CN115037452B - Data protection method, system and electronic equipment - Google Patents

Data protection method, system and electronic equipment Download PDF

Info

Publication number
CN115037452B
CN115037452B CN202111400446.XA CN202111400446A CN115037452B CN 115037452 B CN115037452 B CN 115037452B CN 202111400446 A CN202111400446 A CN 202111400446A CN 115037452 B CN115037452 B CN 115037452B
Authority
CN
China
Prior art keywords
master key
electronic device
trust ring
account
electronic equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111400446.XA
Other languages
Chinese (zh)
Other versions
CN115037452A (en
Inventor
丁金岩
窦伟明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202311095819.6A priority Critical patent/CN117278204A/en
Priority to CN202111400446.XA priority patent/CN115037452B/en
Publication of CN115037452A publication Critical patent/CN115037452A/en
Application granted granted Critical
Publication of CN115037452B publication Critical patent/CN115037452B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data protection method, a system and electronic equipment, wherein the data protection method comprises the following steps: after the electronic equipment is successfully looped, in the using process, when the electronic equipment is detected to restore factory settings, close a lock screen password or restore all settings, actively triggering the off-line flow to delete a master key in a trusted execution environment of the electronic equipment. According to the data protection method, after the electronic equipment enters the ring, when the user wants to withdraw the electronic equipment from the trust ring, the user experience of the user can be improved by conveniently operating the trigger equipment to be disconnected. On the other hand, when factory settings are restored, the screen locking passwords are closed or all settings are restored, the offline is triggered automatically, and service data synchronized to the cloud can be protected.

