of the second terminal device in the third interface, and the first terminal device acquires the second identifier, for example, the second identifier is bbbbbb. Then, as shown in fig. 10 (c), in response to the user's operation of the first key as shown in fig. 10 (b), the first terminal device automatically closes the input box or closes the third interface. Optionally, as shown in fig. 10 (d), after the first terminal device obtains the second identifier, a fourth interface may be displayed, where the fourth interface includes first prompt information, and the first prompt information characterizes that migration processing is being performed on application data in the first terminal device. The third interface is a first page.
Wherein the third interface corresponds to the interface of fig. 10 (a), and the third interface corresponds to the interface of fig. 10 (b); the fourth interface corresponds to the interface of the diagram (d) in fig. 10.
A second manner in which the first terminal device obtains the second identifier of the second terminal device: the method comprises the steps that first terminal equipment receives first voice information of a user; the first terminal equipment recognizes the first voice information and obtains a second identifier of the second terminal equipment; and the first terminal equipment acquires the second identifier of the second terminal equipment, so that the first terminal equipment determines that the application data in the first terminal equipment needs to be migrated to the second terminal equipment corresponding to the second identifier.
For example, as shown in fig. 9 (a), the first terminal device starts the migration application, and further displays a first interface, where the first interface provides an input box, and the input box displays the identifier of the terminal device provided by the user. As shown in fig. 9 (b), the user sends out first voice information, the first terminal device recognizes the first voice information, and obtains a second identifier of the second terminal device, and then the first terminal device displays the second identifier in the first interface, for example, the second identifier is bbbbbb. Then, as shown in the diagram (c) in fig. 9, the first terminal device automatically closes the input box or closes the first interface after acquiring the second identification. Optionally, as shown in the diagram (d) in fig. 9, after the first terminal device acquires the second identifier, a second interface may be displayed, where the second interface includes first prompt information, and the first prompt information characterizes that migration processing is being performed on application data in the first terminal device.
As another example, as shown in the diagram (a) in fig. 10, the first terminal device starts the migration application program, and further displays a third interface, where the third interface provides an input box, and the input box displays the identifier of the user input terminal device; the third interface comprises a first key, a second key and a third key; the first key is a 'confirm' key, and the first key is used for confirming the input identification of the terminal equipment by the user; the second key is a delete key, and the second key is used for deleting the input identification of the terminal equipment by the user; the third key is a cancel key, and the third key is used for canceling the current input operation by the user. As shown in fig. 10 (b), the user sends out the first voice information, the first terminal device recognizes the first voice information, and obtains the second identifier of the second terminal device, and then the first terminal device displays the second identifier in the third interface, for example, the second identifier is bbbbbb. Then, as shown in fig. 10 (c), in response to the user's operation of the first key as shown in fig. 10 (b), the first terminal device automatically closes the input box or closes the third interface. Optionally, as shown in fig. 10 (d), after the first terminal device obtains the second identifier, a fourth interface may be displayed, where the fourth interface includes first prompt information, and the first prompt information characterizes that migration processing is being performed on application data in the first terminal device.
Third way for the first terminal device to obtain the second identifier of the second terminal device: the first terminal equipment receives a second identification of the second terminal equipment sent by other equipment. For example, the second terminal device sends the second identifier of the second terminal device to the server, and the server sends the second identifier of the second terminal device to the first terminal device. Or the second terminal equipment sends the second identification of the second terminal equipment to the first terminal equipment in a short-distance communication mode; the short-distance communication mode may be a bluetooth communication mode, an infrared data transmission communication mode, or the like. The first terminal device then displays the received second identification of the second terminal device. The first terminal device responds to the confirmation indication of the user, and the first terminal device determines that the application data in the first terminal device needs to be migrated to the second terminal device corresponding to the second identifier.
For example, fig. 11 is a schematic diagram of an interface three of a migration method of application data provided by the embodiment of the present application, as shown in fig. 11 (a), a first terminal device starts a migration application program, and displays a second identifier of a second terminal device received in a fifth interface, for example, the second identifier is bbbb; the fifth interface comprises a first key, a second key and a third key; the first key is a 'confirm' key, and the first key is used for confirming the displayed identification of the terminal equipment by the user; the second key is a 'delete' key, and the second key is used for deleting the displayed identifier of the terminal equipment by the user; the third key is a cancel key, and the third key is used for canceling the current operation by the user. As shown in fig. 11 (b), in response to the user's operation of the first key in fig. 10 (b), the first terminal device determines that the received second identification can be employed. Then, optionally, as shown in the diagram (c) in fig. 11, the first terminal device automatically closes the fifth interface. Then, optionally, as shown in the diagram (d) in fig. 11, the first terminal device may display a sixth interface, where the sixth interface includes first prompt information, and the first prompt information characterizes that migration processing is being performed on application data in the first terminal device. The fifth interface is a second page.
Wherein the fifth interface corresponds to the interface of the graph (a) in fig. 11, and the fifth interface corresponds to the interface of the graph (b) in fig. 11; the sixth interface corresponds to the interface of the diagram (d) in fig. 11.
The first terminal equipment is pre-stored with a first public and private key pair of the first terminal equipment and a first identifier of the first terminal equipment; the first public-private key pair comprises a first public key and a first private key.
The first terminal device has a first eSE chip therein. The first terminal equipment needs to generate a public-private key pair of the first eSE chip, namely, generates the first public-private key pair; the first public-private key pair includes a first public key of a first eSE chip of the first terminal device and a first private key of the first eSE chip of the first terminal device. The first terminal device sends the first public key to a server, which stores the first public key of the first terminal device.
And the second terminal device has a second eSE chip therein. The second terminal equipment needs to generate a public-private key pair of the second eSE chip, namely, generates a second public-private key pair; the second public-private key pair includes a second public key of a second eSE chip of the second terminal device, and a second private key of a second eSE chip of the second terminal device. The second terminal device sends the second public key to the server, which stores the second public key of the second terminal device.
The server generates a third public-private key pair of the server, the third public-private key pair including a third public key and a third private key. The server sends the third public key of the server to the first terminal equipment; the first terminal device stores a third public key of the server.
In an example, fig. 12 is a signaling diagram of a server storing a first public key in a migration method of application data according to an embodiment of the present application, as shown in fig. 12, including the following steps S1201-S1207:
S1201, a first terminal device generates a first public-private key pair of a first eSE chip and generates a first identifier; the first public-private key pair comprises a first public key and a first private key.
S1202, the server sends a first instruction to the first terminal equipment, wherein the first instruction is used for indicating to acquire a first public key of the first terminal equipment. The server generates a third public-private key pair of the server in advance, wherein the third public-private key pair comprises a third public key and a third private key.
S1203, the first terminal device sends a fifth message to the server, where the fifth message includes the first public key. Optionally, the fifth message further includes the first identifier. Optionally, the fifth message further includes a first key of a master security domain of the first terminal device.
S1204, the server stores the first public key and the first identification of the first terminal device.
S1205, the server generates a first certificate according to the first public key, signs the first certificate according to the third private key, and obtains the first certificate carrying the first signature information.
S1206, the server sends the third public key and the first certificate carrying the first signature information to the first terminal device.
S1207, if the first terminal device verifies the first signature information according to the third public key, the first certificate and the third public key are stored.
Illustratively, steps S1201-S1207 are described above. Before the first terminal equipment leaves the factory, the first terminal equipment and the server can interact based on the protection environment, so that the information interacted between the first terminal equipment and the server is not tampered, and the safety of the first terminal equipment and the server is ensured.
The first terminal device may generate a first public-private key pair of the first terminal device; the first terminal equipment is provided with a first eSE chip, so that the first terminal equipment generates a first public-private key pair of the first eSE chip, and the first public-private key pair comprises a first public key and a first private key.
The first terminal device also needs to generate a first identifier of the first terminal device, where the first identifier is a unique identifier of the first terminal device. For example, the first identity is an international mobile equipment identity (international mobile equipment identity, IMEI) of the first terminal device.
The first terminal equipment is provided with a first eSE chip, and a main security domain and at least one auxiliary security domain are deployed in the first eSE chip; the first terminal device also needs to generate a first key of a master security domain of the first eSE chip.
The server has generated a third public-private key pair for the server, wherein the third public-private key pair includes a third public key and a third private key.
The server sends a first instruction to the first terminal device, the first instruction being used for indicating to acquire a first public key of the first terminal device. After receiving the first instruction, the first terminal equipment sends a fifth message to the server, wherein the fifth message carries a first public key of the first terminal equipment; the fifth message may also carry the first identifier of the first terminal device. The fifth message may also carry a first key of a master security domain of the first eSE chip of the first terminal device.
The server may store the first public key, the first identification, and the first key of the first terminal device after receiving the fifth message. The server generates a first certificate according to the first public key; the server encrypts the first hash value of the first certificate according to the third private key of the server, so as to obtain the first certificate carrying the first signature information, and the first certificate is signed at the moment. The server sends the third public key, the first certificate carrying the first signature information and the time stamp to the first terminal device.
The first terminal equipment needs to verify the first signature information according to a third public key of the server; the first terminal device stores the received first certificate and the third public key of the server after determining that the first signature information is verified. In one example, the first terminal device decrypts the first signature information using a third public key of the server to obtain a first hash value of the first certificate; the first terminal equipment calculates a first certificate to obtain a second hash value; if the first terminal device determines that the first hash value is the same as the second hash value, determining that the first signature information passes verification, and then storing a first certificate carrying the first signature information and a third public key of the server by the first terminal device.
Through the process, the server acquires and stores the first public key and the first identifier of the first terminal equipment, and generates and stores the first certificate of the first terminal equipment; the server can also store a first key of a master security domain of a first eSE chip of the first terminal device. The first terminal device obtains and stores a third public key of the server, and the first terminal device obtains and stores a first certificate of the first terminal device.
In another example, fig. 13 is a signaling diagram two of a server storing a first public key in a migration method of application data according to an embodiment of the present application, as shown in fig. 13, including the following steps S1301-S1310:
S1301, a server acquires a first key of a main security domain of a first eSE chip of a first terminal device.
S1302, the first terminal equipment generates a first public-private key pair of a first eSE chip and generates a first identifier; the first public-private key pair comprises a first public key and a first private key.
