CN115037456B - Data protection method, system and electronic equipment - Google Patents

Data protection method, system and electronic equipment Download PDF

Info

Publication number
CN115037456B
CN115037456B CN202111408409.3A CN202111408409A CN115037456B CN 115037456 B CN115037456 B CN 115037456B CN 202111408409 A CN202111408409 A CN 202111408409A CN 115037456 B CN115037456 B CN 115037456B
Authority
CN
China
Prior art keywords
trust ring
account
master key
electronic device
ring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111408409.3A
Other languages
Chinese (zh)
Other versions
CN115037456A (en
Inventor
丁金岩
窦伟明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202111408409.3A priority Critical patent/CN115037456B/en
Publication of CN115037456A publication Critical patent/CN115037456A/en
Application granted granted Critical
Publication of CN115037456B publication Critical patent/CN115037456B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data protection method, a data protection system and electronic equipment. The method comprises the following steps: receiving a request for logging out a first account logged in by the electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server; receiving a push message of a first server, wherein the push message is used for indicating deletion of a master key; in response to the push message, the master key in the trusted execution environment of the electronic device is deleted. According to the data protection method, after the account is logged off, the trust ring of the account managed by the cloud is deleted, and trust ring data under the trust ring can be effectively protected.

Description

Data protection method, system and electronic equipment
Technical Field
The embodiment of the application relates to the field of terminal equipment, in particular to a data protection method, a data protection system and electronic equipment.
Background
Currently, the terminal device may store the data of the user in the cloud end so that the user can upload and download the data in real time. The user's data typically corresponds to a particular user account. However, the security of user data is entirely dependent on account security, which data can be obtained from the cloud side as long as the device is able to pass account verification. If any one of the account number and the cloud side server is attacked, the user data is leaked. In addition, the cloud side server may decrypt the user data, and the cloud side cannot self-verify. Thus, the known solutions are less secure and do not provide support for user data protection with higher security requirements.
Disclosure of Invention
The application provides a data protection method, a data protection system and electronic equipment, wherein the electronic equipment receives a request for logging out a first account logged in by the electronic equipment, sends an account logging-out notification to a second server, and instructs the first server to delete a first trust ring corresponding to the first account; after the first trust ring is deleted, the first server pushes messages to each electronic device in the first trust to instruct the electronic device to delete the master key; each electronic device that receives the push message deletes the master key in the trusted execution environment. According to the data protection method, after the account is logged off, the trust ring of the account managed by the cloud is deleted, and trust ring data under the trust ring can be effectively protected.
In a first aspect, an embodiment of the present application provides a data protection method, applied to a first electronic device, where the method includes: the method comprises the steps that first electronic equipment receives a first screen locking code of a local machine input by a user, wherein the first electronic equipment logs in a first account; generating a master key in a trusted execution environment of the first electronic device; encrypting the master key based on the first screen locking code to generate a first master key ciphertext of the first electronic device; generating a first authentication parameter based on the first screen locking code; then, based on a first master key ciphertext and a first authentication parameter, a first trust ring corresponding to a first account is created on a first server side, and first electronic equipment is added into the first trust ring; when a request for logging out a first account logged in by first electronic equipment is received, an account logging-out notification is sent to a second server, so that the second server logs out the first account and sends a first notification for deleting a first trust ring corresponding to the first account to the first server; the method comprises the steps that first electronic equipment receives a push message of a first server, wherein the push message is used for indicating deletion of a master key; in response to the push message, the master key in the trusted execution environment of the electronic device is deleted. According to the data protection method, after the account is logged off, the trust ring of the account managed by the cloud is deleted, and trust ring data under the trust ring can be effectively protected.
The screen locking code in the application may be replaced by other user information, for example, the user information may be a user birthday, a user name, a birthday of a parent or friend, a name, and the like. These pieces of information are pieces of information unique to the user, only the user knows by himself, and the pieces of information differ from user to user. Such user information is easy for the user to memorize and is not known to the cloud side. When the master key is encrypted based on the user information, the cloud side cannot decrypt, and thus the cloud side can be self-certifying. Besides the user, other people can hardly know which user information is used by the user to encrypt the master key, so that the difficulty in cracking the ciphertext of the master key is greatly increased, the security of the master key is improved, and the security of user data protected by using the derivative key of the master key can be improved. Meanwhile, when the 2 nd device and the 2 nd and subsequent devices in the trust ring are registered, the identity of the registered device can be verified based on the user information, interaction with the registered device is not needed, and convenience is provided for the user.
According to a first aspect, the first electronic device creates a first trust ring corresponding to the first account on the first server side based on the first master key ciphertext and the first authentication parameter, and adds the first electronic device to the first trust ring, including: the first electronic equipment sends a ring creation request to a first server so that the first server creates a first trust ring corresponding to a first account, and adds a first master key ciphertext and a first authentication parameter to trust ring data of the first trust ring; the ring creation request carries a first master key ciphertext and a first authentication parameter. According to the method for creating the trust ring, the account-level master key MK is protected based on the user secret, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, the cloud side can self-certify and clean, and support can be provided for data synchronization of service data with high security requirements.
In a second aspect, an embodiment of the present application provides a data protection method, which is applied to a second electronic device, including: receiving a second screen locking code of second electronic equipment input by a user, wherein the second electronic equipment is logged in to a first account; when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to the first account number obtained from a first server; when the authentication of the first electronic equipment based on the first screen locking code passes, receiving a first master key ciphertext of the first electronic equipment, which is sent by the first server; decrypting the first master key ciphertext based on the second screen locking code to obtain a master key; adding the second electronic device to the first trust ring based on the master key and the second lockscreen code; receiving a request for logging out a first account logged in by second electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server; receiving a push message of a first server, wherein the push message is used for indicating deletion of a master key; in response to the push message, deleting the master key in the trusted execution environment of the second electronic device. According to the data protection method, after the account is logged off, the trust ring of the account managed by the cloud is deleted, and trust ring data under the trust ring can be effectively protected.
According to a second aspect, the second electronic device adds the second electronic device to the first trust ring based on the master key and the second lockscreen code, comprising: encrypting the master key based on the second screen locking code, generating a second master key ciphertext of the second electronic device, and generating a second authentication parameter based on the second screen locking code; then, a ring addition request is sent to the first server to cause the first server to add the second master key ciphertext and the second authentication parameter to the trust ring data of the first trust ring. Thus, the authentication parameters are generated according to the user personalized information such as the screen locking code, and the master key is encrypted based on the user personalized information, so that the authentication parameters and the encrypted master key cannot be forged, and the authentication security is ensured.
According to a second aspect, or any implementation manner of the second aspect, the second electronic device encrypts the master key based on the second lock screen code, and generates a second master key ciphertext of the second electronic device, including: the second electronic device generates a third derivative key according to the second screen locking code; the second electronic device generates a fourth derivative key according to the third derivative key; and the second electronic equipment encrypts the master key according to the fourth derivative key to obtain a second master key ciphertext of the second electronic equipment. In this way, the derivative key is generated according to the user personalized information such as the screen locking code, so that the derivative key cannot be forged, and the security of the master key ciphertext is ensured.
According to a second aspect, or any implementation manner of the second aspect, the generating, by the second electronic device, a second authentication parameter based on the second screen locking code includes: the second electronic device generates a third derivative key according to the second screen locking code; generating a second shared value according to the third derivative key; and encrypting the second shared value according to the HSM public key generated by the first server side to obtain a second authentication parameter. Therefore, the second authentication parameters are generated according to the user personalized information such as the screen locking code, so that the second authentication parameters cannot be counterfeited or cracked, and the authentication safety can be ensured.
According to a second aspect, or any implementation manner of the second aspect, the method further includes: deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; and sending the first service data ciphertext to the second server so that the second server stores the first service data ciphertext. The cloud-up synchronization method based on the service key derived from the master key encrypts the service data ciphertext and then performs cloud-up synchronization, and the cloud-up service data ciphertext is unknown because the master key cloud is unknown, so that the security of service data can be ensured, and the cloud can be self-verified.
According to a second aspect, or any implementation manner of the second aspect, the method further includes: acquiring a second service data ciphertext from a second server; deriving a first service key based on the master key; and decrypting the second service data ciphertext by using the first service key to obtain second service data. According to the method for decrypting the service data ciphertext locally in the electronic equipment after the service data ciphertext is obtained from the cloud, even if the service data ciphertext transmitted between the cloud and the electronic equipment is intercepted, the interception imitations can not obtain the rule of the master key and the rule of deriving the first service key from the master key, so that the obtained service data can not be decrypted, and the safety of the service data can be improved.
According to a second aspect, or any implementation manner of the second aspect, after each electronic device deletes a master key in a trusted execution environment of the electronic device, the method further includes: the registration state of the electronic device is modified to unregistered. The registration state of the electronic equipment is timely modified, so that the equipment can accurately confirm the registration state locally during subsequent ring adding or ring creation.
In a third aspect, an embodiment of the present application provides an electronic device, as a first electronic device, including: the system comprises an account management module, a trust ring service module and a trust ring module; the trust ring service module is configured to: receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is logged in a first account; a trust ring module for: generating a master key in a trusted execution environment of the first electronic device; encrypting the master key based on the first screen locking code, generating a first master key ciphertext of the first electronic device, and sending the first master key ciphertext to the trust ring service module; the trust ring service module is further configured to: generating a first authentication parameter based on the first screen locking code; based on a first master key ciphertext and a first authentication parameter, a first trust ring corresponding to a first account is created on a first server side, and first electronic equipment is added into the first trust ring; an account management module, configured to: receiving a request for logging out a first account logged in by electronic equipment, sending an account log-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server; a trust ring service module for: receiving a push message of a first server, and sending a master key deleting instruction to a trust ring module, wherein the push message is used for indicating to delete a master key; the trust ring module is configured to: and deleting the master key in the trusted execution environment of the electronic device in response to the master key deletion instruction.
