CN115333733A - Unlocking method and device, electronic equipment and readable storage medium - Google Patents

Abstract

The application discloses an unlocking method, an unlocking device, electronic equipment and a readable storage medium, and belongs to the technical field of communication. The method comprises the following steps: under the condition that a user forgets a screen locking password of the electronic equipment, the electronic equipment receives first input of M first verification codes input by the user, the M first verification codes are respectively provided by preset M credit contacts, P first verification codes are the same as P target verification codes, the P target verification codes are verification codes adopted when first keys of first screen locking passwords are used, the first screen locking passwords are current screen locking passwords of the electronic equipment, M and P are positive integers, and P is smaller than or equal to M; the electronic equipment responds to the first input and generates a second key corresponding to the first key based on the P first verification codes; the electronic equipment decrypts the first encrypted data by adopting the second key to obtain a first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by adopting the first key; and unlocking the electronic equipment by adopting the first screen locking password.

Description

Unlocking method and device, electronic equipment and readable storage medium

Technical Field

The application belongs to the technical field of communication, and particularly relates to an unlocking method, an unlocking device, electronic equipment and a readable storage medium.

Background

With the development of terminal technology, electronic devices are more and more widely applied. Generally, an electronic device can encrypt user data in the electronic device by setting a password on a screen locking interface, so as to protect privacy of a user.

Under the condition that the password is set for the lock screen interface, if the user forgets the password, the user can reset the electronic equipment by triggering the electronic equipment to restore the factory setting, so that the user can continue to use the electronic equipment. However, the original data of the user in the electronic device cannot be used continuously because the user data in the electronic device is encrypted based on the screen-locking password and stored in the electronic device, and the user forgets the screen-locking password, so that the encrypted user data cannot be decrypted correctly.

Disclosure of Invention

An object of the embodiments of the present application is to provide an unlocking method, an unlocking apparatus, an electronic device, and a readable storage medium, which can unlock the electronic device even if a user forgets a screen locking password of the electronic device, and can continue to use user data without resetting the electronic device.

In a first aspect, an embodiment of the present application provides an unlocking method, where the method includes: under the condition that a user forgets a screen locking password of the electronic equipment, the electronic equipment receives first input of the user, the first input is used for inputting M first verification codes, the M first verification codes are respectively provided by preset M communication contacts (the contact information of the communication contacts can be in the modes of mobile phone numbers, electronic mails and the like), P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes adopted when first keys of first screen locking passwords, the first screen locking passwords are current screen locking passwords of the electronic equipment, M and P are positive integers, and P is smaller than or equal to M; the electronic equipment responds to the first input and generates a second key corresponding to the first key based on the P first verification codes; the electronic equipment decrypts the first encrypted data by adopting the second key to obtain a first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by adopting the first key; the electronic equipment adopts the first screen locking password to unlock the electronic equipment.

In a second aspect, an embodiment of the present application provides an unlocking device, which may include: the device comprises a receiving module and a processing module; the electronic equipment comprises a receiving module, a first input module and a second input module, wherein the receiving module is used for receiving the first input of a user under the condition that the user forgets a screen locking password of the electronic equipment, the first input is used for inputting M first verification codes, the M first verification codes are respectively provided by preset M credit contacts, P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes adopted when first secret keys of first screen locking passwords are used, the first screen locking password is the current screen locking password of the electronic equipment, M and P are positive integers, and P is smaller than or equal to M; a processing module, configured to generate, in response to the first input received by the receiving module, a second key corresponding to the first key based on the P first verification codes; decrypting the first encrypted data by using the second key to obtain a first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by using the first key; unlocking the electronic equipment by adopting a first screen locking password; the first encrypted data is data obtained by encrypting the first screen locking password by using the first key.

In a third aspect, embodiments of the present application provide an electronic device, which includes a processor and a memory, where the memory stores a program or instructions executable on the processor, and the program or instructions, when executed by the processor, implement the steps of the method according to the first aspect.

In a fourth aspect, embodiments of the present application provide a readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the method according to the first aspect.

In a fifth aspect, an embodiment of the present application provides a chip, where the chip includes a processor and a communication interface, where the communication interface is coupled to the processor, and the processor is configured to execute a program or instructions to implement the method according to the first aspect.

In a sixth aspect, embodiments of the present application provide a computer program product, which is stored in a storage medium and executed by at least one processor to implement the method according to the first aspect.

In the embodiment of the application, when the user forgets the screen locking password of the electronic device, the electronic device may generate a second key corresponding to the first key through P first verification codes of M first verification codes provided by M preset trust contacts input by the user, and decrypt first encrypted data encrypted by the first key through the second key to obtain the current screen locking password of the electronic device, so as to unlock the electronic device through the screen locking password. The electronic equipment can be unlocked through the verification code provided by the credit contact person, so that the user data can be correctly decrypted and continuously available, and the electronic equipment does not need to perform operations such as factory setting restoration and the like.

Drawings

Fig. 1 is a schematic flowchart of an unlocking method provided in an embodiment of the present application;

fig. 2 is a schematic diagram of communication between an electronic device and a management server in an embodiment of the present application;

fig. 3 is a schematic structural diagram of an unlocking device provided in an embodiment of the present application;

fig. 4 is a schematic structural diagram of an electronic device provided in an embodiment of the present application;

fig. 5 is a second schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described below clearly with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present disclosure.

The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application may be practiced in sequences other than those illustrated or described herein, and that the terms "first," "second," and the like are generally used herein in a generic sense and do not limit the number of terms, e.g., the first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.

Some of the nouns or terms referred to in the claims and the specification of the present application will be explained first.

Personal identification code: also known as a lock screen password. The method is a safety protection measure of the electronic equipment and is used for protecting the safety of data in the electronic equipment. The personal identification code is all called English: the Personal Identification Number is abbreviated as a PIN code.

If the electronic equipment starts the opening PIN code, the unlocking of the screen of the electronic equipment can be realized only by the data PIN code after the electronic equipment is started each time.

Currently, the lock screen of an electronic device (e.g. a mobile phone) is unlocked in a manner that includes: screen locking passwords or PIN codes, fingerprint identification, face identification and the like. Generally, the security of the screen locking password/PIN code is higher than that of fingerprint identification and face identification. Therefore, when the electronic device is unlocked for the first time after being restarted, the electronic device is unlocked within a preset time interval (for example, 72 hours) after being started, or the fingerprint or face recognition fails for a plurality of times (for example, 5 times), the electronic device needs to be unlocked by forcibly using the screen locking password/PIN code, so that the electronic device can be continuously and normally used. To ensure the security of data in the electronic device.

It can be understood that, in order to ensure the security of data in the electronic device, that is, to protect the privacy of the user, in a scenario where the electronic device needs to be unlocked by the screen locking password or the PIN code, if the user forgets the screen locking password or the PIN code, even if the fingerprint recognition or the face recognition is successful, the mobile phone cannot be unlocked.

Trusted Execution Environment (TEE): the TEE is an independent secure operating Environment provided in the electronic device, and the operating Environment is logically isolated from a multimedia Execution Environment (REE), and the TEE and the REE can only interact through an authorized Application Programming Interface (API). The TEE provides a secure execution environment for trusted applications (Trust APP, TA), while also ensuring confidentiality, integrity and access rights for TA's resources and data.

REE: the method is a general Operating environment of the electronic device, and a general Operating System (OS) such as an Android System and an ios System runs in the REE.

The screen locking state: the method comprises the steps that a screen of the electronic equipment is in a lighting state, and a screen locking interface is displayed; that is, the electronic device is in a state when the electronic device lights up the screen but does not unlock the screen.

A screen locking interface: the interface is displayed by the electronic equipment when the screen is lightened by the electronic equipment and the screen is not unlocked by the electronic equipment.

The following is an exemplary description of a solution to solve the problem in the related art when a user forgets a screen-locking password.