S1303, the server encrypts the generated first instruction by adopting a first key to obtain an encrypted first instruction; the first instruction is used for indicating to acquire a first public key of the first terminal device.
And 1304, the server sends the encrypted first instruction to the first terminal equipment.
S1305, the first terminal equipment decrypts the encrypted first instruction by adopting the first key to obtain the first instruction; the first terminal equipment generates a fifth message, wherein the fifth message comprises a first public key; optionally, the fifth message further includes a first identifier; the first terminal equipment encrypts the fifth message by adopting the first key to obtain the encrypted fifth message.
S1306, the first terminal equipment sends the encrypted fifth message to the server.
S1307, the server decrypts the encrypted fifth message by adopting the first key to obtain the fifth message, and stores the first public key and the first identifier of the first terminal device.
S1308, the server generates a first certificate according to the first public key, signs the first certificate according to the third private key, and obtains the first certificate carrying first signature information; the server encrypts the first certificate carrying the first signature information and the third public key by adopting the first secret key to obtain an encrypted first certificate and an encrypted third public key.
S1309 the server sends the encrypted first certificate and the encrypted third public key to the first terminal device.
S1310, the first terminal equipment decrypts the encrypted first certificate and the encrypted third public key by adopting the first secret key to obtain a first certificate carrying first signature information and the third public key; and if the first signature information passes the verification according to the third public key, the first terminal device stores the first certificate and the third public key.
Illustratively, the first terminal device generates a first key of a master security domain of the first eSE chip, and the first terminal device sends the first key to the server. Then, the server interacts with the first terminal device, so that the server acquires and stores a first public key, a first identifier and a first secret key of the first terminal device, and the first terminal device acquires and stores a third public key of the server and a first certificate of the first terminal device; in this process, the signaling interacted between the server and the first terminal device is encrypted with the first key. The rest of the procedures can be described with reference to fig. 12, and will not be described again.
In an example, fig. 14 is a signaling diagram of a server storing a second public key in the migration method of application data according to the embodiment of the present application, as shown in fig. 14, including the following steps S1401-S1407:
s1401, a second terminal device generates a second public-private key pair of a second eSE chip and generates a second identifier; wherein the second public-private key pair includes a second public key and a second private key.
S1402, the server sends a second instruction to the second terminal device, where the second instruction is used to instruct to obtain a second public key of the second terminal device. The server generates a third public-private key pair of the server in advance, wherein the third public-private key pair comprises a third public key and a third private key.
S1403, the second terminal device sends a sixth message to the server, where the sixth message includes the second public key. Optionally, the sixth message further includes a second identifier. Optionally, the sixth message further includes a second key of the master security domain of the second terminal device.
S1404, the server stores a second public key and a second identity of the second terminal device.
S1405, the server generates a second certificate according to the second public key, and signs the second certificate according to the third private key to obtain a second certificate carrying second signature information.
And S1406, the server sends the third public key and the second certificate carrying the second signature information to the second terminal equipment.
S1407, if the second terminal device passes the verification of the second signature information according to the third public key, the second certificate and the third public key are stored.
Illustratively, steps S1401-S1407 are described above. Before the second terminal equipment leaves the factory, the second terminal equipment and the server can interact based on the protection environment, so that the information interacted between the second terminal equipment and the server is not tampered, and the safety of the second terminal equipment and the server is ensured.
The second terminal device may generate a second public-private key pair of the second terminal device; the second terminal equipment is provided with a second eSE chip, so that the second terminal equipment generates a second public-private key pair of the second eSE chip, and the second public-private key pair comprises a second public key and a second private key.
The second terminal device also needs to generate a second identifier of the second terminal device, which is a unique identifier of the second terminal device. For example, the second identity is the IMEI of the second terminal device.
The second terminal equipment is provided with a second eSE chip, and the second eSE chip is provided with a main security domain and at least one auxiliary security domain; the second terminal device also needs to generate a second key for the master security domain of the second eSE chip.
The server has generated a third public-private key pair for the server, wherein the third public-private key pair includes a third public key and a third private key.
The server sends a second instruction to the second terminal device, the second instruction being used for indicating to acquire a second public key of the second terminal device. After receiving the second instruction, the second terminal equipment sends a sixth message to the server, wherein the sixth message carries a second public key of the second terminal equipment; the sixth message may also carry a second identifier of the second terminal device. The sixth message may also carry a second key of the master security domain of the second eSE chip of the second terminal device.
The server may store the second public key, the second identification, and the second key of the second terminal device after receiving the sixth message. The server generates a second certificate according to the second public key; the server encrypts a third hash value of the second certificate according to a third private key of the server, so as to obtain the second certificate carrying second signature information, and the second certificate is signed at the moment. The server sends the third public key, the second certificate carrying the second signature information and the time stamp to the second terminal device.
The second terminal equipment needs to verify the second signature information according to a third public key of the server; the second terminal device stores the received second certificate and the third public key of the server after determining that the second signature information is verified. In one example, the second terminal device decrypts the second signature information using a third public key of the server to obtain a third hash value of the second certificate; the second terminal equipment calculates a second certificate to obtain a fourth hash value; if the second terminal device determines that the third hash value is the same as the fourth hash value, determining that the second signature information passes verification, and then storing a second certificate carrying the second signature information and a third public key of the server by the second terminal device.
Through the process, the server acquires and stores the second public key and the second identifier of the second terminal equipment, and generates and stores the second certificate of the second terminal equipment; the server can also store a second key of a master security domain of a second eSE chip of a second terminal device. The second terminal device obtains and stores a third public key of the server, and the second terminal device obtains and stores a second certificate of the second terminal device.
In another example, fig. 15 is a signaling diagram two of a server storing a second public key in the migration method of application data according to the embodiment of the present application, as shown in fig. 15, including the following steps S1501 to S1510:
s1501, the server obtains a second key of a master security domain of a second eSE chip of the second terminal device.
S1502, the second terminal equipment generates a second public-private key pair of a second eSE chip and generates a second identifier; wherein the second public-private key pair includes a second public key and a second private key.
S1503, the server encrypts the generated second instruction by adopting the second key to obtain an encrypted second instruction; wherein the second instruction is used for indicating to acquire a second public key of the second terminal device.
S1504, the server sends the encrypted second instruction to the second terminal equipment.
S1505, the second terminal equipment decrypts the encrypted second instruction by adopting the second key to obtain a second instruction; the second terminal equipment generates a sixth message, wherein the sixth message comprises a second public key; optionally, the sixth message further includes a second identifier; and the second terminal equipment encrypts the sixth message by adopting the second key to obtain the encrypted sixth message.
And S1506, the second terminal equipment sends the encrypted sixth message to the server.
S1507, the server decrypts the encrypted sixth message by adopting the second key to obtain the sixth message, and stores the second public key and the second identifier of the second terminal device.
S1508, the server generates a second certificate according to the second public key, signs the second certificate according to the third private key, and obtains a second certificate carrying second signature information; and the server encrypts the second certificate carrying the second signature information and the third public key by adopting the second secret key to obtain an encrypted second certificate and an encrypted third public key.
S1509, the server sends the encrypted second certificate and the encrypted third public key to the second terminal device.
S1510, the second terminal equipment decrypts the encrypted second certificate and the encrypted third public key by adopting the second secret key to obtain a second certificate carrying second signature information and the third public key; and if the second signature information passes the verification according to the third public key, the second terminal device stores the second certificate and the third public key.
The second terminal device generates a second key of the master security domain of the second eSE chip, and the second terminal device sends the second key to the server. Then, the server interacts with the second terminal device, so that the server acquires and stores a second public key, a second identifier and a second key of the second terminal device, and the second terminal device acquires and stores a third public key of the server and a second certificate of the second terminal device; in this process, the signaling interacted between the server and the second end device is encrypted using the second key. The rest of the procedures can be described with reference to fig. 14, and will not be described again.
S802, the first terminal device adopts the first private key to conduct signature processing on the first identifier and the second identifier, and third signature information is obtained.
Illustratively, the first terminal device generates a first public-private key pair in advance, where the first public-private key pair includes a first public key and a first private key; the first terminal device has acquired the second identity of the second terminal device and the first terminal device has the first identity of the first terminal device. The first terminal equipment can adopt a first private key of the first terminal equipment to carry out signature processing on the first identifier and the second identifier to obtain third signature information; in one example, the first terminal device may encrypt the fifth hash value corresponding to both the first identifier and the second identifier with the first private key, to obtain the third signature information.
Wherein step S802 is an optional step.
S803, the first terminal equipment sends a first message to the server, wherein the first message is used for indicating that the application data in the first terminal equipment is requested to be migrated, and the first message comprises a first identifier and a second identifier.
Optionally, the first message further includes third signature information. The server stores a third public-private key pair of the server, wherein the third public-private key pair comprises a third public key and a third public key; and the server stores the first public key of the first terminal device, the second public key of the second terminal device, and the second certificate of the second terminal device.
Illustratively, the first terminal device has acquired the second identity of the second terminal device, and the first terminal device has the first identity of the first terminal device; thus, the first terminal device needs to initiate a migration request to the server.
In a first implementation manner of step S803, the first terminal device sends a first message to the server, where the first message is used to indicate that the application data in the first terminal device is requested to be migrated, and the first message includes a first identifier and a second identifier.
In a second implementation manner of step S803, for security reasons, the first terminal device sends a first message to the server, where the first message is used to indicate that the migration of the application data in the first terminal device is requested, and the first message includes the first identifier, the second identifier, and the third signature information generated in step S802.
Further, on the basis of the above, the first message is a message that can be encrypted using the first key of the first terminal device. Further, in step S803, the first terminal device generates a first message, where the first message is used to indicate that the migration of the application data in the first terminal device is requested, and the first message includes a first identifier and a second identifier; the first terminal equipment encrypts the first message by adopting a first key to obtain an encrypted first message; and the first terminal equipment sends the encrypted first message to the server.
S804, the server determines whether the received first identifier and second identifier exist in a preset identifier list; the preset identifier list comprises identifiers of at least one terminal device.
The server stores a preset identifier list in advance, wherein the preset identifier list comprises identifiers of at least one terminal device. The identifiers in the preset identifier list are obtained when the server issues certificates for each terminal device.