According to a third aspect, the trust ring service module creates a first trust ring corresponding to the first account on the first server side based on the first master key ciphertext and the first authentication parameter, and when adding the first electronic device to the first trust ring, is specifically configured to: and sending a ring creation request to the first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and the first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter.
In a fourth aspect, an electronic device according to an embodiment of the present application, as a second electronic device, includes: the system comprises an account management module, a trust ring service module and a trust ring module; a trust ring service module for: receiving a second screen locking code of second electronic equipment input by a user, wherein the second electronic equipment is logged in the first account; when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is ring equipment information of a first trust ring corresponding to a first account number acquired from a first server; when the authentication of the first electronic equipment based on the first screen locking code passes, receiving a first master key ciphertext of the first electronic equipment, which is sent by a first server; sending the first master key ciphertext to a trust ring module; a trust ring module for: decrypting the first master key ciphertext based on the first screen locking code to obtain a master key; encrypting the master key based on a second screen locking code, generating a second master key ciphertext of the second electronic device, and sending the second master key ciphertext to a trust ring service module; a trust ring service module for: based on the second screen locking code and the second master key ciphertext, adding the second electronic device into the first trust ring; an account management module, configured to: receiving a request for logging out a first account logged in by second electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server; a trust ring service module for: receiving a push message of a first server, and sending a master key deleting instruction to a trust ring module, wherein the push message is used for indicating to delete a master key; a trust ring module for: and deleting the master key in the trusted execution environment of the second electronic device in response to the master key deletion instruction.
According to a fourth aspect, the trust ring service module adds a second electronic device to the first trust ring based on a second lockscreen and the second master key ciphertext, comprising: generating a second authentication parameter based on the second screen locking code; and sending a ring adding request to the first server so that the first server adds the second master key ciphertext and the second authentication parameter to the trust ring data of the first trust ring.
According to a fourth aspect, or any implementation manner of the fourth aspect, the trust ring module encrypts the master key based on the second lock screen code, and is specifically configured to, when generating a second master key ciphertext of the second electronic device: receiving a third derivative key generated by the trust ring service module according to the second screen locking code; generating a fourth derivative key according to the third derivative key; and encrypting the master key according to the fourth derivative key to obtain a second master key ciphertext of the second electronic device.
According to a fourth aspect, or any implementation manner of the fourth aspect, when the trust ring service module generates the second authentication parameter based on the second lock screen code, the trust ring service module is specifically configured to: generating a third derivative key according to the second screen locking code; generating a second shared value according to the third derivative key; and encrypting the second shared value according to the HSM public key generated by the first server side to obtain a second authentication parameter.
According to a fourth aspect, or any implementation manner of the fourth aspect, the electronic device further includes: the system comprises a business data synchronous service module, a business data storage service module and a key management module; the trust ring service module is further configured to: deriving a first service key based on the master key, a service data storage service module for: transmitting the first service data to the key management module; a key management module for: reading the first service key from the trust ring module, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; the first business data ciphertext is sent to a business data storage service module; the business data storage service module is further used for: and sending the first service data ciphertext to the second server through the service data synchronous service module so that the second server stores the first service data ciphertext.
According to a fourth aspect, or any implementation manner of the fourth aspect, the business data synchronization service module is further configured to: acquiring a second service data ciphertext from a second server, and storing the second service data ciphertext into a service data storage service module; the business data storage service module is further used for: transmitting the second service data to a key management module; the key management module is further used for: and reading the first service key from the trust ring module, decrypting the second service data by using the first service key to obtain the second service data, and storing the second service data into the service data storage service module.
According to a fourth aspect, or any implementation manner of the fourth aspect, the trust ring service module is further configured to: after deleting the master key in the trusted execution environment of the electronic device, the registration state of the electronic device is modified to unregistered.
According to a fifth aspect, an embodiment of the present application provides a data protection system, including an electronic device, a first server, and a second server; an electronic device for: receiving a request for logging out a first account logged in by electronic equipment, and sending an account logging out notification to a second server, wherein the electronic equipment is added into a first trust ring corresponding to the first account by creating the trust ring or adding the trust ring; a second server for: logging out the first account in response to the account logging-out notification, and sending a first notification for deleting a first trust ring corresponding to the first account to a first server; a first server for: determining each ring device under the first trust ring in response to the first notification, and pushing a message to each ring device, wherein the ring devices comprise electronic devices, and the pushed message is used for indicating deletion of the master key; electronic device, further configured to: receiving a push message of a first server; in response to the push message, the master key in the trusted execution environment of the electronic device is deleted. According to the data protection system, after the account of the electronic device is logged off, the trust ring of the account managed by the cloud is deleted, and trust ring data under the trust ring can be effectively protected.
Any implementation manner of the third aspect and any implementation manner of the third aspect corresponds to any implementation manner of the first aspect and any implementation manner of the first aspect, respectively. The technical effects corresponding to the third aspect and any implementation manner of the third aspect may be referred to the technical effects corresponding to the first aspect and any implementation manner of the first aspect, which are not described herein.
Any implementation manner of the fourth aspect and any implementation manner of the fourth aspect corresponds to any implementation manner of the second aspect and any implementation manner of the second aspect. Technical effects corresponding to any implementation manner of the fourth aspect may be referred to technical effects corresponding to any implementation manner of the second aspect and the fourth aspect, and are not described herein.
In a sixth aspect, the present application provides a computer readable medium storing a computer program comprising instructions for performing the method of the first aspect or any possible implementation of the first aspect, and instructions for performing the method of the second aspect or any possible implementation of the second aspect.
In a seventh aspect, the present application provides a computer program comprising instructions for performing the method of the first aspect or any possible implementation of the first aspect, instructions for performing the method of the second aspect or any possible implementation of the second aspect.
Drawings
Fig. 1 is a schematic structural diagram of an exemplary electronic device 100;
fig. 2 is a software architecture block diagram of an electronic device 100 of an embodiment of the present application, which is exemplarily shown;
FIG. 3 is a schematic diagram illustrating information interaction during creation of a trust ring;
FIG. 4 is a schematic diagram illustrating interaction between a device and a cloud side during creation of a trust ring;
FIG. 5A is a schematic diagram of an interface into a My device application with an exemplary shown logged-in account;
FIG. 5B is a schematic diagram of an interface into a My device application with an unregistered account shown by way of example;
FIG. 6 is a schematic diagram illustrating an interface from a "My devices" application in device A to a "password safe synchronization" application;
FIG. 7A is a schematic diagram illustrating a process for entering a "password safe" interface with device A having set a lock screen code;
FIG. 7B is a schematic diagram illustrating a process for entering a "password safe" interface without a lock screen code being set by device A;
FIG. 8 is a schematic diagram illustrating a process for opening a "password safe sync" switch in a scenario in which a trust ring is created;
FIG. 9 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario in which a trust ring is created;
FIG. 10 is a schematic flow diagram of an exemplary illustrated creation of a trust ring;
FIG. 11 is a schematic diagram illustrating an exemplary embodiment of a device A synchronizing a service data ciphertext to an account management server after creating a trust ring;
FIG. 12 is a schematic diagram illustrating the interaction of modules of a synchronous traffic data ciphertext;
FIG. 13 is a schematic diagram illustrating an interface of a synchronous service data ciphertext to an account management server;
FIG. 14 is a schematic diagram illustrating information interaction during a device B joining a trust ring;
FIG. 15 is a schematic diagram illustrating an interface from a "My device" application in device B to a "password safe synchronization" application;
FIG. 16A is a schematic diagram illustrating the process of entering the "safe in password" interface and opening the "safe in password" switch with device B having set the lock screen code;
FIG. 16B is a schematic diagram illustrating a process for entering the "safe" interface and opening the "safe sync" switch without the lock screen code set by device B;
FIG. 17 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in the scenario where device B joins a trust ring;
FIG. 18 is a flow chart illustrating the joining of a trust ring by device B;
Fig. 19 is a schematic diagram illustrating synchronization of service data ciphertext from an account management server after a device B joins a trust ring;
FIG. 20 is a schematic diagram illustrating an interface for synchronizing business data ciphertext from an account management server;
FIG. 21 is a schematic diagram illustrating information interaction during a join of device C to a trust ring;
fig. 22 is a schematic flow chart of inputting a screen locking code of a ring device in a process of opening a "synchronize to glory account" switch in a scenario that the device C joins a trust ring;
FIG. 23 is a schematic diagram illustrating information interaction during deletion of a trust ring;
FIG. 24 is an interface diagram illustrating an account logout process;
fig. 25 is a schematic flow diagram of an exemplary illustrated deletion of a trust ring.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
The terms first and second and the like in the description and in the claims of embodiments of the present application are used for distinguishing between different objects and not necessarily for describing a particular sequential order of objects. For example, the first target object and the second target object, etc., are used to distinguish between different target objects, and are not used to describe a particular order of target objects.
In the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations, or descriptions. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more. For example, the plurality of processing units refers to two or more processing units; the plurality of systems means two or more systems.
Fig. 1 is a schematic diagram of an exemplary illustrated electronic device 100. It should be understood that the electronic device 100 shown in fig. 1 is only one example of an electronic device, and that the electronic device 100 may have more or fewer components than shown in the figures, may combine two or more components, or may have a different configuration of components. The various components shown in fig. 1 may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
The electronic device 100 may be a mobile phone, a tablet, etc.
The electronic device 100 may include: processor 110, external memory interface 120, internal memory 121, universal serial bus (universal serial bus, USB) interface 130, charge management module 140, power management module 141, battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headset interface 170D, sensor module 180, keys 190, motor 191, indicator 192, camera 193, display 194, and subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In this embodiment, taking an Android system with a layered architecture as an example, a software structure of the electronic device 100 is illustrated.
The layered architecture of the electronic device 100 divides the software into several layers, each with a distinct role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into three layers, an application layer, an application framework layer, and a kernel layer from top to bottom.
The application layer may include a series of application packages.
As shown in FIG. 2, the application package may include applications such as sensors (which may also be referred to as desktops and wallpapers), HMS core, trust ring, password safe, and the like. For example, the sensor may monitor user sliding, pressing, etc. of the screen, and the HMS core provides a collection of electronic device side, cloud opening capabilities. The trust ring application is used for creating and managing the trust ring for the account number, wherein the management of the trust ring includes but is not limited to: adding devices to the trust ring, deleting devices from the trust ring, deleting the trust ring, freezing the trust ring, updating master key ciphertext under the trust ring, and the like. The password safe is used for managing business data synchronized to an account management server by a user, for example: a login account and a password for a service.
The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.
As shown in fig. 2, the application framework layer may include a window manager, a view system, an F interface, and a resource manager, among others.
The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen, send interface information display instructions to the view system, and the like.
The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.
The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.
The F interface is an external service interface of the trust ring.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: a two-dimensional graphics engine (e.g., SGL), a key asset trust ring CA, a surface manager, etc.
The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications. The two-dimensional graphics engine is a drawing engine for two-dimensional images.
The key asset trust ring CA may also be referred to as a trust ring service module, and is mainly used for message transparent transmission between an upper layer trust ring application and a lower layer key asset trust ring TA.
The kernel layer is a layer between hardware and software. The kernel layer contains at least a display driver, a sensor driver, a W-iFi driver, and a key asset trust ring TA. The display driver is used to drive the display 194, the wi-Fi driver is used to drive the wireless communication module 160, and the sensor driver is used to drive the sensor module 180.
The key asset trust ring TA may also be referred to as a trust ring module, and is configured to implement core security logic, provide a trusted execution environment, generate a master key in the trusted execution environment, encrypt the master key to generate a master key ciphertext, and so on. For the specific functions of the key asset trust ring CA and the key asset trust ring TA, the related description in the flow description such as ring creation, ring addition, ring deletion, riot prevention, equipment offline in the trust ring, master key updating, master key ciphertext updating and the like is referred to.
It is to be understood that the components contained in the system framework layer and runtime layer shown in fig. 2 do not constitute a particular limitation of the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components.
When using an electronic device, a user typically needs to memorize a lot of password data, such as a password of a mailbox account, a password of a network disk account, a password of a smart home control right, and the like. When such password data is large, if the user is allowed to record the password data of each service independently, great difficulty is caused to the user's memory. Therefore, the user hopes to upload the password data to the cloud side for storage through the data synchronization function, and the password data is directly obtained from the cloud side when in use, and the user does not need to memorize the password data.
However, for such cryptographic data, the user has different security requirements than for general data to be synchronized, e.g. for pictures, address books, short messages, etc. Such cryptographic data, once compromised, would cause significant loss to the user. Therefore, users have high security requirements for such cryptographic data. At this time, the disadvantage that the cloud side cannot self-verify the security of the data synchronized to the cloud side is reduced, and the high security requirement of such password data cannot be satisfied.
The data protection method enables the cloud side to be self-certificated and can provide support for data synchronization of service data with high security requirements such as password data.
The data protection method of the present application will be described in detail with reference to the accompanying drawings.
Creating trust loops
FIG. 3 is a schematic diagram illustrating information interaction during creation of a trust ring. FIG. 4 is a schematic diagram illustrating interaction of a device with the cloud side during creation of a trust ring. Fig. 10 is a schematic flow diagram illustrating creation of a trust ring.
The process of creating a trust ring according to embodiments of the present application is described in detail below in conjunction with fig. 3, 4, and 10.
In the embodiment of the present application, assuming that the glowing account number of the device a is account number 1, taking the process of creating the trust ring by taking the process of creating the trust ring 1 by taking the process of initiating registration to the trust ring cloud by the device a for the first time as an example, the process of creating the trust ring is described. The application that can trigger the creation of the trust ring flow may be any application under the glowing account, and here, the creation of the trust ring flow is illustrated by triggering the "password safe synchronization" application under the glowing account.
Where "registration" herein refers to the process of adding a device to a trust ring. When the first device is registered, because the trust ring is not yet established under the account, the trust ring needs to be established first, and then the device is added into the trust ring, and the process of registering the first device is called establishing the trust ring. The non-head device registration process is referred to herein as joining the trust ring, as it only requires the device to be added to the existing trust ring.
It is assumed herein that account number 1 includes 3 devices, respectively glowing V40 (i.e., device a), glowing V30 (noted device B), and glowing V50 (noted device C).
It should be noted that, the actions performed by the various clouds herein should be understood as actions performed by the servers in the respective clouds. For example, the actions performed by the account management server are performed by the account management server, and the actions performed by the trust ring cloud are performed by the trust ring cloud server.
Referring to fig. 3, in the process of creating a trust ring, a device a sends a request of a login account 1 to an account management server, and after the request of the account management server for the login account 1 is verified, a verification passing message is returned to the device a; after receiving the verification passing message, the device A generates a master key ciphertext EMK11 of the device A and an authentication parameter PAKE11 of the device A, sends the EMK11 and the PAKE11 to the trust ring cloud, and after receiving the EMK11 and the PAKE11 sent by the device A, the trust ring cloud creates a trust ring 1 for the account number 1 and adds the device A into the trust ring 1.
Referring to fig. 10, in an embodiment of the present application, a process of creating a trust ring by a device a may include the following steps:
step S1: device a logs in to account 1.
The device a is described herein as an example of a glory V40 cell phone. It should be understood that device a may be any electronic device that has installed the trust ring creation functionality of the present application, and the present application is not limited.
Device a needs to initiate registration with the trust ring cloud with the logged-in account to create the trust ring. If device A does not have a login account, it needs to first login account.
FIG. 5A is a schematic diagram of an interface into a My device application with an exemplary illustrated logged-in account. FIG. 5B is a schematic illustration of an interface into a My device application with an unregistered account shown exemplary. Fig. 6 is a schematic diagram illustrating an interface from a my device application to a password safe synchronization application in device a.
Referring to fig. 5A and 6, in the case where device a has logged in to account 1 (assuming account 1 is 1581991 ××), the user may click on the "set" application icon in the device a main interface (as shown in fig. 5A (a)), and enter the "set" interface shown in fig. 5A (b). At the "setup" interface, the user clicks on account 1 (i.e., 1581991 ××), and enters the "account center" interface shown in fig. 5A, diagram (b). At the "Account center" interface, the user clicks on "My device" and proceeds to the "My device" interface shown in FIG. 6 (b). Find the current device in the My device interface, i.e., glory V40, click on glory V40 to enter the device info interface shown in FIG. 6 (c). In the "device info" interface, the user continues to click on the "password safe synchronization" application in the interface, and may enter the "password safe" interface. And after the ' password safe ' interface is opened, the ' password safe synchronization ' switch is clicked to be synchronized to the glowing account number ', namely, the process of creating the trust ring is triggered. The processes of entering the "password safe" interface, opening the "password safe synchronization" switch, and opening the "synchronize to glowing account" switch are described later herein.
It should be noted that if a trust ring is already present under account number 1, a "trusted device" will be displayed under the device that has joined the trust ring on the my device interface. The device identified as the "trusted device" is the device that has joined the trust ring, i.e., the registered device, see the interface shown in the subsequent figure 15 (b). If there is no trust ring under account number 1, for example on the "my devices" interface of device a shown in figure 6 (b), none of the 3 glowing devices are trusted devices, indicating that there is no trust ring under account number 1 currently.
Referring to fig. 5A, 5B and 6, in the case that the device a does not log in to the account number 1, after clicking the "set" application icon (as shown in fig. 5A) in the main interface of the device a, the user enters the "set" interface shown in fig. 5B (a). At the "setup" interface, the user clicks "login glowing account", and enters the glowing account login interface shown in fig. 5B (B). In the glory account login interface, the user inputs account 1 (1581991 ××) and a login password (assuming key 1), and device a sends a request for login account 1 to the account management server, with account 1 (1581991 ×) and login password key1.
Referring to fig. 4, a user may send a request for logging in an account 1 to an account management server through an account management module of an application layer of the device a to log in the account 1.
After the device a successfully logs in to the account number 1, the process of creating the trust ring is triggered according to the process under the condition of the logged-in account number, and the process is shown in fig. 5A (c), fig. 5 (d) and fig. 6, which are not repeated here.
Step S2: the account management server returns a verification passing message.
The information of the account number 1 is pre-stored in the account number management server, the information comprises a login password corresponding to the account number 1, and the login password of the account number 1 stored in the account number management server is assumed to be key0. After receiving the request of the login account 1 sent by the equipment A, the account management server verifies the request of the login account 1 according to the information of the account 1 locally stored by the account management server. If the password key1 of the login account 1 carried in the request of the login account 1 is consistent with the login password key0 of the account 1 stored locally by the account management server, the account management server determines that the login verification of the account 1 is passed. At this time, the account management server returns a verification passing message to the device a.
If the password key1 of the login account 1 carried in the request of the login account 1 is inconsistent with the login password key0 of the account 1 stored locally by the account management server, the account management server determines that the login verification of the account 1 fails. At this time, the account management server returns a verification failure message to the device a. At this time, the user needs to reenter the account number and the login password through the diagram (B) of fig. 5B.
Referring to fig. 4 and 10, the device a receives a verification passing message or a verification failure message through the account management module.
S3: and sending a registration opening notification.
Referring to fig. 4 and fig. 10, in the case that the account management module of the device a receives a verification passing message returned by the account management server, the account management module in the device a sends a registration opening notification to the trust ring service module of the application framework layer. The registration initiation notification is used to instruct the trust ring service module to initiate a registration process.
Here, a process of device a entering the "safe in password" interface and turning on the "safe in password" switch in the process of creating the trust ring will be described.
Fig. 7A is a schematic diagram illustrating a process of entering a "password safe" interface with device a having set a lock screen code. Referring to fig. 7A, in the case where the user of the device a has set the screen lock code (may also be referred to as a screen lock code) of the device a, when the user clicks the "safe synchronization for password" application in the "device information" interface (refer to fig. 7A (a)), the device a pops up the "enter screen lock code" interface (refer to fig. 7A (b)). If the user inputs the screen locking code on the screen locking code input interface and the screen locking code is correct, the screen of the device a enters the code safe interface (see fig. 7A (c)). At this time, both the "password safe synchronization" switch and the "synchronize to glowing account" switch on the "password safe" interface are in the off state.
Fig. 7B is a schematic diagram illustrating a process of entering a "password safe" interface without a lock screen code being set by device a. Referring to fig. 7B, in the case where the user of the device a does not set the screen lock code of the device a, when the user clicks the "password safe synchronization" application in the "device information" interface (refer to fig. 7B (a)), the device a pops up the "set digital screen lock password" interface (refer to fig. 7B (B)). After the user inputs the screen locking code on the interface "set digital screen locking code" shown in fig. 7B (B), the device a pops up the interface "set digital screen locking code" for confirming the code (see fig. 7B (c)). The user inputs the screen locking code again on the interface shown in fig. 7B (c), and if the screen locking code input again is identical to the screen locking code input by the user on the interface shown in fig. 7B (B), the screen of the apparatus a enters into the "password safe" interface shown in fig. 7B (d), which is identical to the interface shown in fig. 7A (c).
Fig. 8 is a schematic diagram illustrating a process of turning on a "password safe sync" switch in a scenario of creating a trust ring. Referring to fig. 8, when the user clicks the "safe synchronization" switch on the "safe synchronization" interface (refer to fig. 8 (a)), the device a pops up the alert interface shown in fig. 8 (b) on the screen, and the alert interface is used to alert the user whether to agree to start the safe synchronization service. When the user clicks the "agree" button on the reminder interface (see fig. 8 (b)), the "password safe synchronization" switch on the "password safe" interface is turned on (see fig. 8 (c)).
The trust ring service module, upon receiving the registration initiation notification, cannot determine whether to initiate a process of creating a trust ring or join a process of joining a trust ring, and needs to determine by detecting a registration state.
S4: the trust ring service module in device a detects the registration status of device a.
The registration state includes both unregistered and registered states. The unregistered state is used to indicate that the device is currently unregistered with the trust ring, and the registered state is used to indicate that the device is currently registered with the trust ring.
S5: and when detecting that the registration state of the equipment A is unregistered, the equipment A sends a registration state comparison request to the trust ring cloud.
The registration state comparison request is used for indicating a comparison result of the registration state of the device A detected by the trust ring service module and the registration state of the device A stored in the trust ring cloud.
The registration status comparison request includes the UID (device identifier) of the device a and the UDID (account identifier) of the account to which the device a belongs.
S6: the trust ring cloud returns a first registration state confirmation message to the trust ring service module in device a.
The first registration status confirmation message is used for indicating that no trust ring exists under the account number 1.
After receiving the registration state comparison request of the equipment A, the trust ring cloud compares whether a trust ring exists under the account number 1, and compares whether the equipment A is in the trust ring under the condition that the trust ring exists under the account number 1. When no trust ring exists under the account number 1, the trust ring cloud generates a first registration state confirmation message and sends the first registration state confirmation message to the device A.
Based on the first registration state confirmation message returned by the trust ring cloud, the equipment A determines that the registration execution creates a trust ring flow.
S7: the trust ring service module in device a receives the lockscreen code pw11 of device a entered by the user.
Here, a procedure of turning on a "synchronize to glory account" switch in creating a trust ring will be described.
Fig. 9 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario of creating a trust ring. Referring to fig. 9, when the user clicks the "synchronize to glowing account" switch on the "password safe" interface where the "password safe synchronization" switch is turned on (see fig. 9 (a)), the "enter screen password" interface pops up on the screen of the device a (see fig. 9 (b)). If the user inputs the screen locking code of the device A on the screen locking code input interface, the trust ring service module in the device A receives the screen locking code of the device A input by the user. If the screen locking password of the device a input by the user is correct, after the device a completes the process of creating the trust ring, the device a enters a "password safe" interface in which both the "password safe synchronization" switch and the "synchronize to glowing account" switch are in an on state (see (c) diagram of fig. 9).
Note that, the user clicks the "synchronize to glowing account" switch on the interface shown in fig. 9 (a) (see fig. 9 (a)) to trigger the device a to execute step S3 in fig. 10 and the step of creating the trust circulation flow after step S3.
The screen locking code of the device a belongs to the secret of the user of the device a, and is unknown to the cloud side.
S8: the trust ring service module of device a verifies the lockscreen code pw11 of device a.
The process of verifying the screen locking code of the device a may be: and the equipment A compares the screen locking code input by the user with the screen locking code stored in the equipment A in advance, if the screen locking code and the screen locking code are consistent, the verification is passed, and otherwise, the verification fails.
Here, the trust ring service module verifies the screen locking code of the device a input by the user on the interface shown in fig. 9 (b), and after the verification is passed, the subsequent step S9 can be continuously performed. If the verification fails, device A will revert back to the interface shown in FIG. 9 (b) and prompt the entered lockscreen code for errors at the interface.
S9: the trust ring service module derives PWUATH11 based on the lock screen code of device a.
Assuming that the screen locking code input by the user at this time is pw11, the trust ring service module derives PWUATH11 based on pw11.
Since pw11 belongs to the user secret of device a, pw11 cannot be obtained by the cloud side, and PWUATH11 derived based on pw11 cannot be obtained by the cloud side.
Since PWUATH11 is generated based on the user secret pw11 unknown to the cloud side, PWUATH11 is unknown to the cloud side.
S10: the trust ring service module of device a sends PWAUTH11 to the trust ring module in the trusted execution environment of device a.
Subsequently, the trust ring module generates the master key ciphertext EMK11 and the parameter PAKE11 based on the PWAUTH11, and the generation manner of the EMK11 and the PAKE11 is detailed in steps S11 to S14 of fig. 10.
S11: the trust ring module generates MK.
The device A generates MK, namely a master key, through the trust ring module, and MK is stored in a trusted execution environment of the device A, so that the device A cannot be stolen even if the device A is attacked by MK, and therefore the security is high.
S12: the trust ring module encrypts MK based on PWAUTH11, generating EMK11.
EMK11 is the first master key ciphertext. The trust ring module derives a key KEK11 based on PWAUTH11 and generates EMK11 based on the KEK11 encrypting MK.
S13: the trust ring module of device a sends EMK11 to the trust ring service module of device a.
After the trust ring module generates the EMK11, the EMK11 is sent to the trust ring service module, and the salt_enc11 is also sent to the trust ring service module while the EMK11 is sent.
S14: the trust ring service module in device a generates a parameter PAKE11 based on PWAUTH 11.
S15: and the device A sends a ring creation request carrying the EMK11 and the parameter PAKE11 to the trust ring cloud through the trust ring service module.
Device A sends a ring creation request to the trust ring cloud through the trust ring service module, and PAKE11 parameter registration and EMK11 hosting can be completed through the request.
In order to improve the security of the EMK11, before sending the EMK11, the trust ring service module may perform secondary encryption on the EMK11 based on the public key of the trust ring cloud HSM obtained during login, to obtain a two-layer ciphertext of the master key.
S16: the trust ring cloud creates a trust ring 1 for account number 1 in response to the ring creation request and adds device a to the trust ring 1.
The trust ring cloud responds to the ring creation request sent by the device A to create a trust ring 1 for the account number 1, when other devices under the account number 1, such as the device B and the device C, send registration state comparison requests to the trust ring cloud, the trust ring cloud returns confirmation messages which exist in the trust ring 1 but the device B and the device C are not in the trust ring, the device B and the device C execute a process of joining the trust ring, and the specific process of joining the trust ring refers to the following related description.
After the trust ring 1 is created, the trust ring 1 data managed in the trust ring cloud is shown in table 1:
TABLE 1
UID UDID Parameter PAKE Master key ciphertext
Account number
1 Device A PAKE11 EMK11
S17: the trust ring cloud returns a ring creation success message to the trust ring service module of the device A.
After the trust ring cloud creates the trust ring 1 for the account number 1 and adds the device A to the trust ring 1, a ring creation success message is returned to the device A, and after the device A receives the ring creation success message, a switch of synchronizing to the glowing account number in a password safe interface is started, as shown in a (c) diagram of fig. 9. After the switch of synchronizing to the glowing account number is turned on, the user can perceive that the device A has successfully joined the trust ring, and the service data in the password safe can be synchronized to the account management server, so that other devices in the trust ring 1 under the account number 1 can share the service data.
The trust ring creation process ends, and device a completes registration.
After the device A completes registration, the trust ring service module of the device A modifies the registration state of the device A to registered.
Through the trust ring creation process, the account-level master key MK is protected based on the user secret, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, the cloud side can self-prove the security, and support can be provided for data synchronization of service data with high security requirements.
It should be noted that the above procedure should be understood as a schematic example of the process of creating a trust ring in the present application, and is not intended to limit the present application.
Fig. 11 is a schematic diagram schematically illustrating that after a trust ring is created, device a synchronizes a service data ciphertext to an account management server. Fig. 12 is a schematic diagram illustrating the module interaction of the synchronous service data ciphertext. Fig. 13 is a schematic diagram illustrating an interface between the ciphertext of the synchronous service data and the account management server. Referring to fig. 11, 12 and 13, in the case that the trust ring 1 of the account number 1 has been created and the device a has been added to the trust ring 1, the device a may encrypt the sensitive service data with MK to obtain a service data ciphertext, and upload the service data ciphertext to the account number management server.
The process of synchronizing the service data ciphertext to the account management server by the device A after the trust ring is created is as follows:
referring to fig. 12, the cryptographic safe of the application layer in the device a reads the plaintext of the service data, and then stores the plaintext of the service data in the service data storage service module of the application framework layer, where the service data storage service module sends the plaintext of the service data to the key management module in the trusted execution environment. The trust ring module generates a service key dkey according to MK, the key management module reads the dkey from the trust ring module, and encrypts service data by using the dkey to obtain service data ciphertext Edata. The key management module returns the service data ciphertext Edata to the service data storage service module, and the service data storage service module uploads the service data ciphertext Edata to the account management server through the service data synchronization service module and the account management server synchronization framework of the application program layer. The equipment A acquires a service data ciphertext from an account management server through a service data synchronous service module, stores the acquired service data ciphertext into a service data storage service module, and sends second service data to a key management module; the key management module reads a first service key derived from the master key from the trust ring module, decrypts the second service data based on the first service key to obtain second service data, and stores the decrypted second service data into the service data storage service module.
It should be noted that, the service keys dkey corresponding to different services are different, and the device a may generate the service keys of different services according to MK.
For example, referring to fig. 13, when a user uses service 1 on device a, the user needs to input the account number and the password of service 1, as shown in fig. 13 (a). After the account number and password of service 1 are input, device a pops up information indicating whether to synchronize the account number and password of service 1 to the password safe, as shown in fig. 13 (b). If the user agrees, the device a takes the account number and the password of the service 1 as the service data1 of the service 1, and uploads the ciphertext Edata1 of the data1 to the account management server according to the same synchronization process as the service data.
As can be seen from the above, in the embodiment of the present application, the service data ciphertext in the account management server does not depend on the account security completely, but also depends on the security of MK, so that even if the account is stolen, the security of the data on the cloud is not affected.
The service data of the user is encrypted based on the master key with high security, and then the service data ciphertext is synchronized to the account management server, so that the risk of leakage of the service data ciphertext is reduced, and the security of data synchronous backup is improved.
Joining trust loops
On the basis that device a has created the trust ring 1 of account number 1, device B under account number 1 may join the trust ring 1 according to the join trust ring procedure in the following embodiment. Before device B joins trust ring 1, only device a is the ring device in trust ring 1.
Fig. 14 is a schematic diagram illustrating information interaction during joining of a trust ring by a device B. Fig. 18 is a flow chart illustrating joining of the trust ring by the device B.
The process of joining a trust ring in an embodiment of the present application is described in detail below in conjunction with fig. 14 and 18.
Referring to fig. 14, after the device a is registered as the first device, the process of creating the trust ring is completed, the device a has uploaded the master key ciphertext EMK11 of the device a, that is, the first master key ciphertext, and the authentication parameter PAKE11 of the device a to the trust ring cloud, and thereafter, other devices, for example, the device B, are registered by joining the trust ring flow. In the process that the device B joins the trust ring 1, the device B sends an authentication parameter PAKE12 of the device A in the trust ring 1 to the trust ring cloud, and after confirming that the PAKE12 is consistent with the authentication parameter PAKE11 of the device A stored in the trust ring 1, the trust ring cloud returns a master key ciphertext EMK11 of the device A to the device B. Then, the device B decrypts MK from the EMK11, encrypts MK based on the lock screen code of the device B, generates a master key ciphertext EMK21 of the device B, that is, a second master key ciphertext, and an authentication parameter PAKE21 of the device B, and sends the EMK21 and the PAKE21 to the trust ring cloud.
Referring to fig. 18, in an embodiment of the present application, the process of joining a trust ring by a device B may include the following steps:
s1: device B logs in to account 1.
Like device a, device B logs in to account 1 by sending a request to the account management server to log in to account 1. For details of the process of the login account 1 of the device B, please refer to the process description of the login account 1 of the device a, and the details are not repeated here.
And S2, the account management server returns a verification passing message to the equipment B.
The processing procedure of the request of the account management server for the login account 1 of the device B is referred to the processing procedure of the request of the account management server for the login account 1 of the device a, and will not be described herein.
After device B successfully logs into account 1, the user may enter the "account center" interface through the flow indicated in (B) and (c) of fig. 5A, and find the "my device" application.
S3: and sending a registration opening notification.
Referring to fig. 4 and fig. 18, in the case that the account management module of the device B receives the verification passing message returned by the account management server, the account management module in the device B sends a registration opening notification to the trust ring service module of the application framework layer. The registration initiation notification is used to instruct the trust ring service module of device B to initiate a registration procedure.
Here, a process of entering the "safe in password" interface and turning on the "safe in password" switch during the process of joining the trust ring will be described.
Fig. 15 is a schematic diagram illustrating an interface from a my device application to a safe sync application in device B. As can be seen by comparing fig. 6, there is a trusted device glowing V40, device a, on the my device interface of device B during the joining of the trust ring. This illustrates that a trust ring already exists under account 1.
Fig. 16A is a schematic diagram illustrating a process of entering the "safe with lock code" interface and turning on the "safe sync" switch with device B having set the lock code. Referring to fig. 16A, in the case where the user of the device B has set the lock code of the device B, when the user clicks on the "password safe synchronization" application in the "device information" interface (refer to fig. 16A (a)), the device B pops up the "enter lock code" interface (refer to fig. 16A (B)). If the user inputs the screen lock code in the "enter screen lock code" interface and the screen lock code is correct, the screen of device B enters the "code safe" interface (see fig. 16A (c)). At this time, both the "password safe synchronization" switch and the "synchronize to glowing account" switch on the "password safe" interface are in the off state. Unlike device a in creating a trust ring, device B, in joining a trust ring, when the user clicks the "safe sync" switch on the "safe sync" interface shown in fig. 16A (c), the screen of device B switches directly to the interface shown in fig. 16A (d), i.e., the "safe sync" switch is on, while the "sync to glowing account" interface is unopened.
Fig. 16B is a schematic diagram illustrating a process of entering the "safe with lock code" interface and turning on the "safe sync" switch when device B is not set. Referring to fig. 16B, the process of entering the "code safe" interface and opening the "code safe synchronization" switch when the device B does not set the screen locking code is different from the process of entering the "code safe" interface and opening the "code safe synchronization" switch when the device B has set the screen locking code shown in fig. 16A in that the device B needs to set the screen locking code (see fig. 16B) and confirm the screen locking code (see fig. 16B) when the device B does not set the screen locking code, and the rest of the processes are the same as those when the screen locking code has been set, and will not be repeated here.
S4: the trust ring service module in device B detects the registration status of device B.
For the description of this step, please refer to the previous description of step S4 of fig. 10, and the description is omitted here.
S5: and when detecting that the registration state of the equipment B is unregistered, sending a registration state comparison request.
For the description of this step, please refer to the previous description of step S5 of fig. 10, and the description is omitted here.
S6: and returning a second registration state confirmation message.
Wherein the second registration status confirmation message is used to indicate that the trust ring 1 exists under the account number 1, but the device B is not on the trust ring 1.
After receiving the registration state comparison request of the equipment B, the trust ring cloud compares whether a trust ring exists under the account number 1. At this time, since the trust ring has created the trust ring 1 of the account number 1 at the time of device a registration, it is confirmed that the trust ring exists under the account number 1. Then, the trust ring cloud confirms that the device B is not in the trust ring according to the trust ring data of the account number 1 shown in table 1, and at this time, the trust ring cloud generates a second registration state confirmation message and sends the second registration state confirmation message to the device B.
Based on a second registration state confirmation message returned by the trust ring cloud, the equipment B determines that the registration execution joins the trust ring flow.
S7: the trust ring service module in device B receives the lockscreen code pw21 of device B entered by the user.
Fig. 17 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario in which device B joins a trust ring. Referring to fig. 17, when the user clicks the "synchronize to glowing account" switch on the "password safe" interface where the "password safe synchronization" switch is turned on (see fig. 17 (a)), the "enter screen password" interface pops up on the device B screen (see fig. 17 (B)). If the user inputs the screen locking code of the device B on the screen locking code input interface, the trust ring service module in the device B receives the screen locking code of the device B input by the user.
S8: the trust ring service module of device B verifies the lockscreen code pw21 of device B and derives PWAUTH21 based on the lockscreen code pw21 of device B.
The process of the screen locking code pw21 of the verification device B refers to the process of the screen locking code pw11 of the verification device a, which is not described herein.
S9: the trust ring service module of device B obtains a list of devices in trust ring 1.
The trust ring service module of the device B may send a request for obtaining the device list in the trust ring 1 to the trust ring cloud, and after receiving the request, the trust ring cloud returns the device list in the trust ring 1 to the trust ring service module of the device B.
S10: the trust ring cloud returns the list of devices in the trust ring 1 to the trust ring service module of device B.
Included in the list of devices in the trust ring 1 are all devices that have currently joined in the trust ring 1. In the embodiment of the present application, since the device a is a device that creates the trust ring 1, and the device B is a device that joins the trust ring 1 for the first time, in the process that the device B joins the trust ring 1, the device list in the trust ring 1 returned by the trust ring cloud includes only one device a.
S11: the trust ring service module of the equipment B displays a screen locking code input interface of the equipment A, receives a screen locking code pw12 of the equipment A input by a user, and generates a parameter PAKE12 based on the screen locking code pw 12.
With continued reference to fig. 17, if the screen lock password of the device B input by the user on the interface shown in fig. 17 (B) is correct, the screen of the device B pops up the "input other glory device screen lock password" interface (see fig. 17 (c)), and the "other glory device" in fig. 17 (c) is glory V40, i.e., device a. The user inputs the screen locking code pw12 of the device a on the interface of "input other glowing device screen locking codes", if the screen locking code pw12 of the device a input by the user is correct, the device B enters the "safe synchronization" switch and the "safe synchronization to glowing account number" switch which are both in the on state after the execution of the trust ring joining process (see (d) diagram of fig. 17).
Note that, the user clicks the "synchronize to glowing account" switch on the interface shown in fig. 17 (a) (see fig. 17 (a)) to trigger the device a to execute step S3 in fig. 18 and the join trust loop procedure step after step S3.
The screen locking code of the device B belongs to the secret of the user of the device B, and is unknown to the cloud side.
The generation principle of the parameter PAKE12 is the same as that of the parameter PAKE11, and will not be described herein.
S12: the trust ring service module of device B sends the parameter PAKE12 to the trust ring cloud.
During the joining process of the device B to the trust ring 1, the trust ring cloud needs to verify the identity of the device already in the trust ring 1, and when the verification is passed, the joining process to the trust ring 1 is allowed, otherwise, the trust ring cloud prohibits the joining process of the device B to the trust ring 1.
S13: after the trust ring cloud passes the authentication of the device a based on the parameter PAKE12, the trust ring cloud returns the EMK11 of the device a to the trust ring service module of the device B.
S14, the trust ring service module of the equipment B sends EMK11 and PWAUTH21 to the trust ring module of the equipment B.
The trust ring module is located in a trusted execution environment of the device B, where the device B needs to decrypt the EMK11 to retrieve MK, and encrypt MK based on PWAUTH21 in the trusted execution environment to obtain EMK21.
S15, the trust ring module of the equipment B decrypts the EMK11 to obtain MK, and encrypts the MK based on PWAUTH21 to obtain EMK21.
S16: the trust ring module of device B sends EMK21 to the trust ring service module of device B.
S17: device B generates a parameter PAKE21 based on PWAUTH21.
S18: the trust ring service module of the device B sends a ring adding request carrying the EMK21 and the parameter PAKE21 to the trust ring cloud.
S19: the trust ring cloud joins device B in trust ring 1 in response to the add ring request.
After the device B joins the trust ring 1, the trust ring 1 data managed in the trust ring cloud is shown in table 2:
TABLE 2
UID UDID Parameter PAKE Master key ciphertext
Account number
1 Device A PAKE11 EMK11
Account number
1 Device B PAKE21 EMK21
S20: the trust ring cloud returns a loop adding success message to the trust ring service module of the device B.
After the trust ring cloud adds the device B to the trust ring 1, a loop adding success message is returned to the device B, and after the device B receives the loop adding success message, a switch for synchronizing to the glowing account number in the password safe interface is turned on, as shown in a (d) diagram of fig. 17. After the switch of synchronizing to the glowing account number is turned on, the user can perceive that the device B has successfully joined the trust ring, and the service data in the password safe can be synchronized to the account management server, so that other devices in the trust ring 1 under the account number 1 can share the service data.
To this end, the process of joining the trust ring 1 by the device B is completed, and the device B completes registration.
After the device B completes registration, the trust ring service module of the device B modifies the registration state of the device B to registered.
As can be seen through the trust ring joining process, in the embodiment of the present application, the cloud side sends the managed master key ciphertext of the registered device to the ring adding device, and the ring adding device decrypts the master key ciphertext of the registered device based on the user secret of the registered device to obtain the master key MK.
It should be noted that the above process should be understood as a schematic example of the process of adding a trust ring in the present application, and is not intended to limit the present application.
Fig. 19 is a schematic diagram illustrating synchronization of service data ciphertext from an account management server after a device B joins a trust ring. Fig. 20 is a schematic diagram illustrating an interface for synchronizing a service data ciphertext from an account management server. Referring to fig. 19, 12 and 20, in the case that the trust ring 1 of the account number 1 has been created, the device a has been added to the trust ring 1, and the device a has uploaded the service data ciphertext Edata to the account management server, the device B may synchronize the service data ciphertext Edata from the account management server to the device B, and decrypt with MK locally at the device B, to obtain the service data plaintext data.
The process of synchronizing the service data ciphertext from the account management server by the equipment B after the trust ring is added is as follows:
referring to fig. 12, the service data synchronization service module in the device B obtains the service data ciphertext Edata from the account management server through the account management server synchronization framework of the application layer. Then, the service data synchronization service module in the device B sends the service data ciphertext Edata to the service data storage service module in the device B, and the service data storage service module sends the service data ciphertext Edata to the key management module in the trusted execution environment in the device B. The trust ring module generates a service key dkey according to MK, the key management module reads the dkey from the trust ring module, and decrypts the service data ciphertext Edata by using the dkey to obtain the service data plaintext data. And then, the key management module returns the service data plaintext data to the service data storage service module, and the service data storage service module stores the service data plaintext data.
For example, referring to fig. 20, when a user uses service 1 on device B, the user needs to input an account number and a password of service 1. In the input interface of the account number and the password of the service 1, as shown in fig. 20 (a), the device B pops up information indicating whether to use the account number and the password of the service 1 synchronized by the password safe. If the user agrees, the device B automatically fills the account number and the password of the service 1 synchronized with the password safe to the interface shown in fig. 20 (a), and after filling, the account number and the password are shown in fig. 20 (B). Therefore, the user does not need to independently record the passwords for each service, and the user experience is improved.
It should be noted that, after the device B joins the trust ring 1, the service data in the device B may be encrypted by the master key MK and then synchronized to the account management server, and the synchronization process please refer to the foregoing description of synchronizing the service data with the account management server by the device a, which is not repeated herein.
On the basis that the device a has created the trust ring 1 of the account number 1 and the device B has joined the trust ring 1 through the joining trust ring flow of fig. 18, the device C under the account number 1 may also join the trust ring 1 according to the joining trust ring flow shown in fig. 18. For details of the process of joining the device C to the trust ring 1, please refer to the foregoing description of the process of joining the device B to the trust ring 1, and will not be repeated here.
Unlike device B, there are two in-loop devices, device a and device B, in the trust ring 1 before device C joins the trust ring 1. Thus, upon verifying the screen lock code of the old device (herein old device refers to the device in the ring device, i.e. the device that has registered to the trust ring), device C may select either one of the two devices a, B as the old device in the ring device. That is, in the process of joining the trust ring 1 by the device C, the list of devices returned to the device C by the trust ring cloud in step S10 shown in fig. 18 includes 2 trusted devices, that is, the device a (see glory V40 of fig. 22 (B)) and the device B (see glory V30 of fig. 22 (B)). In the "enter other glowing device lock screen password" interface popped up by device C, the lock screen password of the first registered device (device a in the embodiment of the present application) is entered by default, as shown in fig. 17 (C), i.e., the "other device" in this interface is glowing V40 (device a). At this time, the device C may select and input the lock screen code of other old devices, for example, the device B, through the "select authentication device" operation option on the interface shown in fig. 17 (C). The process of changing the authentication device by device C is explained below with reference to fig. 22.
Fig. 22 is a schematic flow chart of inputting a screen locking code of a ring device in a process of turning on a "synchronize to glory account" switch in a scenario in which the device C joins a trust ring. Referring to fig. 22, in the process of adding the device C to the trust ring, after entering the interface shown in fig. 17 (C), the user clicks "select authentication device" on the interface, as shown in fig. 22 (a). Thus, the device C enters the interface of "select authentication device", as shown in fig. 22 (b). Since there are already 2 in-loop devices (device a and device B) in trust ring 1 at this time, the "select verify device" interface has 2 devices, glowing V40 (device a) and glowing V30 (device B). The user clicks "glory V30", i.e. it means that the user selects device B as the old device for authentication. After clicking, device C pops up the "enter other glowing device lock screen password" interface, where "other device" changes to glowing V30, as shown in fig. 22 (C). When the screen lock code of the device B input by the user on the interface shown in fig. 22 (c) is correct, the "synchronize to glory account" switch is turned on.
Fig. 21 is a schematic diagram illustrating information interaction during joining of a trust ring by a device C. Referring to fig. 21, in the process that the device C joins the trust ring 1, the device C selects the device B as the old device, inputs the screen locking code pw22 of the device B when the screen locking code of the old device is input, generates the authentication parameter PAKE22 of the device B based on the screen locking code pw22, and then sends the authentication parameter PAKE22 of the device B to the trust ring cloud. After confirming that the PAKE22 is consistent with the authentication parameter PAKE21 of the device B stored in the trust ring 1, the trust ring cloud returns the master key ciphertext EMK21 of the device B to the device C. Then, the device C decrypts MK from the EMK21, encrypts MK based on the lockscreen code pw31 of the device C, generates a master key ciphertext EMK31 of the device C, that is, a third master key ciphertext, and generates an authentication parameter PAKE31 of the device C based on the lockscreen code pw31 of the device C, and then the device C sends the EMK31 and the PAKE31 to the trust ring cloud, which adds the device C to the trust ring 1. To this end, the process of joining the trust ring 1 by the device C is completed, and the device C completes registration.
After the device C joins the trust ring 1, the trust ring 1 data managed in the trust ring cloud is shown in table 3:
TABLE 3 Table 3
UID UDID Parameter PAKE Master key ciphertext
Account number
1 Device A PAKE11 EMK11
Account number
1 Device B PAKE21 EMK21
Account number
1 Device C PAKE31 EMK31
After the device C joins the trust ring 1, the service data in the device C may be encrypted by the master key MK and then synchronized to the account management server, or other data synchronized by the ring device in the account management server may be synchronized to the device C. The process of synchronizing the service data to the account management server refers to the foregoing description of the process of synchronizing the service data to the account management server by the device a, and the process of synchronizing the service data to the device C by the account management server refers to the foregoing description of the process of synchronizing the service data to the local device B by the account management server, which is not repeated herein.
Deleting trust loops
The trust loops correspond to glowing accounts, one corresponding to each trust loop. When the glowing account is logged off, the trust ring corresponding to the account is also deleted. Any registered device under the same account can initiate the process of deleting the trust ring. The process of deleting the trust ring will be described below by taking the process of deleting the trust ring initiated by the device a as an example.
FIG. 23 is a schematic diagram illustrating information interaction during deletion of a trust ring as shown by way of example. Referring to fig. 23, after a user performs an operation of logging out an account in the device a, the device a sends an account logging-out notification to an account management server. The account management server receives the account logout notification and sends a deletion ring (namely deleting the trust ring) notification to the trust ring cloud. The trust ring cloud receives the deletion ring notification, sends a push message to all devices in the trust ring, and the device receiving the push message deletes the local master key.
Fig. 24 is an interface diagram of an exemplary account logout process. Referring to fig. 24, when the user wants to log out the account, the user clicks the "set" application icon on the main interface of the device a, as shown in fig. 24 (a), and after clicking, the user enters the "set" interface shown in fig. 24 (b). At the "setup" interface, the user clicks on the account, entering the "account center" interface shown in fig. 24 (c). At the "Account center" interface, the user clicks on the "Account Security" option, and enters the "Account Security" interface shown in FIG. 24 (d). At the "account number security" interface, the user clicks on the "more" option, and enters the "more" interface shown in fig. 24 (e). At the "more" interface, the user clicks on the "security center" option, and enters the "security center" interface shown in fig. 24 (f). In the security center interface, the user clicks the "sell user" option, and the device a can execute the process of logging out the account.
Fig. 25 is a schematic flow diagram of an exemplary illustrated deletion of a trust ring. Referring to fig. 25, in an embodiment of the present application, the process of deleting the trust ring may include the following steps:
s1, an account management module of the equipment A receives operation of logging out an account 1 by a user.
S2, the account management module of the equipment A sends a logout notice to an account management server.
And S3, the account management server logs out the account 1, and sends a notice of deleting the trust ring corresponding to the account 1 to the trust ring cloud.
S4, the trust ring cloud traverses the data list and determines all ring devices under the account number 1.
For example, assuming that all of the ring devices of trust ring 1 include device a and device B, the trust ring cloud determines that the ring devices under account 1 include device a and device B.
S5, the trust ring cloud sends prompt information for deleting MK to the trust ring service module of the equipment A.
For example, in fig. 23, the trust ring cloud sends prompt information to delete MK to device a and device B, respectively.
The push message in fig. 23 is a prompt for deleting MK.
And S6, deleting all trust ring data under the account number 1 by the trust ring cloud.
S7, the account management server deletes all service data under the account 1.
S8, the trust ring service module of each ring device (comprising the device A) sends an MK deleting instruction to the trust ring module.
S9, the trust ring module of each ring device (comprising the device A) deletes MK.
After the process of deleting the trust ring is completed, MK in the device A and MK in the device B are deleted, all trust ring data about the account number 1 in the trust ring cloud are deleted, and all business data under the account number 1 in the account number management server are also deleted.
Then, if the data protection method according to the embodiment of the present application is to be used, the user needs to register the glowing account number, and then the trust ring creating process according to the embodiment of the present application is re-created and added into the trust ring.
After the device A and the device B delete MK, the trust ring service modules of the device A and the device B respectively modify the registration states of the device A and the device B into unregistered states.
The electronic device, the computer storage medium, the computer program product, or the chip provided in this embodiment are used to execute the corresponding methods provided above, so that the beneficial effects thereof can be referred to the beneficial effects in the corresponding methods provided above, and will not be described herein.
It will be appreciated by those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
Any of the various embodiments of the application, as well as any of the same embodiments, may be freely combined. Any combination of the above is within the scope of the present application.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those of ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are also within the protection of the present application.

Claims (20)

1. A data protection method applied to a first electronic device, comprising:
receiving a first screen locking code of the first electronic device input by a user, wherein the first electronic device is logged in a first account;
generating a master key in a trusted execution environment of the first electronic device;
encrypting the master key based on the first screen locking code to generate a first master key ciphertext of the first electronic device;
generating a first authentication parameter based on the first screen locking code;
creating a first trust ring corresponding to the first account on a first server side based on the first master key ciphertext and a first authentication parameter, and adding the first electronic device into the first trust ring;
receiving a request for logging out a first account logged in by the first electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server;
receiving a push message of the first server, wherein the push message is used for indicating deletion of a master key;
and deleting the master key in the trusted execution environment of the electronic device in response to the push message.
2. The method according to claim 1, wherein creating a first trust ring corresponding to the first account at a first server side based on the first master key ciphertext and a first authentication parameter, and adding the first electronic device to the first trust ring, comprises:
sending a ring creation request to a first server, so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and a first authentication parameter into trust ring data of the first trust ring; the ring creation request carries the first master key ciphertext and a first authentication parameter.
3. The data protection method is applied to the second electronic equipment and is characterized by comprising the following steps of:
receiving a second screen locking code of second electronic equipment input by a user, wherein the second electronic equipment is logged in to a first account;
when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to the first account number obtained from a first server;
When the identity verification of the first electronic device based on the first screen locking code is passed, receiving a first master key ciphertext of the first electronic device, which is sent by the first server;
decrypting the first master key ciphertext to obtain a master key;
adding the second electronic device to the first trust ring based on the master key and the second lockscreen code;
receiving a request for logging out a first account logged in by the second electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server;
receiving a push message of the first server, wherein the push message is used for indicating deletion of a master key;
and deleting the master key in the trusted execution environment of the second electronic device in response to the push message.
4. The method of claim 3, wherein adding the second electronic device to the first trust ring based on the master key and the second lockscreen code comprises:
encrypting the master key based on the second screen locking code, generating a second master key ciphertext of the second electronic device, and generating a second authentication parameter based on the second screen locking code;
And sending a ring adding request to a first server so that the first server adds the second master key ciphertext and a second authentication parameter to the trust ring data of the first trust ring.
5. The method of claim 4, wherein encrypting the master key based on the second lockscreen code generates a second master key ciphertext for the second electronic device, comprising:
generating a third derivative key according to the second screen locking code;
generating a fourth derivative key according to the third derivative key;
and encrypting the master key according to the fourth derivative key to obtain a second master key ciphertext of the second electronic device.
6. The method of claim 4, wherein generating a second authentication parameter based on the second lockscreen code comprises:
generating a third derivative key according to the second screen locking code;
generating a second shared value according to the third derivative key;
and encrypting the second shared value according to the HSM public key generated by the first server side to obtain the second authentication parameter.
7. A method according to claim 3, further comprising:
deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext;
And sending the first service data ciphertext to a second server so that the second server can store the first service data ciphertext.
8. A method according to claim 3, further comprising:
acquiring a second service data ciphertext from a second server;
deriving a first service key based on the master key;
and decrypting the second service data ciphertext by using the first service key to obtain second service data.
9. The method of claim 3, further comprising, after deleting the master key in the trusted execution environment of the second electronic device:
and modifying the registration state of the second electronic equipment to be unregistered.
10. An electronic device as a first electronic device, comprising: the system comprises an account management module, a trust ring service module and a trust ring module;
the trust ring service module is configured to:
receiving a first screen locking code of the first electronic device input by a user, wherein the first electronic device is logged in a first account;
the trust ring module is configured to:
generating a master key in a trusted execution environment of the first electronic device;
encrypting the master key based on the first screen locking code, generating a first master key ciphertext of the first electronic device, and sending the first master key ciphertext to the trust ring service module;
The trust ring service module is further configured to:
generating a first authentication parameter based on the first screen locking code;
creating a first trust ring corresponding to the first account on a first server side based on the first master key ciphertext and a first authentication parameter, and adding the first electronic device into the first trust ring;
the account management module is used for:
receiving a request for logging out a first account logged in by the electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server;
the trust ring service module is configured to:
receiving a push message of the first server, and sending a master key deleting instruction to the trust ring module, wherein the push message is used for indicating to delete a master key;
the trust ring module is configured to:
and deleting the master key in the trusted execution environment of the electronic device in response to the master key deletion instruction.
11. The electronic device of claim 10, wherein the trust ring service module creates a first trust ring corresponding to the first account on a first server side based on the first master key ciphertext and a first authentication parameter, and adds the first electronic device to the first trust ring, specifically configured to:
And sending a ring creation request to a first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and a first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter.
12. An electronic device as a second electronic device, comprising: the system comprises an account management module, a trust ring service module and a trust ring module;
the trust ring service module is configured to:
receiving a second screen locking code of second electronic equipment input by a user, wherein the second electronic equipment is logged in to a first account;
when the second screen locking code passes verification, receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is ring equipment information of a first trust ring corresponding to the first account number obtained from a first server;
when the identity verification of the first electronic device based on the first screen locking code is passed, receiving a first master key ciphertext of the first electronic device, which is sent by the first server;
sending the first master key ciphertext to the trust ring module;
The trust ring module is configured to:
decrypting the first master key ciphertext based on the first screen locking code to obtain a master key;
encrypting the master key based on the second screen locking code, generating a second master key ciphertext of the second electronic device, and sending the second master key ciphertext to a trust ring service module;
the trust ring service module is configured to:
adding the second electronic device to the first trust ring based on the second lockscreen code and the second master key ciphertext;
the account management module is used for:
receiving a request for logging out a first account logged in by the second electronic equipment, sending an account logging-out notification to a second server so that the second server logs out the first account, and sending a first notification for deleting a first trust ring corresponding to the first account to the first server;
the trust ring service module is configured to:
receiving a push message of the first server, and sending a master key deleting instruction to the trust ring module, wherein the push message is used for indicating to delete a master key;
the trust ring module is configured to:
and deleting the master key in the trusted execution environment of the second electronic device in response to the master key deletion instruction.
13. The electronic device of claim 12, wherein: the trust ring service module adding the second electronic device to the first trust ring based on the second lockscreen code and the second master key ciphertext, comprising:
generating a second authentication parameter based on the second screen locking code;
and sending a ring adding request to a first server so that the first server adds the second master key ciphertext and a second authentication parameter to the trust ring data of the first trust ring.
14. The electronic device of claim 13, wherein the trust ring module is configured to, when encrypting the master key based on the second lockscreen code to generate a second master key ciphertext for the second electronic device:
receiving a third derivative key generated by the trust ring service module according to the second screen locking code;
generating a fourth derivative key according to the third derivative key;
and encrypting the master key according to the fourth derivative key to obtain a second master key ciphertext of the second electronic device.
15. The electronic device of claim 13, wherein the trust ring service module is configured to, when generating the second authentication parameter based on the second lockscreen code:
Generating a third derivative key according to the second screen locking code;
generating a second shared value according to the third derivative key;
and encrypting the second shared value according to the HSM public key generated by the first server side to obtain the second authentication parameter.
16. The electronic device of claim 12, wherein the electronic device further comprises: the system comprises a business data synchronous service module, a business data storage service module and a key management module;
the trust ring service module is further configured to:
deriving a first service key based on the master key,
the business data storage service module is used for:
transmitting the first service data to the key management module;
the key management module is used for:
reading the first service key from the trust ring module, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; sending the first business data ciphertext to the business data storage service module;
the business data storage service module is further used for:
and sending the first service data ciphertext to a second server through the service data synchronous service module so that the second server stores the first service data ciphertext.
17. The electronic device of claim 16, further comprising:
the business data synchronous service module is also used for:
acquiring a second service data ciphertext from the second server, and storing the second service data ciphertext into the service data storage service module;
the business data storage service module is further used for:
transmitting the second service data to a key management module;
the key management module is further configured to:
and reading a first service key from the trust ring module, decrypting the second service data by using the first service key to obtain second service data, and storing the second service data into the service data storage service module.
18. The electronic device of claim 12, wherein the electronic device comprises a memory device,
the trust ring service module is further configured to:
after deleting the master key in the trusted execution environment of the electronic device, modifying the registration state of the electronic device to unregistered.
19. The data protection system is characterized by comprising electronic equipment, a first server and a second server;
the electronic device is used for:
receiving a request for logging out a first account logged in by the electronic equipment, and sending an account logging out notification to the second server, wherein the electronic equipment is added into a first trust ring corresponding to the first account by creating the trust ring or adding the trust ring;
The second server is configured to:
logging out the first account in response to the account logging-out notification, and sending a first notification for deleting a first trust ring corresponding to the first account to a first server;
the first server is configured to:
determining each ring device under the first trust ring in response to the first notification, and pushing a message to each ring device, wherein the ring device comprises the electronic device, and the pushing message is used for indicating deletion of a master key;
the electronic device is further configured to:
receiving the push message of the first server;
and deleting the master key in the trusted execution environment of the electronic device in response to the push message.
20. A computer readable storage medium comprising a computer program which, when run on an electronic device, causes the electronic device to perform the data protection method of any one of claims 1-9.
CN202111408409.3A 2021-11-19 2021-11-19 Data protection method, system and electronic equipment Active CN115037456B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111408409.3A CN115037456B (en) 2021-11-19 2021-11-19 Data protection method, system and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111408409.3A CN115037456B (en) 2021-11-19 2021-11-19 Data protection method, system and electronic equipment

Publications (2)

Publication Number Publication Date
CN115037456A CN115037456A (en) 2022-09-09
CN115037456B true CN115037456B (en) 2023-05-09

Family

ID=83118249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111408409.3A Active CN115037456B (en) 2021-11-19 2021-11-19 Data protection method, system and electronic equipment

Country Status (1)

Country Link
CN (1) CN115037456B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108132812A (en) * 2017-12-21 2018-06-08 维沃移动通信有限公司 A kind of method of data synchronization, mobile terminal and server
CN108134789A (en) * 2017-12-21 2018-06-08 北京深思数盾科技股份有限公司 The method and Cloud Server of data synchronization between devices are carried out by cloud

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9413770B2 (en) * 2012-11-30 2016-08-09 Lenovo (Singapore) Pte. Ltd. Cloud based application account management
CN104601529B (en) * 2013-10-31 2019-12-17 腾讯科技(深圳)有限公司 Terminal account management method and device
CN103618706B (en) * 2013-11-19 2018-11-02 深圳Tcl新技术有限公司 The control system and method that smart machine mutually accesses
WO2015134753A1 (en) * 2014-03-07 2015-09-11 Ubiquiti Networks, Inc. Cloud device identification and authentication
CN104333580B (en) * 2014-10-23 2018-05-01 安徽家家猫科技有限责任公司 A kind of account management system and its method based on cloud service
CN106789070A (en) * 2016-12-20 2017-05-31 北京小米移动软件有限公司 The decryption method of data, device and terminal
CN107404489B (en) * 2017-08-08 2020-09-11 广东工业大学 Mobile terminal sharing system and method
EP3677005B1 (en) * 2017-09-27 2021-03-03 Huawei Technologies Co., Ltd. Authentication protocol based on trusted execution environment
CN107769978A (en) * 2017-10-30 2018-03-06 上海斐讯数据通信技术有限公司 Management method, system, router and the server that a kind of terminal device networks
CN108200013B (en) * 2017-12-14 2020-08-21 厦门海为科技有限公司 Cloud-based remote security access method, device and system
CN108574567A (en) * 2018-03-19 2018-09-25 西安邮电大学 Private file protection and cryptographic-key management system and method, the information processing terminal
CN113609498B (en) * 2021-07-15 2022-09-30 荣耀终端有限公司 Data protection method and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108132812A (en) * 2017-12-21 2018-06-08 维沃移动通信有限公司 A kind of method of data synchronization, mobile terminal and server
CN108134789A (en) * 2017-12-21 2018-06-08 北京深思数盾科技股份有限公司 The method and Cloud Server of data synchronization between devices are carried out by cloud

Also Published As

Publication number Publication date
CN115037456A (en) 2022-09-09

Similar Documents

Publication Publication Date Title
US9992176B2 (en) Systems and methods for encrypted communication in a secure network
CN107251035B (en) Account recovery protocol
US10708237B2 (en) System and method for chat messaging in a zero-knowledge vault architecture
US20230239294A1 (en) Access processing method and device for remotely controlling terminal and storage medium
CN110247758B (en) Password management method and device and password manager
CN115021894B (en) Data protection method, system and electronic equipment
CN116346339B (en) Data protection method, system and electronic equipment
CN108768650B (en) Short message verification system based on biological characteristics
CN115037451B (en) Data protection method and electronic equipment
CN115037456B (en) Data protection method, system and electronic equipment
CN115037452B (en) Data protection method, system and electronic equipment
CN113904830B (en) SPA authentication method, SPA authentication device, electronic equipment and readable storage medium
CN115037455B (en) Data protection method and system and electronic equipment
CN115037450B (en) Data protection method and electronic equipment
CN115021895B (en) Data protection method and system and electronic equipment
CN115037454B (en) Data protection method and electronic equipment
CN114389802A (en) Information decryption method and device, electronic equipment and readable storage medium
CN114430343B (en) Data synchronization method and device, electronic equipment and readable storage medium
CN117879819B (en) Key management method, device, storage medium, equipment and computing power service system
EP4455922A1 (en) Data processing method and apparatus, and program product, computer device and storage medium
CN114765595B (en) Chat message display method, chat message sending device, electronic equipment and media
CN117478338A (en) Digital content downloading system, method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant