CN116414575A - Privacy protection method for clipboard data and electronic equipment - Google Patents

Abstract

A privacy protection method for clipboard data and electronic equipment relate to the technical field of data security and realize effective protection of privacy data in clipboards. The privacy protection method of the clipboard data can be applied to a system comprising a first device and a second device, wherein the first device receives a first operation of a user on the first data. Wherein the first operation comprises a copy operation or a cut operation. The first device responds to the first operation and displays first prompt information. Wherein the first hint information hint is encrypted. The first device synchronizes the second data to the clipboard of the second device. Wherein the second data is obtained by encrypting the first data by the first device. The second device receives a paste operation by a user. The second device responds to the pasting operation and displays second prompt information. Wherein the second hint information hint is decrypted. The second device displays the first data. Wherein the first data is obtained by decrypting the second data by the second device.

Description

Privacy protection method for clipboard data and electronic equipment

Technical Field

The application relates to the technical field of data security, in particular to a privacy protection method for clipboard data and electronic equipment.

Background

The clipboard is a module that can provide temporary data storage and sharing functions. When a user selects duplicated content (e.g., text) in an electronic device such as a mobile phone, a tablet, etc., and inputs a duplication operation (e.g., clicks a duplication option), the electronic device may store the duplicated content in the clipboard. Subsequently, an Application (APP) in the electronic device can obtain the data in the clipboard by reading the clipboard. For example, after copying the information 1 in the memo to the clipboard, if the shopping APP is started, the shopping APP may read the information 1 from the clipboard for pasting a scene such as display or personalized recommendation.

Also stored in the clipboard may be data relating to the privacy of the user, such as phone numbers, identification cards, license plate numbers, and other privacy data. If the APP can read and use these data at will, there is a high probability of private data disclosure.

Further, in some scenarios, clipboard data of a plurality of electronic devices may be synchronized with each other, and clipboard data of any one of the plurality of electronic devices may be synchronized to other ones of the plurality of electronic devices. Therefore, the APP of any one of the plurality of electronic devices can read the clipboard data generated by the plurality of electronic devices. Accordingly, the risk of revealing private data is greater. However, there is a lack of a solution in the prior art that can effectively perform privacy protection on clipboard data in the scene.

Disclosure of Invention

The embodiment of the application provides a privacy protection method and electronic equipment for clipboard data, which are used for solving the problem of privacy data disclosure in a clipboard and realizing effective protection of privacy data in the clipboard.

In a first aspect, the present application provides a method for protecting privacy of clipboard data, which is applied to a system including a first device (e.g., mobile phone 100) and a second device (e.g., tablet 110). The first device receives a first operation of the first data by a user. Wherein the first operation comprises a copy operation or a cut operation. The first device responds to the first operation and displays first prompt information. Wherein the first hint information hint is encrypted. The first device synchronizes the second data to the clipboard of the second device. Wherein the second data is obtained by encrypting the first data by the first device. The second device receives a paste operation by a user. The second device responds to the pasting operation and displays second prompt information. Wherein the second hint information hint is decrypted. The second device displays the first data. Wherein the first data is obtained by decrypting the second data by the second device.

In summary, by adopting the method of the embodiment of the present application, the first device may encrypt the copied plaintext data to obtain ciphertext data, and synchronize the ciphertext data with the second device. And in the second device, the synchronous ciphertext data is decrypted and displayed only in the scene that the user actively requests to read the clipboard. Therefore, privacy protection of the clipboard data is realized and privacy disclosure is avoided while the clipboard data is synchronized among a plurality of electronic devices.

In one possible design manner of the first aspect, after the second device displays the first data, the method further includes: the second device encrypts the first data to obtain second data. The second device stores the second data to the clipboard of the second device and displays a third hint information. Wherein the third hint information hint is encrypted.

Therefore, by adopting the method of the embodiment, after the second device successfully displays the decrypted first data, the first data can be triggered to be encrypted again, so that the data temporarily stored in the clipboard is restored to the encrypted state again. Thereby being beneficial to privacy protection of clipboard data.

In another possible design of the first aspect, the first device and the second device bind the same user account. The first device encrypts the first data to obtain second data, including: the first device encrypts the first data by using the first key to obtain second data. The first key is generated by the first device according to a preset encryption algorithm and a user account. The second device decrypts the second data to obtain the first data, including: the second equipment decrypts the second data by using the second key to obtain the first data; the second key is generated by the second device according to a preset encryption algorithm and a user account.

It can be seen that, with the method of the present embodiment, the first device and the second device may generate the key (such as the encryption key and the decryption key) based on the user account and the preset encryption algorithm, so that the first key generated in the second device is the same as the second key generated in the first device, and the synchronized second data may be successfully decrypted.

In another possible design of the first aspect, the algorithm for encrypting the first data is a symmetric encryption algorithm, and the algorithm for decrypting the second data is an inverse of the symmetric encryption algorithm.

Therefore, by adopting the method of the embodiment and using the symmetric algorithm, the encryption and decryption can be successfully completed by using the same secret key.

In another possible design manner of the first aspect, the first device generates a first key according to a preset encryption algorithm and a user account, including: the first clipboard module of the first device sending a first request to a first encryption engine of the first device in response to the first operation; wherein the first request includes first data. The first encryption engine sends a second request to a first key management module of the first device in response to receiving the first request. The first key management module responds to the second request, obtains the user account bound by the first device, and generates a first key according to a preset encryption algorithm and the user account bound by the first device. The first key management module sends the first key to the first encryption engine.

The encrypting the first data by using the first key to obtain second data includes: the first encryption engine encrypts the first data with the first key in response to receiving the first key to obtain second data.

It can be seen that with the method of the present embodiment, the first device may complete encryption of the first data.

In another possible design manner of the first aspect, the generating, by the second device, the second key according to a preset encryption algorithm and the user account includes: the second clipboard module of the second device sending a third request to a second encryption engine of the second device in response to the paste operation; wherein the third request includes the second data. The second encryption engine sends a fourth request to a second key management module of the second device in response to receiving the third request. The second key management module responds to the fourth request, obtains a user account bound by the second device, and generates a second key according to a preset encryption algorithm and the user account bound by the second device. The second key management module sends the second key to the second encryption engine.

Decrypting the second data using the second key to obtain the first data, including: the second encryption engine decrypts the second data with the second key in response to receiving the second key, resulting in the first data.

It can be seen that with the method of this embodiment, the second device can complete encryption of the second data.

In another possible design manner of the first aspect, the method further includes: after the first equipment and the second equipment bind the same user account, the first equipment and the second equipment establish a trust relationship; wherein, trust relationship includes: the second device is a trusted device of the first device and/or the first device is a trusted device of the second device. The first device synchronizing second data to a clipboard of the second device, comprising: if the second device is a trusted device of the first device, the first device synchronizes the second data to the clipboard of the second device.

Therefore, by adopting the method of the embodiment, the trusted relationship can be established between the electronic devices binding the same user account, wherein the trusted electronic devices can successfully establish the trusted link, and the untrusted electronic devices cannot successfully establish the trusted link. On the basis, the clipboard data can be synchronized between the electronic devices which successfully establish the trusted link, so that the clipboard data is prevented from being revealed to the untrusted device.

In another possible design manner of the first aspect, the first device synchronizes the second data to a clipboard of the second device, including: the first device synchronizing the second data to a clipboard of the second device based on the data transfer protocol; wherein the data transmission protocol comprises: a bump OneHop, near field communication NFC, or high bandwidth digital content protection technology HDCP.

In another possible design manner of the first aspect, the second device receives a paste operation of a user, including: in the case where the second device activates the text input box, the second device receives a paste operation by the user. The second device displaying first data, including: the second device displays the first data in the text input box.

It can be seen that with the method of the present embodiment, decryption can be triggered and display can be filled in a scene where text is input in a text input box. So that the input efficiency can be improved.

In a second aspect, the present application provides a privacy protection method of cut-out data, which is applied to a first device. The method comprises the steps that first equipment receives first operation of a user on first data; wherein the first operation comprises a copy operation or a cut operation. The first device responds to the first operation and displays first prompt information; wherein the first hint information hint is encrypted. If the second device is a trusted device of the first device, the first device synchronizes the second data into a clipboard of the second device; wherein the second data is obtained by encrypting the first data.

For the effects of the second aspect, reference may be made to the description of the first aspect and possible designs thereof, which are not repeated here.

In a third aspect, the present application provides a privacy protection method of cut-out data, which is applied to a second device. Wherein the second device stores second data in the first clipboard; wherein the first clipboard is a clipboard of a second device and the second data is ciphertext data. The second device receives a paste operation by a user. The second device responds to the pasting operation and displays second prompt information; the second prompt information is used for prompting that decryption is performed. The second device displays the first data; wherein the first data is obtained by decrypting the second data by the second device.

For the effects of the third aspect, reference may be made to the description of the first aspect and possible design manners thereof, which are not repeated herein.

In a fourth aspect, the present application provides an electronic device, comprising: a touch screen, a memory, and one or more processors, the memory coupled with the processors; wherein the memory has stored therein computer program code comprising computer instructions which, when executed by the processor, cause the electronic device to perform the steps as described in the first aspect, the second aspect and any one of the possible designs thereof.

In a fifth aspect, the present application provides an electronic device, comprising: a touch screen, a memory, and one or more processors, the memory coupled with the processors; wherein the memory has stored therein computer program code comprising computer instructions which, when executed by the processor, cause the electronic device to perform the steps as described in the first aspect, the third aspect and any one of the possible designs thereof, which are performed by a second device.

In a sixth aspect, the present application provides a privacy protection system for clipboard data, where the system includes the electronic device of the fifth aspect and the electronic device of the sixth aspect.

In a seventh aspect, the present application provides a computer readable storage medium comprising computer instructions which, when run on an electronic device, cause the electronic device to perform a method as in the first aspect, the second aspect, the third aspect and any one of its possible designs.

In an eighth aspect, the present application provides a computer program product which, when run on a computer, causes the computer to perform the method as in the first aspect, the second aspect, the third aspect and any one of its possible designs.

It will be appreciated that the electronic device according to the fourth aspect and the fifth aspect, the system according to the sixth aspect, the computer storage medium according to the fourth aspect, and the computer program product according to the eighth aspect may refer to the advantages of any one of the first aspect, the second aspect, the third aspect and any one of the possible designs thereof, which are not described herein.

Drawings

Fig. 1 is a schematic diagram of a mobile phone interface according to an embodiment of the present application;

fig. 2 is a schematic diagram of a privacy protection system according to an embodiment of the present application;

fig. 3 is a schematic diagram of a hardware structure of a mobile phone according to an embodiment of the present application;

fig. 4 is a software structure block diagram of a mobile phone according to an embodiment of the present application;

fig. 5 is one implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present application;

fig. 6 is a second implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present disclosure;

fig. 7A is a third implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present application;

fig. 7B is a schematic diagram illustrating implementation of a method for protecting privacy of clipboard data according to an embodiment of the present disclosure;

FIG. 7C is a second diagram of a mobile phone interface according to an embodiment of the present disclosure;

fig. 8 is a fifth implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present disclosure;

fig. 9A is a sixth implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present application;

FIG. 9B is a schematic illustration of a tablet interface according to an embodiment of the present application;

FIG. 9C is a second schematic view of a panel interface according to an embodiment of the present disclosure;

FIG. 9D is a schematic diagram of data changes in a clipboard according to an embodiment of the present application;

fig. 10 is a seventh implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present application;

fig. 11 is an eighth implementation schematic diagram of a method for protecting privacy of clipboard data according to an embodiment of the present application;

fig. 12 is a flowchart of a method for protecting privacy of clipboard data according to an embodiment of the present application;

fig. 13 is a block diagram of a chip system according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. Wherein, in the description of the present application, unless otherwise indicated, "at least one" means one or more, and "a plurality" means two or more. In addition, in order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", and the like are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.

The embodiment of the application provides a privacy protection method for clipboard data, which can be used for protecting the privacy of the clipboard data of electronic equipment and avoiding privacy disclosure. Before describing the scheme of the present application in detail, an electronic device is taken as an example of a mobile phone, and some privacy protection schemes and problems thereof provided in the conventional technology are briefly described with reference to fig. 1.

Referring to fig. 1 (a), in some implementations, when the APP reads the clipboard, for example, when the user clicks on an input box of the chat APP to cause a cursor to blink in the input box, i.e., activate the input box, the chat APP can read the clipboard, and the mobile phone can prompt APP1 (e.g., chat application) to paste clipboard data from APP2 (e.g., memo, browser). In this way, the user can see if APP1 has read the private data. However, this approach only plays a role of hint, and cannot fundamentally prevent APP1 from reading the data in the clipboard.

Referring to fig. 1 (b), in other implementations, when an APP reads a clipboard, for example, when a chat APP starts, the mobile phone can prompt that an APP (e.g., chat APP) wants to read the clipboard. Meanwhile, a current permission reading option can also be provided, such as a 'current permission' button in (b) in fig. 1; this reject read option and countdown, such as the reject (5 s) button in (b) of FIG. 1; and, always reject option, such as the "always reject" button in (b) of fig. 1.

After the user selects the option allowing reading this time, the mobile phone allows the APP to read the data in the clipboard this time. After the user selects the reject reading option, the mobile phone rejects the APP to read the data in the clipboard at the time. After the user selects the always reject option, the mobile phone rejects the APP this time and reads the data in the clipboard later, i.e. the mobile phone does not prompt again. In addition, if the mobile phone does not receive any option operation by the user at the end of the countdown, the mobile phone defaults to rejection. Therefore, the mobile phone can determine the authority of the APP to read the clipboard based on the selection of the user, and the aim of protecting the privacy of the clipboard data is achieved. Meanwhile, in this implementation, if the user selects the option of allowing reading this time, the option of rejecting reading this time or not selecting any option, and then when the APP reads the clipboard again, the prompt will be displayed again, and the user needs to select again. Causing interference to the user.

The greater the number of APPs in the handset that need to read the clipboard, the more serious the interference to the user. In addition, the implementation shown in fig. 1 (a) can only implement privacy protection of the clipboard data for a single electronic device. In a scenario where clipboard data of a plurality of electronic devices may be synchronized with each other, clipboard data of any one of the plurality of electronic devices may be synchronized to other ones of the plurality of electronic devices. Therefore, the APP of any one of the plurality of electronic devices can read the clipboard data generated by the plurality of electronic devices. Accordingly, the risk of revealing private data is greater. Similarly, the above-described problem occurs when privacy protection is performed in the manner shown in fig. 1 (a) or fig. 1 (b).

Based on this, the embodiment of the application provides a privacy protection method for clipboard data, which can be used for the privacy protection system provided by the embodiment of the application. The privacy protection system includes a plurality of electronic devices. For example, the electronic device in the embodiments of the present application may be a mobile phone, a tablet computer, a desktop, a laptop, a handheld computer, a notebook, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook, a cellular phone, a personal digital assistant (personal digital assistant, PDA), an augmented reality (augmented reality, AR) \virtual reality (VR) device, or a device supporting a clipboard function, and the specific form of the electronic device is not limited in the embodiments of the present application.

For example, as shown in fig. 2 (a), the privacy protection system may include a cell phone 100 and a tablet 110. As another example, as shown in (b) of fig. 2, the privacy protection system may include a cell phone 100, a tablet 110, and a notebook 120. In the following embodiments, the privacy protection system shown in (a) of fig. 2 is mainly taken as an example to describe the scheme of the present application.

The plurality of electronic devices are bound with the same user account. For example, the user account is a glory account. The user account may distinguish between users using the electronic device. Taking the example that the electronic device is the mobile phone 100, the user account bound by the mobile phone 100 changes, which indicates that the user using the mobile phone 100 changes.

Meanwhile, a wired connection may be established between the plurality of electronic devices, such as the cellular phone 100 and the tablet 110, using a universal serial bus (universal serial bus, USB). Alternatively, the plurality of electronic devices (e.g., mobile phone 100 and tablet 110) may establish wireless connection through global system for mobile communications (global system for mobile communications, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), time division code division multiple access (time-division code division multiple access, TD-SCDMA), long term evolution (long term evolution, LTE), bluetooth, wireless fidelity (wireless fidelity, wi-Fi), NFC, voice over internet protocol (voice over Internet protocol, voIP), and communication protocols supporting network slice architecture. In the embodiment of the application, the clipboard data among the plurality of electronic devices can be synchronized by establishing wired connection or wireless connection among the plurality of electronic devices.

By adopting the privacy protection system, the privacy protection method for the clipboard data can be realized, and the method specifically comprises the following steps: after a first device (such as the mobile phone 100) in the plurality of electronic devices detects a copy operation or a cut operation of a user, the copied content or the cut content may be encrypted, and the encrypted content may be stored in the clipboard. For convenience of explanation, the copied content or the cut content may be referred to as first data, which is data before encryption, and plaintext data. And, the encrypted content may be referred to as second data, which is encrypted data, which is ciphertext data. And, the encryption key (first key) is generated by the first device according to a user account (e.g., a glowing account) of the first device and a preset encryption algorithm. The first device may then synchronize the second data into a clipboard of a second device (e.g., tablet 110) of the plurality of electronic devices. After detecting an operation (such as a paste operation) that the user actively requests to read the clipboard, the second device may decrypt the second data in the clipboard in response to the operation. Wherein the decryption key (second key) is generated by the second device according to a user account (e.g. a glowing account) of the second device and a preset encryption algorithm. Because the user account of the first device is the same as the user account of the second device, the generated decryption key is the same as the encryption key, and the second data can be successfully decrypted by using the decryption key to obtain the first data. So that the decrypted plaintext data may be displayed.

In summary, by adopting the privacy protection method for clipboard data provided in the embodiments of the present application, first, the first device may encrypt the copied plaintext data to obtain ciphertext data, and then store the ciphertext data in the clipboard temporarily. And in the second device, the synchronous ciphertext data is decrypted and displayed only in the scene that the user actively requests to read the clipboard. Therefore, the safety of the clipboard data can be protected, and privacy disclosure in the clipboard is avoided. And secondly, the first device and the second device can generate keys (such as an encryption key and a decryption key) based on the user account and a preset encryption algorithm, so that the decryption key generated in the second device is the same as the encryption key generated in the first device, and the synchronous second data can be successfully decrypted. Therefore, privacy protection of the clipboard data is realized while the clipboard data are synchronized among a plurality of electronic devices. That is, privacy protection of clipboard data is achieved across devices. Thirdly, the scheme does not need any operation by a user, and the use of the electronic equipment is not affected.

The mobile phone 100 is taken as an example to illustrate the hardware structure and the software structure of the electronic device in the embodiment of the present application.

Please refer to fig. 3, which is a hardware configuration diagram of a mobile phone 100 according to an embodiment of the present application. As shown in fig. 3, the cellular phone 100 may include a processor 310, an external memory interface 320, an internal memory 321, a universal serial bus (universal serial bus, USB) interface 330, a charge management module 340, a power management module 341, a battery 342, an antenna 1, an antenna 2, a mobile communication module 350, a wireless communication module 360, an audio module 370, a speaker 370A, a receiver 370B, a microphone 370C, an earphone interface 370D, a sensor module 380, keys 390, a motor 391, an indicator 392, a camera 393, a display 394, a user identification module (subscriber identification module, SIM) card interface 395, and the like.

It is to be understood that the configuration illustrated in this embodiment does not constitute a specific limitation on the electronic apparatus. In other embodiments, the electronic device may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 310 may include one or more processing units, such as: the processor 310 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a memory, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.

It should be understood that the connection relationship between the modules illustrated in this embodiment is only illustrative, and does not limit the structure of the electronic device. In other embodiments, the electronic device may also use different interfacing manners in the foregoing embodiments, or a combination of multiple interfacing manners.

The charge management module 340 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 340 may receive a charging input of a wired charger through the USB interface 330. In some wireless charging embodiments, the charge management module 340 may receive wireless charging input through a wireless charging coil of the electronic device 300. The battery 342 is charged by the charge management module 340, and the electronic device may be powered by the power management module 341.

The power management module 341 is configured to connect the battery 342, the charge management module 340 and the processor 310. The power management module 341 receives input from the battery 342 and/or the charge management module 340 to power the processor 310, the internal memory 321, the external memory, the display screen 394, the camera 393, the wireless communication module 360, and the like. The power management module 341 may also be configured to monitor battery capacity, battery cycle number, battery health (leakage, impedance), and other parameters. In other embodiments, the power management module 341 may also be disposed in the processor 310. In other embodiments, the power management module 341 and the charging management module 340 may also be disposed in the same device.

The wireless communication function of the electronic device may be implemented by the antenna 1, the antenna 2, the mobile communication module 350, the wireless communication module 360, a modem processor, a baseband processor, and the like.

The wireless communication module 360 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., as applied to the electronic device 300. The wireless communication module 360 may be one or more devices that integrate at least one communication processing module. The wireless communication module 360 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 310. The wireless communication module 360 may also receive a signal to be transmitted from the processor 310, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.

The electronic device implements display functions through the GPU, display screen 394, and application processor, etc. The GPU is a microprocessor for image processing, connected to the display screen 394 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 310 may include one or more GPUs that execute program instructions to generate or change display information.

The electronic device may implement shooting functions through the ISP, the camera 393, the video codec, the GPU, the display screen 394, the application processor, and the like. The ISP is used to process the data fed back by camera 393. Camera 393 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image onto the photosensitive element. In some embodiments, the electronic device may include 1 or N cameras 393, N being a positive integer greater than 1.

The external memory interface 320 may be used to connect an external memory card, such as a Micro SD card, to enable expansion of the memory capabilities of the electronic device. The external memory card communicates with the processor 310 through an external memory interface 320 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.

The internal memory 321 may be used to store computer executable program code comprising instructions. The processor 310 executes various functional applications of the electronic device and data processing by executing instructions stored in the internal memory 321. For example, the processor 310 may display different contents on the display screen 384 in response to an operation of the user to expand the display screen 394 by executing instructions stored in the internal memory 321. The internal memory 321 may include a storage program area and a storage data area. The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data created during use of the electronic device (e.g., audio data, phonebook, etc.), and so forth. In addition, the internal memory 321 may include a high-speed random access memory, and may also include a nonvolatile memory, such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like.

The electronic device may implement audio functionality through an audio module 370, a speaker 370A, a receiver 370B, a microphone 370C, an ear-headphone interface 370D, and an application processor, among others. Such as music playing, recording, etc.

The keys 390 include a power on key, a volume key, etc. Key 390 may be a mechanical key. Or may be a touch key. The electronic device may receive key inputs, generating key signal inputs related to user settings and function controls of the electronic device. The motor 391 may generate a vibration alert. The motor 391 may be used for incoming call vibration alerting as well as for touch vibration feedback. The indicator 392 may be an indicator light, which may be used to indicate a state of charge, a change in charge, a message indicating a missed call, a notification, etc. The SIM card interface 395 is for interfacing with a SIM card. The SIM card may be inserted into the SIM card interface 395 or removed from the SIM card interface 395 to enable contact and separation with the electronic device. The electronic device may support 1 or N SIM card interfaces, N being a positive integer greater than 1.

Referring to fig. 4, a software architecture block diagram of a mobile phone 100 according to an embodiment of the present application is provided. The software system of the mobile phone 100 may employ a layered architecture, an event driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. In this embodiment, taking an Android system with a layered architecture as an example, a software structure of the mobile phone 100 is illustrated.

As shown in fig. 4, the layered architecture may divide the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer (abbreviated as application layer) 410, an application framework layer (abbreviated as framework layer) 420, a hardware abstraction layer (hardware abstract layer, HAL) layer 430, and a Kernel layer (Kernel, also called driver layer, system layer) 440.

The Application layer (Application) 410 may include a series of APPs. The APP may be a browser, a memo, a map, a chat, music, video, shopping, news, etc.

In this embodiment of the present application, the mobile phone 100 may receive a first preset operation, such as an operation of selecting copied or cut content, in the application interface of the APP. In response to the first preset operation, the mobile phone 100 may display a copy/cut option. Subsequently, the mobile phone 100 may receive a user selection operation of the copy/cut option. In response to a user selection of the copy/clip option, the cell phone 100 may write the copied or clipped content into the clipboard.

In this embodiment of the present application, the mobile phone 100 may further receive a second operation of the user in the APP application interface, such as a long-press operation on the text input box. In response to the second preset operation, the mobile phone 100 may display a paste option. Subsequently, the mobile phone 100 may receive a user selection operation of the paste option. In response to a user selection of a paste option, the mobile phone 100 may read and display content from a clipboard, such as a clipboard buffer (buffer) 423.

Illustratively, in the application interface of the memo APP, the mobile phone 100 may display a shortcut menu bar including a copy option and a search option in response to an operation (i.e., a first preset operation) that the user presses the selected text "13511111111" for a long time. The mobile phone 100 (e.g., memo APP) may write the text "13511111111" to the clipboard in response to a user's selection of a copy option. Then, in the application interface of the chat APP, the mobile phone 100 may display a shortcut menu bar including a paste option and a search option in response to a long press operation (i.e., a second preset operation) of the user in the text input box. The cell phone 100 (e.g., chat APP) may read the text "13511111111" from the clipboard and automatically populate the text "13511111111" within the text entry box in response to a user selection of a paste option.

Framework layer 420 provides an application programming interface (application programming interface, API) and programming framework for the APP of application layer 410. The framework layer 420 includes some predefined functions.

As shown in fig. 4, a clipboard module 421 is provided in the frame layer 420. Clipboard module 421 may provide data buffering (i.e., writing) and reading functions. That is, the clipboard module 421 is a so-called clipboard in a general sense. Clipboard module 421 includes clipboard control 422 and clipboard buffer (buffer) 423.

In this embodiment, the clipboard control 422 may be configured to receive a write request for writing data to the clipboard by the application layer 410 or a read request for reading data from the clipboard, and may interact with a bottom layer (e.g., the kernel layer 440) to complete the encryption and decryption processing in response to a request (e.g., a write request, a read request) of the application layer 410. The clipboard buffer 423 may be used to store plaintext data (e.g., first data) before encryption or ciphertext data (e.g., second data) after encryption.

The hardware abstraction layer 430 is used to connect the framework layer 420 and the kernel layer 440. For example, the hardware abstraction layer 430 may perform data transfers, such as transferring duplicate or cut content, between the framework layer 420 and the kernel layer 440. Of course, the hardware abstraction layer 430 may also process data from the underlying layers (e.g., the kernel layer 440) and then transfer the data to the framework layer 420.

As shown in fig. 4, the hardware abstraction layer 430 may include a HAL interface definition language (HAL interface definition language, HIDL) interface and a HAL interface. The hardware abstraction layer 430, among other things, maintains normal communication with the upper layers by providing a standard HIDL interface to call to the upper layers (e.g., clipboard module 421). And, the hardware abstraction layer 430 transmits data to the kernel layer 440 through a standard HAL interface, such as HAL3.0, and receives data uploaded by the kernel layer 440. For example, the first data is transmitted to the kernel layer 440, and then the second data reported by the kernel layer 440 after the encryption processing is received.

The kernel layer 440 is located below the hardware abstraction layer 430 and is a layer between hardware and software. As shown in fig. 4, in the embodiment of the present application, a clipboard encryption engine 441, a system key management 442, and an account service 443 may be included in the kernel layer 440. The clipboard encryption engine 441 may be configured to encrypt the first data or decrypt the encrypted second data. The system key management 442 is used to generate encryption and decryption keys (e.g., encryption keys, decryption keys). The encryption and decryption keys are generated based on the user account and a preset encryption algorithm. The user account may be obtained from the account service 443.

Referring to fig. 5, taking the privacy protection system shown in fig. 2 (a) as an example, that is, the first device is the mobile phone 100 and the second device is the tablet 110, the method of the embodiment of the present application may include the following steps: (1) the handset 100 and the tablet 110 establish a trusted link; (2) The mobile phone 100 encrypts the copied or cut content (such as the first data) and writes the encrypted content into the clipboard; (3) The mobile phone 100 and the tablet 110 synchronize clipboard data (e.g., second data); (4) The tablet 110 decrypts and displays clipboard data (e.g., second data); (5) The tablet 110 encrypts the decrypted content (e.g., the first data) again and writes it to the clipboard. It should be noted that flow (1) and flow (2) must be completed before flow (3), but flow (1) and flow (2) are not strictly sequential.

The following will describe each of the above-described flows in detail:

(1) The handset 100 and tablet 110 establish a trusted link.

Referring to fig. 6 (a), in one scenario, user 1 is using device a (e.g., handset 100) and device b (e.g., tablet 110), user 2 is using device c, and user 2 borrows user account 1 of user 1. That is, device a, device b, and device c are all bound to user account 1. In this scenario, device a and device b are in use by the same user and are mutually trusted. Although the same user account is bound to device c, it is highly likely that device a and device b are not trusted due to the different users used.

In this embodiment of the present application, a trusted link may be established between electronic devices binding the same user account, where trusted electronic devices (e.g., device a and device b in fig. 6) may successfully establish a trusted link, and untrusted electronic devices (e.g., device a and device b in fig. 6, respectively, and device c) may not successfully establish a trusted link. On the basis, the clipboard data can be synchronized between the electronic devices which successfully establish the trusted link, so that the clipboard data is prevented from being revealed to the untrusted device.

Referring to fig. 6 (b), after the mobile phone 100 binds the user account 1, if the tablet 110 binds the user account 1 as well, it may be prompted on the tablet 110 whether to join the trust ring. In response to a user selecting to join the trust ring, the tablet 110 may display a verification interface for trusted verification.

Before describing in detail the implementation of trust verification, it is necessary to describe here: since the same user account can be bound to the mobile phone 100 and the tablet 110, the mobile phone 100 and the tablet 110 are typically of the same manufacturer, e.g., both are glowing. Thus, the server of the tablet 110 and the server of the handset 100 are typically the same cloud server. Alternatively, the server of the tablet 110 and the server of the handset 100 are two servers that are relatively easy to implement for data interaction. In this regard, in the following description, the server of the tablet 110 and the server of the mobile phone 100 are collectively referred to as servers.

In some embodiments, the verification interface may be an unlocking interface that is digital unlocked, pattern unlocked, fingerprint unlocked, and/or face unlocked. For example, a keyboard for inputting a numeric code is included in the authentication interface. For another example, the verification interface includes a nine-grid dot-matrix map that draws an unlock pattern. The tablet 110 may receive a first unlock code input by a user at the authentication interface, and send the first unlock code to the server for the server to perform trusted authentication. The server matches the second unlocking password of the mobile phone 100 with the first unlocking password sent by the tablet 110, and if the second unlocking password is the same as the first unlocking password, the server can successfully establish the trusted link between the mobile phone 100 and the tablet 110; if the second decryption key is different from the first decryption key, the trusted link between the mobile phone 100 and the tablet 110 cannot be successfully established.

In some embodiments, the verification interface is an interface that enters a verification code. The tablet 110 may send a join request to the server in response to a user selecting to join the trust ring. The server may issue a first authentication code to the handset 100 in response to the access request. The first verification code is used for verification when the trusted link is established. After displaying the authentication interface, the tablet 110 may receive a second authentication code entered by the user at the authentication interface and send the second authentication code to the server. The server matches the first verification code with the second verification code. If the first verification code is the same as the second verification code, for example, after the user views the verification code "123456" (the first verification code) from the mobile phone 100, the verification code "123456" (the second verification code) is correctly input into the verification interface, and if the second verification code is the same as the first verification code, the trusted link between the mobile phone 100 and the tablet 110 can be successfully established; if the second authentication code is different from the first authentication code, the trusted link between the mobile phone 100 and the tablet 110 cannot be successfully established.

In other embodiments, the verification interface is a swipe code interface. The tablet 110 may send a join request to the server in response to a user selecting to join the trust ring. The server may initiate a first two-dimensional code down to the handset 100 in response to the access request. The first two-dimensional code is used for establishing verification of the trusted link. After displaying the verification interface, the tablet 110 may obtain the second two-dimensional code obtained by scanning the code, and send the second two-dimensional code to the server. The server matches the first two-dimensional code with the second two-dimensional code. If the first two-dimensional code is the same as the second two-dimensional code, for example, in the code scanning interface, the two-dimensional code (second two-dimensional code) scanned by the user is the first two-dimensional code displayed on the mobile phone 100, and if the first two-dimensional code is the same as the second two-dimensional code, the trusted link between the mobile phone 100 and the tablet 110 can be successfully established; if the second two-dimensional code is different from the first two-dimensional code, the trusted link between the mobile phone 100 and the tablet 110 cannot be successfully established.

After successful establishment of the trusted link, the handset 100 and the tablet 110 may be added to the same trust ring. The electronic devices in the same trust ring can synchronize clipboard data.

In some embodiments, after the trusted link is established, the handset 100 and the tablet 110 may further negotiate a shared key. The mobile phone 100 and the tablet 110 may negotiate a shared key by public key exchange and private key signature verification. The shared key is used for encrypted transmission when synchronizing clipboard data. Therefore, the data security can be further improved, and illegal interception of data by other devices in the process of synchronizing the data between the electronic devices is avoided.

It should be noted that in the above description about the process (1), the process of establishing the trusted link is mainly described by taking two electronic devices, i.e., the mobile phone 100 and the tablet 110 as examples. In practice, more than two electronic devices may be added to the same trust ring after the trusted links are established. For example, if the notebook computer is also bound with the same user account on the basis of establishing the trusted link between the mobile phone 100 and the tablet 110, the trusted link between the notebook computer and the mobile phone 100 and the tablet 110 may be established according to the aforementioned flow (1), for example, by the user inputting the unlock code of the mobile phone 100 or the unlock code of the tablet 110 in the verification interface of the notebook computer. After the trusted link is successfully established, the trust ring is formed to include 3 electronic devices, namely the mobile phone 100, the tablet 110 and the notebook computer. That is, when a new device binds the same user account, flow (1) may be used to join the trust ring as well.

(2) The handset 100 encrypts the copied or cut content (e.g., the first data) and writes it to the clipboard. Referring to fig. 7A, in the mobile phone 100, the process (2) may include:

s700, the first APP receives a first operation of the user on the first data.

The first APP may be an APP installed in the mobile phone 100. For example, the first APP may be a memo, news, browser, etc.

Wherein the first data is content in an application interface of the first APP. The first data may be content in the form of text, pictures, audio, video, etc. It should be appreciated that the first data is plaintext data, i.e. unencrypted data.

Wherein the first operation is to trigger the first APP to write the first data to the clipboard. In a specific implementation, the first operation may be a user selection operation (such as a clicking operation) of a copy option or a cut option after the mobile phone 100 selects the first data. Illustratively, taking the example that the first APP is the memo APP shown in (a) of fig. 7B, the first data is the text "13511111111" in the memo APP, and the first operation may be a user's click operation on the copy option in the shortcut menu after selecting the text "13511111111". In another specific implementation, the first operation may be an operation that after the mobile phone 100 selects the first data, the user presses a first preset shortcut key combination. For example, the first preset shortcut key combination may be "Ctrl" + "c", or the first preset shortcut key combination may be "Ctrl" + "x".

S701, the first APP requests writing of first data to a clipboard module (first clipboard module) in response to a first operation.

Wherein a request to write first data may be referred to as a first request.

S702, the clipboard module requests the clipboard encryption engine to encrypt the first data.

Wherein a request to encrypt the first data may be denoted as a second request.

In the embodiment of the present application, after receiving a request for writing first data, the clipboard module sends a request for encrypting the first data to the clipboard encryption engine at the bottom layer, where the request for encrypting the first data includes the first data, so as to request for encrypting and then storing the first data. The method is beneficial to protecting the privacy data in the clipboard.

S703, the clipboard encryption engine (first encryption engine) obtains an encryption key from the system key management request.

The clipboard encryption engine sends a request to acquire an encryption key to the system key management after receiving a request to encrypt the first data, to request acquisition of the encryption key. The encryption key is used for conducting encryption processing on the first data.

S704, system key management (first key management module) obtains the user account of the mobile phone 100 from the account service.

In the embodiment of the application, after receiving the request for acquiring the encryption key, the system management key acquires the user account from the account service, so as to be used for generating the encryption key subsequently.

S705, the system key management calls a preset encryption algorithm, and generates an encryption key according to the preset encryption algorithm and the user account.

The preset encryption algorithm is a pre-designated algorithm for generating an encryption key of the clipboard. For example, the preset encryption algorithm may be a HASH (HASH) algorithm, an AES256 encryption algorithm, or the like. It should be noted that the preset encryption algorithm in system key management is the same in different electronic devices (e.g., handset 100, tablet 110). Alternatively, the preset encryption algorithm in the system key management is the same in the same manufacturer's electronic device. For example, the preset encryption algorithm in the glory phone and the glory tablet is the same.

In some embodiments, the system key management includes an encryption and decryption algorithm library, and the system key management may call a preset encryption algorithm in the encryption and decryption algorithm library. And carrying out corresponding calculation on the user account by adopting the preset encryption algorithm to generate an encryption key.

In this embodiment of the present application, the system key management generates an encryption key based on the user account, so that it is beneficial for other electronic devices (such as tablet 110) that log in to the same user account to generate a corresponding decryption key.

It should be noted that in the same electronic device, system key management may store a key after it is generated once. And when the clipboard data is encrypted and decrypted again later, the clipboard encryption engine can directly acquire the key from the system key management. So that data operations can be reduced.

S706, the system key management sends the encryption key to the clipboard encryption engine.

S707, the clipboard encryption engine encrypts the first data by using the encryption key to generate second data.

The second data obtained by encrypting the first data is ciphertext data.

In some embodiments, the first data is encrypted using a symmetric encryption algorithm, such that an electronic device (e.g., tablet 110) that facilitates binding the same user account may use a key that is also generated based on the user account to accomplish decryption.

S708, the clipboard encryption engine sends second data to the clipboard module.

S709, the clipboard module stores the second data.

For example, the clipboard module stores the second data in a clipboard buffer.

Illustratively, the first data is the text "13511111111" shown in fig. 7B (a), and the second data corresponding to the text "13511111111" stored in the clipboard buffer may be "1010101010101010101010101111111111111111" as shown in fig. 7B (c). Obviously, the second data in the clipboard buffer is not the text "13511111111" itself, but rather encrypted ciphertext.

That is, in the embodiment of the present application, the ciphertext of the first data is stored in the clipboard module. So that private data in the clipboard can be protected. For example, when APP such as shopping and chat is started, the clipboard is actively read, only ciphertext can be read, and original data, i.e., first data, cannot be obtained.

In some embodiments, after S709, the clipboard module may also feed back to the first APP a message that the copy or clip was successful (i.e., successfully written). The first APP, upon receiving the copy or cut success message, may display a notification of the copy or cut success for prompting that the copy or cut was successful.

Illustratively, taking the example where the first APP is the memo APP shown in (a) of fig. 7B, the memo APP may display a notification 710 as shown in (B) of fig. 7B after receiving a message that copying or cutting is successful. The notification 710 includes the copied text information.

By adopting the process (2), the copied or sheared plaintext data can be encrypted and then stored in the clipboard, which is beneficial to the privacy protection of the clipboard data. And, the encryption key is generated based on the user account, so that the electronic device (such as the tablet 110) logging in the same user account can successfully decrypt the ciphertext data.

In the foregoing flow (2), after the user requests to copy or cut the first data, the second data may be obtained through encryption processing. Wherein the first data is plaintext data and the second data is ciphertext data. In some embodiments, to alert the change in state of the data from unencrypted to encrypted, flow (2) further includes: the first APP displays a first flag, which is an icon (i.e., an icon in a broken line box) for indicating that the first data is unencrypted plaintext data, as shown in (a) in fig. 7C, in response to a first operation of the first data by the user. And, the first APP, after receiving the message that the copying or cutting is successful, may display a second identifier (may also be referred to as a first hint information), where the second identifier is an icon (i.e. an icon in a dashed box) with the lock closed in the notification 720 (notification that the copying or cutting is successful) shown in (b) in fig. 7C, for indicating that the ciphertext data, i.e. encrypted, is stored in the clipboard.

(3) The handset 100 and the tablet 110 synchronize clipboard data (e.g., second data).

After establishing the trusted link between the handset 100 and the tablet 110, the handset 100 may synchronize clipboard data to the clipboard of the tablet 110. For example, as shown in fig. 8, the synchronization of clipboard data may be performed between the mobile phone 100 and the tablet 110 based on a data transmission protocol such as one touch (OneHop), NFC, high bandwidth digital content protection technology (high bandwidth digital content protection, HDCP), etc.

In some embodiments, the handset 100 may use the shared key to secondarily encrypt the clipboard data for transmission to the tablet 110. After receiving the twice encrypted clipboard data, the tablet 110 may decrypt the clipboard data (e.g., the second data) using the shared key and store the same in the clipboard, thereby improving the security of data transmission. It should be appreciated that clipboard data (e.g., second data) decrypted using the shared key remains ciphertext data.

(4) The tablet 110 decrypts and displays the clipboard data (e.g., the second data). Referring to fig. 9A, in the plate 110, the process (4) may include:

s900, the second APP receives a second operation of the user.

Wherein the second APP may be one of the APPs installed in the tablet 110. For example, the second APP may be a chat, shopping, etc. APP. It should be noted that the second APP and the first APP may be different APPs, for example, the second APP may be a chat APP and the first APP may be a memo APP. Alternatively, the second APP and the first APP may be the same APP, e.g., both the second APP and the first APP are chat APPs.

The second operation is used for triggering the second APP to read the clipboard, and the second operation is a paste operation. In a specific implementation, the second APP may receive a long press operation of the text input box by the user. In response to the long press operation, the second APP may display a shortcut menu including a paste option. The second operation may be a user selection operation (e.g., a click operation) of a paste option. Illustratively, taking the example that the second APP is the chat APP shown in (a) in fig. 9B, the chat APP may display a shortcut menu 920 shown in (a) in fig. 9B in response to a long-press operation of the input box by the user, where the shortcut menu includes a paste option and a search option. As shown in (B) of fig. 9B, the second operation may be a click operation of the paste option in the shortcut menu 920 by the user. In another specific implementation, the second operation may be an operation in which the user presses a second preset shortcut key combination after activating the input box. For example, the second preset shortcut key combination is "Ctrl" + "v".

S901, the second APP requests to the clipboard module (second clipboard module) to read data in the clipboard in response to the second operation.

Wherein a request to read data in the clipboard may be referred to as a third request.

In practice, in addition to the second operation of the user described in S900, the user may click on the application icon to start the APP, or the APP may trigger reading the clipboard during the running process. It should be noted that, in the embodiment of the present application, except for the second operation described above, in other scenes where the clipboard is triggered to be read, the clipboard module directly feeds back the ciphertext data (such as the second data) temporarily stored in the clipboard to the corresponding APP. In these scenarios, clipboard data acquired by APP is encrypted data, i.e., plaintext data cannot be acquired. Thus privacy disclosure in the clipboard can be avoided.

In addition, in the embodiment of the present application, only for the scene of reading the clipboard triggered by the second operation, the data in the clipboard is decrypted and then fed back to the APP. The specific process can be seen in the following S902 and subsequent steps.

S902, the clipboard module requests the clipboard encryption engine (second encryption engine) to decrypt the second data.

Wherein the request to decrypt the second data may be denoted as a fourth request. And the request for decrypting the second data carries the second data.

S903, the clipboard encryption engine requests the system key management (second key management module) to acquire the decryption key.

Wherein the decryption key is used for decrypting the second data.

S904, the system key management obtains the user account of the tablet 110 from the account service.

In the embodiment of the present application, the mobile phone 100 and the tablet 110 are in the same privacy protection system, and both log in to the same user account. Such as all logging in with the same glory account.

S905, the system key management calls a preset encryption algorithm, and generates a decryption key according to the preset encryption algorithm and the user account.

The user account of the tablet 110 is the same as the user account of the mobile phone 100 and the same encryption algorithm is adopted, and in the tablet 110, the system key management adopts the user account of the tablet 110 and the decryption key generated by the preset encryption algorithm, and in the mobile phone 100, the system management key adopts the user account of the mobile phone 100 and the encryption key generated by the preset encryption algorithm.

S906, the system key management sends a decryption key to the clipboard encryption engine.

S907, the clipboard decryption engine decrypts the second data by using the decryption key to generate the first data.

When the first data is encrypted to obtain the second data, the adopted encryption algorithm is a symmetric encryption algorithm, so that the first data can be successfully decrypted only by adopting the decryption key which is the same as the encryption key and the inverse algorithm of the symmetric encryption algorithm in the process of decrypting the second data to obtain the first data. Meanwhile, as can be seen from the foregoing description, the decryption key generated in the tablet 110 is identical to the encryption key generated in the mobile phone 100, so that the second data can be successfully decrypted using the decryption key. It should be understood that the first data obtained by decrypting the second data is plaintext data.

S908, the clipboard decryption engine sends the first data to the clipboard module.

S909, the clipboard module stores the first data.

That is, the clipboard module replaces the buffered ciphertext data (e.g., the second data) with plaintext data (e.g., the first data). Illustratively, as shown in fig. 9D, ciphertext data "1010101010101010101010101111111111111111" is stored in the clipboard buffer prior to decryption, and plaintext data "13511111111" is stored in the clipboard buffer after decryption.

S910, the clipboard module returns the first data to the second APP.

In this embodiment of the present application, different from a scenario in which a user clicks an application icon to start an APP, or the APP actively triggers reading of a clipboard in an operation process, the method is that: in a scenario where the second operation of the user triggers the reading of the clipboard, i.e. in a scenario where the user actively requests the reading of the clipboard, the clipboard module returns plaintext data to the second APP. Therefore, the user can conveniently and quickly acquire the required plaintext data under the condition of not revealing the privacy data of the clipboard.

S911, the second APP displays the first data in the text input box.

Illustratively, taking the example that the second APP is the chat APP shown in (B) of fig. 9B, and the first data is the text "13511111111", the chat APP may display the text "13511111111" in the text input box in (c) of fig. 9B in response to the user's click operation on the paste option in the shortcut menu 920 shown in (B) of fig. 9B.

After synchronizing the clipboard data of the mobile phone 100 to the tablet 110, the above procedure (4) is adopted, in the tablet 110, only the scene of the clipboard being read for the active request of the user, for example, the scene of the clipboard being read is triggered by the second operation, and the decryption key is generated based on the user account number and the preset encryption algorithm. Since the user account of the tablet 110 is the same as the user account of the mobile phone 100, the tablet 110 may generate the same decryption key as the decryption key. The data in the clipboard can be successfully decrypted by using the decryption key, and the decrypted plaintext data is provided for the front-end display. Thus, plaintext data can be displayed across devices for a scene in which a user actively requests to read a clipboard. Thus, privacy protection of clipboard data can be realized across devices.

In the foregoing process (4), before the user actively requests to read the clipboard, the data in the clipboard is ciphertext data (e.g., second data), and after the user actively requests to read the clipboard, the data in the clipboard may be decrypted to obtain plaintext data (e.g., first data). In some embodiments, to prompt the tablet 110 to decrypt data in the clipboard in response to a user actively requesting an operation (e.g., a second operation) to read the clipboard, the process (4) further comprises: the second APP displays a second identification prior to receiving a second operation entered by the user. The second identification is used to indicate that ciphertext data is stored in the clipboard. As shown in (a) of fig. 9C, in one specific implementation, before the user inputs the second operation, it means: after the user presses the text entry box long, a shortcut menu (e.g., shortcut menu 920) including a paste option is displayed and before the user selects the paste option. The second indicator may be an icon (i.e., an icon in a dashed box) of the lock closure shown in fig. 9C (a). And the second APP displays the first identifier (may also be referred to as the second prompt information) within a preset time (e.g., 100 ms) after receiving the second operation of the user. The first identification is used to indicate that the second operation may trigger decryption of the second data, or may indicate that the second data has been decrypted. As shown in (b) of fig. 9C, in a specific implementation, the preset time after the user inputs the second operation means: the second APP detects a part or all of the time between when the user selects the paste option in the shortcut menu (e.g., shortcut menu 920) and when the second APP displays the first data. The second identifier may be an icon (i.e., an icon in a dashed box) of lock unlocking shown in (b) of fig. 9C.

To facilitate an understanding of the specific implementation and effect of privacy protection of clipboard data (i.e., process (2) -process (4) above) in a scenario of cross-device clipboard data synchronization, a complete example is described below.

Referring to fig. 10, in the mobile phone 100, a user pressing the touch screen for a long time may trigger displaying a clipboard control (e.g. a copy option), and then the user clicking the clipboard control (e.g. a copy option) may trigger writing data to the clipboard, that is, trigger the process (2), thereby triggering encryption. Through the process (2), the clipboard module can encrypt plaintext data into ciphertext data and then temporarily store the ciphertext data into the clipboard module. After the encrypted storage is completed, the mobile phone 100 may synchronize the clipboard data to the tablet 110 to which the same user account is bound, via flow (3). After receiving the clipboard data from the mobile phone 100, the tablet 110 may trigger the clipboard control (e.g., a paste option) to be displayed by the user pressing the text input box in the APP for a long time, and then the user clicking the clipboard control (e.g., the paste option) may trigger the clipboard to be read, i.e., trigger the process (4), thereby triggering decryption. Through the process (4), the clipboard module can decrypt the ciphertext data in the clipboard into plaintext data and return the plaintext data to the front-end display. Therefore, in the electronic equipment bound with the same user account, the ciphertext data in the clipboard can be decrypted and displayed only for the situation that the user actively requests to read the clipboard. Thus, privacy protection of clipboard data can be achieved across devices. That is, the privacy of the clipboard data can be protected while the clipboard data is shared.

(5) The tablet 110 encrypts the decrypted content (e.g., the first data) again and writes it to the clipboard. Referring to fig. 11, in the plate 110, the process (5) may include:

and S1101, after the second APP displays the first data, returning a successful display result to the clipboard module.

Illustratively, taking the example that the second APP is the chat APP shown in fig. 9B (c), and the first data is text "13511111111" in the text entry box shown in fig. 9B (c), the chat APP is displaying text "13511111111", a result of 1 may be returned to the clipboard module for indicating successful display of text "13511111111".

S1102, the clipboard module requests encryption of the first data in response to receiving a result of the display success.

The main difference between the process (5) and the process (2) is that: in the process (2), a request for copying the first data is sent to the clipboard module by the first APP in response to a first operation of the first data by a user, thereby triggering encryption of the first data. And in the process (5), after the second APP displays the first data, a display result is returned to the clipboard module to trigger the encryption of the first data. Therefore, after the data in the clipboard is decrypted and displayed at the front end (such as a second APP), the decrypted data can be timely triggered to be encrypted again, so that the security of the clipboard data is further improved.

As shown in fig. 11, the flow (5) further includes implementation principles and procedures of S1103-1109 and S1103-S1109, which are similar to those of S703-S709 in the flow (2), and specific reference may be made to the descriptions of S703-S709 in the flow (2), and will not be repeated herein. The only difference is that flow (5) is implemented in tablet 110 and flow (2) is implemented in handset 100.

Similarly, after storing the second data to the clipboard of the second device, the tablet 110 may also display a second identification (which may also be referred to as a third hint information) that the data has been encrypted and stored in the clipboard.

After the second APP successfully displays the decrypted first data, the first data may be encrypted again by adopting the above procedure (5), so that the data temporarily stored in the clipboard is restored to the encrypted state again. Thereby being beneficial to privacy protection of clipboard data.

The above-described flow (4) and flow (5) are mainly described with respect to a cross-device scenario. In practice, after encrypting and temporarily storing the plaintext data in any device (such as the mobile phone 100) in the clipboard module, the plaintext data in the clipboard can be decrypted to obtain the plaintext data in the device (such as the mobile phone 100) only in response to the second operation of the user, and then displayed in the front end. That is, within a single electronic device, the clipboard's data is decrypted and displayed, also only if the user actively requests to read the clipboard. Thus, privacy protection of clipboard data can be achieved in a single device.

Because the privacy preserving system includes the electronic device, such as the mobile phone 100, the tablet 110, etc., with the software structure shown in fig. 3, the privacy preserving system may perform the method of the embodiments of the present application. In the following embodiments, the method of the embodiments of the present application will be described with the mobile phone 100 and the tablet 110 in the privacy protection system shown in fig. 2 (a) as the execution subject.

Referring to fig. 12, the method of the embodiment of the present application may include:

s1201, the handset 100 and the tablet 110 establish a trusted link.

In some embodiments, after the trusted link is established, the handset 100 and the tablet 110 may also negotiate a shared key for data synchronization.

It should be noted that after the trusted link is established, the handset 100 and tablet 110 may complete clipboard data synchronization multiple times based on the trusted link. That is, there is no need to establish a trusted link before each data sync.

S1202, the mobile phone 100 receives a first operation of the user on the first data, where the first operation is used to trigger the mobile phone 100 to copy or cut the first data. Wherein the first data is plaintext data.

For example, the first operation may be an operation in which the user clicks a copy or cut option after selecting the first data. For another example, the first operation may be an operation in which the user presses a "Ctrl" + "c" or "Ctrl" + "x" combination key after selecting the first data.

S1203, in response to the first operation, the mobile phone 100 generates an encryption key according to the user account of the mobile phone 100 and a preset encryption algorithm.

For example, if the preset encryption algorithm is the HASH algorithm and the user account is 12345678, the encryption key may be the HASH value of 12345678.

S1204, the mobile phone 100 encrypts the first data by using the encryption key to obtain second data, and stores the second data in the clipboard. Wherein the second data is ciphertext data.

In the embodiment of the application, the plaintext data is encrypted and then stored in the clipboard, and then the APP can only read the ciphertext data when actively reading the clipboard during starting or running. Thus, the privacy of the user in the clipboard data can be protected.

S1205, the mobile phone 100 synchronizes the second data in the clipboard of the mobile phone 100 to the tablet 110 based on the trusted link.

S1206, the tablet 110 receives a second operation from the user, the second operation being for triggering the tablet 110 to read the clipboard.

For example, the second operation may be an operation in which the user clicks the paste option after pressing the text input box long. For another example, the second operation may be an operation in which the user presses the "Ctrl" + "v" combination key after activating the text input box.

S1207, the tablet 110 generates a decryption key according to the user account of the tablet 110 and a preset encryption algorithm in response to the second operation. Wherein the decryption key is the same as the encryption key.

The user account of the tablet 110 is the same as the user account of the mobile phone 100, and the same preset encryption algorithm is adopted, the decryption key generated by the tablet 110 is the same as the encryption key generated by the mobile phone 100.

S1208, the flat panel 110 decrypts the second data by using the decryption key to obtain the first data.

In the embodiment of the present application, the decryption key and the encryption key are the same, and then the tablet 110 may successfully decrypt the ciphertext data in the clipboard. Thus, the ciphertext data in the clipboard can be used across devices.

S1209, the tablet 110 displays the first data in the text input box of the current interface.

In some embodiments, after displaying the first data, further comprising:

s1210, the tablet 110 encrypts the first data by using the decryption key to obtain second data, and stores the second data in the clipboard.

In this embodiment, after displaying the decrypted plaintext data, the tablet 110 may encrypt and store the decrypted plaintext data in the clipboard again in time, so as to avoid privacy disclosure after decryption. Thereby the safety of clipboard data can be further improved.

Further embodiments of the present application provide an electronic device, which may be the first device (such as the mobile phone 100) in the foregoing embodiments. The electronic device may include: the display screen (e.g., touch screen), memory, and one or more processors. The display, memory, and processor are coupled. The memory is for storing computer program code, the computer program code comprising computer instructions. The electronic device, when executing computer instructions, can perform the various functions or steps performed by the first device in the method embodiments described above.

Further embodiments of the present application provide an electronic device that may be the second device (e.g., the tablet 110) of the above embodiments. The electronic device may include: the display screen (e.g., touch screen), memory, and one or more processors. The display, memory, and processor are coupled. The memory is for storing computer program code, the computer program code comprising computer instructions. The electronic device, when executing the computer instructions, may perform the functions or steps performed by the second device in the method embodiments described above.

Embodiments of the present application also provide a chip system, as shown in fig. 13, the chip system 1300 includes at least one processor 1301 and at least one interface circuit 1302. The processor 1301 and the interface circuit 1302 may be interconnected by wires. For example, interface circuit 1302 may be used to receive signals from other devices (e.g., a memory of an electronic apparatus). For another example, interface circuit 1302 may be used to send signals to other devices (e.g., processor 1301). Illustratively, the interface circuit 1302 may read instructions stored in the memory and send the instructions to the processor 1301. The instructions, when executed by processor 1301, may cause an electronic device to perform the various steps of the embodiments described above. Of course, the chip system may also include other discrete devices, which are not specifically limited in this embodiment of the present application.

The present application also provides a computer storage medium, where the computer storage medium includes computer instructions, where the computer instructions, when executed on the first device (such as the mobile phone 100) described above, cause the first device to perform the functions or steps performed by the first device in the method embodiment described above. Alternatively, the computer instructions, when executed on the second device (e.g., tablet 110) described above, cause the second device to perform the functions or steps performed by the second device in the method embodiments described above.

The embodiments of the present application also provide a computer program product, which when executed on a computer, causes the computer to perform the functions or steps performed by the first device in the method embodiments described above, or causes the computer to perform the functions or steps performed by the second device in the method embodiments described above.

It will be apparent to those skilled in the art from this description that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.

In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and the parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The foregoing is merely a specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (16)

1. A method of privacy protection of clipboard data for use in a system comprising a first device and a second device, the method comprising:

the first device receives a first operation of a user on first data; wherein the first operation comprises a copy operation or a cut operation;

the first device responds to the first operation and displays first prompt information; wherein the first hint information hint is encrypted;

the first device synchronizing second data to a clipboard of the second device; wherein the second data is obtained by encrypting the first data by the first device;

the second equipment receives a pasting operation of a user;

the second device responds to the pasting operation and displays second prompt information; wherein the second hint information hint is decrypted;

the second device displays the first data; wherein the first data is obtained by decrypting the second data by the second device.

2. The method of claim 1, wherein after the second device displays the first data, the method further comprises:

the second device encrypts the first data to obtain the second data;

The second device stores the second data to a clipboard of the second device and displays third prompt information; wherein the third hint information hint is encrypted.

3. The method of claim 1 or 2, wherein the first device and the second device bind the same user account;

the first device encrypts the first data to obtain the second data, which includes:

the first device encrypts the first data by using a first key to obtain the second data; the first key is generated by the first device according to a preset encryption algorithm and the user account;

wherein the second device decrypts the second data to obtain the first data, including:

the second device decrypts the second data by using a second key to obtain the first data; the second key is generated by the second device according to the preset encryption algorithm and the user account.

4. A method according to claim 3, wherein the algorithm for encrypting the first data is a symmetric encryption algorithm and the algorithm for decrypting the second data is an inverse of the symmetric encryption algorithm.

5. The method according to claim 3 or 4, wherein the first device generating the first key according to a preset encryption algorithm and the user account comprises:

a first clipboard module of the first device, responsive to the first operation, sending a first request to a first encryption engine of the first device; wherein the first request includes the first data;

the first encryption engine sending a second request to a first key management module of the first device in response to receiving the first request;

the first key management module responds to the second request, obtains the user account bound by the first device, and generates a first key according to a preset encryption algorithm and the user account bound by the first device;

the first key management module sends the first key to the first encryption engine;

wherein encrypting the first data using a first key to obtain the second data includes:

the first encryption engine encrypts the first data with the first key in response to receiving the first key to obtain the second data.

6. The method according to claim 3 or 4, wherein the second device generating the second key according to the preset encryption algorithm and the user account comprises:

a second clipboard module of the second device sends a third request to a second encryption engine of the second device in response to the paste operation; wherein the third request includes the second data;

the second encryption engine sending a fourth request to a second key management module of the second device in response to receiving the third request;

the second key management module responds to the fourth request, obtains the user account bound by the second equipment, and generates a second key according to a preset encryption algorithm and the user account bound by the second equipment;

the second key management module sends the second key to the second encryption engine;

wherein decrypting the second data using a second key to obtain the first data comprises:

the second encryption engine decrypts the second data with the second key in response to receiving the second key, resulting in the first data.

7. The method according to any one of claims 1-6, further comprising:

after the first device and the second device bind the same user account, the first device and the second device establish a trust relationship; wherein the trust relationship comprises: the second device is a trusted device of the first device and/or the first device is a trusted device of the second device;

wherein the first device synchronizes the second data to a clipboard of the second device, comprising:

if the second device is a trusted device of the first device, the first device synchronizes the second data to a clipboard of the second device.

8. The method of any of claims 1-7, wherein the first device synchronizing the second data to a clipboard of the second device comprises:

the first device synchronizing the second data to a clipboard of the second device based on a data transfer protocol; wherein the data transmission protocol comprises: a bump OneHop, near field communication NFC, or high bandwidth digital content protection technology HDCP.

9. The method of any of claims 1-8, wherein the second device receives a paste operation from a user, comprising:

Receiving a paste operation of a user by the second device under the condition that the text input box is activated by the second device;

wherein the second device displays the first data, comprising:

the second device displays the first data in the text entry box.

10. A method for protecting privacy of cut-out data, applied to a first device, comprising:

the first device receives a first operation of a user on first data; wherein the first operation comprises a copy operation or a cut operation;

the first device responds to the first operation and displays first prompt information; wherein the first hint information hint is encrypted;

if the second device is a trusted device of the first device, the first device synchronizes the second data into a clipboard of the second device; wherein the second data is obtained by encrypting the first data.

11. A method of privacy protection of cut-off data, applied to a second device, comprising:

the second device storing second data in the first clipboard; wherein the first clipboard is a clipboard of the second device and the second data is ciphertext data;

The second equipment receives a pasting operation of a user;

the second device responds to the pasting operation and displays second prompt information; the second prompt message is used for prompting that decryption is performed;

the second device displays the first data; wherein the first data is obtained by decrypting the second data by the second device.

12. An electronic device, comprising: a touch screen, a memory, and one or more processors, the memory coupled with the processors; wherein the memory has stored therein computer program code comprising computer instructions which, when executed by the processor, cause the electronic device to perform the steps performed by a first device of the methods of any of claims 1-9 or cause the electronic device to perform the method of claim 10.

13. An electronic device, comprising: a touch screen, a memory, and one or more processors, the memory coupled with the processors; wherein the memory has stored therein computer program code comprising computer instructions which, when executed by the processor, cause the electronic device to perform the steps performed by the second device of the method of any of claims 1-9 or cause the electronic device to perform the method of claim 11.

14. A privacy protection system for clipboard data, the system comprising the electronic device of claim 12 and the electronic device of claim 13.

15. A computer readable storage medium comprising computer instructions which, when run on an electronic device, cause the electronic device to perform the method of any of claims 1-11.

16. A computer program product, characterized in that the computer program product, when run on a computer, causes the computer to perform the method according to any of claims 1-11.

Images