After the server receives the first message, the server judges whether the received first identifier and second identifier exist in a preset identifier list.
In addition, if the first message is a message encrypted by the first key of the first terminal device; after receiving the encrypted first message, the server decrypts the encrypted first message by using the first key of the first terminal device stored in the server to obtain the first message, thereby obtaining the first identifier and the second identifier. Then, the server determines whether the received first identifier and second identifier exist in a preset identifier list.
And S805, if the server determines that the received first identifier and the second identifier exist in the preset identifier list, determining to verify the third signature information according to the first public key.
The server may, for example, have previously obtained the first public key of the first terminal device, and if the server determines that the received first identifier and the second identifier exist in the preset identifier list, the server may verify the third signature information according to the first public key when the third signature information is included in the first message. If the server determines that the received first identifier and the second identifier do not exist in the preset identifier list, the server sends a message to the first terminal equipment, wherein the message represents migration failure; no further steps are performed.
In one example, the server decrypts the third signature information using the first public key of the first terminal device to obtain a fifth hash value; the server calculates the received first identifier and the second identifier to obtain a sixth hash value; if the server determines that the fifth hash value is the same as the sixth hash value, determining that the verification of the third signature information is passed; if the server determines that the fifth hash value is different from the sixth hash value, it determines that the verification of the third signature information is not passed.
The execution order of step S804 and step S805 is not limited. The server can firstly determine whether the received first identifier and second identifier exist in a preset identifier list; if the server determines that the received first identifier and the second identifier exist in the preset identifier list, the server determines to verify the third signature information according to the first public key. Or the server can verify the third signature information according to the first public key; if the server passes the verification of the third signature information, the server determines whether the received first identifier and second identifier exist in the preset identifier list. Or the server determines whether the received first identifier and the second identifier exist in a preset identifier list or not while verifying the third signature information according to the first public key.
When the third signature information is not included in the first message, if the server determines that the received first identifier and the second identifier exist in the preset identifier list, step S806 is performed.
When the first message includes the third signature information, if the server determines that verification of the third signature information is passed according to the first public key, and determines that the received first identifier and the received second identifier exist in the preset identifier list, step S806 is executed.
And S806, if the server determines that the verification of the third signature information is passed according to the first public key, the second public key and the second certificate of the second terminal equipment are sent to the first terminal equipment. Wherein the second certificate carries second signature information. The second signature information is obtained by signing the second certificate according to a third private key of the server.
As can be seen from the description of fig. 13, the second public key and the second certificate of the second terminal device are stored in the server in advance; and, the second certificate carries second signature information. The second signature information is obtained by the server signing the second certificate according to a third private key of the server.
When the first message includes the third signature information, if the server determines that the verification of the third signature information is passed according to the first public key, and determines that the received first identifier and the received second identifier exist in the preset identifier list, the server executes the process of the step. The server sends the pre-stored second public key and second certificate of the second terminal equipment to the first terminal equipment; for example, the server sends the second public key and the second certificate to the first terminal device via a message; or the server sends the second public key and the second certificate to the first terminal device via one message and the server sends the second certificate to the first terminal device via another message.
And when the third signature information is not included in the first message, if the server determines that the received first identifier and the received second identifier exist in the preset identifier list, executing the process of the step. The server sends the pre-stored second public key and second certificate of the second terminal equipment to the first terminal equipment; for example, the server sends the second public key and the second certificate to the first terminal device via a message; or the server sends the second public key and the second certificate to the first terminal device via one message and the server sends the second certificate to the first terminal device via another message.
In addition, on the basis of the above, if the server determines that the verification of the third signature information is passed according to the first public key, the server encrypts the second public key and the second certificate by using the first public key, and then sends the encrypted second public key and second certificate to the first terminal device. If the server determines that the verification of the third signature information is not passed according to the first public key, the server sends a message to the first terminal equipment, wherein the message represents verification failure and migration failure; no further steps are performed.
S807, the first terminal device verifies the second certificate according to the third public key and the second signature information, and after determining that the verification of the second certificate passes, performs step S808.
The first terminal device may obtain, in advance, a third public key of the server, and after the third terminal device will receive the second public key of the second terminal device and the second certificate, the third terminal device may verify the second signature information carried by the second certificate.
In one example, the first terminal device decrypts the second signature information using a pre-stored third public key of the server to obtain a third hash value; the first terminal equipment calculates the second certificate to obtain a seventh hash value; if the first terminal device determines that the third hash value is the same as the seventh hash value, determining that the second certificate passes verification; if the first terminal device determines that the third hash value is different from the seventh hash value, determining that the second certificate is not verified, and sending a message to the server by the first terminal device, wherein the message indicates that the second certificate is not verified, and the subsequent steps are not executed.
Wherein step S807 is an optional step.
In addition, on the basis of the above, if the second public key and the second certificate are encrypted according to the first key, the first terminal device needs to decrypt the encrypted second public key and second certificate by adopting the first key to obtain the second public key and the second certificate carrying the second signature information; and the first terminal equipment determines to verify the second certificate according to the third public key and the second signature information.
S808, the first terminal equipment encrypts the application data of the first terminal equipment by adopting the second public key to obtain encrypted application data.
The first terminal device encrypts the application data of the first terminal device by using the second public key of the second terminal device issued by the server, to obtain encrypted application data.
The first implementation of step S808: and the first terminal equipment encrypts all application data of the first terminal equipment by adopting the second public key to obtain encrypted application data.
In the first implementation manner of step S808, the first terminal device encrypts and packages all application data in the first terminal device as a whole.
The second implementation of step S808: the first terminal equipment responds to a third instruction, wherein the third instruction is used for indicating the application data to be sent, and the first terminal equipment adopts the second public key to encrypt the application data indicated by the third instruction in the first terminal equipment, so that the encrypted application data are obtained.
In a second implementation manner of step S808, the first terminal device encrypts and packages part of the application data in the first terminal device. In one example, before step S808, the first terminal device displays second prompting information, where the second prompting information is used to prompt the user to select application data to be sent, and this action may be performed before or after any step before step S808; for example, fig. 16 is a schematic diagram of an interface of a migration method of application data provided in an embodiment of the present application, as shown in fig. 16, a first terminal device displays an interface, where the interface includes second prompt information, and the interface includes a plurality of options, where each option is used to indicate each application. The method comprises the steps that a first terminal device obtains a third instruction initiated by a user on the first terminal device, wherein the third instruction is used for indicating application data of an application to be sent; for example, the user touches an option (the user may select multiple options) on the interface shown in fig. 16, and further, the first terminal device obtains a third instruction initiated by the user, where the third instruction is used to instruct application data of an application corresponding to each option in the options selected by the user. Then, in step S808, the first terminal device encrypts, according to the third instruction, the application data of the application indicated by the third instruction using the second public key, to obtain encrypted application data. The interface displayed by the first terminal equipment is a third page.
Or in another example, before step S808, the second terminal device displays second prompting information for prompting the user to select application data to be transmitted, which may be performed before or after any step before step S808, see the introduction of fig. 16; the second terminal equipment acquires a third instruction initiated by a user on the second terminal equipment, wherein the third instruction is used for indicating application data of an application to be sent; the second terminal equipment sends a third instruction to the server, wherein the third instruction can carry a first identifier and a second identifier; the server sends a third instruction to first terminal equipment corresponding to the first identifier; and the first terminal equipment encrypts the application data of the application indicated by the third instruction by adopting the second public key according to the third instruction to obtain encrypted application data. The interface displayed by the second terminal equipment is a fourth page.
Or in yet another example, before step S808, the second terminal device displays second prompt information for prompting the user to select application data to be transmitted, which may be performed before or after any step before step S808, see the introduction of fig. 16; the second terminal equipment acquires a third instruction initiated by a user on the second terminal equipment, wherein the third instruction is used for indicating application data of an application to be sent; the second terminal equipment sends a third instruction to the first terminal equipment in a short-distance communication mode; and the first terminal equipment encrypts the application data of the application indicated by the third instruction by adopting the second public key according to the third instruction to obtain encrypted application data.
S809, the first terminal equipment sends the encrypted application data to the server.
And S810, the server sends the encrypted application data to the second terminal equipment.
S811, the second terminal device sends a third message to the server, wherein the third message comprises a second key of a main security domain of the second terminal device.
For example, after receiving the encrypted application data, the second terminal device may not process the encrypted application data first, and the second terminal device needs to interact with the server first to complete verification.
The second terminal device has previously generated the second key of the master security domain of the second eSE chip of the second terminal device, and further the second terminal device may send a third message carrying the second key to the server.
In addition, the third message may be a message encrypted using the second key on the basis of the above. Further, in step S811, the second terminal device generates a third message comprising a second key of the master security domain of the second terminal device; and the second terminal equipment encrypts the third message by adopting the second key and sends the encrypted third message to the server.
And S812, if the server determines that the second key of the pre-stored main security domain of the second terminal device is consistent with the second key of the main security domain of the second terminal device in the third message, sending a fourth message to the second terminal device, wherein the fourth message represents that the verification of the second terminal device is passed.
As can be seen from the above description, the server has stored the second key of the master security domain of the second eSE chip of the second terminal device in advance, and after receiving the third message, the server compares whether the pre-stored second key and the received second key are identical; if the server determines that the prestored second secret key is consistent with the received second secret key, the server determines that the verification of the second terminal equipment is passed, and the server sends a fourth message representing that the verification of the second terminal equipment is passed to the second terminal equipment; if the server determines that the prestored second secret key is inconsistent with the received second secret key, the server determines that the verification of the second terminal equipment is not passed, and sends a fourth message representing that the verification of the second terminal equipment is not passed to the second terminal equipment, and the subsequent steps are not executed.
In addition, on the basis of the above, if the third message is the encrypted message using the second key, the server needs to decrypt the encrypted third message using the second key to obtain the third message; then, the server executes step S812 again.
Wherein steps S811-S812 are optional steps.
And S813, the second terminal equipment decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal equipment.
In one example, the second private key is a private key of the first eSE chip of the second terminal device.
Illustratively, after step S810, the second terminal device may directly perform this step after receiving the encrypted application data transmitted by the server. Or after step S812, the second terminal device performs this step after receiving the fourth message sent by the server indicating that the authentication of the second terminal device is passed.