Solution 1:

and remotely resetting the mobile phone by logging in the cloud service account. If the user data in the mobile phone needs to be recovered, the user must synchronize the user data in the mobile phone to the cloud or the computer in advance. However, if the user data in the mobile phone is selected to be synchronized to the cloud, the user may worry about the security of the data; if the user data in the mobile phone is selected to be synchronized to the computer, the convenience is not enough, and users (especially old people) using the mobile phone do not have independent computers.

Furthermore, when the mobile phone is reset remotely, the user is required to log in the cloud service account, but for common users, especially old people, the cloud account is not necessarily registered, the password difficulty of the cloud account is higher, and the old people can not remember the cloud account easily.

Solution 2:

by restoring factory settings. Specifically, the user can autonomously reset the mobile phone and reuse the mobile phone when forgetting the screen locking password, but at this time, the data originally stored in the electronic device by the user cannot be used continuously, because the original data of the user is encrypted based on the screen locking password, and because the user forgets the screen locking password, the encrypted user data cannot be decrypted correctly, which brings inconvenience to the user.

Solution 3:

a remote unlocking scheme comprising the following steps 1 and 2:

step 1, a remote unlocking preparation stage.

Step 1.1, registering cloud service corresponding to the mobile phone, and logging in the cloud service by the mobile phone;

step 1.2, searching a my mobile phone entrance in the cloud service account, and manually starting a remote unlocking function.

And 2, remotely unlocking.

Step 2.1, when the user forgets the screen locking password, the user can trigger the mobile phone to successfully log in the cloud service;

and 2.2, the cloud service verifies the remote unlocking password. Specifically, the method comprises the following steps:

a) The user can click remote unlocking on the cloud service website, input the password of the cloud service account again, and remotely unlock the mobile phone. If the mobile phone is in the networking state at the moment, the cloud service can indicate that the mobile phone is restored to the state without setting the screen locking password, so that the user can normally use the mobile phone and can continue to use the original data.

b) If the user forgets the password of the cloud service account, the user can trigger a Subscriber Identity Module (SIM) card bound to the cloud service account by the cloud service, and usually sends a short message verification code to the SIM card installed in the mobile phone to retrieve the password of the cloud service account; and then the mobile phone is remotely unlocked by reusing the a).

Although the solution 3 can be unlocked remotely, a serious security hole exists, specifically, when the mobile phone is stolen or lost, an attacker may pull out the SIM card of the mobile phone and place the SIM card in another mobile phone, and obtain the short message verification code for remote unlocking by forgetting the remote unlocking password, so as to unlock the stolen/lost mobile phone remotely and obtain the user data in the mobile phone.

As can be seen from the above analysis, the operation difficulty of recovering the user data in the mobile phone in the solution 1 is large; in the factory reset according to the solution 2, the electronic device can be reused, but the data originally stored in the electronic device by the user cannot be used continuously; according to the solution 3, when the mobile phone is lost, an attacker can unlock the mobile phone remotely by forgetting the remote unlocking password, so that great potential safety hazards are generated.

Based on the above discussion, an object of the embodiments of the present application is to provide an unlocking method, which enables a user to conveniently and safely reset a screen locking password of an electronic device, and to continue to normally use data originally stored in the electronic device. Specifically, the method comprises the following steps:

the electronic equipment generates P (P is a positive integer less than or equal to M) target verification codes in the TEE based on the contact information of M credit contacts, generates a first secret key based on the P target verification codes, and encrypts a screen locking password of the electronic equipment through the first secret key. And then the electronic equipment stores the encrypted screen locking password, the P target verification codes and the M contact information in the TEE, specifically in a storage area associated with the TEE. The electronic device may send M verification codes (e.g., M second verification codes in the embodiment of the present application) to M trust contacts in advance, where the M verification codes include P target verification codes, and the M verification codes correspond to the M trust contacts one to one. In a scene that the electronic device needs to be unlocked by the screen locking password, for example, in a scene that the user forgets the screen locking password of the electronic device, the electronic device may further prompt the user to obtain a corresponding verification code from a related credit contact, for example, to output a name of the credit contact. Therefore, the user can quickly and ready acquire the corresponding verification code from the related credit contact person based on the prompt of the electronic equipment and input the verification code into the electronic equipment. After the electronic device receives M first verification codes provided by M trust contacts and input by a user, the electronic device can generate a second key corresponding to the first key according to P first verification codes which are the same as P target verification codes in the M first verification codes; unlocking the encrypted screen locking password (such as the first screen locking password) through a second secret key to obtain a screen locking password; and the electronic equipment is unlocked by adopting the screen locking password.

Therefore, the electronic equipment can be unlocked based on the M first verification codes input by the user and the P target verification codes stored in the electronic equipment, so that the user is not required to backup user data to other equipment in advance and remember related passwords (such as passwords of a cloud service account) in advance, the electronic equipment can be safely and conveniently unlocked under the condition that the screen locking password is forgotten, and the user can be ensured to continuously use the user data in the electronic equipment.

Optionally, in order to further improve the security degree of unlocking the electronic device, the electronic device may store a part of the P target verification codes (for example, (P-Q) target verification codes in this embodiment) and contact information of a part of the M trusted contacts (for example, (M-N) contact information in this embodiment) in a management server corresponding to the electronic device, and store the rest of the P target verification codes and the rest of the M contact information in the TEE. Therefore, in a scenario that the electronic device needs to be unlocked by the lock screen password, the electronic device may send a verification code (which may be a target verification code or an interference code) to the trusted contact indicated by the contact information stored in the TEE, and send a notification message to the management server to notify the management server to send a second verification code (which may be, for example, the target verification code stored in the management server or the interference code sent by the electronic device) to each trusted contact indicated by the contact information stored in the management server. So that the user can obtain the relevant authentication code from the relevant trusted contact.

It should be noted that the interference code is generated by the electronic device in real time.

It can be understood that the unlocking method provided by the embodiment of the application has at least the following beneficial effects:

1. the user does not need to register the cloud service in advance; 2. the user data in the electronic equipment is not required to be synchronized to the cloud or the computer in advance by the user, and the user data always exists in the electronic equipment and never leaves the electronic equipment; 3. the unlocking verification code of the electronic equipment is provided by at least two credit (emergency) contacts, so that the risk of user data leakage when the electronic equipment is stolen or lost is reduced.

The unlocking method provided by the embodiment of the present application is described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.

An unlocking method is provided in the embodiment of the present application, and fig. 1 shows a possible flow diagram of the unlocking method provided in the embodiment of the present application. As shown in fig. 1, the call capability monitoring method provided in the embodiment of the present application may include steps 101 to 104 described below. The following description will take the electronic device as an example to execute the method.

Step 101, the electronic device receives a first input of a user when the user forgets a screen locking password of the electronic device.

The first input is used for inputting M first verification codes, the M first verification codes are respectively provided by preset M credit granting contacts, P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes adopted when the electronic equipment generates a first secret key of a first screen locking password, the first screen locking password is the current screen locking password of the electronic equipment, M and P are positive integers, and P is smaller than or equal to M.

It should be noted that the electronic device may receive the first input of the user in a scene where the screen locking password is required to unlock the electronic device and the user forgets the screen locking password.

In the embodiment of the present application, the "scene requiring unlocking of the electronic device by the screen locking password" may be understood as: the screen-locking password must be input to unlock the scene of the screen of the electronic device.

Optionally, the "scenario requiring a screen-lock password to unlock the electronic device" may include at least one of: the electronic device is unlocked for the first time after being restarted, the electronic device is unlocked without using a screen locking password/PIN code within a preset time (for example, 72 hours) after being started, or fingerprints or face recognition failures are continuously performed for a plurality of times (for example, 5 times), and the like, and the scenes can be determined according to actual use requirements.

It can be understood that in a scenario where the screen-locking password is required to unlock the electronic device, the electronic device is in a screen-locking state.

Optionally, the electronic device may display an input box for inputting M first verification codes when the user forgets the screen locking password of the electronic device, the electronic device is in the screen locking state, and the electronic device starts the unlocking function, so that the user may input M first verification codes in the input box (that is, the electronic device receives the first input of the user).

Optionally, the electronic device may start the unlocking function after the authentication condition for starting the unlocking function is satisfied. This ensures that an authorized user or an owner of the electronic device can only activate the function.

The authentication condition for starting the unlocking function may include: and the authentication conditions of the authorized user or the owner user of the electronic equipment can be identified at will, such as successful fingerprint identification, successful face identification or successful iris identification.

For example, after the user forgets the screen locking password, the electronic device may be triggered to perform face recognition, so that the electronic device starts the unlocking function after the face recognition is successful.

It can be understood that, in this embodiment of the application, the electronic device may first generate the first key by using the P target verification codes, encrypt the first lock screen password of the electronic device based on the first key, and store the encrypted first lock screen password (that is, the first encrypted data described below).

It is understood that the electronic device storing the encrypted first lock screen password includes: the electronic device stores the encrypted first lock screen password in a TEE of the electronic device.

Step 102, the electronic device responds to the first input, and generates a second key corresponding to the first key based on the P first verification codes.

It should be noted that the first key and the second key may be a key pair.

For example, the first Key may be a public Key (Pub _ Key), and the second Key may be a corresponding private Key (Pri _ Key); alternatively, the first key may be a public key and the second key may be a corresponding private key.

Optionally, in this embodiment of the application, the electronic device may generate first data T based on the P first verification codes and a first encryption algorithm, such as a cipher algorithm, and then calculate a second key corresponding to the first key according to an asymmetric encryption algorithm, such as an elliptic Curve mathematics-based public key cryptography (ECC) algorithm, based on the data T.

In the embodiment of the application, if P first verification codes matched with P target verification codes do not exist in M first verification codes input by a user, or the number of the first verification codes matched with P target verification codes in the M first verification codes is less than P, the electronic device cannot correctly generate a second key corresponding to the first key.

Alternatively, in order to increase the success rate of decrypting the first encrypted data, the step 102 may be specifically implemented by the step 102a described below.

And 102a, under the condition that the number of the verification codes passing the credibility verification in the M first verification codes is larger than or equal to the target number, generating a second key based on the P first verification codes.

The target number is the number of the target verification codes sent by the electronic equipment before the electronic equipment receives the first input.

In this embodiment of the present application, that "the number of verification codes that pass trusted verification in the M first verification codes is greater than or equal to the target number" means: the coincidence degree of the M first verification codes and the P target verification codes input by the user is higher. In other words, if the number of the verification codes passing the trusted verification in the M first verification codes is smaller than the target number, it indicates that the electronic device cannot successfully unlock the screen of the electronic device based on the received M first verification codes.

Alternatively, the M first verification codes may be verified trustfully based on the target verification codes stored in the electronic device, that is, the scrambling codes (e.g., L scrambling codes described below) in the M first verification codes do not participate in the trustful verification, and at this time, when the number of verification codes that pass the trustful verification in the M first verification codes is equal to the target number, the electronic device may generate the second key based on the P first verification codes. Alternatively, the M first verification codes may be trusted and verified based on the target verification code and the temporary interfering code stored in the electronic device, that is, interfering codes (e.g., L interfering codes described below) in the M first verification codes participate in trusted verification, and at this time, when the number of verification codes that pass trusted verification in the M first verification codes is greater than the target number, the electronic device may generate the second key based on the P first verification codes.

Optionally, when the M first verification codes include an interference code, the electronic device may discard the interference code, for example, compare the M first verification codes with an interference code stored in the electronic device, and use the successfully compared first verification code as the interference code and discard the interference code. The electronic device may then determine the remaining first verification codes as P first verification codes. In actual implementation, of course, the electronic device may also select the P first verification codes based on other manners.

It can be understood that the verification codes except the P first verification codes in the M first verification codes are interference codes and do not participate in subsequent calculation. The interference code has the function of increasing the safety degree of the unlocking process and reducing the risk of attack.

In this way, since the electronic device generates the second key based on the P first verification codes only when the number of verification codes that pass trusted verification in the M first verification codes is greater than or equal to the target number, it is possible to avoid generating the key based on the received verification codes when the number of verification codes that pass trusted verification in the M first verification codes is less than the target number, and thus power consumption of the electronic device can be saved.

And 103, the electronic equipment decrypts the first encrypted data by adopting the second key to obtain a first screen-locking password.

The first encrypted data is data obtained by encrypting the first screen locking password by using the first key.

And 104, the electronic equipment adopts the first screen locking password to unlock the electronic equipment.

It can be understood that the electronic device adopting the first screen locking password to unlock the electronic device comprises: and unlocking the screen of the electronic equipment by adopting the first screen locking password, and decrypting the file system of the electronic equipment based on the first screen locking password. Namely, after the electronic device is unlocked, the file system of the electronic device is in a plaintext state. Wherein the file system includes user data.

Therefore, when the user forgets the screen locking password of the electronic device, the electronic device can generate a second key corresponding to the first key through P first verification codes (and P target verification codes adopted when the first key of the first screen locking password is generated) in M first verification codes provided by M preset trust contacts input by the user, decrypt first encrypted data encrypted by the first key through the second key to obtain the current screen locking password of the electronic device, and further unlock the electronic device through the screen locking password. Namely, the electronic equipment can be unlocked through the verification code provided by the credit contact person, so that the original data of the user can be correctly decrypted, the original data of the user can be continuously available, and the electronic equipment is not required to perform operations such as factory setting restoration and the like.

Optionally, before the step 101, the unlocking method provided in the embodiment of the present application may further include a step 105 described below.

And 105, under the condition that the user forgets the screen locking password of the electronic equipment, the electronic equipment executes a first operation.

In the embodiment of the present application, the first operation may include any one of the following operations 1 and 2:

operation 1, the electronic device sends encrypted M second verification codes to M trusted contacts, respectively, where the M second verification codes include P target verification codes.

And operation 2, the electronic device sends the encrypted N second verification codes to the N trust contacts respectively, and sends a notification message to the management server based on the secure transmission protocol, where the N second verification codes may include Q target verification codes, the notification message is used to notify the management server to send the encrypted (M-N) second verification codes to the (M-N) trust contacts respectively, Q is a positive integer less than or equal to P, N is a positive integer less than M, and N is greater than or equal to Q.

It is understood that in operation 2, the management server stores therein at least: and (M-N) contact information of the credit contact persons.

Optionally, in a case where the user forgets the screen locking password of the electronic device, the electronic device may perform the first operation when it is detected that the unlocking function is turned on.

It should be noted that, after the electronic device performs the first operation, each of the M trust contacts may receive one second verification code. The user can then obtain a first authentication code from each of the M trusted contacts by a specific communication means, for example by talking with the M trusted contacts via another device. It can be understood that when the trust contact receives one second verification code and the user can obtain one second verification code from each trust contact, the M second verification codes are the same as the M first verification codes.

Optionally, the secure transport protocol may include any of: a Transport Layer Security (TLS), an Internet Protocol Security (IPSec), a hypertext Transfer Protocol over secure socket Layer (HTTPs), and the like.

Alternatively, in operation 2 above, when N is equal to P, the P-target authentication code may be all included in the N second authentication codes, that is, the authentication code issued by the server is an interference code that does not participate in key generation. Alternatively, when N is less than P, (P-N) target authentication codes may be included in the authentication code issued by the server. The method can be determined according to actual use requirements, and the embodiment of the application is not limited.

Optionally, before the step 105, the unlocking method provided in the embodiment of the present application may further include the step 106 described below.

And 106, the electronic equipment randomly generates L interference codes.

The M second verification codes include L interference codes and P target verification codes, M = P + L, and L is a positive integer.

It is understood that the interference codes in the embodiments of the present application are all transmitted from the electronic device. In other words, the management server does not store the interference code therein.

In the embodiment of the application, since the interference codes in the M second verification codes are generated by the electronic device in real time, the risk of verification code leakage caused by the attack of the electronic device can be reduced, and the security of the process of unlocking the electronic device based on the verification codes is further improved.

Optionally, before the step 101, the unlocking method provided in the embodiment of the present application may further include the following steps 107 to 110.

And step 107, the electronic device receives a second input of the user under the condition that the electronic device is in the unlocked state.

The second input can be used for inputting the first screen-locked password and the contact information of the M credit contacts.

Optionally, the electronic device may receive a second input from the user while the electronic device is in the unlocked state.

For example, when the electronic device is in an unlocked state and the unlocking function is turned on, prompt information prompting the user to input a first screen locking password and contact information of the M credit contact persons is displayed, and then the user can input the first screen locking password and the contact information of the M credit contact persons based on the prompt information and the unlocking requirement.

Optionally, the contact information of the trusted contact may include: telephone number, instant messaging account number, email, nickname and any other information capable of uniquely identifying the trusted contact.

For example, the user may add the mobile phone numbers of M trusted contacts, such as A1, A2, …, am, through the second input.

And step 108, the electronic equipment responds to the second input and generates P target verification codes according to the M contact information.

It should be noted that the M pieces of contact information are contact information of the M trust contacts, and the M pieces of contact information correspond to the M trust contacts one to one.

It is understood that the P target authentication codes may also be referred to as P random factors.

For example, the electronic device may generate M-1 random factors, i.e., R1, R2, …, rm-1, according to M pieces of contact information added by the user; the M-1 (i.e., P = M-1) random factors will be referred to as unlocking verification codes, i.e., the above-mentioned P target verification codes, and when the user starts the unlocking function, the unlocking verification codes will be sent to the mobile phone of the credit contact person in a form of short message respectively. Of course, before sending the short message, the unlocking verification codes can be encrypted firstly, so that the unlocking verification codes are prevented from being leaked.

In the embodiment of the application, each target verification code is associated with the contact information of one trust contact in M trust contacts.

And step 109, the electronic device generates a second key based on the P target verification codes, and processes the second key to obtain a first key.

Optionally, in this embodiment of the application, the electronic device may generate the first data T based on the P target verification codes and a first encryption algorithm, such as a scrypt algorithm, and then calculate the second key according to an asymmetric encryption algorithm, such as an ECC algorithm, based on the data T. Thus, the electronic device may further calculate a first key corresponding to the second key according to an asymmetric encryption algorithm, such as an ECC algorithm, based on the second key.

It can be seen that the method adopted by the electronic device to generate the second key based on the P first verification codes is the same as the method adopted to generate the second key based on the P target verification codes.

And step 110, the electronic device discards the second key, and encrypts the first screen-locked password by using the first key to obtain first encrypted data.

For example, the electronic device discards the private key (i.e., the second key), and encrypts the first screen-locked password by using the public key (i.e., the first key), to obtain a ciphertext of the password/PIN code, i.e., the first encrypted data.

Therefore, after the user inputs the first screen locking password and the M pieces of contact information, because the electronic device can generate the P target verification codes based on the M pieces of contact information, generate a key pair based on the P target verification codes, encrypt the first screen locking password by adopting one key in the key pair, obtain the first encrypted data, and discard the other key, on one hand, under the condition that the user forgets the first screen locking password, the first encrypted data can be decrypted based on the M first verification codes input by the user, obtain the first screen locking password, and unlock the electronic device by adopting the first screen locking password. On the other hand, the electronic device does not store the first key, so that the risk of cracking the first encrypted data can be reduced, and the security of the data in the electronic device can be improved.

Optionally, after step 110, the unlocking method provided in the embodiment of the present application may further include step 111 described below.

And step 111, the electronic equipment stores the first secret key, the first encrypted data, the M pieces of contact information and the P pieces of target verification codes.

In the embodiment of the application, the electronic equipment can store the first key, the first encrypted data, the M pieces of contact information and the P pieces of target verification codes, so that on one hand, the risk that the first key, the first encrypted data, the M pieces of contact information and the P pieces of target verification codes are stolen can be reduced, and on the other hand, the safe unlocking of the electronic equipment can be realized under the condition that a user forgets a screen locking password.

Alternatively, the step 111 may be specifically realized by the following step 111a or 111 b.

Step 111a, the electronic device stores the first key, the first encrypted data, the M pieces of contact information, and the P pieces of target verification codes in the electronic device.

For example, in the TEE of the electronic device.

In the embodiment of the present application, step 111a corresponds to operation 1 described above. That is, after the electronic device performs step 111a, when the user forgets the screen locking password of the electronic device, the electronic device may send M second verification codes to M trusted contacts through operation 1.

Step 111b, the electronic device stores the first key, the first encrypted data, the N pieces of contact information, and the Q pieces of target verification codes in the electronic device, and stores the encrypted (M-N) pieces of contact information and the encrypted (P-Q) pieces of target verification codes in the management server; wherein N is a positive integer less than M, Q is a positive integer less than or equal to P, and N is greater than or equal to Q

In this embodiment of the application, the M trust contacts may include N trust contacts and (M-N) trust contacts, where N and K are positive integers, and N + K = M.

Optionally, the electronic device stores the encrypted (M-N) contact information and the encrypted (P-Q) target verification codes in the management server by sending the encrypted (M-N) contact information and the encrypted (P-Q) target verification codes to the management server.

Optionally, in the step 111b, after the electronic device sends the encrypted (M-N) pieces of contact information and the encrypted (P-Q) pieces of target verification codes to the management server, the management server may store the encrypted (M-N) pieces of contact information and the encrypted (P-Q) pieces of target verification codes.

For example, the management server may store the encrypted (M-N) contact information and the encrypted (P-Q) target authentication code in a Trusted Application Management (TAM) environment of the management server, and in particular, the management server may store the (M-N) contact information and the encrypted (P-Q) target authentication code in an area (TAM-unlock) of the TAM for storing the unlocking-related information.

In the embodiment of the present application, the step 111b corresponds to the operation 2. That is, after the electronic device performs step 111a, when the user forgets the screen locking password of the electronic device, the electronic device may perform step 111a, so that the M trust contacts receive the M second verification codes. Therefore, the user can obtain M first verification codes from M credit contacts through a specific communication mode (such as voice communication).

Optionally, the first key may be used to encrypt the updated screen locking password when the screen locking password is updated, so as to form third encrypted data, so as to update the first encrypted data to the third encrypted data. Specifically, after the user inputs a new screen locking password, the electronic device may invoke the unlocking trusted application at the background, encrypt the new screen locking password using the first key, and store the ciphertext (i.e., the third encrypted data) of the new screen locking password in the TEE instead of the original ciphertext (i.e., the first encrypted data) of the previous screen locking password, which requires enhancing the update process of the existing screen locking password when the electronic device is implemented. Therefore, when the electronic equipment detects that the screen locking password is updated, the updated screen locking password is encrypted by the first secret key, so that the electronic equipment can obtain the screen locking password of the electronic equipment which is updated for the last time based on the verification code input by the user. Therefore, the electronic equipment can be successfully unlocked based on the verification code input by the user, and the reliability of unlocking the electronic equipment based on the verification code is improved.

Optionally, after the step 104, the unlocking method provided by the embodiment of the present application may further include the following steps 112 and 113.

And step 112, the electronic equipment outputs prompt information.

The prompt message can be used for prompting the user to reset the screen locking password.

And step 113, when the electronic device detects that the screen locking password is updated to the second screen locking password, encrypting the second screen locking password by using the first key to obtain second encrypted data, and updating the first encrypted data to the second encrypted data.

It can be understood that the first key is used to encrypt the lock screen password, and therefore, in the case of a change of the lock screen password, the first key encrypts the changed lock screen password.

Therefore, after the electronic equipment is unlocked based on the verification code input by the user, the electronic equipment can prompt the user to modify the unlocking password, so that the risk that the unlocking password of the electronic equipment is leaked and stolen can be reduced, and the safety of user data in the electronic equipment is improved.

In order to better understand the unlocking method provided in the embodiment of the present application, a detailed description is provided below for a specific flow of the unlocking method provided in the embodiment of the present application.

Exemplarily, as shown in fig. 2, a trusted application TA _ unlock is newly added in a TEE of the electronic device, and an API for unlocking the trusted application is newly added in a REE of the electronic device, that is, a Client call interface TA _ unlock Client API for unlocking the trusted application is called; a TAM unlocking function TAM _ unlock is added in the TAM of the management server. Therefore, by means of the TA _ unlock, the TA _ unlock Client API and the TAM _ unlock, the electronic equipment can be unlocked when the user forgets the screen locking password or the PIN code, the user can be ensured to continue using the user data in the electronic equipment, and the user can reset the screen locking password or the PIN code.

It is to be understood that the dashed arrows in fig. 2 represent the communication between TA _ unlock and TAM _ unlock. The dashed lines in fig. 2 indicate that the REE and TEE of the electronic device are isolated from each other.

1. Preparatory phase for unlocking

The unlock preparation phase is illustratively implemented by steps 41 through 49 described below.

And step 41, the electronic equipment receives a first screen locking password input by a user.

It can be understood that the user can input the first screen locking password when the electronic device is in the unlocked state, and the electronic device can start the unlocking function after the user inputs the first screen locking password.

And step 42, the electronic equipment receives the telephone numbers (namely contact information) of the M credit-granting contacts input by the user. Specifically, suppose that the user adds M (M ≧ 2) cell phone numbers of the trust contacts, such as H1, H2, …, hm.

It can be seen that step 107 described above can be implemented specifically by step 41 and step 42.

Step 43, the TA _ unlock in the electronic device generates P random factors (i.e., P target verification codes) according to the mobile phone number of the M trust contacts added by the user, that is, R1, R2, …, rp, P is a positive integer less than or equal to M. It can be seen that step 108 described above can be specifically implemented by step 43.

The P random factors are subsequently called as unlocking verification codes, and when the user starts the unlocking function, the unlocking verification codes are respectively sent to the credit granting emergency contact persons in a short message manner, and certainly when the short message is sent, the safety of sending the short message needs to be ensured through other safety manners such as encryption.

Step 44, generating data T by the TA _ unlock according to P target verification codes, R1, R2, …, rn-1 (P in total), by using a first encryption algorithm, such as scrypt; and, the TA _ unlock further calculates a second Key (e.g., pri _ Key) according to an asymmetric encryption algorithm, such as an ECC algorithm.

And step 45, calculating a first Key (such as Pub _ Key) corresponding to the second Key according to an asymmetric encryption algorithm, such as an ECC algorithm, based on the second Key.

It can be seen that step 109 can be specifically realized by step 44 and step 45.

Step 46, TA _ unlock discards the second key.

And step 47, the TA _ unlock encrypts the first screen-locking password by using the first key to obtain a ciphertext of the first screen-locking password, namely the first encrypted data.

It can be seen that step 110 can be specifically realized by steps 46 and 47.

Step 48, TA _ unlock stores the first key and the first encrypted data in the TEE and performs a second operation.

Specifically, in one mode, TA _ unlock stores the phone numbers of M trusted contacts and P target verification codes in the TEE. In another mode, the TA _ unlock stores the telephone numbers of N credit contacts and Q target verification codes in the TEE; and the electronic equipment calls the TA _ unlock through the TA _ unlock Client API so as to send the encrypted (M-N) telephone numbers of the credit-granting contacts and the encrypted (P-Q) target verification codes to the management server, wherein Q is a positive integer smaller than or equal to P, N is a positive integer smaller than M, and N is larger than or equal to Q. The management server may then receive and store the encrypted (M-N) phone numbers of the trusted contacts and the encrypted (P-Q) target authentication codes. For example, in another mode, the electronic device sends a target verification code, such as R1, in R1, R2, …, rn-1 and a mobile phone number, such as H1, added by the user to the management server. Further, in order to ensure the transmission security of R1 and H1, a transmission security mechanism, such as TLS, is required to transmit R1 and H1.

Step 111 may be specifically implemented by step 48.

Step 49, after receiving the encrypted phone numbers of the (M-N) trusted contacts and the encrypted (P-Q) target verification code, such as R1 and H1, the TAM _ unlock may store the encrypted (P-Q) target verification code and the encrypted (M-N) phone numbers of the (M-N) trusted contacts.

2. Unlocking phase

The unlock preparation phase is illustratively implemented by steps 51 through 63 described below.

Step 51, when the electronic device is in the screen locking state, the user may trigger the electronic device to start the unlocking function. It can be understood that the unlocking function of the electronic device needs to be authenticated by fingerprint identification or face identification to avoid other users except the authorized user of the electronic device to use the function.

And step 52, generating L interference codes by the TA _ unlock.

It can be understood that when P is smaller than M, TA _ unlock may generate L interference codes instantly to ensure that each trusted contact corresponds to one verification code.

It can be seen that step 106 described above can be specifically implemented by step 52.

And step 53, calling a short message application running in the REE of the electronic equipment by the TA _ unlock Client API, informing the short message application of sending N second verification codes, such as R2, …, rm-1 and Rm, to the N credited contacts in a short message form.

And step 54, sending R2, …, rm-1 and Rm to the N credit contacts by the short message application in a short message mode.

In order to prevent the short message containing the target verification code from being hijacked or intercepted by the pseudo base station, an encryption mode is adopted when the short message is sent, namely TA _ unlock can encrypt each verification code required to be sent.

And step 55, the TA _ unlock sends a notification message to the management server, and notifies the TAM _ unlock in the management server to send (M-N) second verification codes to (M-N) trust contacts corresponding to the K contact information in the TAM _ unlock. It should be noted that, if the target verification code is stored in the TAM _ unlock, the (M-N) second verification codes include the target verification code in the TAM _ unlock; if the target verification code is not stored in the TAM _ unlock, all of the (M-N) second verification codes are scrambling codes.

In the embodiment of the application, the TA _ unlock and the TAM _ unlock are communicated through a secure transmission protocol.

Step 56, the TAM _ unlock sends (M-N) second verification codes to (M-N) trusted contacts, for example, the TAM _ unlock sends R1 (i.e. the target verification code stored in the TAM _ unlock) to the trusted contact corresponding to H1 (i.e. K = 1) in the form of a short message. To prevent the short message containing H1 from being hijacked or intercepted by the pseudo base station, the TAM _ unlock may encrypt the transmitted short message.

It is understood that the above steps 53 to 56 are exemplified by the management server participating in the unlocking process, that is, the above first operation includes operation 2. In practical implementation, when the first operation includes operation 1, the TA _ unlock may call a short message application running in an REE of the electronic device through the TA _ unlock Client API, notify the short message application of a short message form, and send the encrypted M second verification codes to the M authorization contacts, where the M second verification codes include L scrambling codes and P target verification codes. Therefore, the short message application can send the M second verification codes to the M credit granting contact persons in a short message mode.

It can be seen that when the first operation includes operation 2, the above step 105 can be specifically realized by steps 53 to 56.

In step 57, the user may obtain M first verification codes (e.g., the same as M second verification codes) from M trusted contacts by making a phone call or by other means, such as R1, R2, …, rm-1, and Rm.

It can be understood that after the TA _ unlock calls the short message application, the electronic device may output a prompt message to prompt the user to input the verification code.

Step 58, inputting the obtained M first verification codes such as R1, R2, …, rm-1 and Rm by a user; i.e. the electronic device receives a first input by the user.

And step 59, performing credibility verification on the M first verification codes by the TA _ unlock.

Step 60, in the case that the number of the verification codes passing the trusted verification in the M first verification codes is greater than or equal to the target number, performing an unlocking operation by the TA _ unlock, specifically:

a) And the TA _ unlock generates the data T by using a first encryption algorithm such as a scrypt algorithm according to P first verification codes in the M received first verification codes. Further TA _ unlock, a second key is calculated using an asymmetric encryption algorithm, such as an ECC algorithm.

b) And the TA _ unlock decrypts the first encrypted data by using the second key to obtain a first screen-locking password.

c) And the TA _ unlock uses the first screen locking password to unlock the screen of the electronic equipment, and codes to decrypt the file system, wherein the file system exists in a plaintext form. It is understood that the file system stores data encrypted by the first lock password in the electronic device.

It can be seen that the step 102 can be specifically realized by a), the step 103 is realized by b), and the step 104 is realized by c).

And step 61, the electronic equipment outputs prompt information to prompt a user to reset a new screen locking password.

Step 62, the user enters a new screen-locking password/PIN code, such as a second screen-locking password.

And step 63, the electronic device encrypts a file system of the electronic device by using the second screen locking password, calls the TA _ unlock through the TA _ unlock Client API, encrypts the second screen locking password by using the public key first secret key through the TA _ unlock, and stores the encrypted second screen locking password (namely, the second encrypted data). It will be appreciated that the user is unaware of step 63.

In practical implementation, after detecting that the screen locking password is updated, the electronic device directly encrypts the updated key by using the first key, and replaces and stores the encrypted data in the TEE.

According to the unlocking method, after the user forgets the screen locking password, the electronic equipment can still be safely and conveniently unlocked, the user data originally existing in the electronic equipment can be continuously used, and therefore great convenience can be brought to the user, especially the old.

It should be noted that, in the unlocking method provided in the embodiment of the present application, the execution main body may be an unlocking device, or a control module in the unlocking device for executing the unlocking method. In the embodiment of the present application, an unlocking method performed by an unlocking device is taken as an example, and the unlocking device provided in the embodiment of the present application is described.

An unlocking device is provided in an embodiment of the present application, fig. 3 shows a schematic structural diagram of a possible unlocking device provided in an embodiment of the present application, and as shown in fig. 3, the unlocking device 30 may include: a receiving module 31 and a processing module 32. The receiving module 31 may be configured to receive a first input of a user when the user forgets a screen locking password of the electronic device, where the first input may be used to input M first verification codes, the M first verification codes are respectively provided by preset M trust contacts, P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes used when the first key of the first screen locking password is generated, the first screen locking password is a current screen locking password of the electronic device, M and P are positive integers, and P is less than or equal to M. A processing module 32, which may be configured to generate a second key corresponding to the first key based on the P first verification codes in response to the first input received by the receiving module 31; decrypting the first encrypted data by using the second key to obtain a first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by using the first key; unlocking the electronic equipment by adopting a first screen locking password; the first encrypted data is data obtained by encrypting the first screen locking password by using the first key.

In a possible implementation manner, the unlocking device may further include a sending module. The sending module may be configured to perform a first operation before the receiving module 31 receives the first input of the user. The first operation may include: the sending module sends encrypted M second verification codes to the M trust contacts respectively, wherein the M second verification codes can comprise the P target verification codes; or the sending module sends the encrypted N second verification codes to the N trust contacts respectively, and sends a notification message to the management server based on the secure transmission protocol, where the N second verification codes may include Q target verification codes, and the notification message may be used to notify the management server to send the encrypted (M-N) second verification codes to the (M-N) trust contacts respectively, Q is a positive integer less than or equal to P, N is a positive integer less than M, and N is greater than or equal to Q.

In a possible implementation manner, the processing module 32 may be further configured to randomly generate L interference codes before the sending module performs the first operation. Wherein, the M second verification codes may include L interference codes and the P target verification codes, M = P + L, and L is a positive integer.

In a possible implementation manner, the processing module 32 may be specifically configured to generate a second key based on the P first verification codes when the number of verification codes that pass trusted verification in the M first verification codes is greater than or equal to a target number; the target number is the number of the target verification codes sent by the electronic equipment before the electronic equipment receives the first input.

In a possible implementation manner, the receiving module 31 may be further configured to receive a second input of the user when the electronic device is in an unlocked state, where the second input may be used to input the first lock screen password and the contact information of the M trust contacts; the processing module 32 may be further configured to generate the P target verification codes according to the M pieces of contact information in response to the second input received by the receiving module 31; generating a second key based on the P target verification codes, and processing the second key to obtain a first key; and discarding the second key, and encrypting the first screen-locked password by adopting the first key to obtain first encrypted data.

In a possible implementation manner, the processing module 32 may be further configured to store the first key, the first encrypted data, the M pieces of contact information, and the P pieces of target verification codes after the first screen-locked password is encrypted by using the first key to obtain first encrypted data.

In a possible implementation manner, the processing module 32 may be specifically configured to store the first key, the first encrypted data, the M pieces of contact information, and the P pieces of target verification codes in the electronic device; alternatively, the processing module 32 may be specifically configured to store the first key, the first encrypted data, the N pieces of contact information, and the Q pieces of target verification codes in the electronic device, and store the encrypted (M-N) pieces of contact information and the encrypted (P-Q) pieces of target verification codes in the management server. Wherein N is a positive integer less than M, Q is a positive integer less than or equal to P, and N is greater than or equal to Q.

In a possible implementation manner, the first key may be used to encrypt the updated screen locking password when the screen locking password is updated, so as to form third encrypted data, so as to update the first encrypted data to the third encrypted data.

In a possible implementation manner, the unlocking device may further include an output module. The output module may be configured to output a prompt message after the processing module 32 unlocks the electronic device with the first screen-locking password, where the prompt message may be used to prompt the user to reset the screen-locking password; the processing module 32 may further be configured to, when it is detected that the screen locking password is updated to the second screen locking password, encrypt the second screen locking password by using the first key to obtain second encrypted data, and update the first encrypted data to the second encrypted data.

Therefore, when the user forgets the screen locking password of the electronic device, the P first verification codes (and the P target verification codes adopted when the first key of the first screen locking password is generated) in the M first verification codes provided by the M preset trust contacts can be input by the user to generate the second key corresponding to the first key, and the first encrypted data encrypted by the first key is decrypted by the second key to obtain the current screen locking password of the electronic device, so that the electronic device can be unlocked by the screen locking password. The electronic equipment can be unlocked through the verification code provided by the credit contact person, so that the original data of the user can be correctly decrypted, the original data of the user can be continuously available, and the electronic equipment does not need to perform operations such as factory setting restoration and the like.

The unlocking device in the embodiment of the present application may be an electronic device, or may be a component in the electronic device, such as an integrated circuit or a chip. The electronic device may be a terminal, or may be a device other than a terminal. The electronic Device may be, for example, a Mobile phone, a tablet computer, a notebook computer, a palm top computer, a vehicle-mounted electronic Device, a Mobile Internet Device (MID), an Augmented Reality (AR)/Virtual Reality (VR) Device, a robot, a wearable Device, an ultra-Mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), a Network Attached Storage (Network Attached Storage), a Personal Computer (PC), a television (NAS vision, TV), a teller machine or a self-service machine, and the like, and the embodiments of the present application are not particularly limited.

The unlocking device in the embodiment of the present application may be a device having an operating system. The operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, and embodiments of the present application are not limited specifically.

The unlocking device provided in the embodiment of the present application can implement each process implemented in the method embodiments of fig. 1 and fig. 2, and is not described here again to avoid repetition.

Optionally, as shown in fig. 4, an electronic device 4000 is further provided in an embodiment of the present application, and includes a processor 4001 and a memory 4002, where the memory 4002 stores programs or instructions that can run on the processor 4001. When executed by the processor 4001, the program or the instructions implement the steps of the method embodiment of the electronic device side, and can achieve the same technical effect, and are not described herein again to avoid repetition.

It should be noted that the electronic device in the embodiment of the present application includes the mobile electronic device and the non-mobile electronic device described above.

Fig. 5 is a schematic diagram of a hardware structure of an electronic device implementing an embodiment of the present application.

The terminal 7000 includes but is not limited to: at least part of the radio frequency unit 7001, the network module 7002, the audio output unit 7003, the input unit 7004, the sensor 7005, the display unit 7006, the user input unit 7007, the interface unit 7008, the memory 7009, the processor 7010, and the like.

Those skilled in the art will appreciate that the terminal 7000 may also include a power source (e.g., a battery) for supplying power to various components, which may be logically connected to the processor 7010 via a power management system, so as to implement functions of managing charging, discharging, and power consumption via the power management system. The terminal structure shown in fig. 5 does not constitute a limitation of the terminal, and the terminal may include more or less components than those shown, or combine some components, or have a different arrangement of components, and will not be described again here.

The user input unit 7007 may be configured to receive a first input of a user when the user forgets a screen locking password of the electronic device, where the first input may be configured to input M first verification codes, the M first verification codes are provided by preset M trust contacts, P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes used when the first key of the first screen locking password is generated, the first screen locking password is a current screen locking password of the electronic device, M and P are positive integers, and P is less than or equal to M. A processor 7010, which may be configured to generate a second key corresponding to the first key based on the P first verification codes in response to a first input received by the user input unit 7007; decrypting the first encrypted data by using the second key to obtain a first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by using the first key; unlocking the electronic equipment by adopting a first screen locking password; the first encrypted data is data obtained by encrypting the first screen locking password by using the first key.

In one possible implementation, the radio frequency unit 7001 may be configured to perform a first operation before the user input unit 7007 receives a first input from a user. The first operation may include: the radio frequency unit 7001 sends M encrypted second verification codes to the M trusted contacts, respectively, where the M second verification codes may include the P target verification codes; or, the radio frequency unit 7001 sends the encrypted N second verification codes to the N trusted contacts respectively, and sends a notification message to the management server based on the secure transmission protocol, where the N second verification codes may include Q target verification codes, and the notification message may be used to notify the management server to send the encrypted (M-N) second verification codes to the (M-N) trusted contacts respectively, Q is a positive integer smaller than or equal to P, N is a positive integer smaller than M, and N is greater than or equal to Q.

In one possible implementation, the processor 7010 may be further configured to randomly generate L interference codes before the radio frequency unit 7001 performs the first operation. The M second verification codes may include L interference codes and the P target verification codes, M = P + L, and L is a positive integer.

In a possible implementation manner, the processor 7010 may be specifically configured to, when the number of the verification codes that pass the trusted verification in the M first verification codes is greater than or equal to a target number, generate a second key based on the P first verification codes; the target number is the number of the target verification codes sent by the electronic equipment before the electronic equipment receives the first input.

In a possible implementation manner, the user input unit 7007 may be further configured to receive a second input of the user when the electronic device is in an unlocked state, where the second input may be used to input the first screen-locked password and the contact information of the M trusted contacts; the processor 7010 may be further configured to generate, in response to the second input received by the user input unit 7007, the P target verification codes according to the M pieces of contact information; generating a second key based on the P target verification codes, and processing the second key to obtain a first key; and discarding the second key, and encrypting the first screen-locked password by adopting the first key to obtain first encrypted data.

In a possible implementation manner, the processor 7010 may be further configured to store the first key, the first encrypted data, the M pieces of contact information, and the P pieces of target verification codes after the first screen-locked password is encrypted by using the first key to obtain first encrypted data.

In a possible implementation manner, the processor 7010 may be specifically configured to store a first key, first encrypted data, the M pieces of contact information, and the P pieces of target verification codes in the electronic device; alternatively, the processor 7010 may be specifically configured to store the first key, the first encrypted data, the N pieces of contact information, and the Q pieces of target verification codes in the electronic device, and store the encrypted (M-N) pieces of contact information and the encrypted (P-Q) pieces of target verification codes in the management server. Wherein N is a positive integer less than M, Q is a positive integer less than or equal to P, and N is greater than or equal to Q.

In one possible implementation, the first key may be used to encrypt the updated screen locking password if the screen locking password is updated.

In one possible implementation manner, the display unit 7006 or the audio output unit 7003 may be configured to output a prompt message after the processor 7010 unlocks the electronic device using the first screen-locking password, where the prompt message may be used to prompt the user to reset the screen-locking password; the processor 7010 may be further configured to, when it is detected that the screen locking password is updated to the second screen locking password, encrypt the second screen locking password with the first key to obtain second encrypted data, and update the first encrypted data to the second encrypted data.

Therefore, when the user forgets the screen locking password of the electronic device, the P first verification codes (and the P target verification codes adopted when the first key of the first screen locking password is generated) in the M first verification codes provided by the M preset trust contacts can be input by the user to generate the second key corresponding to the first key, and the first encrypted data encrypted by the first key is decrypted by the second key to obtain the current screen locking password of the electronic device, so that the electronic device can be unlocked by the screen locking password and the user data can be correctly decrypted. The electronic equipment can be unlocked through the verification code provided by the credit contact person, so that the user data can be correctly decrypted, the user can continue to use the data originally stored in the electronic equipment, and the electronic equipment is not required to perform operations such as factory setting restoration and the like.

It is to be understood that, in the embodiment of the present application, the input Unit 7004 may include a Graphics Processing Unit (GPU) 7041 and a microphone 7042, and the Graphics processor 7041 processes image data of still pictures or videos obtained by an image capturing apparatus (such as a camera) in a video capturing mode or an image capturing mode. The display unit 7006 may include a display panel 7061, and the display panel 7061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 7007 includes a touch panel 7071 and at least one of other input devices 7072. The touch panel 7071 is also referred to as a touch screen. The touch panel 7071 may include two parts of a touch detection device and a touch controller. Other input devices 7072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.

The memory 7009 can be used to store software programs as well as various data. The memory 7009 may mainly include a first memory area storing programs or instructions and a second memory area storing data, wherein the first memory area may store an operating system, application programs or instructions required for at least one function (such as a sound playing function, an image playing function, etc.), and the like. Further, the memory 7009 may include volatile memory or nonvolatile memory, or the memory 7009 may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. The volatile Memory may be a Random Access Memory (RAM), a Static Random Access Memory (Static RAM, SRAM), a Dynamic Random Access Memory (Dynamic RAM, DRAM), a Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), a Double Data Rate Synchronous Dynamic Random Access Memory (Double Data Rate SDRAM, ddr SDRAM), an Enhanced Synchronous SDRAM (ESDRAM), a Synchronous Link DRAM (SLDRAM), and a Direct Memory bus RAM (DRRAM). The memory 7009 in the embodiments of the present application includes, but is not limited to, these and any other suitable types of memory.

The processor 7010 may include one or more processing units; optionally, the processor 7010 integrates an application processor, which primarily handles operations related to the operating system, user interface, and applications, and a modem processor, which primarily handles wireless communication signals, such as a baseband processor. It will be appreciated that the modem processor described above may not be integrated into the processor 7010.

The embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the process of the embodiment of the unlocking method is implemented, and the same technical effect can be achieved, and in order to avoid repetition, details are not repeated here.

The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and so on.

The embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to run a program or an instruction to implement each process of the above-described unlocking method embodiment, and can achieve the same technical effect, and for avoiding repetition, the details are not repeated here.

It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as a system-on-chip, or a system-on-chip.

Embodiments of the present application provide a computer program product, where the program product is stored in a storage medium, and the program product is executed by at least one processor to implement the processes of the foregoing unlocking method embodiments, and can achieve the same technical effects, and in order to avoid repetition, details are not described here again.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element. Further, it should be noted that the scope of the methods and apparatus of the embodiments of the present application is not limited to performing the functions in the order illustrated or discussed, but may include performing the functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the methods described may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.

Through the above description of the embodiments, those skilled in the art can clearly understand that the above embodiment method can be implemented by software (program) plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a computer program product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk), and includes instructions for enabling a terminal (e.g., mobile phone, computer, server, or network device) to execute the method according to the embodiments of the present application.

While the present embodiments have been described with reference to the accompanying drawings, it is to be understood that the invention is not limited to the precise embodiments described above, which are meant to be illustrative and not restrictive, and that various changes may be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (20)

1. An unlocking method, characterized in that the method comprises:

the method comprises the steps that under the condition that a user forgets a screen locking password of the electronic equipment, the electronic equipment receives first input of the user, the first input is used for inputting M first verification codes, the M first verification codes are respectively provided by preset M credit contact persons, P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes adopted when first keys of first screen locking passwords are used, the first screen locking password is the current screen locking password of the electronic equipment, M and P are positive integers, and P is smaller than or equal to M;

the electronic equipment responds to the first input, and generates a second key corresponding to the first key based on the P first verification codes;

the electronic equipment decrypts first encrypted data by using the second secret key to obtain the first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by using the first secret key;

and the electronic equipment adopts the first screen locking password to unlock the electronic equipment.

2. The method of claim 1, wherein prior to receiving the first input from the user, the method further comprises:

the electronic equipment executes a first operation;

wherein the first operation comprises:

the electronic equipment sends M encrypted second verification codes to the M trust contact persons respectively, wherein the M second verification codes comprise the P target verification codes;

or the electronic device sends the encrypted N second verification codes to the N trust contact persons respectively, and sends a notification message to the management server based on a secure transmission protocol, wherein the N second verification codes include Q target verification codes, the notification message is used for notifying the management server to send the encrypted (M-N) second verification codes to the (M-N) trust contact persons respectively, Q is a positive integer smaller than or equal to P, N is a positive integer smaller than M, and N is larger than or equal to Q.

3. The method of claim 2, wherein prior to the first operation, the method further comprises:

the electronic equipment randomly generates L interference codes;

wherein the M second verification codes include the L interference codes and the P target verification codes, M = P + L, and L is a positive integer.

4. The method according to any one of claims 1 to 3, wherein the generating a second key corresponding to the first key based on the P first verification codes comprises:

generating the second key based on the P first verification codes under the condition that the number of verification codes passing the credible verification in the M first verification codes is larger than or equal to a target number;

the target number is the number of target verification codes sent by the electronic equipment before the electronic equipment receives the first input.

5. The method of claim 1, further comprising:

under the condition that the electronic equipment is in an unlocked state, the electronic equipment receives a second input of a user, wherein the second input is used for inputting the first screen locking password and the contact information of the M credit contact persons;

the electronic equipment responds to the second input and generates the P target verification codes according to the M contact information;

the electronic equipment generates the second key based on the P target verification codes and processes the second key to obtain the first key;

and the electronic equipment discards the second secret key, and encrypts the first screen-locked password by adopting the first secret key to obtain the first encrypted data.

6. The method of claim 5, wherein after encrypting the first screen-locked password using the first key to obtain the first encrypted data, the method further comprises:

the electronic device stores the first key, the first encrypted data, the M pieces of contact information and the P pieces of target verification codes.

7. The method of claim 6, wherein the electronic device stores the first key, the first encrypted data, the M contact information, and the P target verification codes, including:

the electronic equipment stores the first secret key, the first encrypted data, the M pieces of contact information and the P pieces of target verification codes in the electronic equipment; alternatively, the first and second liquid crystal display panels may be,

the electronic device stores the first key, the first encrypted data, N pieces of contact information, and Q pieces of target verification codes in the electronic device, and stores encrypted (M-N) pieces of contact information and encrypted (P-Q) pieces of target verification codes in a management server;

wherein N is a positive integer less than M, Q is a positive integer less than or equal to P, and N is greater than or equal to Q.

8. The method according to claim 6 or 7, wherein the first key is used for encrypting the updated lock screen password if the lock screen password is updated to form third encrypted data, so as to update the first encrypted data to the third encrypted data.

9. The method of claim 1, wherein after unlocking the electronic device with the first screen locked password, the method further comprises:

the electronic equipment outputs prompt information, and the prompt information is used for prompting a user to reset the screen locking password;

and the electronic equipment encrypts the second screen locking password by adopting the first secret key under the condition of detecting that the screen locking password is updated to the second screen locking password to obtain second encrypted data, and updates the first encrypted data to the second encrypted data.

10. An unlocking device, characterized in that the device comprises: the device comprises a receiving module and a processing module;

the receiving module is used for receiving a first input of a user under the condition that the user forgets a screen locking password of the electronic equipment, wherein the first input is used for inputting M first verification codes, the M first verification codes are respectively provided by preset M credit contacts, P first verification codes in the M first verification codes are the same as P target verification codes, the P target verification codes are verification codes adopted when first keys of first screen locking passwords are generated, the first screen locking password is a current screen locking password of the electronic equipment, M and P are positive integers, and P is less than or equal to M;

the processing module is configured to generate, in response to the first input received by the receiving module, a second key corresponding to the first key based on the P first verification codes; decrypting first encrypted data by using the second key to obtain the first screen-locking password, wherein the first encrypted data is data obtained by encrypting the first screen-locking password by using the first key; unlocking the electronic equipment by adopting the first screen locking password;

the first encrypted data is data obtained by encrypting the first screen-locking password by using the first key.

11. The apparatus of claim 10, further comprising a transmitting module;

the sending module is used for executing a first operation before the receiving module receives the first input of the user;

the first operation includes: the sending module sends encrypted M second verification codes to the M trust contact persons respectively, wherein the M second verification codes comprise the P target verification codes;

or the sending module sends the encrypted N second verification codes to the N trust contact persons respectively, and sends a notification message to the management server based on a secure transmission protocol, wherein the N second verification codes include Q target verification codes, the notification message is used for notifying the management server to send the encrypted (M-N) second verification codes to the (M-N) trust contact persons respectively, Q is a positive integer smaller than or equal to P, N is a positive integer smaller than M, and N is larger than or equal to Q.

12. The apparatus of claim 11, wherein the processing module is further configured to randomly generate L interference codes before the sending module performs the first operation;

wherein the M second verification codes include the L interference codes and the P target verification codes, M = P + L, and L is a positive integer.

13. The apparatus of any one of claims 10 to 12,

the processing module is specifically configured to generate the second key based on the P first verification codes when the number of verification codes that pass trusted verification in the M first verification codes is greater than or equal to a target number;

the target number is the number of target verification codes sent by the electronic equipment before the electronic equipment receives the first input.

14. The apparatus according to claim 10, wherein the receiving module is further configured to receive a second input from the user when the electronic device is in an unlocked state, where the second input is used to input the first screen-locked password and the contact information of the M trusted contacts;

the processing module is further configured to generate, in response to the second input received by the receiving module, the P target verification codes according to the M pieces of contact information; generating the second key based on the P target verification codes, and processing the second key to obtain the first key; and discarding the second key, and encrypting the first screen-locked password by adopting the first key to obtain the first encrypted data.

15. The apparatus of claim 14, wherein the processing module is further configured to store the first key, the first encrypted data, the M pieces of contact information, and the P pieces of target verification codes after the first screen-locked password is encrypted by using the first key to obtain the first encrypted data.

16. The apparatus according to claim 15, wherein the processing module is specifically configured to store the first key, the first encrypted data, the M pieces of contact information, and the P pieces of target verification codes in the electronic device; alternatively, the first and second electrodes may be,

the processing module is specifically configured to store the first key, the first encrypted data, N pieces of contact information, and Q pieces of target verification codes in the electronic device, and store the encrypted (M-N) pieces of contact information and the encrypted (P-Q) pieces of target verification codes in a management server;

wherein N is a positive integer less than M, Q is a positive integer less than or equal to P, and N is greater than or equal to Q.

17. The apparatus according to claim 15 or 16, wherein the first key is used to encrypt the updated lock screen password to form third encrypted data if the lock screen password is updated, so as to update the first encrypted data to the third encrypted data.

18. The apparatus of claim 10, further comprising an output module;

the output module is used for outputting prompt information after the processing module adopts the first screen locking password to unlock the electronic equipment, and the prompt information is used for prompting a user to reset the screen locking password;

the processing module is further configured to encrypt the second screen locking password by using the first key to obtain second encrypted data and update the first encrypted data to the second encrypted data when it is detected that the screen locking password is updated to the second screen locking password.

19. An electronic device, characterized in that it comprises a processor and a memory, said memory storing a program or instructions executable on said processor, said program or instructions, when executed by said processor, implementing the steps of the unlocking method according to any one of claims 1 to 9.

20. A readable storage medium, characterized in that the readable storage medium stores thereon a program or instructions which, when executed by a processor, implement the steps of the unlocking method according to any one of claims 1 to 9.

Images