Description

Data protection method, system and electronic equipment
Technical Field
The embodiment of the application relates to the field of terminal equipment, in particular to a data protection method, a data protection system and electronic equipment.
Background
Currently, the terminal device may store the data of the user in the cloud end so that the user can upload and download the data in real time. The user's data typically corresponds to a particular user account. However, the security of user data is entirely dependent on account security, which data can be obtained from the cloud side as long as the device is able to pass account verification. If any one of the account number and the cloud side server is attacked, the user data is leaked. In addition, the cloud side server may decrypt the user data, and the cloud side cannot self-verify. Thus, the known solutions are less secure and do not provide support for user data protection with higher security requirements.
Disclosure of Invention
The application provides a data protection method, a system and an electronic device, wherein after the electronic device is successfully looped, in the use process, when the electronic device is detected to restore factory settings, close a lock screen password or restore all settings, the off-line procedure is actively triggered to delete a master key in a trusted execution environment of the electronic device, or the electronic device is passively off-line by a same account device. According to the data protection method, after the electronic equipment enters the ring, when the user wants to withdraw the electronic equipment from the trust ring, the user experience of the user can be improved by conveniently operating the trigger equipment to be disconnected. On the other hand, when factory settings are restored, the screen locking passwords are closed or all settings are restored, the offline is triggered automatically, and service data synchronized to the cloud can be protected.
In a first aspect, an embodiment of the present application provides a data protection method, applied to an electronic device, where the method includes: generating a master key ciphertext and an authentication parameter of the electronic equipment according to a screen locking code of the electronic equipment and the acquired master key, which are input by a user; the electronic equipment logs in a first account; based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account number is created in the first server or added; and deleting the master key in the trusted execution environment of the electronic equipment when the electronic equipment is detected to restore factory settings, close the lock screen passwords or restore all settings.
The screen locking code in the present application may be replaced by other user information, for example, the user information may be a user's birthday, a user's name, a parent's or friend's birthday, a name, etc. These pieces of information are pieces of information unique to the user, only the user knows by himself, and the pieces of information differ from user to user. Such user information is easy for the user to memorize and is not known to the cloud side. When the master key is encrypted based on the user information, the cloud side cannot decrypt, and thus the cloud side can be self-certifying. Besides the user, other people can hardly know which user information is used by the user to encrypt the master key, so that the difficulty in cracking the ciphertext of the master key is greatly increased, the security of the master key is improved, and the security of user data protected by using the derivative key of the master key can be improved. Meanwhile, when the 2 nd device and the 2 nd and subsequent devices in the trust ring are registered, the identity of the registered device can be verified based on the user information, interaction with the registered device is not needed, and convenience is provided for the user.
The electronic equipment actively runs off line, and is flexible and convenient to operate. When factory settings are restored, the screen locking passwords are closed or all settings are restored, the service data synchronized to the cloud can be automatically downloaded.
According to a first aspect, after deleting the master key in the trusted execution environment of the electronic device, the method further comprises: the registration state of the electronic device is modified to unregistered. The registration state of the electronic equipment is timely modified, so that the equipment can accurately confirm the registration state locally during subsequent ring adding or ring creation.
According to the first aspect, or any implementation manner of the first aspect, according to a screen locking code of an electronic device and an acquired master key input by a user, generating a master key ciphertext and an authentication parameter of the electronic device; creating a first trust ring corresponding to the first account in the first server or adding the first trust ring based on the master key ciphertext and the authentication parameter includes: the electronic equipment is used as first electronic equipment, and receives a first screen locking code of the first electronic equipment input by a user, wherein the first electronic equipment is logged in a first account; generating a master key in a trusted execution environment of the first electronic device; encrypting the master key based on a first screen locking code to generate a first master key ciphertext of the first electronic device; generating a first authentication parameter based on the first screen locking code; and sending a ring creation request to the first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and the first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter. According to the method for entering the ring of the electronic equipment, the account-level master key MK is protected based on the user secret such as the screen locking code, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, the cloud side can self-prove the security, and support can be provided for data synchronization of service data with high security requirements. It should be noted that the user secret is not limited to the screen locking code, but may be birthday, answer to questions, etc.
According to the first aspect, or any implementation manner of the first aspect, according to a screen locking code of the electronic device and the obtained master key, which are input by a user, a master key ciphertext and an authentication parameter of the electronic device are generated; based on the master key ciphertext and the authentication parameter, creating a first trust ring corresponding to the first account in the first server or adding the first trust ring, including: the electronic equipment is used as second electronic equipment, and receives a second screen locking code of the second electronic equipment input by a user, wherein the second electronic equipment is logged in the first account; when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to a first account number acquired from a first server; when the identity verification of the first electronic equipment based on the first screen locking code is passed, a first master key ciphertext of the first electronic equipment sent by a first server is received; decrypting the first master key ciphertext based on the first screen locking code to obtain a master key; encrypting the master key based on the second screen locking code, generating a second master key ciphertext of the second electronic device, and generating a second authentication parameter based on the second screen locking code; and sending a ring adding request to the first server so that the first server adds the second master key ciphertext and the second authentication parameter to the trust ring data of the first trust ring.
According to the method for entering the ring of the electronic equipment, the account-level master key MK is protected based on the user secret such as the screen locking code, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, the cloud side can self-prove the security, and support can be provided for data synchronization of service data with high security requirements.
According to the first aspect, or any implementation manner of the first aspect, the method further includes: deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; and sending the first service data ciphertext to the second server so that the second server stores the first service data ciphertext. The cloud-up synchronization method based on the service key derived from the master key encrypts the service data ciphertext and then performs cloud-up synchronization, and the cloud-up service data ciphertext is unknown because the master key cloud is unknown, so that the security of service data can be ensured, and the cloud can be self-verified.
According to the first aspect, or any implementation manner of the first aspect, the method further includes: acquiring a second service data ciphertext from a second server; deriving a first service key based on the master key; and decrypting the second service data ciphertext by using the first service key to obtain second service data. According to the method for decrypting the service data ciphertext locally in the electronic equipment after the service data ciphertext is obtained from the cloud, even if the service data ciphertext transmitted between the cloud and the electronic equipment is intercepted, the interception imitations can not obtain the rule of the master key and the rule of deriving the first service key from the master key, so that the obtained service data can not be decrypted, and the safety of the service data can be improved.
In a second aspect, an embodiment of the present application provides a data protection method, applied to a second electronic device, where the method includes: generating a master key ciphertext and an authentication parameter of the second electronic device according to the screen locking code of the second electronic device and the acquired master key input by the user; the second electronic equipment logs in the first account;
based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account number is created in the first server or added; receiving a master key deleting message sent by a first server, wherein the master key deleting message is generated by the first server under the condition that second electronic equipment is removed from a first account by first electronic equipment; the master key in the trusted execution environment of the second electronic device is deleted.
The passive offline mode of the electronic equipment is flexible and convenient for a user to remotely operate the electronic equipment offline across equipment.
According to a second aspect, the method further comprises, after deleting the master key in the trusted execution environment of the electronic device: the registration state of the second electronic device is modified to unregistered. The registration state of the electronic equipment is timely modified, so that the equipment can accurately confirm the registration state locally during subsequent ring adding or ring creation.
In a third aspect, an embodiment of the present application provides an electronic device, including a trust ring service module and a trust ring module, where: a trust ring service module for: generating authentication parameters according to a screen locking code of the electronic equipment input by a user and the acquired master key; the electronic equipment logs in the first account; a trust ring module for: generating a master key ciphertext of the electronic equipment according to the screen locking code and the master key; the trust ring service module is further configured to: based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account number is created in the first server or added; a trust ring service module for: when the fact that the electronic equipment recovers factory settings, closes a lock screen password or restores all settings is detected, a main key deleting instruction is sent to the trust ring module; a trust ring module for: and deleting the master key in the trusted execution environment of the electronic device in response to the master key deletion instruction.
According to a third aspect, the trust ring service module is further configured to: after deleting the master key in the trusted execution environment of the electronic device, the registration state of the electronic device is modified to unregistered.
According to a third aspect, or any implementation manner of the above third aspect, the electronic device is configured to serve as a first electronic device, and the trust ring service module is configured to: receiving a first screen locking code of first electronic equipment input by a user, generating a first derivative key according to the first screen locking code, and sending the first derivative key to a trust ring module, wherein the first electronic equipment logs in a first account; a trust ring module for: generating a master key in a trusted execution environment, encrypting the master key based on a first derivative key, generating a first master key ciphertext of a first electronic device, and transmitting the first master key ciphertext to a trust ring service module; the trust ring service module is further configured to: generating a first authentication parameter based on the first derivative key, and sending a ring creation request to a first server so that the first server creates a first trust ring corresponding to the first account, and adding a first master key ciphertext and the first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter.
According to a third aspect, or any implementation manner of the above third aspect, the electronic device is a second electronic device; a trust ring service module for: receiving a second screen locking code of second electronic equipment input by a user, wherein the second electronic equipment is logged in the first account; when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is ring equipment information of a first trust ring corresponding to a first account number acquired from a first server; when the authentication of the first electronic equipment based on the first screen locking code passes, receiving a first master key ciphertext of the first electronic equipment, which is sent by a first server; sending the first master key ciphertext to a trust ring module; a trust ring module for: decrypting the first master key ciphertext based on the first screen locking code to obtain a master key; encrypting the master key based on the second screen locking code to generate a second master key ciphertext of the second electronic device; sending the second master key ciphertext to the trust ring service module; the trust ring service module is further configured to: generating a second authentication parameter based on the second screen locking code; and sending a ring adding request to the first server so that the first server adds the second master key ciphertext and the second authentication parameter to the trust ring data of the first trust ring.
According to a third aspect, or any implementation manner of the above third aspect, the electronic device further includes: the system comprises a business data synchronous service module, a business data storage service module and a key management module; the trust ring service module is further configured to: deriving a first service key based on the master key, a service data storage service module for: transmitting the first service data to a key management module; a key management module for: reading a first service key from the trust ring module, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; sending the first business data ciphertext to a business data storage service module; the business data storage service module is further used for: and sending the first service data ciphertext to the second server through the service data synchronous service module so that the second server stores the first service data ciphertext.
According to a third aspect, or any implementation manner of the above third aspect, the business data synchronization service module is further configured to: acquiring a second service data ciphertext from a second server, and storing the second service data ciphertext into a service data storage service module; the business data storage service module is further used for: transmitting the second service data to a key management module; the key management module is further used for: and reading the first service key from the trust ring module, decrypting the second service data by using the first service key to obtain the second service data, and storing the second service data into the service data storage service module.