Because the encrypted application data is encrypted by adopting the second public key of the second terminal equipment, the second terminal equipment can decrypt the encrypted application data by adopting the second private key of the second terminal equipment, and decrypted application data is obtained. And then, the second terminal equipment stores the decrypted application data into a second eSE chip of the second terminal equipment.
S814, the second terminal device sends a second message to the server, wherein the second message represents whether the application data migration is successful or not.
The second terminal device, in storing the decrypted application data in a second eSE chip of the second terminal device, sends a second message to the server, the second message indicating that the application data migration is successful.
If the second terminal equipment does not successfully decrypt the encrypted application data, or if the second terminal equipment receives a fourth message indicating that the verification of the second terminal equipment is not passed, the second terminal equipment sends a second message indicating that the application data migration is unsuccessful to the server, and the subsequent steps are not executed.
In addition, the second message may be a message encrypted using the second key on the basis of the above. Further, in step S814, the second terminal device may encrypt the generated second message with the second key, to obtain an encrypted second message; and the second terminal equipment sends the encrypted second message to the server.
S815, the server sends a second message to the first terminal device, wherein the second message represents whether the application data migration is successful or not.
The server, after receiving the second message sent by the second terminal device, sends the second message to the first terminal device.
In addition, on the basis of the above, if the second message is a message encrypted by using the second key, the server needs to decrypt the encrypted second message by using the second key to obtain the second message; then, the server encrypts the second message by using the first key, and transmits the second message encrypted by the first key to the first terminal device.
S816, the first terminal device displays a second message, wherein the second message represents whether the application data migration is successful or not.
Fig. 17 is a schematic diagram of an interface of a migration method of application data according to an embodiment of the present application, as shown in fig. 17, in a migration application, a first terminal device displays an interface, where the interface is used to display a second message.
Or the first terminal equipment plays the second message in a voice mode.
In addition, if the second message is encrypted on the basis of the above, the first terminal device decrypts the second message encrypted by the first key by using the first key to obtain the second message, and then the first terminal device displays the second message.
Wherein step S816 is an optional step.
S817, the first terminal device deletes the application data of the first terminal device.
The first terminal device, upon receiving a second message indicating that the application data migration was successful, deletes the application data addressed to the second terminal device. Thereby saving the storage space of the first terminal device.
In one example, the first terminal device needs to delete all application data of the first terminal device, since the first terminal device has sent all application data of the first terminal device to the second terminal device.
In another example, since the first terminal device sends the application data indicated by the third instruction to the second terminal device, the first terminal device needs to delete the application data indicated by the third instruction.
In the application, each terminal device is provided with an eSE chip, and at least one application (Applet) is arranged in the eSE chip; the terminal equipment is deployed with a trusted execution environment system. In order to implement the application data migration method according to the embodiment of the present application, a migration application program needs to be set in the terminal device.
In an example, fig. 18 is a first software structure diagram of an application data migration method provided by the embodiment of the present application, as shown in fig. 18, a first eSE chip is set in a first terminal device, at least one application is in the first eSE chip, and a first trusted execution environment system and a first migration application program are deployed in the first terminal device; a first migration module is disposed in a first eSE chip of the first terminal device. A second eSE chip is arranged in the second terminal equipment, at least one application is arranged in the second eSE chip, and the second terminal equipment is deployed with a second trusted execution environment system and a second migration application program; a second migration module is disposed in a second eSE chip of the second terminal device.
In the steps S801-S816, a first terminal device sequentially sends an instruction and a message to a server through a first migration module, a first trusted execution environment system and a first migration application program; the first terminal equipment sequentially receives the instruction and the message sent by the server through the first migration application program, the first trusted execution environment system and the first migration module. The first migration module may encrypt application data in the first eSE chip in the first terminal device by using the second public key, to obtain encrypted application data.
In another example, fig. 19 is a second software structure diagram of a migration method of application data according to an embodiment of the present application, as shown in fig. 19, a first eSE chip is set in a first terminal device, and a first trusted execution environment system and a first migration application program are deployed in the first terminal device; a first migration module is deployed in a first eSE chip of the first terminal equipment; and, a first eSE chip of the first terminal device has disposed therein a first primary security domain and a plurality of secondary security domains, each secondary security domain having at least one application, e.g., secondary security domain 1, secondary security domain 2. A second eSE chip is arranged in the second terminal equipment, and the second terminal equipment is deployed with a second trusted execution environment system and a second migration application program; a second migration module is deployed in a second eSE chip of the second terminal equipment; and, a second main security domain and a plurality of auxiliary security domains are deployed in a second eSE chip of the second terminal device, each auxiliary security domain having at least one application, e.g., auxiliary security domain 3, auxiliary security domain 4.
In the steps S801-S816, a first terminal device sequentially sends an instruction and a message to a server through a first migration module, a first trusted execution environment system and a first migration application program; the first terminal equipment sequentially receives the instruction and the message sent by the server through the first migration application program, the first trusted execution environment system and the first migration module. The first migration module may encrypt application data in each auxiliary security domain in the first eSE chip of the first terminal device by using the second public key, to obtain encrypted application data. The second terminal device sends instructions and messages to the server through the second migration module, the second trusted execution environment system and the second migration application program in sequence; the second terminal equipment receives the instruction and the message sent by the server through the second migration application program, the second trusted execution environment system and the second migration module in sequence.
In the present application, fig. 20 is a software structure diagram III of a migration method of application data provided by the embodiment of the present application, fig. 21 is a software structure diagram IV of a migration method of application data provided by the embodiment of the present application, and as shown in fig. 20 to fig. 21, when a first terminal device and a second terminal device perform information interaction in a short-distance communication manner, the first terminal device may refer to a software architecture shown in fig. 20 or fig. 21, and sends an instruction and a message to the second terminal device sequentially through a first migration module, a first trusted execution environment system, a first migration application program; the first terminal equipment sequentially receives the instruction and the message sent by the second terminal equipment through the first migration application program, the first trusted execution environment system and the first migration module. The second terminal equipment sequentially sends instructions and messages to the first terminal equipment through a second migration module, a second trusted execution environment system and a second migration application program; the second terminal equipment sequentially receives the instruction and the message sent by the first terminal equipment through the second migration application program, the second trusted execution environment system and the second migration module.
Wherein the first message is a "first request".
In this embodiment, the first terminal device obtains a second identifier of the second terminal device, and the first terminal device signs the first identifier and the second identifier by using a first private key to obtain third signature information; the first terminal equipment sends a first message to the server, wherein the first message is used for indicating that the application data in the first terminal equipment is requested to be migrated, and the first message comprises a first identifier, a second identifier and third signature information. And triggering a migration request based on the first terminal equipment. Then, the server stores a first public key of the first terminal equipment in advance, and the first public key is adopted to confirm and verify the third signature information, so that the safety of information interaction between the first terminal equipment and the server is ensured; if the verification of the third signature information is passed, the server can also judge that the received first identifier and second identifier exist in the preset identifier list, further judge whether the second certificate and the second public key of the second terminal device can be sent to the first terminal device, and ensure the security of data interaction. If the server determines that the verification of the third signature information is passed and that the received first identifier and second identifier exist in a preset identifier list, the server sends a second public key and a second certificate of the second terminal device to the first terminal device; wherein the second certificate carries second signature information. And the first terminal equipment verifies the second certificate according to the third public key and the second signature information, so that the safety of information interaction between the first terminal equipment and the server is ensured. After the first terminal equipment determines that the verification of the second certificate is passed, the first terminal equipment encrypts the application data of the first terminal equipment by adopting a second public key to obtain encrypted application data; the first terminal device sends the encrypted application data to the second terminal device through the server; the first terminal device then transmits the application data in the first terminal device to the second terminal device. The second terminal equipment decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal equipment, so that migration of the application data is completed. Through the process, the automatic migration of the application data in the first terminal equipment is completed, and the application data in the first terminal equipment is automatically migrated to the second terminal equipment; and the migration efficiency of the application data is improved. Before the second terminal device decrypts the encrypted application data, the second terminal device needs to be verified, and after the second terminal device receives the encrypted application data, the second terminal device sends a third message to the server, wherein the third message comprises a second key of a main security domain of the second terminal device. The server verifies the received second secret key, and then sends a fourth message to the second terminal equipment, wherein the fourth message represents that the verification of the second terminal equipment is passed; after receiving the fourth message, the second terminal device decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal device; therefore, before decrypting the data, the server interacts with the second terminal equipment to verify the legitimacy of the second terminal equipment and ensure the legitimacy of the installation operation of the second terminal equipment.
Fig. 22 is a signaling diagram of another migration method of application data according to an embodiment of the present application. As shown in fig. 22, the method may include:
S2201, a second terminal device acquires a first identifier of a first terminal device; the second terminal device is pre-stored with a second public-private key pair of the second terminal device, a second identifier of the second terminal device and a third public key of the server, wherein the second public-private key pair comprises a second public key and a second private key.
In one example, the second public key is a public key of a second eSE chip of the second terminal device and the second private key is a private key of the second eSE chip of the second terminal device.
For example, when application data in the first terminal device needs to be migrated to the second terminal device, the second terminal device may be triggered to initiate a migration procedure. Wherein the application data of each application includes: program files of the applications, data of the applications, a fourth public-private key pair of each application, and so on; the fourth public-private key pair comprises a fourth public key and a fourth private key.
The second terminal device needs to acquire the first identifier of the first terminal device. The manner in which the second terminal device obtains the first identifier of the first terminal device may include the following.
A first manner in which the second terminal device obtains the first identifier of the first terminal device: the second terminal equipment starts a migration application program, and an interface is displayed based on the migration application program; the user inputs a first identifier of the first terminal device in the interface, and the second terminal device obtains the first identifier of the first terminal device, so that the second terminal device determines that application data in the first terminal device needs to be migrated to the second terminal device. See the description of fig. 9 or fig. 10.
Second means for obtaining the first identifier of the first terminal device by the second terminal device: the second terminal equipment receives second voice information of the user; the second terminal equipment recognizes the second voice information to obtain a first identifier of the first terminal equipment; and the second terminal equipment acquires the first identifier of the first terminal equipment, so that the second terminal equipment determines that the application data in the first terminal equipment needs to be migrated to the second terminal equipment. See the description of fig. 9 or fig. 10.
Third way for the second terminal device to obtain the first identifier of the first terminal device: the second terminal equipment receives a first identification of the first terminal equipment sent by other equipment. For example, the first terminal device sends the first identifier of the first terminal device to the server, and the server sends the first identifier of the first terminal device to the second terminal device. Or the first terminal equipment sends the first identification of the first terminal equipment to the second terminal equipment in a short-distance communication mode; the short-distance communication mode may be a bluetooth communication mode, an infrared data transmission communication mode, or the like. The second terminal device then displays the received first identification of the first terminal device. The first terminal device responds to the confirmation indication of the user, and the second terminal device determines that the application data in the first terminal device needs to be migrated to the second terminal device. Therein, reference may be made to the description of fig. 11.
This step is also described with reference to fig. 12-15.
S2202, the second terminal equipment adopts the second private key to carry out signature processing on the first identifier and the second identifier, and fourth signature information is obtained.
Illustratively, the second terminal device pre-generates a second public-private key pair, where the second public-private key pair includes a second public key and a second private key; the second terminal device has acquired the first identity of the first terminal device and the second terminal device has the second identity of the second terminal device. The second terminal equipment can adopt a second private key of the second terminal equipment to carry out signature processing on the first identifier and the second identifier to obtain fourth signature information; in one example, the second terminal device may encrypt the eighth hash value corresponding to both the first identifier and the second identifier with the second private key to obtain the fourth signature information.
Among them, step S2202 is an optional step.
S2203, the second terminal equipment sends a seventh message to the server, wherein the seventh message is used for indicating that the application data in the first terminal equipment is requested to be migrated, and the seventh message comprises the first identifier and the second identifier.
Optionally, the seventh message further includes fourth signature information. The server stores a third public-private key pair of the server, wherein the third public-private key pair comprises a third public key and a third public key; and the server stores the first public key of the first terminal device, the second public key of the second terminal device, and the second certificate of the second terminal device.
Further, on the basis of the above, the seventh message is a message that can be encrypted using the second key of the second terminal device. Further, in step S2203, the second terminal device generates a seventh message, where the seventh message is used to indicate that the migration of the application data in the first terminal device is requested, and the seventh message includes the first identifier and the second identifier; the second terminal equipment encrypts the seventh message by adopting the second key to obtain an encrypted seventh message; and the second terminal equipment sends the encrypted seventh message to the server.
S2204, the server determines whether the received first identifier and second identifier exist in a preset identifier list; the preset identifier list comprises identifiers of at least one terminal device.
For example, see step S804, which is not described in detail.
In addition, if the seventh message is a message encrypted by the second key of the second terminal device; after receiving the encrypted seventh message, the server decrypts the encrypted seventh message by using the second key of the second terminal device stored in the server to obtain the seventh message, thereby obtaining the first identifier and the second identifier. Then, the server determines whether the received first identifier and second identifier exist in a preset identifier list.
S2205, if the server determines that the received first identifier and the second identifier exist in the preset identifier list, the server determines to verify the fourth signature information according to the second public key.
The server may, for example, have previously obtained the second public key of the second terminal device, and if the server determines that the received first identifier and the second identifier exist in the preset identifier list, the server may verify the fourth signature information according to the second public key when the fourth signature information is included in the seventh message. If the server determines that the received first identifier and the second identifier do not exist in the preset identifier list, the server sends a message to the second terminal equipment, wherein the message represents migration failure; no further steps are performed.
In one example, the server decrypts the fourth signature information using the second public key of the second terminal device to obtain an eighth hash value; the server calculates the received first identifier and the second identifier to obtain a ninth hash value; if the server determines that the eighth hash value is the same as the ninth hash value, determining that the verification of the fourth signature information is passed; if the server determines that the eighth hash value is different from the ninth hash value, it determines that the verification of the fourth signature information is not passed.
The execution order of step S2204 and step S2205 is not limited.
S2206, if the server determines that the verification of the fourth signature information is passed according to the second public key, the server sends the second public key and the second certificate of the second terminal device to the first terminal device. Wherein the second certificate carries second signature information. The second signature information is obtained by signing the second certificate according to a third private key of the server.
As can be seen from the description of fig. 13, the second public key and the second certificate of the second terminal device are stored in the server in advance; and, the second certificate carries second signature information. The second signature information is obtained by the server signing the second certificate according to a third private key of the server.
When the seventh message includes the fourth signature information, if the server determines that verification of the fourth signature information is passed according to the second public key, and determines that the received first identifier and the received second identifier exist in the preset identifier list, the server executes the procedure of the step. The server sends the pre-stored second public key and the second certificate of the second terminal device to the first terminal device.
And when the seventh message does not comprise the fourth signature information, if the server determines that the received first identifier and the received second identifier exist in the preset identifier list, executing the process of the step. The server sends the pre-stored second public key and the second certificate of the second terminal device to the first terminal device.
In addition, on the basis of the above, if the server determines that the verification of the fourth signature information is passed according to the second public key, the server encrypts the second public key and the second certificate by using the first secret key, and then sends the encrypted second public key and second certificate to the first terminal device. If the server determines that the verification of the fourth signature information is not passed according to the second public key, the server sends a message to the second terminal equipment, wherein the message represents verification failure and migration failure; no further steps are performed.
S2207, the first terminal device verifies the second certificate according to the third public key and the second signature information, and after determining that the verification of the second certificate passes, step S2208 is performed.
Illustratively, this step is referred to step S807, and will not be described in detail.
S2208, the first terminal device encrypts the application data of the first terminal device by adopting the second public key to obtain encrypted application data.
Illustratively, this step is referred to step S808, and will not be described in detail.
S2209, the first terminal device sends the encrypted application data to the server.
S2210, the server sends the encrypted application data to the second terminal equipment.
S2211, the second terminal device sends a third message to the server, the third message including a second key of the master security domain of the second terminal device.
S2212, if the server determines that the second key of the pre-stored main security domain of the second terminal device is consistent with the second key of the main security domain of the second terminal device in the third message, a fourth message is sent to the second terminal device, and the fourth message represents that the verification of the second terminal device is passed.
S2213, the second terminal equipment decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal equipment.
In one example, the second private key is a private key of the first eSE chip of the second terminal device.
S2214, the second terminal equipment sends a second message to the server, wherein the second message represents whether the application data migration is successful or not.
S2215, the server sends a second message to the first terminal device, wherein the second message represents whether the application data migration is successful or not.
S2216, the first terminal device displays a second message, wherein the second message represents whether the application data migration is successful or not.
S2217, the first terminal device deletes the application data of the first terminal device.
For example, steps S2208-S2217 can be referred to above in steps S808-S817, and will not be described again.
Wherein, the seventh message is "first request".
In this embodiment, the difference from the embodiment shown in fig. 8 is that the second terminal device obtains the first identifier of the first terminal device, and further triggers the second terminal device to initiate the migration request. The second terminal equipment adopts a second private key to carry out signature processing on the first identifier and the second identifier to obtain fourth signature information; the second terminal device sends a seventh message to the server, wherein the seventh message is used for indicating that the application data in the first terminal device is requested to be migrated, and the seventh message comprises the first identifier, the second identifier and the fourth signature information. Furthermore, as the server has prestored the second public key of the second terminal device, the server can adopt the second public key to confirm and verify the fourth signature information, so as to ensure the security of information interaction between the second terminal device and the server; if the verification of the fourth signature information is passed, the server can also judge that the received first identifier and second identifier exist in the preset identifier list, further judge whether the second certificate and the second public key of the second terminal device can be sent to the first terminal device, and ensure the security of data interaction. If the server determines that the verification of the fourth signature information is passed and that the received first identifier and second identifier exist in a preset identifier list, the server sends a second public key and a second certificate of the second terminal device to the first terminal device; the first terminal equipment encrypts the application data of the first terminal equipment by adopting the second public key to obtain encrypted application data, and the first terminal equipment sends the encrypted application data to the second terminal equipment through the server. Therefore, the automatic migration of the application data in the first terminal equipment is completed, and the application data in the first terminal equipment is automatically migrated to the second terminal equipment.
Fig. 23 is a signaling diagram of another migration method of application data according to an embodiment of the present application. As shown in fig. 23, the method may include:
S2301, the first terminal device acquires a second identifier of the second terminal device; the first terminal device is pre-stored with a first public-private key pair of the first terminal device, a first identifier of the first terminal device and a third public key of the server, wherein the first public-private key pair comprises a first public key and a first private key.
In one example, the first public key is a public key of a first eSE chip of the first terminal device and the first private key is a private key of the first eSE chip of the first terminal device.
S2302, the first terminal device adopts the first private key to conduct signature processing on the first identifier and the second identifier, and third signature information is obtained.
S2303, the first terminal device sends a first message to the server, where the first message is used to indicate that the application data in the first terminal device is requested to be migrated, and the first message includes a first identifier and a second identifier.
S2304, the server determines whether the received first identifier and second identifier exist in a preset identifier list; the preset identifier list comprises identifiers of at least one terminal device.
S2305, if the server determines that the received first identifier and the second identifier exist in the preset identifier list, the server determines to verify the third signature information according to the first public key.
S2306, if the server determines that the verification of the third signature information is passed according to the first public key, the server sends the second public key and the second certificate of the second terminal device to the first terminal device. Wherein the second certificate carries second signature information. The second signature information is obtained by signing the second certificate according to a third private key of the server.
S2307, the first terminal device verifies the second certificate according to the third public key and the second signature information, and after determining that the verification of the second certificate is passed, performs step S2308.
S2308, the first terminal device encrypts the application data of the first terminal device by using the second public key to obtain encrypted application data.
For example, steps S2301-S2308 refer to steps S801-S808 described above, and are not described again.
S2309, the first terminal device sends the encrypted application data to the second terminal device through a short-distance communication mode.
In this embodiment, the first terminal device may send the encrypted application data directly to the second terminal device in a short-distance communication manner such as bluetooth.
S2310, the second terminal device sends a third message to the server, where the third message includes a second key of the master security domain of the second terminal device.
S2311, if the server determines that the pre-stored second key of the main security domain of the second terminal device is consistent with the second key of the main security domain of the second terminal device in the third message, sending a fourth message to the second terminal device, wherein the fourth message represents that the verification of the second terminal device is passed.
S2312, the second terminal equipment decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal equipment.
For example, steps S2310 through S2313 may refer to steps S811 through S813, and will not be described again.
S2313, the second terminal equipment sends a second message to the server in a short-distance communication mode, wherein the second message represents whether the application data migration is successful or not.
The second terminal device sends the second message to the server by short-range communication such as bluetooth.
S2314, the first terminal device displays a second message, wherein the second message represents whether the application data migration is successful or not.
For example, step S2314 may refer to step S816, and will not be described in detail.
S2315, the first terminal device deletes the application data of the first terminal device.
For example, step S2315 may refer to step S817, which is not described herein.
Wherein the first message is a "first request".
In this embodiment, the difference from the embodiment shown in fig. 8 is that the first terminal device directly sends the encrypted application data to the second terminal device through a short-distance transmission mode; and the second terminal equipment directly sends a second message representing whether the application data migration is successful or not to the second terminal equipment in a short-distance transmission mode. Thereby saving signaling between the terminal device and the server.
Fig. 24 is a signaling diagram of another migration method of application data according to an embodiment of the present application. As shown in fig. 24, the method may include:
S2401, a second terminal device acquires a first identifier of a first terminal device; the second terminal device is pre-stored with a second public-private key pair of the second terminal device, a second identifier of the second terminal device and a third public key of the server, wherein the second public-private key pair comprises a second public key and a second private key.
In one example, the second public key is a public key of a second eSE chip of the second terminal device and the second private key is a private key of the second eSE chip of the second terminal device.
S2402, the second terminal equipment adopts a second private key to carry out signature processing on the first identifier and the second identifier, and fourth signature information is obtained.
S2403, the second terminal equipment sends a seventh message to the server, wherein the seventh message is used for indicating that the application data in the first terminal equipment is requested to be migrated, and the seventh message comprises the first identifier and the second identifier.
S2404, the server determines whether the received first identifier and second identifier exist in a preset identifier list; the preset identifier list comprises identifiers of at least one terminal device.
S2405, if the server determines that the received first identifier and the second identifier exist in the preset identifier list, the server determines to verify the fourth signature information according to the first public key.
S2406, if the server determines that the verification of the fourth signature information is passed according to the second public key, the server sends the second public key and the second certificate of the second terminal device to the first terminal device. Wherein the second certificate carries second signature information. The second signature information is obtained by signing the second certificate according to a third private key of the server.
S2407, the first terminal device verifies the second certificate according to the third public key and the second signature information, and after determining that the verification of the second certificate is passed, performs step S2408.
S2408, the first terminal device encrypts the application data of the first terminal device by adopting the second public key to obtain encrypted application data.
Illustratively, steps S2401-S2408 are referred to above in steps S2201-S2208, and are not described in detail.
S2409, the first terminal device sends the encrypted application data to the second terminal device through a short-distance communication mode.
S2410, the second terminal device sends a third message to the server, where the third message includes a second key of the master security domain of the second terminal device.
S2411, if the server determines that the pre-stored second key of the main security domain of the second terminal device and the second key of the main security domain of the second terminal device in the third message are consistent, sending a fourth message to the second terminal device, where the fourth message characterizes that verification of the second terminal device passes.
S2412, the second terminal device decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal device.
In one example, the second private key is a private key of the first eSE chip of the second terminal device.
For example, steps S2410 to S2412 may refer to steps S2211 to S2213, and are not described herein.
S2413, the second terminal device sends a second message to the server through a short-distance communication mode, wherein the second message represents whether the application data migration is successful or not.
S2414, the first terminal device displays a second message, wherein the second message characterizes whether the application data migration is successful.
For example, step S2414 may refer to step S2216, and will not be described again.
S2415, the first terminal device deletes the application data of the first terminal device.
For example, step S2415 may refer to step S2217, and will not be described again.
Wherein, the seventh message is "first request".
In this embodiment, the difference from the embodiment shown in fig. 22 is that the first terminal device directly sends the encrypted application data to the second terminal device through a short-distance transmission mode; and the second terminal equipment directly sends a second message representing whether the application data migration is successful or not to the second terminal equipment in a short-distance transmission mode. Thereby saving signaling between the terminal device and the server.
Fig. 25 is a signaling diagram of another migration method of application data according to an embodiment of the present application. As shown in fig. 25, the method may include:
s2501, a first terminal device acquires a second identifier of a second terminal device; the first terminal equipment is pre-stored with a first public and private key pair of the first terminal equipment and a first identifier of the first terminal equipment, wherein the first public and private key pair comprises a first public key and a first private key.
In one example, the first public key is a public key of a first eSE chip of the first terminal device and the first private key is a private key of the first eSE chip of the first terminal device.
For example, S2501 may refer to step S801, and will not be described in detail. This embodiment may employ the scheme of issuing public keys of fig. 12-15 of the embodiment shown in fig. 8. Also, the present embodiment may employ an interface diagram and a software structural diagram of the embodiment shown in fig. 8.
S2502, the first terminal device adopts the first private key to conduct signature processing on the first identifier and the second identifier, and third signature information is obtained.
For example, S2501 may refer to step S802, and will not be described in detail. Step S2502 is an optional step.
S2503, the first terminal device sends an eighth message to the second terminal device, wherein the eighth message is used for indicating that the application data in the first terminal device is requested to be migrated, and the eighth message comprises a first identifier and a second identifier.
Optionally, the eighth message further includes third signature information. The second terminal device may also obtain the first public key of the first terminal device.
Illustratively, the first terminal device has acquired the second identity of the second terminal device, and the first terminal device has the first identity of the first terminal device; thus, the first terminal device sends the eighth message to the second terminal device through the short-range communication mode.
For security reasons, the third signature information may be carried in the eighth message. For example, the first terminal device may encrypt the fifth hash value corresponding to both the first identifier and the second identifier by using the first private key, to obtain the third signature information.
S2504, the second terminal device obtains the first public key of the first terminal device.
For example, if the eighth message further includes the third signature information, the second terminal device is further required to acquire the first public key of the first terminal device. For example, the first terminal device sends the first public key to the second terminal device; or the eighth message carries the first public key; or the first terminal device obtains the first public key from the server.
The execution order of step S2504 is not limited, and step S2504 is only required to be executed before step S2505.
S2505, the second terminal device verifies the third signature information according to the first public key.
Illustratively, the second terminal device decrypts the third signature information by using the first public key of the first terminal device to obtain a fifth hash value; the second terminal equipment calculates the received first identifier and the second identifier to obtain a tenth hash value; if the second terminal equipment determines that the fifth hash value is the same as the tenth hash value, determining that the verification of the third signature information is passed; and if the second terminal equipment determines that the fifth hash value is different from the tenth hash value, determining that the verification of the third signature information is not passed.
S2506, if the second terminal device determines that the verification of the third signature information is passed according to the first public key, the second public key and the second certificate of the second terminal device are sent to the first terminal device. Wherein the second certificate carries fifth signature information. The fifth signature information is obtained by signing the second certificate according to the second private key of the second terminal device.
Illustratively, when the third signature information is included in the first message, the second terminal device performs the procedure of this step if it is determined that the verification of the third signature information is passed according to the first public key. The procedure of this step may be directly performed when the third signature information is not included in the first message.
In this step, the second terminal device may sign the second certificate with a second private key of the second terminal device, to obtain fifth signature information; for example, the second terminal device may encrypt the eleventh hash value of the second certificate with the second private key of the second terminal device, thereby obtaining the second certificate carrying the fifth signature information. And the second terminal equipment sends the second public key and the second certificate carrying the fifth signature information to the first terminal equipment through a short-distance communication mode.
S2507, the first terminal device verifies the second certificate according to the second public key and the fifth signature information, and after determining that the verification of the second certificate is passed, step S2508 is performed.
Illustratively, the first terminal device decrypts the fifth signature information by using the second public key to obtain an eleventh hash value; the first terminal equipment calculates the second certificate to obtain a twelfth hash value; if the first terminal equipment determines that the eleven hash value is the same as the twelfth hash value, determining that the verification of the second certificate is passed; if the first terminal device determines that the eleven hash value is different from the twelfth hash value, the first terminal device determines that the verification of the second certificate is not passed.
S2508, the first terminal device encrypts the application data of the first terminal device by adopting the second public key to obtain encrypted application data.
Illustratively, this step may refer to step S808, which is not described herein.
S2509, the first terminal device sends the encrypted application data to the second terminal device through a short-distance transmission mode.
S2510, the second terminal device sends a third message to the server, the third message comprising a second key of the master security domain of the second terminal device.
S2511, if the server determines that the second key of the pre-stored main security domain of the second terminal device is identical to the second key of the main security domain of the second terminal device in the third message, sending a fourth message to the second terminal device, wherein the fourth message represents that the verification of the second terminal device is passed.
S2512, the second terminal equipment decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal equipment.
In one example, the second private key is a private key of the first eSE chip of the second terminal device.
For example, steps S2510 to S2512 may refer to steps S811 to S813, and will not be described in detail.
S2513, the second terminal equipment sends a second message to the first terminal equipment in a short-distance transmission mode, wherein the second message represents whether the application data migration is successful or not.
S2514, the first terminal device displays a second message, wherein the second message represents whether the application data migration is successful or not.
For example, step S2514 may refer to step S816, and will not be described in detail.
S2515, the first terminal device deletes the application data of the first terminal device.
For example, step S2515 may refer to step S817, which is not described in detail.
Wherein, the eighth message is a "first request".
In the embodiment, the migration process is triggered based on the first terminal equipment, and then the first terminal equipment and the second terminal equipment are directly communicated in a short-distance transmission mode to complete validity verification; then, the first terminal equipment directly transmits the encrypted application data to the second terminal equipment in a short-distance transmission mode; and the second terminal equipment directly sends a second message representing whether the application data migration is successful or not to the second terminal equipment in a short-distance transmission mode. Thereby saving signaling between the terminal device and the server.
Fig. 26 is a signaling diagram of another migration method of application data according to an embodiment of the present application. As shown in fig. 26, the method may include:
S2601, a second terminal device acquires a first identifier of a first terminal device; the second terminal device is pre-stored with a second public-private key pair of the second terminal device and a second identifier of the second terminal device, wherein the second public-private key pair comprises a second public key and a second private key.
In one example, the second public key is a public key of a second eSE chip of the second terminal device and the second private key is a private key of the second eSE chip of the second terminal device.
For example, S2601 may refer to step S2201, and will not be described in detail. This embodiment may employ the scheme of issuing public keys of fig. 12-15 of the embodiment shown in fig. 8. Also, the present embodiment may employ an interface diagram and a software structural diagram of the embodiment shown in fig. 8.
S2602, the second terminal device adopts the second private key to conduct signature processing on the first identifier and the second identifier, and fourth signature information is obtained.
For example, S2601 may refer to step S2202, which is not described in detail. Step S2602 is an optional step.
S2603, the second terminal equipment sends a ninth message to the first terminal equipment, wherein the ninth message is used for indicating that the application data in the first terminal equipment is requested to be migrated, and the ninth message comprises a first identifier and a second identifier.
Optionally, the ninth message further includes fourth signature information. The first terminal device may also obtain a second public key of the second terminal device.
Illustratively, the second terminal device has acquired the first identity of the first terminal device, and the second terminal device has the second identity of the second terminal device; thus, the second terminal device sends the ninth message to the first terminal device through the short-distance communication mode.
The fourth signature information may be carried in the ninth message for security reasons. For example, the second terminal device may encrypt the eighth hash value corresponding to both the first identifier and the second identifier by using the second private key, to obtain the fourth signature information.
S2604, the first terminal device obtains a second public key of the second terminal device.
For example, if the ninth message further includes the fourth signature information, the first terminal device is further required to obtain the second public key of the second terminal device. For example, the second terminal device sends the second public key to the first terminal device; or the ninth message carries the second public key; or the second terminal device obtains the second public key from the server.
The execution order of step S2604 is not limited, and step S2604 is only required to be executed before step S2605.
S2605, the first terminal device verifies the fourth signature information according to the second public key.
Illustratively, the first terminal device decrypts the fourth signature information with the second public key of the second terminal device to obtain an eighth hash value; the first terminal equipment calculates the received first identifier and the second identifier to obtain a thirteenth hash value; if the first terminal equipment determines that the eighth hash value is the same as the third hash value, determining that the verification of the third signature information is passed; if the first terminal device determines that the eighth hash value is different from the third hash value, the first terminal device determines that the verification of the third signature information is not passed.
S2606, if the first terminal device determines that the verification of the fourth signature information is passed according to the second public key, a tenth message is sent to the second terminal device through a short-distance communication mode, and the tenth message characterizes that the verification of the fourth signature information is passed.
Illustratively, S2602-S2606 are optional steps. If the first terminal device determines that the verification of the fourth signature information is not passed according to the second public key, a message is sent to the second terminal device, wherein the message represents that the verification of the fourth signature information is not passed, and the subsequent steps are not executed.
S2607, the second terminal device sends the second public key and the second certificate of the second terminal device to the first terminal device. Wherein the second certificate carries fifth signature information. The fifth signature information is obtained by signing the second certificate according to the second private key of the second terminal device.
Illustratively, in this step, the second terminal device may sign the second certificate with a second private key of the second terminal device to obtain fifth signature information; for example, the second terminal device may encrypt the eleventh hash value of the second certificate with the second private key of the second terminal device, thereby obtaining the second certificate carrying the fifth signature information. And the second terminal equipment sends the second public key and the second certificate carrying the fifth signature information to the first terminal equipment through a short-distance communication mode.
S2608, the first terminal device verifies the second certificate according to the second public key and the fifth signature information, and after determining that the verification of the second certificate is passed, step S2609 is performed.
Illustratively, the first terminal device decrypts the fifth signature information by using the second public key to obtain an eleventh hash value; the first terminal equipment calculates the second certificate to obtain a twelfth hash value; if the first terminal equipment determines that the eleven hash value is the same as the twelfth hash value, determining that the verification of the second certificate is passed; if the first terminal device determines that the eleven hash value is different from the twelfth hash value, the first terminal device determines that the verification of the second certificate is not passed.
S2609, the first terminal device encrypts the application data of the first terminal device by using the second public key to obtain encrypted application data.
For example, this step may refer to step S2208, and will not be described in detail.
S2610, the first terminal device sends the encrypted application data to the second terminal device through a short-distance transmission mode.
S2611, the second terminal device sends a third message to the server, the third message including a second key of the master security domain of the second terminal device.
And S2612, if the server determines that the second key of the pre-stored main security domain of the second terminal device is consistent with the second key of the main security domain of the second terminal device in the third message, sending a fourth message to the second terminal device, wherein the fourth message represents that the verification of the second terminal device is passed.
S2613, the second terminal equipment decrypts the encrypted application data according to the second private key to obtain decrypted application data, and stores the decrypted application data into a second eSE chip of the second terminal equipment.
In one example, the second private key is a private key of the first eSE chip of the second terminal device.
For example, steps S2611-S2613 can refer to steps S2211-S2213, and will not be described again.
S2614, the second terminal equipment sends a second message to the first terminal equipment in a short-distance transmission mode, wherein the second message represents whether the application data migration is successful or not.
S2615, the first terminal device displays a second message, where the second message characterizes whether the application data migration is successful.
For example, step S2615 may refer to step S2216, and will not be described in detail.
S2616, the first terminal device deletes the application data of the first terminal device.
For example, step S2616 may refer to step S2217, and will not be described in detail.
Wherein the ninth message is a "first request".
In the embodiment, the migration process is triggered based on the second terminal equipment, and then the first terminal equipment and the second terminal equipment are directly communicated in a short-distance transmission mode to complete validity verification; then, the first terminal equipment directly transmits the encrypted application data to the second terminal equipment in a short-distance transmission mode; and the second terminal equipment directly sends a second message representing whether the application data migration is successful or not to the second terminal equipment in a short-distance transmission mode. Thereby saving signaling between the terminal device and the server.
The foregoing description of the solution provided by the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the present application may be implemented in hardware or a combination of hardware and computer software, as the method steps of the examples described in connection with the embodiments disclosed herein. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the application can divide the functional modules of the device communication method according to the method example, for example, each functional module can be divided corresponding to each function, or two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
Fig. 27 is a schematic structural diagram of a chip according to an embodiment of the present application. Chip 270 includes one or more (including two) processors 2701, communication lines 2702, communication interfaces 2703, and memory 2704.
In some implementations, the memory 2704 stores the following elements: executable modules or data structures, or a subset thereof, or an extended set thereof.
The methods described in the above embodiments of the present application may be applied to the processor 2701 or implemented by the processor 2701. The processor 2701 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the method performed by the first device or the second device may be implemented by integrated logic of hardware in the processor 2701 or instructions in software. The processor 2701 may be a general purpose processor (e.g., a microprocessor or a conventional processor), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gates, transistor logic, or discrete hardware components, and the processor 2701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the application.
The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in any well-known storage medium such as ram, rom, or EEPROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY, EEPROM). Which is located in a memory 2704 and a processor 2701 reads information in the memory 2704 and performs the steps of the above method in combination with its hardware.
The processor 2701, the memory 2704, and the communication interface 2703 may communicate with each other via a communication line 2702.
Fig. 28 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 28, an electronic device 2800 includes the chip and a display unit described above. The display unit is used for executing the steps of displaying the method provided by the above embodiment. The electronic equipment is a first terminal equipment, a second terminal equipment or a server.
The embodiment also provides a migration system of application data, where the system includes the server, the first terminal device, and the second terminal device, and the system may refer to fig. 1 or fig. 3, or the system includes the first terminal device and the second terminal device, and the system may refer to fig. 1 or fig. 2.
In the above embodiments, the instructions stored by the memory for execution by the processor may be implemented in the form of a computer program product. The computer program product may be written in the memory in advance, or may be downloaded in the form of software and installed in the memory.
Embodiments of the present application also provide a computer program product comprising one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL), or wireless (e.g., infrared, wireless, microwave, etc.), or semiconductor media (e.g., solid state disk (solid state STATE DISK, SSD)), the computer-readable storage medium may be any available medium that can be stored by the computer or a data storage device such as a server, data center, etc., comprising an integration of one or more available media.
The embodiment of the application also provides a computer readable storage medium. The methods described in the above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. Computer readable media can include computer storage media and communication media and can include any medium that can transfer a computer program from one place to another. The storage media may be any target media that is accessible by a computer.
As one possible design, the computer-readable medium may include compact disk read-only memory (CD-ROM), RAM, ROM, EEPROM, or other optical disk storage; the computer readable medium may include disk storage or other disk storage devices. Moreover, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, digital versatile disc (DIGITAL VERSATILE DISC, DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers.
Combinations of the above should also be included within the scope of computer-readable media. The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.

Claims (16)

1. The application data migration method is characterized in that an application scene of the method comprises a first terminal device, a second terminal device and a server, the method is applied to the second terminal device, and the method comprises the following steps:
Receiving encrypted application data sent by a first terminal device; wherein the application data includes: program files of the application and data of the application; the encrypted application data is obtained by encrypting the second public key of the second terminal equipment; the second public key is sent to the first terminal equipment through first information by the server or the second terminal equipment, and the first information is sent in response to a first request; the first request is used for indicating to request to migrate application data in first terminal equipment, and the first request comprises a first identifier of the first terminal equipment and a second identifier of second terminal equipment; the first information is sent after verification of a first identifier and a second identifier in the first request is passed; the server stores a preset identification list, wherein the preset identification list comprises identifications of at least one terminal device, and the identifications in the preset identification list are identifications of the terminal device with the certificate issued by the server; the preset identifier list is used for verifying a first identifier and a second identifier in the first request;
Sending a third message to the server, wherein the third message comprises a second key, and the second key is a second key of a second embedded security module chip of the second terminal equipment; receiving a fourth message sent by the server, wherein the fourth message characterizes that a second key in the third message is consistent with a second key prestored by the server;
Decrypting the encrypted application data according to a pre-stored second private key of the second terminal device to obtain and store the application data of the first terminal device;
Sending a second message to the first terminal equipment so that the first terminal equipment determines whether to delete the application data according to the second message, and if the second message indicates that the application data migration is successful, the first terminal equipment deletes the application data; wherein the second message characterizes whether migration of the application data was successful;
Before receiving the encrypted application data sent by the first terminal device, the method further includes:
Generating a second public-private key pair and the second identifier, wherein the second public-private key pair comprises a second public key and a second private key;
Transmitting a sixth message to the server in response to the second instruction transmitted by the server; the second instruction is used for indicating to acquire a second public key of a second terminal device, and the sixth message comprises the second public key and the second identifier; the server stores a third public-private key pair of the server, wherein the third public-private key pair comprises a third public key and a third private key; the second public key is used for generating a second certificate of the second terminal equipment, and the third private key is used for signing the second certificate to obtain second signature information;
Receiving a third public key and a second certificate carrying second signature information sent by the server; and if the second signature information passes verification according to the third public key, storing the second certificate and the third public key.
2. The method of claim 1, wherein the first request is generated after the first terminal device obtains a second identifier.
3. The method according to claim 2, wherein the second identity is obtained based on a first trigger operation of a user on a first page of the first terminal device, the first trigger operation being used to indicate the second identity;
Or the second identifier is acquired based on first voice information sent by a user, wherein the first voice information is used for indicating the second identifier;
Or the second identifier is sent to the first terminal device by the second terminal device through a short-distance communication mode;
or the second identifier is sent to the first terminal device by the second terminal device through the server.
4. The method of claim 2, wherein the first request further includes third signature information; the server or the first terminal device stores a first public key of the first terminal device, and the first information is sent after the verification of the third signature information by using the first public key is passed.
5. The method of claim 1, further comprising, prior to said receiving the encrypted application data sent by the first terminal device:
And acquiring the second identifier, and sending a first request to the server or the first terminal equipment according to the second identifier and the pre-stored first identifier.
6. The method of claim 5, wherein obtaining the second identification comprises:
Responding to a second triggering operation of a user on a second page of the second terminal equipment, and acquiring the second identifier indicated by the second triggering operation;
Or responding to second voice information sent by a user, and determining the second identifier indicated by the second voice information;
Or receiving the second identifier sent by the first terminal equipment through the server;
Or receiving the second identifier sent by the first terminal device through a short-distance communication mode.
7. The method of claim 5, wherein the first request further includes fourth signature information; the server or the first terminal device stores a second public key of the second terminal device; before sending a first request to the server or the first terminal device according to the second identifier and the pre-stored first identifier, the method further comprises:
carrying out signature processing on the first identifier and the second identifier according to a pre-stored second private key of the second terminal device to obtain fourth signature information; the fourth signature information is used for verifying the fourth signature information according to a second public key of a second terminal device pre-stored in the first terminal device; and the first information is sent after the verification of the fourth signature information is passed.
8. The method according to any of claims 1-7, wherein the server stores a second certificate of the second terminal device, the second certificate being generated from the second public key and carrying second signature information, the second signature information being obtained by signing a second certificate from a third private key of the server; the first terminal equipment stores a third public key of the server;
the server is further configured to send the second certificate, or the first information includes the second certificate;
and the encrypted application data is received after the second certificate is verified according to the third public key and the second signature information.
9. The method according to any of claims 1-7, wherein the second terminal device stores a second certificate of the second terminal device, the second certificate being generated according to the second public key, and the second certificate carrying fifth signature information, the fifth signature information being obtained by signing a second certificate according to a second private key of the second terminal device;
the method further comprises the steps of: sending the second certificate to the first terminal device; or the first information comprises the second certificate;
The encrypted application data is received after the second certificate is verified according to a second public key of a second terminal device pre-stored in the first terminal device and the fifth signature information.
10. The method according to any one of claims 1-9, wherein the encrypted application data is application data of each application in the first terminal device; or the encrypted application data is the application data in the first terminal device indicated by the third instruction.
11. The method according to claim 10, wherein the method further comprises:
Responding to a fourth triggering operation of a user on a fourth page of the second terminal equipment, wherein the fourth triggering operation is used for indicating application data in the first terminal equipment, and sending the third instruction to the first terminal equipment through a short-distance communication mode or the server.
12. The method according to any of claims 1-11, wherein receiving encrypted application data sent by the first terminal device comprises:
receiving encrypted application data sent by the first terminal equipment through the server;
or receiving the encrypted application data sent by the first terminal device through a short-distance communication mode.
13. The method according to any one of claims 1-12, further comprising:
sending a second message to the first terminal device through the server;
or sending the second message to the first terminal device through a short-distance communication mode.
14. An electronic device, comprising: a processor and a display unit;
the processor being adapted to invoke a program in a memory for performing the steps of the process in the method of any of claims 1-13, the display unit being adapted to perform the steps of performing the display in the method of any of claims 1-13.
15. A migration system of application data, characterized in that the system comprises a server according to any one of claims 1-13, a first terminal device and a second terminal device; or the system comprises a first terminal device and a second terminal device according to any of claims 1-13.
16. A computer readable storage medium storing instructions that, when executed, cause a computer to perform the method of any one of claims 1-13.
CN202111426154.3A 2021-11-26 2021-11-26 Application data migration method, terminal equipment and storage medium Active CN115033899B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111426154.3A CN115033899B (en) 2021-11-26 2021-11-26 Application data migration method, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111426154.3A CN115033899B (en) 2021-11-26 2021-11-26 Application data migration method, terminal equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115033899A CN115033899A (en) 2022-09-09
CN115033899B true CN115033899B (en) 2024-05-14

Family

ID=83117849

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111426154.3A Active CN115033899B (en) 2021-11-26 2021-11-26 Application data migration method, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115033899B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101065942A (en) * 2004-12-03 2007-10-31 诺基亚公司 Method and device for migrating a specifically encrypted access object from a first terminal unit to a second terminal unit
CN101355424A (en) * 2007-07-27 2009-01-28 深圳兆日技术有限公司 Method for safely migrating handhold equipment data
CN101689240A (en) * 2007-06-25 2010-03-31 松下电器产业株式会社 Information security device and information security system
CN101953112A (en) * 2008-02-25 2011-01-19 松下电器产业株式会社 Information security device and information security system
CN106534102A (en) * 2016-10-31 2017-03-22 北京小米移动软件有限公司 Device access method and device and electronic device
CN108604345A (en) * 2017-01-25 2018-09-28 华为技术有限公司 A kind of method and device of addition bank card
CN110278084A (en) * 2018-03-16 2019-09-24 华为技术有限公司 EID method for building up, relevant device and system
CN111008094A (en) * 2018-10-08 2020-04-14 阿里巴巴集团控股有限公司 Data recovery method, equipment and system
CN112636916A (en) * 2020-11-30 2021-04-09 捷德(中国)科技有限公司 Data processing method, data processing device, storage medium and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11044077B2 (en) * 2018-09-25 2021-06-22 Mcafee, Llc Modifiable client-side encrypted data in the cloud

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101065942A (en) * 2004-12-03 2007-10-31 诺基亚公司 Method and device for migrating a specifically encrypted access object from a first terminal unit to a second terminal unit
CN101689240A (en) * 2007-06-25 2010-03-31 松下电器产业株式会社 Information security device and information security system
CN101355424A (en) * 2007-07-27 2009-01-28 深圳兆日技术有限公司 Method for safely migrating handhold equipment data
CN101953112A (en) * 2008-02-25 2011-01-19 松下电器产业株式会社 Information security device and information security system
CN106534102A (en) * 2016-10-31 2017-03-22 北京小米移动软件有限公司 Device access method and device and electronic device
CN108604345A (en) * 2017-01-25 2018-09-28 华为技术有限公司 A kind of method and device of addition bank card
CN110278084A (en) * 2018-03-16 2019-09-24 华为技术有限公司 EID method for building up, relevant device and system
CN111008094A (en) * 2018-10-08 2020-04-14 阿里巴巴集团控股有限公司 Data recovery method, equipment and system
CN112636916A (en) * 2020-11-30 2021-04-09 捷德(中国)科技有限公司 Data processing method, data processing device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN115033899A (en) 2022-09-09

Similar Documents

Publication Publication Date Title
CN108595970B (en) Configuration method and device of processing assembly, terminal and storage medium
CN107341387B (en) Electronic seal system for security enhancement and control method thereof
WO2020214474A1 (en) Secure on-demand transporation service
KR102540090B1 (en) Electronic device and method for managing electronic key thereof
WO2018201645A1 (en) Vehicle management method, management device mounted on vehicle, and vehicle
CN106357714B (en) Mobile terminal, control method, audio/video/navigation terminal, and vehicle management center
CN105531710A (en) Method of authorizing an operation to be performed on a targeted computing device
JP2013172458A (en) Apparatus and method for transmitting and receiving multimedia data by using nfc
KR102135357B1 (en) Cloud service interworking apparatus and method thereof
CN104335214A (en) Secure user presence detection and authentication
KR102483830B1 (en) Electronic apparatus and operating method thereof
CN104010266B (en) Program expansion system, server, program extended method and computer-readable medium
US11394534B2 (en) Electronic device sharing key with external electronic device and operating method for electronic device
CN115033899B (en) Application data migration method, terminal equipment and storage medium
US11693929B2 (en) Electronic device, information processing apparatus, information processing method, and information processing system
KR102545127B1 (en) Electronic device for managing application associated with a key of external electronic device and the method for the same
WO2014188708A1 (en) Car-onboard system, and method of authentication in same system
JP2023157822A (en) Program, computer, system, and method
CN111083681B (en) Close-range communication data encryption method, terminal equipment and vehicle
CN109697343B (en) Verification method and system and computer system
CN113703918A (en) Virtual trusted platform based on hardware assistance and security processing method
US20150242841A1 (en) Electronic Device and Payment Method Using Electronic Device
KR20200101053A (en) Electronic device and certification method in electronic device
KR101612828B1 (en) An audio video navigation terminal and method for providing a vihicle information of the same and a system for providing a vihicle information and method for providing a vihicle information and program recording medium
CN117131519B (en) Information protection method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant