RU2023102888A - METHOD FOR PROCESSING A FILE STORED IN EXTERNAL MEMORY - Google Patents

Claims (80)

1. A method for storing ciphertext containing: displaying the external memory encryption configuration interface; receiving a first operation that is performed by the user in the encryption setting interface; encrypting a file in external memory in response to the first operation; receiving a second user operation; displaying the factory reset setting interface in response to the second operation; receiving a third operation that is performed by the user in the factory settings interface; performing a factory reset in response to the third operation; displaying the account verification interface; receiving verification information that is entered by the user in the account verification interface; And when the verification information is verified and, when an operation is received in which the user accesses a file in the external memory, decrypting the file encrypted in the external memory. 2. The method according to claim 1, in which the method additionally contains: receiving a fourth operation that is performed by the user in the encryption setting interface; encrypting the file in external memory in response to the fourth operation; receiving a fifth user operation; displaying the reset setting user interface in response to the fifth operation; receiving a sixth operation that is performed by the user in the user reset settings interface; performing a user reset in response to the sixth operation; display the lock screen password verification interface; receiving the lock screen password that is entered by the user in the lock screen password interface; And when the lock screen password is verified and, when an operation is received in which the user accesses a file in the external memory, decrypting the file encrypted in the external memory. 3. The method according to claim 1, in which receiving the first operation that is performed by the user in the encryption setup interface contains: receiving an encryption instruction, wherein the encryption instruction instructs to encrypt a file in the external memory; And the method additionally contains: obtaining the first account identifier's own value based on the encryption instruction; encrypting a first key using the first account ID's own value to generate a first ciphertext, the first key being used to encrypt a second key, and the second key being used to encrypt a first file in the external memory; encrypting the eigenvalue of the first account identifier to generate a second ciphertext; And storing the first ciphertext and the second ciphertext in an indelible partition, where the encryption of the first key using the first account ID's own value contains: calling a key management module to encrypt the first key using the first account ID's own value; And The encryption of the first account ID's own value contains: calling a key management module to encrypt the first account ID's own value; where storing the first ciphertext and the second ciphertext in the non-erasable section contains: calling the trusted execution environment application programming interface to store the first ciphertext and the second ciphertext in an indelible section. 4. The method according to claim 3, in which the method additionally contains: obtaining pointer information for account switching; checking the first account ID based on the index information; obtaining its own value of the second account identifier after checking the first account identifier; And updating the first ciphertext and the second ciphertext based on the second account ID's own value. 5. The method according to claim 3, in which, before decrypting the encrypted file in the external memory, the method additionally contains: checking the first account ID based on the verification information after the factory reset is completed; And when the first account ID is successfully verified, decrypt the first ciphertext and the second ciphertext to generate the first key, where the verification of the first account ID based on the verification information contains: checking the first account ID based on the verification information when the factory reset protection FRP state is initiated. 6. The method according to claim 5, in which the method additionally contains: encrypting the first key using empty authentication to generate a third ciphertext; encrypt empty authentication to generate a fourth ciphertext; And storing the third ciphertext and the fourth ciphertext in an indelible section. 7. The method according to claim 6, in which the method additionally contains: copying the third ciphertext and the fourth ciphertext from the non-erasable section to the erasable section; generating a first key based on the third ciphertext and the fourth ciphertext in the erased section; And decryption based on the first key of the first file encrypted in external memory. 8. The method of claim 3, wherein performing a factory reset in response to the third operation comprises: receiving a factory reset instruction, which is initiated by the third operation in the factory reset setting interface; And formatting data in an erasable partition based on the factory reset instructions. 9. The method of claim 3, wherein the first key is further used to encrypt a third key, and the third key is used to encrypt a second file that is encrypted in the external memory. 10. The method according to claim 3, in which the method additionally contains: getting your own lock screen password based on the encryption instruction; encrypting the first key using the lock screen's own password value to generate a fifth ciphertext; encrypting your own lock screen password to generate a sixth ciphertext; And storing the fifth ciphertext and the sixth ciphertext in the erasable partition, where the first key encryption using the lock screen's own password value contains: calling the key management module to encrypt the first key using its own lock screen password value; And Encrypting your own lock screen password contains: Calling the key management module to encrypt your own lock screen password value. 11. The method according to claim 10, in which the method additionally contains: receiving a user reset instruction that is initiated by the configuration interface; And Backs up the fifth ciphertext and the sixth ciphertext to a non-erasable partition based on a user reset instruction. 12. The method of claim 11, wherein backing up the fifth ciphertext and the sixth ciphertext to an indelible partition based on the user reset instruction comprises: decrypting the first key from the fifth ciphertext and the sixth ciphertext based on the user reset instruction; encrypting the first key using empty authentication to generate a seventh ciphertext; encrypt empty authentication to generate the eighth ciphertext; And storing the seventh ciphertext and the eighth ciphertext in an indelible section. 13. The method according to claim 12, in which the method additionally contains: copying the seventh ciphertext and the eighth ciphertext from the non-erasable partition to the erasable partition after the user reset is completed; decrypting a first key from the seventh ciphertext and the eighth ciphertext in the erased section; And decryption based on the first key of the first file encrypted in external memory. 14. A chip comprising a processor, wherein when the processor executes instructions, the processor executes the method of claim 1. 15. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the processor may execute the method of claim 1.