In a fourth aspect, an embodiment of the present application provides an electronic device, as a second electronic device, including: trust ring service module and trust ring module, wherein: a trust ring service module for: generating authentication parameters according to a screen locking code of the second electronic equipment input by a user and the acquired master key; wherein the electronic device is logged into the first account; a trust ring module for: generating a master key ciphertext of the electronic equipment according to the screen locking code and the master key; the trust ring service module is further configured to: based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account number is created in the first server or added; a trust ring service module for: receiving a master key deleting message sent by a first server, wherein the master key deleting message is generated by the first server under the condition that second electronic equipment is removed from a first account by first electronic equipment; sending a main key deleting instruction to the trust ring module; a trust ring module for: and deleting the master key in the trusted execution environment of the second electronic device in response to the master key deletion instruction.
According to a fourth aspect, the trust ring service module is further configured to: after deleting the master key in the trusted execution environment of the electronic device, the registration state of the second electronic device is modified to unregistered.
In a fifth aspect, an embodiment of the present application provides a data protection system, which is characterized by including a first electronic device, a second electronic device, a first server, and a second server, where: a first electronic device for: in response to the operation of removing the second electronic device from the first account, sending a notification to the second server that the second electronic device is removed from the first account; a second server for: responsive to the notification of the removal of the second electronic device from the first account, sending a notification to the first server to delete the second electronic device from the first trust ring of the first account; a first server for: in response to a notification that the second electronic device is deleted from the first trust ring of the first account, sending a master key delete message to the second electronic device; a second electronic device for: in response to the master key deletion message, deleting the master key in the trusted execution environment of the second electronic device.
Any implementation manner of the third aspect and any implementation manner of the third aspect corresponds to any implementation manner of the first aspect and any implementation manner of the first aspect, respectively. The technical effects corresponding to the third aspect and any implementation manner of the third aspect may be referred to the technical effects corresponding to the first aspect and any implementation manner of the first aspect, which are not described herein.
Any implementation manner of the fourth aspect and any implementation manner of the fourth aspect corresponds to any implementation manner of the first aspect and any implementation manner of the first aspect, respectively. The technical effects corresponding to the second aspect and any implementation manner of the second aspect may be referred to the technical effects corresponding to the first aspect and any implementation manner of the first aspect, which are not described herein.
In a sixth aspect, the application provides a computer readable medium storing a computer program comprising instructions for performing the method of the first aspect or any possible implementation of the first aspect, or for performing the method of the second aspect or any possible implementation of the second aspect.
In a seventh aspect, the present application provides a computer program comprising instructions for performing the method of the first aspect or any possible implementation of the first aspect, or for performing the method of the second aspect or any possible implementation of the second aspect.
Drawings
Fig. 1 is a schematic structural diagram of an exemplary electronic device 100;
fig. 2 is a software architecture block diagram of an electronic device 100 of an exemplary illustrated embodiment of the present application;
FIG. 3 is a schematic diagram illustrating information interaction during creation of a trust ring;
FIG. 4 is a schematic diagram illustrating interaction between a device and a cloud side during creation of a trust ring;
FIG. 5A is a schematic diagram of an interface into a My device application with an exemplary shown logged-in account;
FIG. 5B is a schematic diagram of an interface into a My device application with an unregistered account shown by way of example;
FIG. 6 is a schematic diagram illustrating an interface from a "My devices" application in device A to a "password safe synchronization" application;
FIG. 7A is a schematic diagram illustrating a process for entering a "password safe" interface with device A having set a lock screen code;
FIG. 7B is a schematic diagram illustrating a process for entering a "password safe" interface without a lock screen code being set by device A;
FIG. 8 is a schematic diagram illustrating a process for opening a "password safe sync" switch in a scenario in which a trust ring is created;
FIG. 9 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario in which a trust ring is created;
FIG. 10 is a schematic flow diagram of an exemplary illustrated creation of a trust ring;
FIG. 11 is a schematic diagram illustrating an exemplary embodiment of a device A synchronizing a service data ciphertext to an account management server after creating a trust ring;
FIG. 12 is a schematic diagram illustrating the interaction of modules of a synchronous traffic data ciphertext;
FIG. 13 is a schematic diagram illustrating an interface of a synchronous service data ciphertext to an account management server;
FIG. 14 is a schematic diagram illustrating information interaction during a device B joining a trust ring;
FIG. 15 is a schematic diagram illustrating an interface from a "My device" application in device B to a "password safe synchronization" application;
FIG. 16A is a schematic diagram illustrating the process of entering the "safe in password" interface and opening the "safe in password" switch with device B having set the lock screen code;
FIG. 16B is a schematic diagram illustrating a process for entering the "safe" interface and opening the "safe sync" switch without the lock screen code set by device B;
FIG. 17 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in the scenario where device B joins a trust ring;
FIG. 18 is a flow chart illustrating the joining of a trust ring by device B;
fig. 19 is a schematic diagram illustrating synchronization of service data ciphertext from an account management server after a device B joins a trust ring;
FIG. 20 is a schematic diagram illustrating an interface for synchronizing business data ciphertext from an account management server;
FIG. 21 is a schematic diagram illustrating information interaction during a join of device C to a trust ring;
fig. 22 is a schematic flow chart of inputting a screen locking code of a ring device in a process of opening a "synchronize to glory account" switch in a scenario that the device C joins a trust ring;
FIG. 23 is an interface diagram illustrating an exemplary lock screen password closing process;
FIG. 24 is an interface diagram illustrating an exemplary factory reset procedure;
FIG. 25 is an interface diagram illustrating an exemplary process for restoring all settings;
FIG. 26 is a schematic diagram of the downstream flow of exemplary illustrated device A;
FIG. 27 is a schematic diagram illustrating information interaction during a device B offline process;
FIG. 28 is an interface diagram illustrating an exemplary process for removing a device from an account;
fig. 29 is a schematic diagram of the downstream flow of the exemplary illustrated device B.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
The terms first and second and the like in the description and in the claims of embodiments of the application, are used for distinguishing between different objects and not necessarily for describing a particular sequential order of objects. For example, the first target object and the second target object, etc., are used to distinguish between different target objects, and are not used to describe a particular order of target objects.
In embodiments of the application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more. For example, the plurality of processing units refers to two or more processing units; the plurality of systems means two or more systems.
Fig. 1 is a schematic diagram of an exemplary illustrated electronic device 100. It should be understood that the electronic device 100 shown in fig. 1 is only one example of an electronic device, and that the electronic device 100 may have more or fewer components than shown in the figures, may combine two or more components, or may have a different configuration of components. The various components shown in fig. 1 may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
The electronic device 100 may be a mobile phone, a tablet, etc.
The electronic device 100 may include: processor 110, external memory interface 120, internal memory 121, universal serial bus (universal serial bus, USB) interface 130, charge management module 140, power management module 141, battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headset interface 170D, sensor module 180, keys 190, motor 191, indicator 192, camera 193, display 194, and subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In the embodiment of the application, taking an Android system with a layered architecture as an example, a software structure of the electronic device 100 is illustrated.
The layered architecture of the electronic device 100 divides the software into several layers, each with a distinct role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into three layers, an application layer, an application framework layer, and a kernel layer from top to bottom.
The application layer may include a series of application packages.
As shown in FIG. 2, the application package may include applications such as sensors (which may also be referred to as desktops and wallpapers), HMS core, trust ring, password safe, and the like. For example, the sensor may monitor user sliding, pressing, etc. of the screen, and the HMS core provides a collection of electronic device side, cloud opening capabilities. The trust ring application is used for creating and managing the trust ring for the account number, wherein the management of the trust ring includes but is not limited to: adding devices to the trust ring, deleting devices from the trust ring, deleting the trust ring, freezing the trust ring, updating master key ciphertext under the trust ring, and the like. The password safe is used for managing business data synchronized to an account management server by a user, for example: a login account and a password for a service.
The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.
As shown in fig. 2, the application framework layer may include a window manager, a view system, an F interface, and a resource manager, among others.
The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen, send interface information display instructions to the view system, and the like.
The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.
The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.
The F interface is an external service interface of the trust ring.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: a two-dimensional graphics engine (e.g., SGL), a key asset trust ring CA, a surface manager, etc.
The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications. The two-dimensional graphics engine is a drawing engine for two-dimensional images.
The key asset trust ring CA may also be referred to as a trust ring service module, and is mainly used for message transparent transmission between an upper layer trust ring application and a lower layer key asset trust ring TA.
The kernel layer is a layer between hardware and software. The kernel layer contains at least a display driver, a sensor driver, a W-iFi driver, and a key asset trust ring TA. The display driver is used to drive the display 194, the wi-Fi driver is used to drive the wireless communication module 160, and the sensor driver is used to drive the sensor module 180.
The key asset trust ring TA may also be referred to as a trust ring module, and is configured to implement core security logic, provide a trusted execution environment, generate a master key in the trusted execution environment, encrypt the master key to generate a master key ciphertext, and so on. For the specific functions of the key asset trust ring CA and the key asset trust ring TA, the related description in the flow description such as ring creation, ring addition, ring deletion, riot prevention, equipment offline in the trust ring, master key updating, master key ciphertext updating and the like is referred to.
It is to be understood that the components contained in the system framework layer and runtime layer shown in fig. 2 do not constitute a particular limitation of the electronic device 100. In other embodiments of the application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components.
When using an electronic device, a user typically needs to memorize a lot of password data, such as a password of a mailbox account, a password of a network disk account, a password of a smart home control right, and the like. When such password data is large, if the user is allowed to record the password data of each service independently, great difficulty is caused to the user's memory. Therefore, the user hopes to upload the password data to the cloud side for storage through the data synchronization function, and the password data is directly obtained from the cloud side when in use, and the user does not need to memorize the password data.
However, for such cryptographic data, the user has different security requirements than for general data to be synchronized, e.g. for pictures, address books, short messages, etc. Such cryptographic data, once compromised, would cause significant loss to the user. Therefore, users have high security requirements for such cryptographic data. At this time, the disadvantage that the cloud side cannot self-verify the security of the data synchronized to the cloud side is reduced, and the high security requirement of such password data cannot be satisfied.
The application provides a data protection method enabling a cloud side to be self-certificated, which can provide support for data synchronization of service data with high security requirements such as password data.
The data protection method of the present application will be described in detail with reference to the accompanying drawings.
Creating trust loops
FIG. 3 is a schematic diagram illustrating information interaction during creation of a trust ring. FIG. 4 is a schematic diagram illustrating interaction of a device with the cloud side during creation of a trust ring. Fig. 10 is a schematic flow diagram illustrating creation of a trust ring.
The process of creating a trust ring according to an embodiment of the present application is described in detail below in conjunction with figures 3, 4 and 10.
In the embodiment of the application, assuming that the glowing account number of the equipment A is account number 1, taking the trust ring 1 of the account number 1 created by the equipment A for the first time initiating registration to the trust ring cloud as an example, the process of creating the trust ring is described. The application that can trigger the creation of the trust ring flow may be any application under the glowing account, and here, the creation of the trust ring flow is illustrated by triggering the "password safe synchronization" application under the glowing account.
Where "registration" herein refers to the process of adding a device to a trust ring. When the first device is registered, because the trust ring is not yet established under the account, the trust ring needs to be established first, and then the device is added into the trust ring, and the process of registering the first device is called establishing the trust ring. The non-head device registration process is referred to herein as joining the trust ring, as it only requires the device to be added to the existing trust ring.
It is assumed herein that account number 1 includes 3 devices, respectively glowing V40 (i.e., device a), glowing V30 (noted device B), and glowing V50 (noted device C).
It should be noted that, the actions performed by the various clouds herein should be understood as actions performed by the servers in the respective clouds. For example, actions performed by the trust ring cloud are performed by the trust ring cloud server.
Referring to fig. 3, in the process of creating a trust ring, a device a sends a request of a login account 1 to an account management server, and after the request of the account management server for the login account 1 is verified, a verification passing message is returned to the device a; after receiving the verification passing message, the device A generates a master key ciphertext EMK11 of the device A and an authentication parameter PAKE11 of the device A, sends the EMK11 and the PAKE11 to the trust ring cloud, and after receiving the EMK11 and the PAKE11 sent by the device A, the trust ring cloud creates a trust ring 1 for the account number 1 and adds the device A into the trust ring 1.
Referring to fig. 10, in an embodiment of the present application, the process of creating a trust ring by device a may include the following steps:
step S1: device a logs in to account 1.
The device a is described herein as an example of a glory V40 cell phone. It should be understood that device a may be any electronic device that has been installed to create a trust ring function in the present application, and the present application is not limited.
Device a needs to initiate registration with the trust ring cloud with the logged-in account to create the trust ring. If device A does not have a login account, it needs to first login account.
FIG. 5A is a schematic diagram of an interface into a My device application with an exemplary illustrated logged-in account. FIG. 5B is a schematic illustration of an interface into a My device application with an unregistered account shown exemplary. Fig. 6 is a schematic diagram illustrating an interface from a my device application to a password safe synchronization application in device a.
Referring to fig. 5A and 6, in the case where device a has logged in to account 1 (assuming account 1 is 1581991 ××), the user may click on the "set" application icon in the device a main interface (as shown in fig. 5A (a)), and enter the "set" interface shown in fig. 5A (b). At the "setup" interface, the user clicks on account 1 (i.e., 1581991 ××), and enters the "account center" interface shown in fig. 5A, diagram (b). At the "Account center" interface, the user clicks on "My device" and proceeds to the "My device" interface shown in FIG. 6 (b). Find the current device in the My device interface, i.e., glory V40, click on glory V40 to enter the device info interface shown in FIG. 6 (c). In the "device info" interface, the user continues to click on the "password safe synchronization" application in the interface, and may enter the "password safe" interface. And after the ' password safe ' interface is opened, the ' password safe synchronization ' switch is clicked to be synchronized to the glowing account number ', namely, the process of creating the trust ring is triggered. The processes of entering the "password safe" interface, opening the "password safe synchronization" switch, and opening the "synchronize to glowing account" switch are described later herein.
It should be noted that if a trust ring is already present under account number 1, a "trusted device" will be displayed under the device that has joined the trust ring on the my device interface. The device identified as the "trusted device" is the device that has joined the trust ring, i.e., the registered device, see the interface shown in the subsequent figure 15 (b). If there is no trust ring under account number 1, for example on the "my devices" interface of device a shown in figure 6 (b), none of the 3 glowing devices are trusted devices, indicating that there is no trust ring under account number 1 currently.
Referring to fig. 5A, 5B and 6, in the case that the device a does not log in to the account number 1, after clicking the "set" application icon (as shown in fig. 5A) in the main interface of the device a, the user enters the "set" interface shown in fig. 5B (a). At the "setup" interface, the user clicks "login glowing account", and enters the glowing account login interface shown in fig. 5B (B). In the glory account login interface, the user inputs account 1 (1581991 ××) and a login password (assuming key 1), and device a sends a request for login account 1 to the account management server, with account 1 (1581991 ×) and login password key1.
Referring to fig. 4, a user may send a request for logging in an account 1 to an account management server through an account management module of an application layer of the device a to log in the account 1.
After the device a successfully logs in to the account number 1, the process of creating the trust ring is triggered according to the process under the condition of the logged-in account number, and the process is shown in fig. 5A (c), fig. 5 (d) and fig. 6, which are not repeated here.
Step S2: the account management server returns a verification passing message.
The information of the account number 1 is pre-stored in the account number management server, the information comprises a login password corresponding to the account number 1, and the login password of the account number 1 stored in the account number management server is assumed to be key0. After receiving the request of the login account 1 sent by the equipment A, the account management server verifies the request of the login account 1 according to the information of the account 1 locally stored by the account management server. If the password key1 of the login account 1 carried in the request of the login account 1 is consistent with the login password key0 of the account 1 stored locally by the account management server, the account management server determines that the login verification of the account 1 is passed. At this time, the account management server returns a verification passing message to the device a.
If the password key1 of the login account 1 carried in the request of the login account 1 is inconsistent with the login password key0 of the account 1 stored locally by the account management server, the account management server determines that the login verification of the account 1 fails. At this time, the account management server returns a verification failure message to the device a. At this time, the user needs to reenter the account number and the login password through the diagram (B) of fig. 5B.
Referring to fig. 4 and 10, the device a receives a verification passing message or a verification failure message through the account management module.
S3: and sending a registration opening notification.
Referring to fig. 4 and fig. 10, in the case that the account management module of the device a receives a verification passing message returned by the account management server, the account management module in the device a sends a registration opening notification to the trust ring service module of the application framework layer. The registration initiation notification is used to instruct the trust ring service module to initiate a registration process.
Here, a process of device a entering the "safe in password" interface and turning on the "safe in password" switch in the process of creating the trust ring will be described.
Fig. 7A is a schematic diagram illustrating a process of entering a "password safe" interface with device a having set a lock screen code. Referring to fig. 7A, in the case where the user of the device a has set the screen lock code (may also be referred to as a screen lock code) of the device a, when the user clicks the "safe synchronization for password" application in the "device information" interface (refer to fig. 7A (a)), the device a pops up the "enter screen lock code" interface (refer to fig. 7A (b)). If the user inputs the screen locking code on the screen locking code input interface and the screen locking code is correct, the screen of the device a enters the code safe interface (see fig. 7A (c)). At this time, both the "password safe synchronization" switch and the "synchronize to glowing account" switch on the "password safe" interface are in the off state.
Fig. 7B is a schematic diagram illustrating a process of entering a "password safe" interface without a lock screen code being set by device a. Referring to fig. 7B, in the case where the user of the device a does not set the screen lock code of the device a, when the user clicks the "password safe synchronization" application in the "device information" interface (refer to fig. 7B (a)), the device a pops up the "set digital screen lock password" interface (refer to fig. 7B (B)). After the user inputs the screen locking code on the interface "set digital screen locking code" shown in fig. 7B (B), the device a pops up the interface "set digital screen locking code" for confirming the code (see fig. 7B (c)). The user inputs the screen locking code again on the interface shown in fig. 7B (c), and if the screen locking code input again is identical to the screen locking code input by the user on the interface shown in fig. 7B (B), the screen of the apparatus a enters into the "password safe" interface shown in fig. 7B (d), which is identical to the interface shown in fig. 7A (c).
Fig. 8 is a schematic diagram illustrating a process of turning on a "password safe sync" switch in a scenario of creating a trust ring. Referring to fig. 8, when the user clicks the "safe synchronization" switch on the "safe synchronization" interface (refer to fig. 8 (a)), the device a pops up the alert interface shown in fig. 8 (b) on the screen, and the alert interface is used to alert the user whether to agree to start the safe synchronization service. When the user clicks the "agree" button on the reminder interface (see fig. 8 (b)), the "password safe synchronization" switch on the "password safe" interface is turned on (see fig. 8 (c)).
The trust ring service module, upon receiving the registration initiation notification, cannot determine whether to initiate a process of creating a trust ring or join a process of joining a trust ring, and needs to determine by detecting a registration state.
S4: the trust ring service module in device a detects the registration status of device a.
The registration state includes both unregistered and registered states. The unregistered state is used to indicate that the device is currently unregistered with the trust ring, and the registered state is used to indicate that the device is currently registered with the trust ring.
S5: and when detecting that the registration state of the equipment A is unregistered, the equipment A sends a registration state comparison request to the trust ring cloud.
The registration state comparison request is used for indicating a comparison result of the registration state of the device A detected by the trust ring service module and the registration state of the device A stored in the trust ring cloud.
The registration status comparison request includes the UID (device identifier) of the device a and the UDID (account identifier) of the account to which the device a belongs.
S6: the trust ring cloud returns a first registration state confirmation message to the trust ring service module in device a.
The first registration status confirmation message is used for indicating that no trust ring exists under the account number 1.
After receiving the registration state comparison request of the equipment A, the trust ring cloud compares whether a trust ring exists under the account number 1, and compares whether the equipment A is in the trust ring under the condition that the trust ring exists under the account number 1. When no trust ring exists under the account number 1, the trust ring cloud generates a first registration state confirmation message and sends the first registration state confirmation message to the device A.
Based on the first registration state confirmation message returned by the trust ring cloud, the equipment A determines that the registration execution creates a trust ring flow.
S7: the trust ring service module in device a receives the lockscreen code pw11 of device a entered by the user.
Here, a procedure of turning on a "synchronize to glory account" switch in creating a trust ring will be described.
Fig. 9 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario of creating a trust ring. Referring to fig. 9, when the user clicks the "synchronize to glowing account" switch on the "password safe" interface where the "password safe synchronization" switch is turned on (see fig. 9 (a)), the "enter screen password" interface pops up on the screen of the device a (see fig. 9 (b)). If the user inputs the screen locking code of the device A on the screen locking code input interface, the trust ring service module in the device A receives the screen locking code of the device A input by the user. If the screen locking password of the device a input by the user is correct, after the device a completes the process of creating the trust ring, the device a enters a "password safe" interface in which both the "password safe synchronization" switch and the "synchronize to glowing account" switch are in an on state (see (c) diagram of fig. 9).
Note that, the user clicks the "synchronize to glowing account" switch on the interface shown in fig. 9 (a) (see fig. 9 (a)) to trigger the device a to execute step S3 in fig. 10 and the step of creating the trust circulation flow after step S3.
The screen locking code of the device a belongs to the secret of the user of the device a, and is unknown to the cloud side.
S8: the trust ring service module of device a verifies the lockscreen code pw11 of device a.
The process of verifying the screen locking code of the device a may be: and the equipment A compares the screen locking code input by the user with the screen locking code stored in the equipment A in advance, if the screen locking code and the screen locking code are consistent, the verification is passed, and otherwise, the verification fails.
Here, the trust ring service module verifies the screen locking code of the device a input by the user on the interface shown in fig. 9 (b), and after the verification is passed, the subsequent step S9 can be continuously performed. If the verification fails, device A will revert back to the interface shown in FIG. 9 (b) and prompt the entered lockscreen code for errors at the interface.
S9: the trust ring service module derives PWUATH11 based on the lock screen code of device a.
Assuming that the screen locking code input by the user at this time is pw11, the trust ring service module derives PWUATH11 based on pw11.
Since pw11 belongs to the user secret of device a, pw11 cannot be obtained by the cloud side, and PWUATH11 derived based on pw11 cannot be obtained by the cloud side.
Since PWUATH11 is generated based on the user secret pw11 unknown to the cloud side, PWUATH11 is unknown to the cloud side.
S10: the trust ring service module of device a sends PWAUTH11 to the trust ring module in the trusted execution environment of device a.
Subsequently, the trust ring module generates the master key ciphertext EMK11 and the parameter PAKE11 based on the PWAUTH11, and the generation manner of the EMK11 and the PAKE11 is detailed in steps S11 to S14 of fig. 10.
S11: the trust ring module generates MK.
The device A generates MK, namely a master key, through the trust ring module, and MK is stored in a trusted execution environment of the device A, so that the device A cannot be stolen even if the device A is attacked by MK, and therefore the security is high.
S12: the trust ring module encrypts MK based on PWAUTH11, generating EMK11.
EMK11 is the first master key ciphertext. The trust ring module derives a key KEK11 based on PWAUTH11 and generates EMK11 based on the KEK11 encrypting MK.
S13: the trust ring module of device a sends EMK11 to the trust ring service module of device a.
After the trust ring module generates the EMK11, the EMK11 is sent to the trust ring service module, and the salt_enc11 is also sent to the trust ring service module while the EMK11 is sent.
S14: the trust ring service module in device a generates a parameter PAKE11 based on PWAUTH 11.
S15: and the device A sends a ring creation request carrying the EMK11 and the parameter PAKE11 to the trust ring cloud through the trust ring service module.
Device A sends a ring creation request to the trust ring cloud through the trust ring service module, and PAKE11 parameter registration and EMK11 hosting can be completed through the request.
In order to improve the security of the EMK11, before sending the EMK11, the trust ring service module may perform secondary encryption on the EMK11 based on the public key of the trust ring cloud HSM obtained during login, to obtain a two-layer ciphertext of the master key.
S16: the trust ring cloud creates a trust ring 1 for account number 1 in response to the ring creation request and adds device a to the trust ring 1.
The trust ring cloud responds to the ring creation request sent by the device A to create a trust ring 1 for the account number 1, when other devices under the account number 1, such as the device B and the device C, send registration state comparison requests to the trust ring cloud, the trust ring cloud returns confirmation messages which exist in the trust ring 1 but the device B and the device C are not in the trust ring, the device B and the device C execute a process of joining the trust ring, and the specific process of joining the trust ring refers to the following related description.
After the trust ring 1 is created, the trust ring 1 data managed in the trust ring cloud is shown in table 1:
TABLE 1
UID UDID Parameter PAKE Master key ciphertext
Account number 1 Device A PAKE11 EMK11
S17: the trust ring cloud returns a ring creation success message to the trust ring service module of the device A.
After the trust ring cloud creates the trust ring 1 for the account number 1 and adds the device A to the trust ring 1, a ring creation success message is returned to the device A, and after the device A receives the ring creation success message, a switch of synchronizing to the glowing account number in a password safe interface is started, as shown in a (c) diagram of fig. 9. After the switch of synchronizing to the glowing account number is turned on, the user can perceive that the device A has successfully joined the trust ring, and the service data in the password safe can be synchronized to the account management server, so that other devices in the trust ring 1 under the account number 1 can share the service data.
The trust ring creation process ends, and device a completes registration.
After the device A completes registration, the trust ring service module of the device A modifies the registration state of the device A to registered.
After the device A completes registration, the trust ring service module of the device A modifies the registration state of the device A to registered.
Through the process of creating the trust ring, the embodiment of the application protects the account-level master key MK based on the user secret, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, and meanwhile, the cloud side can self-prove the security, and can provide support for data synchronization of service data with high security requirements.
It should be noted that the above procedure is to be understood as a schematic example of the process of creating a trust ring in the present application and is not intended to limit the present application.
Fig. 11 is a schematic diagram schematically illustrating that after a trust ring is created, device a synchronizes a service data ciphertext to an account management server. Fig. 12 is a schematic diagram illustrating the module interaction of the synchronous service data ciphertext. Fig. 13 is a schematic diagram illustrating an interface between the ciphertext of the synchronous service data and the account management server. Referring to fig. 11, 12 and 13, in the case that the trust ring 1 of the account number 1 has been created and the device a has been added to the trust ring 1, the device a may encrypt the sensitive service data with MK to obtain a service data ciphertext, and upload the service data ciphertext to the account number management server.
The process of synchronizing the service data ciphertext to the account management server by the device A after the trust ring is created is as follows:
referring to fig. 12, the cryptographic safe of the application layer in the device a reads the plaintext of the service data, and then stores the plaintext of the service data in the service data storage service module of the application framework layer, where the service data storage service module sends the plaintext of the service data to the key management module in the trusted execution environment. The trust ring module generates a service key dkey according to MK, the key management module reads the dkey from the trust ring module, and encrypts service data by using the dkey to obtain service data ciphertext Edata. The key management module returns the service data ciphertext Edata to the service data storage service module, and the service data storage service module uploads the service data ciphertext Edata to the account management server through the service data synchronization service module and the account management server synchronization framework of the application program layer.
It should be noted that, the service keys dkey corresponding to different services are different, and the device a may generate the service keys of different services according to MK.
For example, referring to fig. 13, when a user uses service 1 on device a, the user needs to input the account number and the password of service 1, as shown in fig. 13 (a). After the account number and password of service 1 are input, device a pops up information indicating whether to synchronize the account number and password of service 1 to the password safe, as shown in fig. 13 (b). If the user agrees, the device a takes the account number and the password of the service 1 as the service data1 of the service 1, and uploads the ciphertext Edata1 of the data1 to the account management server according to the same synchronization process as the service data.
From the above, in the embodiment of the present application, the service data ciphertext in the account management server does not depend on the account security completely, but also depends on the security of MK, so that the security of the data on the cloud is not affected even if the account is stolen.
The service data of the user is encrypted based on the master key with high security, and then the service data ciphertext is synchronized to the account management server, so that the risk of leakage of the service data ciphertext is reduced, and the security of data synchronous backup is improved.
Joining trust loops
On the basis that device a has created the trust ring 1 of account number 1, device B under account number 1 may join the trust ring 1 according to the join trust ring procedure in the following embodiment. Before device B joins trust ring 1, only device a is the ring device in trust ring 1.
Fig. 14 is a schematic diagram illustrating information interaction during joining of a trust ring by a device B. Fig. 18 is a flow chart illustrating joining of the trust ring by the device B.
The process of joining a trust ring in accordance with embodiments of the present application is described in detail below in conjunction with FIGS. 14 and 18.
Referring to fig. 14, after the device a is registered as the first device, the process of creating the trust ring is completed, the device a has uploaded the master key ciphertext EMK11 of the device a, that is, the first master key ciphertext, and the authentication parameter PAKE11 of the device a to the trust ring cloud, and thereafter, other devices, for example, the device B, are registered by joining the trust ring flow. In the process that the device B joins the trust ring 1, the device B sends an authentication parameter PAKE12 of the device A in the trust ring 1 to the trust ring cloud, and after confirming that the PAKE12 is consistent with the authentication parameter PAKE11 of the device A stored in the trust ring 1, the trust ring cloud returns a master key ciphertext EMK11 of the device A to the device B. Then, the device B decrypts MK from the EMK11, encrypts MK based on the lock screen code of the device B, generates a master key ciphertext EMK21 of the device B, that is, a second master key ciphertext, and an authentication parameter PAKE21 of the device B, and sends the EMK21 and the PAKE21 to the trust ring cloud.
Referring to fig. 18, in an embodiment of the present application, the process of joining the trust ring by the device B may include the following steps:
s1: device B logs in to account 1.
Like device a, device B logs in to account 1 by sending a request to the account management server to log in to account 1. For details of the process of the login account 1 of the device B, please refer to the process description of the login account 1 of the device a, and the details are not repeated here.
And S2, the account management server returns a verification passing message to the equipment B.
The processing procedure of the request of the account management server for the login account 1 of the device B is referred to the processing procedure of the request of the account management server for the login account 1 of the device a, and will not be described herein.
After device B successfully logs into account 1, the user may enter the "account center" interface through the flow indicated in (B) and (c) of fig. 5A, and find the "my device" application.
S3: and sending a registration opening notification.
Referring to fig. 4 and fig. 18, in the case that the account management module of the device B receives the verification passing message returned by the account management server, the account management module in the device B sends a registration opening notification to the trust ring service module of the application framework layer. The registration initiation notification is used to instruct the trust ring service module of device B to initiate a registration procedure.
Here, a process of entering the "safe in password" interface and turning on the "safe in password" switch during the process of joining the trust ring will be described.
Fig. 15 is a schematic diagram illustrating an interface from a my device application to a safe sync application in device B. As can be seen by comparing fig. 6, there is a trusted device glowing V40, device a, on the my device interface of device B during the joining of the trust ring. This illustrates that a trust ring already exists under account 1.
Fig. 16A is a schematic diagram illustrating a process of entering the "safe with lock code" interface and turning on the "safe sync" switch with device B having set the lock code. Referring to fig. 16A, in the case where the user of the device B has set the lock code of the device B, when the user clicks on the "password safe synchronization" application in the "device information" interface (refer to fig. 16A (a)), the device B pops up the "enter lock code" interface (refer to fig. 16A (B)). If the user inputs the screen lock code in the "enter screen lock code" interface and the screen lock code is correct, the screen of device B enters the "code safe" interface (see fig. 16A (c)). At this time, both the "password safe synchronization" switch and the "synchronize to glowing account" switch on the "password safe" interface are in the off state. Unlike device a in creating a trust ring, device B, in joining a trust ring, when the user clicks the "safe sync" switch on the "safe sync" interface shown in fig. 16A (c), the screen of device B switches directly to the interface shown in fig. 16A (d), i.e., the "safe sync" switch is on, while the "sync to glowing account" interface is unopened.
Fig. 16B is a schematic diagram illustrating a process of entering the "safe with lock code" interface and turning on the "safe sync" switch when device B is not set. Referring to fig. 16B, the process of entering the "code safe" interface and opening the "code safe synchronization" switch when the device B does not set the screen locking code is different from the process of entering the "code safe" interface and opening the "code safe synchronization" switch when the device B has set the screen locking code shown in fig. 16A in that the device B needs to set the screen locking code (see fig. 16B) and confirm the screen locking code (see fig. 16B) when the device B does not set the screen locking code, and the rest of the processes are the same as those when the screen locking code has been set, and will not be repeated here.
S4: the trust ring service module in device B detects the registration status of device B.
For the description of this step, please refer to the previous description of step S4 of fig. 10, and the description is omitted here.
S5: and when detecting that the registration state of the equipment B is unregistered, sending a registration state comparison request.
For the description of this step, please refer to the previous description of step S5 of fig. 10, and the description is omitted here.
S6: and returning a second registration state confirmation message.
Wherein the second registration status confirmation message is used to indicate that the trust ring 1 exists under the account number 1, but the device B is not on the trust ring 1.
After receiving the registration state comparison request of the equipment B, the trust ring cloud compares whether a trust ring exists under the account number 1. At this time, since the trust ring has created the trust ring 1 of the account number 1 at the time of device a registration, it is confirmed that the trust ring exists under the account number 1. Then, the trust ring cloud confirms that the device B is not in the trust ring according to the trust ring data of the account number 1 shown in table 1, and at this time, the trust ring cloud generates a second registration state confirmation message and sends the second registration state confirmation message to the device B.
Based on a second registration state confirmation message returned by the trust ring cloud, the equipment B determines that the registration execution joins the trust ring flow.
S7: the trust ring service module in device B receives the lockscreen code pw21 of device B entered by the user.
Fig. 17 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario in which device B joins a trust ring. Referring to fig. 17, when the user clicks the "synchronize to glowing account" switch on the "password safe" interface where the "password safe synchronization" switch is turned on (see fig. 17 (a)), the "enter screen password" interface pops up on the device B screen (see fig. 17 (B)). If the user inputs the screen locking code of the device B on the screen locking code input interface, the trust ring service module in the device B receives the screen locking code of the device B input by the user.
S8: the trust ring service module of device B verifies the lockscreen code pw21 of device B and derives PWAUTH21 based on the lockscreen code pw21 of device B.
The process of the screen locking code pw21 of the verification device B refers to the process of the screen locking code pw11 of the verification device a, which is not described herein.
S9: the trust ring service module of device B obtains a list of devices in trust ring 1.
The trust ring service module of the device B may send a request for obtaining the device list in the trust ring 1 to the trust ring cloud, and after receiving the request, the trust ring cloud returns the device list in the trust ring 1 to the trust ring service module of the device B.
S10: the trust ring cloud returns the list of devices in the trust ring 1 to the trust ring service module of device B.
Included in the list of devices in the trust ring 1 are all devices that have currently joined in the trust ring 1. In the embodiment of the present application, since the device a is the device that creates the trust ring 1 and the device B is the device that joins the trust ring 1 for the first time, in the process that the device B joins the trust ring 1, the device list in the trust ring 1 returned by the trust ring cloud includes only one device a.
S11: the trust ring service module of the equipment B displays a screen locking code input interface of the equipment A, receives a screen locking code pw12 of the equipment A input by a user, and generates a parameter PAKE12 based on the screen locking code pw 12.
With continued reference to fig. 17, if the screen lock password of the device B input by the user on the interface shown in fig. 17 (B) is correct, the screen of the device B pops up the "input other glory device screen lock password" interface (see fig. 17 (c)), and the "other glory device" in fig. 17 (c) is glory V40, i.e., device a. The user inputs the screen locking code pw12 of the device a on the interface of "input other glowing device screen locking codes", if the screen locking code pw12 of the device a input by the user is correct, the device B enters the "safe synchronization" switch and the "safe synchronization to glowing account number" switch which are both in the on state after the execution of the trust ring joining process (see (d) diagram of fig. 17).
Note that, the user clicks the "synchronize to glowing account" switch on the interface shown in fig. 17 (a) (see fig. 17 (a)) to trigger the device a to execute step S3 in fig. 18 and the join trust loop procedure step after step S3.
The screen locking code of the device B belongs to the secret of the user of the device B, and is unknown to the cloud side.
The generation principle of the parameter PAKE12 is the same as that of the parameter PAKE11, and will not be described herein.
S12: the trust ring service module of device B sends the parameter PAKE12 to the trust ring cloud.
During the joining process of the device B to the trust ring 1, the trust ring cloud needs to verify the identity of the device already in the trust ring 1, and when the verification is passed, the joining process to the trust ring 1 is allowed, otherwise, the trust ring cloud prohibits the joining process of the device B to the trust ring 1.
S13: after the trust ring cloud passes the authentication of the device a based on the parameter PAKE12, the trust ring cloud returns the EMK11 of the device a to the trust ring service module of the device B.
S14, the trust ring service module of the equipment B sends EMK11 and PWAUTH21 to the trust ring module of the equipment B.
The trust ring module is located in a trusted execution environment of the device B, where the device B needs to decrypt the EMK11 to retrieve MK, and encrypt MK based on PWAUTH21 in the trusted execution environment to obtain EMK21.
S15, the trust ring module of the equipment B decrypts the EMK11 to obtain MK, and encrypts the MK based on PWAUTH21 to obtain EMK21.
S16: the trust ring module of device B sends EMK21 to the trust ring service module of device B.
S17: device B generates a parameter PAKE21 based on PWAUTH21.
The process is described in S15, and will not be repeated here.
S18: the trust ring service module of the device B sends a ring adding request carrying the EMK21 and the parameter PAKE21 to the trust ring cloud.
S19: the trust ring cloud joins device B in trust ring 1 in response to the add ring request.
After the device B joins the trust ring 1, the trust ring 1 data managed in the trust ring cloud is shown in table 2:
TABLE 2
UID UDID Parameter PAKE Master key ciphertext
Account number 1 Device A PAKE11 EMK11
Account number 1 Device B PAKE21 EMK21
S20: the trust ring cloud returns a loop adding success message to the trust ring service module of the device B.
After the trust ring cloud adds the device B to the trust ring 1, a loop adding success message is returned to the device B, and after the device B receives the loop adding success message, a switch for synchronizing to the glowing account number in the password safe interface is turned on, as shown in a (d) diagram of fig. 17. After the switch of synchronizing to the glowing account number is turned on, the user can perceive that the device B has successfully joined the trust ring, and the service data in the password safe can be synchronized to the account management server, so that other devices in the trust ring 1 under the account number 1 can share the service data.
To this end, the process of joining the trust ring 1 by the device B is completed, and the device B completes registration.
After the device B completes registration, the trust ring service module of the device B modifies the registration state of the device B to registered.
As can be seen from the process of adding the trust ring, in the embodiment of the application, the cloud side sends the managed master key ciphertext of the registered device to the ring adding device, and the ring adding device decrypts the master key ciphertext of the registered device based on the user secret of the registered device to obtain the master key MK.
It should be noted that the above procedure is to be understood as a schematic example of the process of adding a trust ring in the present application, and is not intended to limit the present application.
Fig. 19 is a schematic diagram illustrating synchronization of service data ciphertext from an account management server after a device B joins a trust ring. Fig. 20 is a schematic diagram illustrating an interface for synchronizing a service data ciphertext from an account management server. Referring to fig. 19, 12 and 20, in the case that the trust ring 1 of the account number 1 has been created, the device a has been added to the trust ring 1, and the device a has uploaded the service data ciphertext Edata to the account management server, the device B may synchronize the service data ciphertext Edata from the account management server to the device B, and decrypt with MK locally at the device B, to obtain the service data plaintext data.
The process of synchronizing the service data ciphertext from the account management server by the equipment B after the trust ring is added is as follows:
referring to fig. 12, the service data synchronization service module in the device B obtains the service data ciphertext Edata from the account management server through the account management server synchronization framework of the application layer. Then, the service data synchronization service module in the device B sends the service data ciphertext Edata to the service data storage service module in the device B, and the service data storage service module sends the service data ciphertext Edata to the key management module in the trusted execution environment in the device B. The trust ring module generates a service key dkey according to MK, the key management module reads the dkey from the trust ring module, and the service data ciphertext Edata is decrypted by using the dkey to obtain the service data plaintext data. And then, the key management module returns the service data plaintext data to the service data storage service module, and the service data storage service module stores the service data plaintext data.
For example, referring to fig. 20, when a user uses service 1 on device B, the user needs to input an account number and a password of service 1. In the input interface of the account number and the password of the service 1, as shown in fig. 20 (a), the device B pops up information indicating whether to use the account number and the password of the service 1 synchronized by the password safe. If the user agrees, the device B automatically fills the account number and the password of the service 1 synchronized with the password safe to the interface shown in fig. 20 (a), and after filling, the account number and the password are shown in fig. 20 (B). Therefore, the user does not need to independently record the passwords for each service, and the user experience is improved.
It should be noted that, after the device B joins the trust ring 1, the service data in the device B may be encrypted by the master key MK and then synchronized to the account management server, and the synchronization process please refer to the foregoing description of synchronizing the service data with the account management server by the device a, which is not repeated herein.
On the basis that the device a has created the trust ring 1 of the account number 1 and the device B has joined the trust ring 1 through the joining trust ring flow of fig. 18, the device C under the account number 1 may also join the trust ring 1 according to the joining trust ring flow shown in fig. 18. For details of the process of joining the device C to the trust ring 1, please refer to the foregoing description of the process of joining the device B to the trust ring 1, and will not be repeated here.
Unlike device B, there are two in-loop devices, device a and device B, in the trust ring 1 before device C joins the trust ring 1. Thus, upon verifying the screen lock code of the old device (herein old device refers to the device in the ring device, i.e. the device that has registered to the trust ring), device C may select either one of the two devices a, B as the old device in the ring device. That is, in the process of joining the trust ring 1 by the device C, the list of devices returned to the device C by the trust ring cloud in step S10 shown in fig. 18 includes 2 trusted devices, that is, the device a (see glory V40 of fig. 22 (B)) and the device B (see glory V30 of fig. 22 (B)). In the "enter other glowing device lock screen password" interface popped up by device C, the lock screen password of the first registered device (device a in the embodiment of the present application) is entered by default, as shown in fig. 17 (C), i.e., the "other device" in this interface is glowing V40 (device a). At this time, the device C may select and input the lock screen code of other old devices, for example, the device B, through the "select authentication device" operation option on the interface shown in fig. 17 (C). The process of changing the authentication device by device C is explained below with reference to fig. 22.
Fig. 22 is a schematic flow chart of inputting a screen locking code of a ring device in a process of turning on a "synchronize to glory account" switch in a scenario in which the device C joins a trust ring. Referring to fig. 22, in the process of adding the device C to the trust ring, after entering the interface shown in fig. 17 (C), the user clicks "select authentication device" on the interface, as shown in fig. 22 (a). Thus, the device C enters the interface of "select authentication device", as shown in fig. 22 (b). Since there are already 2 in-loop devices (device a and device B) in trust ring 1 at this time, the "select verify device" interface has 2 devices, glowing V40 (device a) and glowing V30 (device B). The user clicks "glory V30", i.e. it means that the user selects device B as the old device for authentication. After clicking, device C pops up the "enter other glowing device lock screen password" interface, where "other device" changes to glowing V30, as shown in fig. 22 (C). When the screen lock code of the device B input by the user on the interface shown in fig. 22 (c) is correct, the "synchronize to glory account" switch is turned on.
Fig. 21 is a schematic diagram illustrating information interaction during joining of a trust ring by a device C. Referring to fig. 21, in the process that the device C joins the trust ring 1, the device C selects the device B as the old device, inputs the screen locking code pw22 of the device B when the screen locking code of the old device is input, generates the authentication parameter PAKE22 of the device B based on the screen locking code pw22, and then sends the authentication parameter PAKE22 of the device B to the trust ring cloud. After confirming that the PAKE22 is consistent with the authentication parameter PAKE21 of the device B stored in the trust ring 1, the trust ring cloud returns the master key ciphertext EMK21 of the device B to the device C. Then, the device C decrypts MK from the EMK21, encrypts MK based on the lockscreen code pw31 of the device C, generates a master key ciphertext EMK31 of the device C, that is, a third master key ciphertext, and generates an authentication parameter PAKE31 of the device C based on the lockscreen code pw31 of the device C, and then the device C sends the EMK31 and the PAKE31 to the trust ring cloud, which adds the device C to the trust ring 1. To this end, the process of joining the trust ring 1 by the device C is completed, and the device C completes registration.
After the device C joins the trust ring 1, the trust ring 1 data managed in the trust ring cloud is shown in table 3:
TABLE 3 Table 3
UID UDID Parameter PAKE Master key ciphertext
Account number 1 Device A PAKE11 EMK11
Account number 1 Device B PAKE21 EMK21
Account number 1 Device C PAKE31 EMK31
After the device C joins the trust ring 1, the service data in the device C may be encrypted by the master key MK and then synchronized to the account management server, or other data synchronized by the ring device in the account management server may be synchronized to the device C. The process of synchronizing the service data to the account management server refers to the foregoing description of the process of synchronizing the service data to the account management server by the device a, and the process of synchronizing the service data to the device C by the account management server refers to the foregoing description of the process of synchronizing the service data to the local device B by the account management server, which is not repeated herein.
Device offline
Herein, off-line refers to the process by which a registered device exits from a trust ring and becomes an unregistered device. The offline is divided into two cases, one is the offline caused by the device itself, called active offline, and the other is the offline caused by other devices, called passive offline. These two offline processes are described below, respectively.
Active offline
When the device satisfies the offline condition based on the operation on the device, the active offline of the device is triggered. The process of the device actively dropping off line will be described here by taking device a as an example.
Fig. 23 to 25 show three scenarios in which the offline condition is satisfied. FIG. 23 is an interface diagram illustrating an exemplary lock screen password closing process. Referring to fig. 23, when the user wants to log out the account, the user clicks the "set" application icon on the main interface of the device a, as shown in fig. 23 (a), and after clicking, enters the "set" interface shown in fig. 23 (b). At the "setup" interface, the user clicks on the "biometric and password" option, and enters the "biometric and password" interface shown in fig. 23 (c). And in the 'biological identification and password' interface, the user clicks the 'close screen locking password' option, and the device A can execute the processing of closing the screen locking password.
Fig. 24 is an interface diagram illustrating an exemplary factory reset procedure. Referring to fig. 24, when the user wants to restore the device a to the factory setting, first, by clicking the "set" application icon on the device a main interface (refer to fig. 23 (a)), the "set" interface shown in fig. 24 (a) is entered. At the "set" interface, the user clicks on the "System and update" option, and enters the "System and update" interface shown in FIG. 24 (b). At the "System and update" interface, the user clicks on the "reset" option, and enters the "reset" interface shown in FIG. 24 (c). In the "reset" interface, the user clicks the "restore factory settings" option, and device a may execute the process of restoring factory settings.
Fig. 25 is an interface diagram exemplarily shown for restoring all the setting processes. Referring to fig. 25, when the user wants to restore all settings of the device a, the user first enters the "reset" interface shown in fig. 25 (c) according to fig. 25 (a) and (b), and the process is described in fig. 24 (a) and (b), which are not repeated here. Then, at the "reset" interface, the user clicks the "restore all settings" option, and the device a can execute the process of restoring all settings.
When any of the offline conditions is satisfied, the device a can complete the offline through the flow shown in fig. 26. Fig. 26 is a schematic diagram of the downstream flow of the exemplary illustrated device a. Referring to fig. 26, the active offline procedure of the device a may include the following steps:
s1, when a trust ring service module of equipment A detects that the equipment A restores factory settings, closes a lock screen password or restores all settings, the equipment A determines that the offline condition is met.
S2, the trust ring service module of the equipment A sends an MK deleting instruction to the trust ring module.
S3, the trust ring module of the equipment A receives the MK deleting instruction and deletes the master key MK in the trust ring module.
After deleting the master key MK, the trust ring service module of the device a modifies the registration status of the device a to unregistered.
Passive off-line
When the device satisfies the offline condition based on the operation on the other devices than the device, the device is triggered to be passively offline. Assume that there are two devices on the trust ring 1, device a and device B. The passive offline process of the device is described herein by taking device B as an example.
Fig. 27 is a schematic diagram illustrating information interaction during a device B offline process. Referring to fig. 27, when a user performs an operation of removing device B from account 1 in device a, device a transmits a notification of removing device B from account 1 to the account management server. The account management server receives the notification of removing the device B from the account 1 and sends the notification of deleting the device B from the trust ring 1 to the trust ring cloud. The trust ring cloud receives a notification of deleting the device B from the trust ring 1, and sends a push message to the device B. And the device B receives the push message and deletes MK in the device B.
Fig. 28 is an interface diagram illustrating an exemplary process of removing a device from an account. Referring to fig. 28, the user enters the "account number security" interface, as shown in fig. 28 (a). At the "Account Security" interface, the user clicks the "Login device management" option, and enters the "Login device management" interface shown in FIG. 28 (b). In the "login device management" interface, the user clicks on "glory V30" (i.e., device B), and enters the device information interface of "glory V30" shown in fig. 28 (c). In the "glory V30" device information interface, the user clicks the "remove from account" operation option, and the device B can be removed from account 1. Thereafter, the device a executes the flow of the device B being taken off line shown in fig. 29.
Fig. 29 is a schematic diagram of the downstream flow of the exemplary illustrated device B. Referring to fig. 29, the passive offline process of the device B may include the following steps:
s1, an account management module of the equipment A receives an operation of removing the equipment B from the account 1.
S2, the account management module of the equipment A sends a notification of removing the equipment B from the account 1 to an account management server.
And S3, the account management server sends a notice of deleting the equipment B from the trust ring 1 of the account 1 to the trust ring cloud.
S4, the trust ring cloud deletes the EMK21 and the PAKE21 of the device B from the trust ring 1.
S5, the trust ring cloud sends an MK deleting message to the equipment B.
MK delete message is the push message in fig. 27.
S6, the device B deletes MK stored in the device B.
Thus, the device B is finished off line.
Through the passive offline flow, in the case of equipment loss, in order to ensure the security of service data corresponding to an account in an account management server, the lost equipment can be offline on other equipment. Therefore, the lost equipment cannot synchronize the service data from the account management server, so that the leakage of important service data is prevented, and the safety of the service data is improved.
After the device is offline, the device can be added to the trust ring again through the process of joining the trust ring.
The electronic device, the computer storage medium, the computer program product, or the chip provided in this embodiment are used to execute the corresponding methods provided above, so that the beneficial effects thereof can be referred to the beneficial effects in the corresponding methods provided above, and will not be described herein.
It will be appreciated by those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
Any of the various embodiments of the application, as well as any of the same embodiments, may be freely combined. Any combination of the above is within the scope of the application.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.

Claims (19)

1. A method of data protection, for application to an electronic device, the method comprising:
generating a master key ciphertext and an authentication parameter of the electronic equipment according to the screen locking code of the electronic equipment and the acquired master key input by a user; the electronic equipment logs in a first account, the master key is generated in a trusted execution environment of the first electronic equipment, and the first electronic equipment is equipment for applying to create a first trust ring corresponding to the first account;
based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account is created in a first server or added;
when the factory setting of the electronic equipment is detected to be restored, the screen locking code is closed or all the settings are restored, deleting a master key in the trusted execution environment of the electronic equipment;
Generating a master key ciphertext and an authentication parameter of the electronic device according to the screen locking code of the electronic device and the acquired master key, which are input by a user, wherein the method comprises the following steps:
encrypting the master key based on the screen locking code of the electronic equipment to generate a master key ciphertext of the electronic equipment;
and generating the authentication parameters based on the screen locking code of the electronic equipment.
2. The method of claim 1, further comprising, after deleting the master key in the trusted execution environment of the electronic device:
and modifying the registration state of the electronic equipment to be unregistered.
3. The method of claim 1, wherein encrypting the master key based on the lockscreen code of the electronic device to generate a master key ciphertext for the electronic device comprises:
the electronic equipment is used as first electronic equipment, and receives a first screen locking code of the first electronic equipment input by a user, wherein the first electronic equipment is logged in a first account;
generating a first derivative key according to the first screen locking code;
encrypting the master key based on the first derivative key to generate a first master key ciphertext for the first electronic device;
The generating the authentication parameter based on the screen locking code of the electronic device comprises the following steps:
generating a first authentication parameter based on the first derivative key;
the creating the first trust ring corresponding to the first account in the first server or joining the first trust ring based on the master key ciphertext and the authentication parameter includes:
sending a ring creation request to a first server, so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and a first authentication parameter into trust ring data of the first trust ring; the ring creation request carries the first master key ciphertext and a first authentication parameter.
4. The method of claim 1, wherein the obtained master key comprises:
the electronic equipment is used as second electronic equipment and receives a second screen locking code of the second electronic equipment input by a user, wherein the second electronic equipment is logged in the first account;
when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to the first account number obtained from a first server;
When the identity verification of the first electronic device based on the first screen locking code is passed, receiving a first master key ciphertext of the first electronic device, which is sent by the first server;
decrypting the first master key ciphertext based on the first screen locking code to obtain a master key;
the creating a first trust ring corresponding to the first account in a first server or joining the first trust ring based on the master key ciphertext and the authentication parameter includes:
sending a ring adding request to a first server so that the first server adds a second master key ciphertext and a second authentication parameter to trust ring data of the first trust ring; the second master key ciphertext is generated after the second electronic device encrypts the master key based on the second screen locking code, and the second authentication parameter is generated by the second electronic device based on the second screen locking code.
5. The method as recited in claim 1, further comprising:
deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext;
And sending the first service data ciphertext to a second server so that the second server can store the first service data ciphertext.
6. The method as recited in claim 1, further comprising:
acquiring a second service data ciphertext from a second server;
deriving a first service key based on the master key;
and decrypting the second service data ciphertext by using the first service key to obtain second service data.
7. The method as recited in claim 1, further comprising:
the electronic equipment is used as the first electronic equipment, a notification of removing the second electronic equipment from the first account is sent to the second server in response to the operation of removing the second electronic equipment from the first account, so that the second server sends a notification of deleting the second electronic equipment from the first trust ring of the first account to the first server, and the first server sends a master key deleting message to the second electronic equipment in response to the notification of deleting the second electronic equipment from the first trust ring of the first account; deleting, by the second electronic device, a master key in a trusted execution environment of the second electronic device.
8. The data protection method is applied to the second electronic equipment and is characterized by comprising the following steps of:
generating a master key ciphertext and an authentication parameter of the second electronic device according to the screen locking code of the second electronic device and the acquired master key input by the user; the second electronic device logs in the first account, and the master key is generated in a trusted execution environment of the first electronic device;
based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account is created in a first server or added;
receiving a master key deleting message sent by a first server, wherein the master key deleting message is generated by the first server under the condition that second electronic equipment is removed from a first account by first electronic equipment;
deleting a master key in a trusted execution environment of the second electronic device;
generating a master key ciphertext and an authentication parameter of the second electronic device according to the screen locking code of the second electronic device and the acquired master key, wherein the master key ciphertext and the authentication parameter are input by a user and comprise the following steps:
encrypting the master key based on the screen locking code of the second electronic device to generate a master key ciphertext of the second electronic device;
And generating the authentication parameter based on the screen locking code of the second electronic equipment.
9. The method of claim 8, further comprising, after deleting the master key in the trusted execution environment of the electronic device:
and modifying the registration state of the second electronic equipment to be unregistered.
10. An electronic device comprising a trust ring service module and a trust ring module, wherein:
the trust ring service module is configured to:
generating authentication parameters according to the screen locking code of the electronic equipment input by a user; the electronic equipment logs in a first account;
the trust ring module is configured to:
encrypting a master key according to the screen locking code of the electronic equipment to generate a master key ciphertext of the electronic equipment; the master key is generated by a trust ring module of a first electronic device, and the first electronic device is used for applying for creating a first trust ring corresponding to the first account;
the trust ring service module is further configured to:
based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account is created in a first server or added;
The trust ring service module is configured to:
when the electronic equipment is detected to restore factory settings, closing a locking screen code or restoring all settings, sending a main key deleting instruction to the trust ring module;
the trust ring module is configured to:
and deleting the master key in the trusted execution environment of the electronic device in response to the master key deletion instruction.
11. The electronic device of claim 10, wherein the electronic device comprises a memory device,
the trust ring service module is further configured to:
after deleting the master key in the trusted execution environment of the electronic device, modifying the registration state of the electronic device to unregistered.
12. The electronic device of claim 10, wherein the electronic device is a first electronic device,
the trust ring service module is configured to:
receiving a first screen locking code of first electronic equipment input by a user, generating a first derivative key according to the first screen locking code, and sending the first derivative key to the trust ring module, wherein the first electronic equipment logs in a first account;
the trust ring module is configured to:
generating a master key in a trusted execution environment, encrypting the master key based on the first derivative key, generating a first master key ciphertext of the first electronic device, and transmitting the first master key ciphertext to the trust ring service module;
The trust ring service module is further configured to:
generating a first authentication parameter based on the first derivative key, and sending a ring creation request to a first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and the first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter.
13. The electronic device of claim 10, wherein the electronic device is a second electronic device;
the trust ring service module is configured to:
receiving a second screen locking code of second electronic equipment input by a user, wherein the second electronic equipment is logged in to a first account;
when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is ring equipment information of a first trust ring corresponding to the first account number obtained from a first server;
when the identity verification of the first electronic device based on the first screen locking code is passed, receiving a first master key ciphertext of the first electronic device, which is sent by the first server;
Sending the first master key ciphertext to the trust ring module;
the trust ring module is configured to:
decrypting the first master key ciphertext based on the first screen locking code to obtain a master key;
encrypting the master key based on the second screen locking code to generate a second master key ciphertext of the second electronic device;
sending the second master key ciphertext to the trust ring service module;
the trust ring service module is further configured to:
generating a second authentication parameter based on the second screen locking code;
and sending a ring adding request to a first server so that the first server adds the second master key ciphertext and a second authentication parameter to the trust ring data of the first trust ring.
14. The electronic device of claim 10, wherein the electronic device further comprises: the system comprises a business data synchronous service module, a business data storage service module and a key management module;
the trust ring service module is further configured to:
deriving a first service key based on the master key,
the business data storage service module is used for:
transmitting the first service data to the key management module;
The key management module is used for:
reading the first service key from the trust ring module, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; sending the first business data ciphertext to the business data storage service module;
the business data storage service module is further used for:
and sending the first service data ciphertext to a second server through the service data synchronous service module so that the second server stores the first service data ciphertext.
15. The electronic device of claim 14, wherein the electronic device comprises a memory device,
the business data synchronous service module is further used for:
acquiring a second service data ciphertext from the second server, and storing the second service data ciphertext into the service data storage service module;
the business data storage service module is further used for:
transmitting second service data to the key management module;
the key management module is further configured to:
and reading the first service key from the trust ring module, decrypting the second service data by using the first service key to obtain second service data, and storing the second service data into the service data storage service module.
16. The electronic device of claim 10, wherein the electronic device is a first electronic device;
the account management module is used for:
in response to an operation of removing the second electronic device from the first account, sending a notification to the second server of removing the second electronic device from the first account, so that the second server sends a notification to the first server of deleting the second electronic device from the first trust ring of the first account; the first server responds to the notice of deleting the second electronic device from the first trust ring of the first account, and sends a master key deleting message to the second electronic device; deleting, by the second electronic device, a master key in a trusted execution environment of the second electronic device.
17. An electronic device, comprising, as a second electronic device, a trust ring service module and a trust ring module, wherein:
the trust ring service module is configured to:
generating authentication parameters according to the screen locking code of the second electronic equipment input by the user; the second electronic equipment logs in the first account;
the trust ring module is configured to:
encrypting a master key according to a screen locking code of the second electronic device to generate a master key ciphertext of the second electronic device, wherein the master key is generated by a trust ring module of the first electronic device;
The trust ring service module is further configured to:
based on the master key ciphertext and the authentication parameter, a first trust ring corresponding to the first account is created in a first server or added;
the trust ring service module is configured to:
receiving a master key deleting message sent by a first server, wherein the master key deleting message is generated by the first server under the condition that second electronic equipment is removed from a first account by first electronic equipment;
sending a main key deleting instruction to the trust ring module;
the trust ring module is configured to:
and deleting the master key in the trusted execution environment of the second electronic device in response to the master key deletion instruction.
18. The electronic device of claim 17, wherein the electronic device comprises a memory device,
the trust ring service module is further configured to:
after deleting the master key in the trusted execution environment of the electronic device, modifying the registration state of the second electronic device to unregistered.
19. A computer readable storage medium comprising a computer program which, when run on an electronic device, causes the electronic device to perform the data protection method of any one of claims 1-9.
CN202111400446.XA 2021-11-19 2021-11-19 Data protection method, system and electronic equipment Active CN115037452B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202311095819.6A CN117278204A (en) 2021-11-19 2021-11-19 Data protection method and storage medium
CN202111400446.XA CN115037452B (en) 2021-11-19 2021-11-19 Data protection method, system and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111400446.XA CN115037452B (en) 2021-11-19 2021-11-19 Data protection method, system and electronic equipment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202311095819.6A Division CN117278204A (en) 2021-11-19 2021-11-19 Data protection method and storage medium

Publications (2)

Publication Number Publication Date
CN115037452A CN115037452A (en) 2022-09-09
CN115037452B true CN115037452B (en) 2023-09-12

Family

ID=83117723

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202111400446.XA Active CN115037452B (en) 2021-11-19 2021-11-19 Data protection method, system and electronic equipment
CN202311095819.6A Pending CN117278204A (en) 2021-11-19 2021-11-19 Data protection method and storage medium

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202311095819.6A Pending CN117278204A (en) 2021-11-19 2021-11-19 Data protection method and storage medium

Country Status (1)

Country Link
CN (2) CN115037452B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8489889B1 (en) * 2010-09-17 2013-07-16 Symantec Corporation Method and apparatus for restricting access to encrypted data
CN105210073A (en) * 2012-11-28 2015-12-30 豪沃克有限公司 A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
CN108134789A (en) * 2017-12-21 2018-06-08 北京深思数盾科技股份有限公司 The method and Cloud Server of data synchronization between devices are carried out by cloud
CN113609498A (en) * 2021-07-15 2021-11-05 荣耀终端有限公司 Data protection method and electronic equipment

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7853992B2 (en) * 2007-05-31 2010-12-14 Microsoft Corporation Configuring security mechanisms utilizing a trust system
US9330245B2 (en) * 2011-12-01 2016-05-03 Dashlane SAS Cloud-based data backup and sync with secure local storage of access keys
US20160041879A1 (en) * 2014-08-06 2016-02-11 Motorola Mobility Llc Data backup to and restore from trusted devices
DE102016002549A1 (en) * 2016-01-18 2017-07-20 Roland Harras Method for the multi-layered protection of (login) data, in particular passwords
KR102134302B1 (en) * 2016-01-29 2020-07-15 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 Wireless network access method and apparatus, and storage medium
US20180254898A1 (en) * 2017-03-06 2018-09-06 Rivetz Corp. Device enrollment protocol
US10454915B2 (en) * 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
CN111512608B (en) * 2017-09-27 2021-09-07 华为技术有限公司 Trusted execution environment based authentication protocol
US10693641B2 (en) * 2018-01-12 2020-06-23 Blackberry Limited Secure container based protection of password accessible master encryption keys
CN112307488A (en) * 2019-07-31 2021-02-02 华为技术有限公司 Authentication credential protection method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8489889B1 (en) * 2010-09-17 2013-07-16 Symantec Corporation Method and apparatus for restricting access to encrypted data
CN105210073A (en) * 2012-11-28 2015-12-30 豪沃克有限公司 A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
CN108134789A (en) * 2017-12-21 2018-06-08 北京深思数盾科技股份有限公司 The method and Cloud Server of data synchronization between devices are carried out by cloud
CN113609498A (en) * 2021-07-15 2021-11-05 荣耀终端有限公司 Data protection method and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Research on Trusted Terminal System Based on Trust Chain";Zhining Lv et al.;《2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)》;20201102;全文 *

Also Published As

Publication number Publication date
CN115037452A (en) 2022-09-09
CN117278204A (en) 2023-12-22

Similar Documents

Publication Publication Date Title
CN107251035B (en) Account recovery protocol
US20180013734A1 (en) Systems and methods for encrypted communication in a secure network
CN107736001A (en) The dynamic group member identity of equipment
WO2015171549A2 (en) Facilitating communication between mobile applications
US10708237B2 (en) System and method for chat messaging in a zero-knowledge vault architecture
KR20170083039A (en) Roaming content wipe actions across devices
CN110784322A (en) Method, system, equipment and medium for connecting gateway equipment and cloud platform
CN110362984B (en) Method and device for operating service system by multiple devices
US20230239294A1 (en) Access processing method and device for remotely controlling terminal and storage medium
CN105743917A (en) Message transmitting method and terminal
CN114760112B (en) Wireless local area network-oriented intelligent home equipment networking method, system, equipment and storage medium
CN115021894B (en) Data protection method, system and electronic equipment
CN116346339B (en) Data protection method, system and electronic equipment
CN115037451B (en) Data protection method and electronic equipment
CN108768650B (en) Short message verification system based on biological characteristics
CN102752308A (en) Network-based digital certificate comprehensive service providing system and implementation method thereof
CN115037452B (en) Data protection method, system and electronic equipment
CN116743850B (en) Equipment discovery method and device based on Internet of things platform, computer equipment and storage medium
CN115037456B (en) Data protection method, system and electronic equipment
CN115037455B (en) Data protection method and system and electronic equipment
CN115021895B (en) Data protection method and system and electronic equipment
CN115037450B (en) Data protection method and electronic equipment
CN115037454B (en) Data protection method and electronic equipment
CN114430343B (en) Data synchronization method and device, electronic equipment and readable storage medium
CN114389802B (en) Information decryption method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant