WO2022042273A1 - 密钥使用方法及相关产品 - Google Patents
密钥使用方法及相关产品 Download PDFInfo
- Publication number
- WO2022042273A1 WO2022042273A1 PCT/CN2021/111406 CN2021111406W WO2022042273A1 WO 2022042273 A1 WO2022042273 A1 WO 2022042273A1 CN 2021111406 W CN2021111406 W CN 2021111406W WO 2022042273 A1 WO2022042273 A1 WO 2022042273A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- request
- terminal
- module
- escrow
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Definitions
- the present application relates to the technical field of terminals, and in particular, to a method for using a key and related products.
- terminals such as mobile phones, tablet computers, and smart wearable devices have been popularized.
- the terminal's data encryption, data integrity protection, identity authentication and other operations ensure the security and reliability through the key.
- the complete life cycle of a key includes key generation, storage, use, transmission, and destruction. There is a risk of leakage at every stage.
- the present application provides a key usage method and related products.
- an embodiment of the present application provides a method for using a key, including:
- the first device sends a key use request to a second device, the second device includes a secure hardware environment;
- the first device receives the key use result sent by the second device, and the key use result is that the second device uses the key in the key use request according to the key in the secure hardware environment to be processed. data is processed.
- the key does not need to be stored in the first device that does not have a secure hardware environment, nor does the first device need to use the key to process the data to be processed.
- the key stored in the first device that does not have a secure hardware environment can be prevented from being cracked, and the complexity of the key is not limited by the computing capability of the first device, so that the first device can support more types, more complex keys.
- the first device may be a device without a secure hardware environment.
- the first device may also be referred to as a thin device, and the second device may be referred to as a rich device.
- the method before the first device sends a key use request to the second device, the method further includes:
- the first device obtains the connection status between one or more second devices in the device list and the first device;
- the first device according to the connection status between the one or more second devices and the first device, selects the first device for processing the key use request from the one or more second devices.
- Equipment
- the sending of the key use request by the first device to the second device includes:
- the first device sends the key usage request to the second device for processing the key usage request.
- the first device can select the second device with the best connection state from the plurality of second devices, so that the key in the second device can be used to process the data to be processed more quickly and efficiently.
- the method before the first device sends a key use request to the second device, the method further includes:
- the first device sends a key escrow request to the second device, where the key escrow request includes the key, and the key escrow request is used to request the second device to save the key.
- the key escrow request further includes an index of the key, and the key escrow is further used to request the second device to save the index of the key; the key use request include the index of the key and the data to be processed.
- the first device can escrow the key to the second device after generating the key.
- the second device stores the key in a secure hardware environment, so that the storage security of the key can be ensured.
- the embodiments of the present application provide another method for using keys, including:
- the second device receives the key use request sent by the first device, and the second device includes a secure hardware environment
- the second device uses the key in the secure hardware environment to process the data to be processed in the key use request to obtain a key use result;
- the second device sends the key usage result to the first device.
- the key does not need to be stored in the first device that does not have a secure hardware environment, nor does the first device need to use the key to process the data to be processed.
- the key stored in the first device that does not have a secure hardware environment can be prevented from being cracked, and the complexity of the key is not limited by the computing capability of the first device, so that the first device can support more types, more complex keys.
- the method before the second device receives the key use request sent by the first device, the method further includes:
- the second device receives a key escrow request from the first device, the key escrow request including the key;
- the second device stores the key to the secure hardware environment.
- the first device can escrow the key to the second device after generating the key.
- the second device stores the key in a secure hardware environment, so that the storage security of the key can be ensured.
- the key escrow request further includes an index of the key; the method further includes: the second device storing the index of the key to the secure hardware environment;
- the key usage request includes an index of the key and the data to be processed.
- the second device can find the key to be used according to the index of the key in the key use request, thereby helping to improve the accurate and efficient response to the key use request of the first device.
- the present application provides an electronic device including a memory, one or more processors, and a plurality of application programs. One or more programs are stored therein, and when the one or more processors run the one or more programs, the terminal executes the processing method of the application program in any possible implementation manner of the first aspect.
- an embodiment of the present application provides a computer storage medium, including computer instructions, when the computer instructions are run on a terminal, the terminal executes the processing method of the application program in any possible implementation manner of the first aspect above .
- an embodiment of the present application provides a computer program product, when the computer program product runs on a terminal, the terminal executes the processing method of the application program in any possible implementation manner of the first aspect.
- FIG. 1 is a schematic diagram of a network architecture according to an embodiment of the present application.
- FIG. 2 is a schematic structural diagram of a terminal provided by an embodiment of the present application.
- FIG. 3 is a block diagram of a software structure of a terminal provided by an embodiment of the present application.
- FIG. 4A is a schematic flowchart of a method for using a key according to an embodiment of the present application.
- 4B is a schematic flowchart of another method for using a key according to an embodiment of the present application.
- FIG. 5 is a schematic flowchart of a key storage method according to an embodiment of the present application.
- FIG. 6 is a schematic diagram of a module of a first device and a second device according to an embodiment of the application;
- FIG. 7 is another schematic flowchart of a key storage method according to an embodiment of the present application.
- FIG. 8 is another schematic flowchart of a method for using a key according to an embodiment of the present application.
- first and second are only used for descriptive purposes, and should not be construed as implying or implying relative importance or implying the number of indicated technical features. Therefore, the features defined as “first” and “second” may explicitly or implicitly include one or more of the features. In the description of the embodiments of the present application, unless otherwise specified, the “multiple” The meaning is two or more.
- FIG. 1 is a network architecture diagram provided by an embodiment of the present application.
- the network architecture 100 includes a first device 10 and a second device 20 .
- a first device 10 may communicate with one or more second devices 20 .
- the communication mode between the first device 10 and the second device 20 may be wireless communication or wired communication.
- Both the first device 10 and the second device 20 are electronic devices.
- the first device 10 may be, for example, a terminal.
- the second device 20 may be, for example, a server or a terminal.
- the first device 10 does not include a secure hardware environment, and the second device 20 includes a secure hardware environment.
- Terminals may include, but are not limited to, personal computers, smart phones, smart wearable devices, tablet computers, personal digital assistants, Bluetooth speakers, Bluetooth headsets, smart home appliances, and the like.
- FIG. 2 shows a schematic structural diagram of a terminal.
- the terminal may be the first device or the second device.
- the terminal shown in FIG. 2 is only an example, and the terminal may have more or less components than those shown in FIG. 2, may combine two or more components, or may have different Parts configuration.
- the various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
- the terminal may include: a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, Mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone jack 170D, sensor module 180, buttons 190, motor 191, indicator 192, camera 193, display screen 194, and user Identity module (subscriber identification module, SIM) card interface 195 and so on.
- SIM subscriber identification module
- the sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, and ambient light. Sensor 180L, bone conduction sensor 180M, etc.
- the terminal may include more or less components than those shown in the drawings, or combine some components, or separate some components, or arrange different components.
- the illustrated components may be implemented in hardware, software, or a combination of software and hardware.
- the processor 110 may include one or more processing units, for example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, memory, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (NPU) Wait. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.
- application processor application processor, AP
- modem processor graphics processor
- graphics processor graphics processor
- ISP image signal processor
- controller memory
- video codec digital signal processor
- DSP digital signal processor
- NPU neural-network processing unit
- the controller can be the nerve center and command center of the terminal.
- the controller can generate an operation control signal according to the instruction operation code and timing signal, and complete the control of fetching and executing instructions.
- a memory may also be provided in the processor 110 for storing instructions and data.
- the memory in processor 110 is cache memory. This memory may hold instructions or data that have just been used or recycled by the processor 110 . If the processor 110 needs to use the instruction or data again, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby increasing the efficiency of the system.
- the processor 110 may include one or more interfaces.
- the interface may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous transceiver (universal asynchronous transmitter) receiver/transmitter, UART) interface, mobile industry processor interface (MIPI), general-purpose input/output (GPIO) interface, subscriber identity module (SIM) interface, and / or universal serial bus (universal serial bus, USB) interface, etc.
- I2C integrated circuit
- I2S integrated circuit built-in audio
- PCM pulse code modulation
- PCM pulse code modulation
- UART universal asynchronous transceiver
- MIPI mobile industry processor interface
- GPIO general-purpose input/output
- SIM subscriber identity module
- USB universal serial bus
- the I2C interface is a bidirectional synchronous serial bus that includes a serial data line (SDA) and a serial clock line (SCL).
- the processor 110 may contain multiple sets of I2C buses.
- the processor 110 can be respectively coupled to the touch sensor 180K, the charger, the flash, the camera 193 and the like through different I2C bus interfaces.
- the processor 110 may couple the touch sensor 180K through the I2C interface, so that the processor 110 and the touch sensor 180K communicate with each other through the I2C bus interface, so as to realize the touch function of the terminal.
- the I2S interface can be used for audio communication.
- the processor 110 may contain multiple sets of I2S buses.
- the processor 110 may be coupled with the audio module 170 through an I2S bus to implement communication between the processor 110 and the audio module 170 .
- the audio module 170 can transmit audio signals to the wireless communication module 160 through the I2S interface, so as to realize the function of answering calls through a Bluetooth headset.
- the PCM interface can also be used for audio communications, sampling, quantizing and encoding analog signals.
- the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface.
- the audio module 170 can also transmit audio signals to the wireless communication module 160 through the PCM interface, so as to realize the function of answering calls through the Bluetooth headset. Both the I2S interface and the PCM interface can be used for audio communication.
- the UART interface is a universal serial data bus used for asynchronous communication.
- the bus may be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication.
- a UART interface is typically used to connect the processor 110 with the wireless communication module 160 .
- the processor 110 communicates with the Bluetooth module in the wireless communication module 160 through the UART interface to implement the Bluetooth function.
- the audio module 170 can transmit audio signals to the wireless communication module 160 through the UART interface, so as to realize the function of playing music through the Bluetooth headset.
- the MIPI interface can be used to connect the processor 110 with peripheral devices such as the display screen 194 and the camera 193 .
- MIPI interfaces include camera serial interface (CSI), display serial interface (DSI), etc.
- the processor 110 communicates with the camera 193 through a CSI interface to implement the shooting function of the terminal.
- the processor 110 communicates with the display screen 194 through the DSI interface to realize the display function of the terminal.
- the GPIO interface can be configured by software.
- the GPIO interface can be configured as a control signal or as a data signal.
- the GPIO interface may be used to connect the processor 110 with the camera 193, the display screen 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like.
- the GPIO interface can also be configured as I2C interface, I2S interface, UART interface, MIPI interface, etc.
- the USB interface 130 is an interface that conforms to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, and the like.
- the USB interface 130 can be used to connect a charger to charge the terminal, and can also be used to transmit data between the terminal and peripheral devices. It can also be used to connect headphones to play audio through the headphones.
- the interface can also be used to connect other electronic devices, such as AR devices.
- the interface connection relationship between the modules illustrated in the embodiments of the present invention is only a schematic illustration, and does not constitute a limitation on the structure of the terminal.
- the terminal may also adopt different interface connection manners in the foregoing embodiments, or a combination of multiple interface connection manners.
- the charging management module 140 is used to receive charging input from the charger.
- the charger may be a wireless charger or a wired charger.
- the charging management module 140 may receive charging input from the wired charger through the USB interface 130 .
- the charging management module 140 may receive wireless charging input through a wireless charging coil of the terminal. While the charging management module 140 charges the battery 142 , it can also supply power to the electronic device through the power management module 141 .
- the power management module 141 is used for connecting the battery 142 , the charging management module 140 and the processor 110 .
- the power management module 141 receives input from the battery 142 and/or the charging management module 140 and supplies power to the processor 110 , the internal memory 121 , the external memory, the display screen 194 , the camera 193 , and the wireless communication module 160 .
- the power management module 141 can also be used to monitor parameters such as battery capacity, battery cycle times, battery health status (leakage, impedance).
- the power management module 141 may also be provided in the processor 110 .
- the power management module 141 and the charging management module 140 may also be provided in the same device.
- the wireless communication function of the terminal can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modulation and demodulation processor, the baseband processor, and the like.
- Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals.
- Each antenna in the terminal can be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization.
- the antenna 1 can be multiplexed as a diversity antenna of the wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
- the mobile communication module 150 may provide a wireless communication solution including 2G/3G/4G/5G etc. applied on the terminal.
- the mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (LNA) and the like.
- the mobile communication module 150 can receive electromagnetic waves from the antenna 1, filter and amplify the received electromagnetic waves, and transmit them to the modulation and demodulation processor for demodulation.
- the mobile communication module 150 can also amplify the signal modulated by the modulation and demodulation processor, and then turn it into an electromagnetic wave for radiation through the antenna 1 .
- at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110 .
- at least part of the functional modules of the mobile communication module 150 may be provided in the same device as at least part of the modules of the processor 110 .
- the modem processor may include a modulator and a demodulator.
- the modulator is used to modulate the low frequency baseband signal to be sent into a medium and high frequency signal.
- the demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. Then the demodulator transmits the demodulated low-frequency baseband signal to the baseband processor for processing.
- the low frequency baseband signal is processed by the baseband processor and passed to the application processor.
- the application processor outputs sound signals through audio devices (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or videos through the display screen 194 .
- the modem processor may be a stand-alone device.
- the modem processor may be independent of the processor 110, and may be provided in the same device as the mobile communication module 150 or other functional modules.
- the wireless communication module 160 can provide applications on the terminal including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), bluetooth (BT), global navigation satellite system ( global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions.
- WLAN wireless local area networks
- BT wireless fidelity
- GNSS global navigation satellite system
- frequency modulation frequency modulation, FM
- NFC near field communication technology
- infrared technology infrared, IR
- the wireless communication module 160 may be one or more devices integrating at least one communication processing module.
- the wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 .
- the wireless communication module 160 can also receive the signal to be sent from the processor 110 , perform frequency modulation on it, amplify it, and convert it into electromagnetic waves for radiation
- the antenna 1 of the terminal is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the terminal can communicate with the network and other devices through wireless communication technology.
- the wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC , FM, and/or IR technology, etc.
- the GNSS may include a global positioning system (global positioning system, GPS), a global navigation satellite system (GLONASS), a Beidou navigation satellite system (BDS), a quasi-zenith satellite system (quasi -zenith satellite system, QZSS) and/or satellite based augmentation systems (SBAS).
- GPS global positioning system
- GLONASS global navigation satellite system
- BDS Beidou navigation satellite system
- QZSS quasi-zenith satellite system
- SBAS satellite based augmentation systems
- the terminal implements the display function through the GPU, the display screen 194, and the application processor.
- the GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor.
- the GPU is used to perform mathematical and geometric calculations for graphics rendering.
- Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.
- Display screen 194 is used to display images, videos, and the like.
- Display screen 194 includes a display panel.
- the display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode or an active-matrix organic light-emitting diode (active-matrix organic light).
- LED diode AMOLED
- flexible light-emitting diode flexible light-emitting diode (flex light-emitting diode, FLED), Miniled, MicroLed, Micro-oLed, quantum dot light-emitting diode (quantum dot light emitting diodes, QLED) and so on.
- the terminal may include 1 or N display screens 194, where N is a positive integer greater than 1.
- the terminal can realize the shooting function through ISP, camera 193, video codec, GPU, display screen 194 and application processor.
- the ISP is used to process the data fed back by the camera 193 .
- the shutter is opened, the light is transmitted to the camera photosensitive element through the lens, the light signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye.
- ISP can also perform algorithm optimization on image noise, brightness, and skin tone.
- ISP can also optimize the exposure, color temperature and other parameters of the shooting scene.
- the ISP may be provided in the camera 193 .
- Camera 193 is used to capture still images or video.
- the object is projected through the lens to generate an optical image onto the photosensitive element.
- the photosensitive element may be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor.
- CMOS complementary metal-oxide-semiconductor
- the photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal.
- the ISP outputs the digital image signal to the DSP for processing.
- DSP converts digital image signals into standard RGB, YUV and other formats of image signals.
- the terminal may include 1 or N cameras 193 , where N is a positive integer greater than 1.
- a digital signal processor is used to process digital signals, in addition to processing digital image signals, it can also process other digital signals. For example, when the terminal selects a frequency point, the digital signal processor is used to perform Fourier transform on the energy of the frequency point, and so on.
- Video codecs are used to compress or decompress digital video.
- a terminal may support one or more video codecs.
- the terminal can play or record videos in multiple encoding formats, such as: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4 and so on.
- MPEG moving picture experts group
- MPEG2 moving picture experts group
- MPEG3 MPEG4
- MPEG4 moving picture experts group
- the NPU is a neural-network (NN) computing processor.
- NN neural-network
- applications such as intelligent cognition of the terminal can be realized, such as image recognition, face recognition, speech recognition, text understanding, etc.
- the external memory interface 120 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the terminal.
- the external memory card communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example to save files like music, video etc in external memory card.
- Internal memory 121 may be used to store computer executable program code, which includes instructions.
- the processor 110 executes various functional applications and data processing of the terminal by executing the instructions stored in the internal memory 121 .
- the internal memory 121 may include a storage program area and a storage data area.
- the storage program area can store an operating system, an application program required for at least one function (such as a sound playback function, an image playback function, etc.), and the like.
- the storage data area can store data (such as audio data, phone book, etc.) created during the use of the terminal.
- the internal memory 121 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, universal flash storage (UFS), and the like.
- the terminal may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, and an application processor. Such as music playback, recording, etc.
- the audio module 170 is used for converting digital audio information into analog audio signal output, and also for converting analog audio input into digital audio signal. Audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be provided in the processor 110 , or some functional modules of the audio module 170 may be provided in the processor 110 .
- Speaker 170A also referred to as a "speaker" is used to convert audio electrical signals into sound signals.
- the terminal can listen to music through the speaker 170A, or listen to a hands-free call.
- the receiver 170B also referred to as "earpiece" is used to convert audio electrical signals into sound signals.
- the voice can be received by placing the receiver 170B close to the human ear.
- the microphone 170C also called “microphone” or “microphone” is used to convert sound signals into electrical signals.
- the user can make a sound by approaching the microphone 170C through a human mouth, and input the sound signal into the microphone 170C.
- the terminal may be provided with at least one microphone 170C.
- the terminal may be provided with two microphones 170C, which can implement a noise reduction function in addition to collecting sound signals.
- the terminal can also be provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions.
- the earphone jack 170D is used to connect wired earphones.
- the earphone interface 170D can be the USB interface 130, or can be a 3.5mm open mobile terminal platform (OMTP) standard interface, a cellular telecommunications industry association of the USA (CTIA) standard interface.
- OMTP open mobile terminal platform
- CTIA cellular telecommunications industry association of the USA
- the pressure sensor 180A is used to sense pressure signals, and can convert the pressure signals into electrical signals.
- the pressure sensor 180A may be provided on the display screen 194 .
- the capacitive pressure sensor may be comprised of at least two parallel plates of conductive material. When a force is applied to the pressure sensor 180A, the capacitance between the electrodes changes. The terminal determines the intensity of the pressure based on the change in capacitance. When a touch operation acts on the display screen 194, the terminal detects the intensity of the touch operation according to the pressure sensor 180A. The terminal can also calculate the touched position according to the detection signal of the pressure sensor 180A.
- touch operations acting on the same touch position but with different touch operation intensities may correspond to different operation instructions. For example, when a touch operation whose intensity is less than the first pressure threshold acts on the short message application icon, the instruction for viewing the short message is executed. When a touch operation with a touch operation intensity greater than or equal to the first pressure threshold acts on the short message application icon, the instruction to create a new short message is executed.
- the gyroscope sensor 180B can be used to determine the motion attitude of the terminal.
- the angular velocity of the terminal around three axes ie, the x, y and z axes
- the gyro sensor 180B can be used for image stabilization. Exemplarily, when the shutter is pressed, the gyro sensor 180B detects the angle at which the terminal shakes, calculates the distance to be compensated by the lens module according to the angle, and allows the lens to counteract the shake of the terminal through reverse motion to achieve anti-shake.
- the gyro sensor 180B can also be used for navigation and somatosensory game scenarios.
- the air pressure sensor 180C is used to measure air pressure. In some embodiments, the terminal calculates the altitude through the air pressure value measured by the air pressure sensor 180C to assist in positioning and navigation.
- the magnetic sensor 180D includes a Hall sensor.
- the terminal can use the magnetic sensor 180D to detect the opening and closing of the flip holster.
- the terminal when the terminal is a flip machine, the terminal can detect the opening and closing of the flip according to the magnetic sensor 180D. Further, according to the detected opening and closing state of the leather case or the opening and closing state of the flip cover, characteristics such as automatic unlocking of the flip cover are set.
- the acceleration sensor 180E can detect the magnitude of the acceleration of the terminal in various directions (generally three axes).
- the magnitude and direction of gravity can be detected when the terminal is stationary. It can also be used to identify the posture of electronic devices, and can be used in applications such as horizontal and vertical screen switching, pedometers, etc.
- the terminal can measure distance by infrared or laser. In some embodiments, when shooting a scene, the terminal can use the distance sensor 180F to measure the distance to achieve fast focusing.
- Proximity light sensor 180G may include, for example, light emitting diodes (LEDs) and light detectors, such as photodiodes.
- the light emitting diodes may be infrared light emitting diodes.
- the terminal emits infrared light outward through light-emitting diodes.
- the terminal uses photodiodes to detect infrared reflected light from nearby objects. When sufficient reflected light is detected, it can be determined that there is an object near the terminal. When insufficient reflected light is detected, the terminal can determine that there is no object near the terminal.
- the terminal can use the proximity light sensor 180G to detect the user holding the terminal close to the ear to talk, so as to automatically turn off the screen to save power.
- Proximity light sensor 180G can also be used in holster mode, pocket mode automatically unlocks and locks the screen.
- the ambient light sensor 180L is used to sense ambient light brightness.
- the terminal can adaptively adjust the brightness of the display screen 194 according to the perceived ambient light brightness.
- the ambient light sensor 180L can also be used to automatically adjust the white balance when taking pictures.
- the ambient light sensor 180L can also cooperate with the proximity light sensor 180G to detect whether the terminal is in the pocket to prevent accidental touch.
- the fingerprint sensor 180H is used to collect fingerprints.
- the terminal can use the collected fingerprint characteristics to unlock the fingerprint, access the application lock, take a picture with the fingerprint, answer the incoming call with the fingerprint, etc.
- the temperature sensor 180J is used to detect the temperature.
- the terminal uses the temperature detected by the temperature sensor 180J to execute the temperature processing strategy. For example, when the temperature reported by the temperature sensor 180J exceeds a threshold value, the terminal executes to reduce the performance of the processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection.
- the terminal when the temperature is lower than another threshold, the terminal heats the battery 142 to avoid abnormal shutdown of the terminal due to low temperature.
- the terminal when the temperature is lower than another threshold, the terminal performs boosting on the output voltage of the battery 142 to avoid abnormal shutdown caused by low temperature.
- Touch sensor 180K also called “touch panel”.
- the touch sensor 180K may be disposed on the display screen 194 , and the touch sensor 180K and the display screen 194 form a touch screen, also called a “touch screen”.
- the touch sensor 180K is used to detect a touch operation on or near it.
- the touch sensor can pass the detected touch operation to the application processor to determine the type of touch event.
- Visual output related to touch operations may be provided through display screen 194 .
- the touch sensor 180K may also be disposed on the surface of the terminal, which is different from the location where the display screen 194 is located.
- the bone conduction sensor 180M can acquire vibration signals.
- the bone conduction sensor 180M can acquire the vibration signal of the vibrating bone mass of the human voice.
- the bone conduction sensor 180M can also contact the pulse of the human body and receive the blood pressure beating signal.
- the bone conduction sensor 180M can also be disposed in the earphone, combined with the bone conduction earphone.
- the audio module 170 can analyze the voice signal based on the vibration signal of the voice vibration bone block obtained by the bone conduction sensor 180M, and realize the voice function.
- the application processor can analyze the heart rate information based on the blood pressure beat signal obtained by the bone conduction sensor 180M, and realize the function of heart rate detection.
- the keys 190 include a power-on key, a volume key, and the like. Keys 190 may be mechanical keys. It can also be a touch key.
- the terminal can receive key input and generate key signal input related to user settings and function control of the terminal.
- Motor 191 can generate vibrating cues.
- the motor 191 can be used for vibrating alerts for incoming calls, and can also be used for touch vibration feedback.
- touch operations acting on different applications can correspond to different vibration feedback effects.
- the motor 191 can also correspond to different vibration feedback effects for touch operations on different areas of the display screen 194 .
- Different application scenarios for example: time reminder, receiving information, alarm clock, games, etc.
- the touch vibration feedback effect can also support customization.
- the indicator 192 can be an indicator light, which can be used to indicate the charging state, the change of the power, and can also be used to indicate a message, a missed call, a notification, and the like.
- the SIM card interface 195 is used to connect a SIM card.
- the SIM card can be inserted into the SIM card interface 195 or pulled out from the SIM card interface 195 to achieve contact and separation with the terminal.
- the terminal can support 1 or N SIM card interfaces, where N is a positive integer greater than 1.
- the SIM card interface 195 can support Nano SIM card, Micro SIM card, SIM card and so on. Multiple cards can be inserted into the same SIM card interface 195 at the same time. The types of the plurality of cards may be the same or different.
- the SIM card interface 195 can also be compatible with different types of SIM cards.
- the SIM card interface 195 is also compatible with external memory cards.
- the terminal interacts with the network through the SIM card to realize functions such as call and data communication.
- the terminal employs an eSIM, ie an embedded SIM card.
- the eSIM card can be embedded in the terminal and cannot be separated from the terminal.
- the software system of the terminal may adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture.
- the embodiments of the present invention take an Android system with a layered architecture as an example to exemplarily describe the software structure of the terminal.
- FIG. 3 is a block diagram of a software structure of a terminal according to an embodiment of the present invention.
- the layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate with each other through software interfaces.
- the Android system is divided into four layers, which are, from top to bottom, an application layer, an application framework layer, an Android runtime (Android runtime) and a system library, and a kernel layer.
- the application layer can include a series of application packages.
- the application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer.
- the application framework layer includes some predefined functions.
- the application framework layer may include window managers, content providers, view systems, telephony managers, resource managers, notification managers, and the like.
- a window manager is used to manage window programs.
- the window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, take screenshots, etc.
- Content providers are used to store and retrieve data and make these data accessible to applications.
- the data may include video, images, audio, calls made and received, browsing history and bookmarks, phone book, etc.
- the view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. View systems can be used to build applications.
- a display interface can consist of one or more views.
- the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.
- the phone manager is used to provide the communication function of the terminal. For example, the management of call status (including connecting, hanging up, etc.).
- the resource manager provides various resources for the application, such as localization strings, icons, pictures, layout files, video files and so on.
- the notification manager enables applications to display notification information in the status bar, which can be used to convey notification-type messages, and can disappear automatically after a brief pause without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc.
- the notification manager can also display notifications in the status bar at the top of the system in the form of graphs or scroll bar text, such as notifications of applications running in the background, and notifications on the screen in the form of dialog windows. For example, text information is prompted in the status bar, a prompt sound is issued, the electronic device vibrates, and the indicator light flashes.
- Android Runtime includes core libraries and a virtual machine. Android runtime is responsible for scheduling and management of the Android system.
- the core library consists of two parts: one is the function functions that the java language needs to call, and the other is the core library of Android.
- the application layer and the application framework layer run in the Android Virtual Machine (DALVIK).
- the Android virtual machine executes the java files of the application layer and the application framework layer as binary files.
- the Android virtual machine is used to perform functions such as object life cycle management, stack management, thread management, security and exception management, and garbage collection.
- a system library can include multiple functional modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc.
- surface manager surface manager
- media library Media Libraries
- 3D graphics processing library eg: OpenGL ES
- 2D graphics engine eg: SGL
- the Surface Manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
- the media library supports playback and recording of a variety of commonly used audio and video formats, as well as still image files.
- the media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
- the 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing.
- 2D graphics engine is a drawing engine for 2D drawing.
- the kernel layer is the layer between hardware and software.
- the kernel layer contains at least display drivers, camera drivers, audio drivers, and sensor drivers.
- key management schemes include key local management schemes and key management schemes relying on cloud interaction.
- the root key is composed of key components.
- the protection of the root key relies on hardcoding the key components during key storage.
- Key components are stored decentralized in local storage. When using a key, first recover the key through the key component, and then use the key to encrypt the data that needs to be encrypted.
- hard-coding the key components cannot prevent decompilation. After an illegal user decompiles the password, the key components and their assembly methods can be obtained, so that the key can be cracked.
- the terminal can store the key in the server in the cloud. This can ensure the security of the key during storage, but the computing power of the terminal device is limited.
- the terminal needs to use the key to perform operations such as encryption and decryption, and the computing power of the terminal is limited. Type is limited.
- An embodiment of the present application provides a key protection scheme, which is based on the network architecture shown in FIG. 1 , and a first device is associated with one or more second devices.
- the first device can be understood as a thin device
- the second device can be understood as a rich device.
- a rich device is a device with a secure hardware environment
- a thin device is a device without a secure hardware environment.
- the first device stores the keys in multiple second devices.
- the first device needs to use the key, for example, when the first device needs to use the key to encrypt the data to be encrypted
- the data to be encrypted can be sent to the second device, and the second device can use the stored key to encrypt the data to be encrypted.
- the encrypted data is sent to the first device.
- the first device can obtain encrypted data from the second device.
- the encryption process is implemented on the second device, so that the complexity of the key is not limited by the computing power of the first device, so that more and more complex key types can be supported.
- the first device may be understood as a thin device
- the second device may be understood as a rich device
- the first device may be a terminal device without a secure hardware environment.
- the first device may be, for example, but not limited to, a smart speaker, a smart home appliance, a mobile phone without a secure hardware environment, a media player, and the like.
- the second device may be, for example, but not limited to, a server, a mobile phone with a secure hardware environment, a personal computer, a tablet computer, and the like.
- the secure hardware environment is a trusted execution environment (trusted execution environment, TEE).
- TEE trusted execution environment
- the second device includes a trusted execution environment (TEE) and a rich execution environment (REE).
- TEE provides a secure environment for trusted applications (TA), and also protects the confidentiality, integrity, and access rights of TA's resources and data.
- An operating system running a terminal in the rich execution environment REE such as an Android system.
- the secure hardware environment is software guard extensions (software guard extensions, SGX).
- SGX is a secure hardware environment on Intel chips.
- the secure hardware environment is a secure domain processor (Secure Enclave Processor, SEP).
- SEP Secure Enclave Processor
- the second device may include a hardware environment running the ios system and the SEP.
- the method for using a key in an embodiment of the present application includes the following steps:
- a first device sends a key use request to a second device, where the second device includes a secure hardware environment;
- the first device is a terminal device on the user side
- the second device may be a terminal device, or a server or a cloud device. Communication between the first device and the second device may be performed through wired or wireless communication.
- the first device sends a key use request to the second device according to the key use request of the service module.
- the key usage request includes pending data.
- the data to be processed can be understood as the object used by the key.
- the key use request may further include at least one of an identifier of the first device, an index of the key, parameters required when using the key, an identifier of a service module, and an operation of using the key.
- the key use operation may be, for example, but not limited to, a request to encrypt or decrypt the data to be processed, a request to generate a certificate or a certificate verification and other key use steps.
- the service module is used to implement the functional service of the first device.
- smart speakers can realize the business function of voiceprint encryption, but smart speakers do not have a secure hardware environment.
- Smart speakers use keys to encrypt voiceprints and save the keys, which may lead to the theft of keys.
- the smart speaker when it needs to use the key to encrypt the voiceprint and save the key, it can send a key use request to the second device after the key is generated, and the key use request includes the pending key use request.
- Processing data which may include voiceprints to be encrypted.
- the second device includes a secure hardware environment, then the voiceprint can be encrypted using a key stored by the second device.
- the key stored in the second device may be sent by the first device to the second device.
- the second device uses the key stored in the secure hardware environment to process the key use request to obtain a key use result.
- the second device processes the data to be processed by using the key stored in the secure environment to obtain the key usage result.
- the second device can use the key stored in the secure environment to encrypt the voiceprint to obtain a key use result, where the key use result includes the encrypted voiceprint.
- the key use result may also include whether the key use result is success or failure, and the key use result may also include other information.
- the key use request may include verification information of the first device
- the second device may process the encrypted data after verifying that the key use request sent by the first device is legal according to the verification information of the first device, Get the key usage result.
- the second device sends the key usage result to the first device.
- the key use result may include data obtained after the key use step is performed on the data to be processed, and may also include result information such as whether the key use step is normally performed.
- the second device can send the key usage result to the first device. For example, after encrypting the voiceprint, the second device sends the obtained voiceprint including the encrypted voiceprint to the first device.
- the first device can obtain the encrypted voiceprint.
- a first device without a secure hardware environment can escrow keys to a second device with a secure hardware environment.
- the first device needs to use the key, it can send a key use request to the second device, where the key use request includes data to be processed, and the data to be processed can be understood as a key use object.
- the second device processes the data to be processed by using the key stored in the secure environment, it obtains the key use result, and sends the key use result to the first device.
- the key does not need to be stored in the first device that does not have a secure hardware environment, nor does the first device need to use the key to process the data to be processed.
- the key stored in the first device that does not have a secure hardware environment can be prevented from being cracked, and the complexity of the key is not limited by the computing capability of the first device, so that the first device can support more types, more complex keys.
- the key usage method may further include steps:
- the first device checks the connection status of one or more second devices in the device list, and selects a second device for processing the key use request from one or more devices in the device list; in step 401 , the first device may send a key use request to the selected second device for processing the key use request.
- the first device stores a device list and an association relationship
- the device list includes an identifier of a second device that has a connection relationship with the first device and stores the key of the first device
- the association relationship includes each second device in the device list and the first device.
- the device list may include the identifier of the second device 1, the identifier of the second device 2, the identifier of the second device 3, the identifier of the second device 4 that are associated with the first device and store the key of the first device logo.
- the association relationship includes: the association relationship between the first device and the second device 1 is a Bluetooth link, the association relationship between the first device and the second device 2 is a Bluetooth link, the association relationship between the first device and the second device 3 is a WiFi connection, and the first device and the second device 3 are associated.
- the association relationship between a device and the second device 4 is a wired connection.
- the first device When acquiring the connection status of one or more second devices in the device list, the first device first determines whether each second device in the device list can be normally connected to the first device according to the connection mode in the stored association relationship. The first device then selects the second device with the best connection state from the second devices that can be normally connected.
- the second device with the optimal connection state may be the second device that responds to the connection first, or may be the second device with the highest security level in connection with the first device.
- the first device selects the second device k according to the above selection method, the first device sends a key use request to the second device k.
- the first device can select the second device with the best connection state from the plurality of second devices, so that the key in the second device can be used to process the data to be processed more quickly and efficiently.
- the first device may escrow the key to the second device prior to using the key. That is, before using the key, the first device may send the key to the second device, which stores the key in a secure hardware environment.
- the method for using a key in this embodiment of the present application may further include a step of escrow key, and the step of escrow key can also be understood as a step of storing the key, as shown in the process shown in FIG. 5 .
- the steps of escrow keys may include:
- the first device generates a key
- the first device generates the key according to the service request of the service module. Specifically, the first device generates the key according to the key parameter input by the service.
- the key parameter may be, for example, the plaintext provided by the service module, and the first device encrypts the plaintext to obtain the key.
- the first device sends a key escrow request to the second device, where the key escrow request includes a key;
- the key is escrowed to the second device by sending a key escrow request to the second device.
- the key escrow request may further include an index of the key, or an index of the escrow key.
- the first device and the second device can determine which key the service module needs to use according to the index of the key.
- the key escrow request may further include the identifier of the first device.
- the second device can identify which first device sent the key according to the key escrow request.
- the key escrow request may further include a service identifier corresponding to the service module.
- the second device can identify the key corresponding to which service module according to the service identifier in the key escrow request.
- the second device stores the received key
- the second device stores the key in a secure hardware environment.
- the second device includes a device list and an association relationship.
- the device list of the second device includes identifiers of multiple first devices, and the identifiers of the first devices in the device list of the second device have a communication connection with the second device and host the second device to store secrets.
- the association relationship stored by the second device includes the connection mode of each first device in the device list and the second device.
- the device list of the second device includes the identifier of the first device 1 , the identifier of the first device 2 , the identifier of the first device 3 , and the identifier of the first device 4 .
- the second device also stores the relationship between the first device 1 and the second device as relation_1, the relationship between the first device 2 and the second device as relation_2, and the relationship between the first device 3 and the second device as relation_3 , the association relationship between the first device 4 and the second device is relation_4.
- the second device adds the identifier of the first device 5 to the device list, and stores The association relationship between the first device 5 and the second device is WiFi connection.
- the first device can escrow the key to the second device after generating the key.
- the second device stores the key in a secure hardware environment, so that the storage security of the key can be ensured.
- the association relationship between the first device and the second device in the key escrow phase is the same as the association relationship between the first device and the second device when the key is used.
- the second device in the key use phase, can determine the communication mode with the first device according to the association relationship in the second device storage device list.
- the step of escrow key may further include:
- the second device sends a hosting completion notification message to the first device.
- the second device after storing the key, notifies the first device that the key has been successfully saved by sending an escrow completion notification message.
- the first device confirms that the escrow of the key has been completed according to the escrow completion notification message.
- both the first device and the second device include a key escrow logic processing module, a local key management module, a device connection module and a device association relationship storage module.
- the key escrow logic processing module is used to interface with the upper-layer business and lower-layer function modules, and is specifically used for key escrow and logical processing of the process during use.
- the local key management module is used to handle key life cycle management related processes such as key generation, key storage, key usage, and key destruction.
- the device connection module includes a device connection state perception sub-module and a connection mode processing module.
- the device connection status awareness submodule is used to perceive the link status of native devices and rich devices in the managed device list.
- the connection mode processing module is used to manage the connection between the connection between the first device and the second device.
- the device association relationship storage module is used to store the device list and the association relationship between each device in the device list and itself.
- the key storage method according to the embodiment of the present application includes the following steps:
- the key escrow logic processing module of the first device UDID_S receives the key escrow request sent by the service module;
- the service module of the first device When the service module of the first device needs to generate and store the key, it sends a key escrow request to the key escrow logic processing module of the first device.
- the escrow request may include a key parameter for generating a key.
- it may be plaintext, so that the local key management module can generate a key according to the plaintext.
- the business module can specify a key index keyAlias, a device list and an association relationship.
- the association relationship can be understood as a communication connection manner between the first device and the second device.
- the business module may specify that the device list includes the second device 1 (UDID_1), the second device 2 (UDID_2), the second device 3 (UDID_3), and the second device 4 (UDID_4), and indicate that the second device 1-second The connection relationship between the device 4 and the first device respectively.
- the device list includes the second device 1 (UDID_1), the second device 2 (UDID_2), the second device 3 (UDID_3), and the second device 4 (UDID_4), and indicate that the second device 1-second The connection relationship between the device 4 and the first device respectively.
- the business module may specify the index keyAlias of the escrow key, and input the specified escrow device list and the corresponding relation ⁇ (UDID_1, relation_1), (UDID_2, relation_2)... ⁇ .
- the key escrow logic processing module of the first device sends a key generation request to the local key management module;
- the key escrow logic processing module of the first device After the key escrow logic processing module of the first device receives the key escrow request from the business module, the key escrow logic processing module of the first device sends a key generation request to the local key management module, where the key generation request includes using The key parameter keyParams used to generate the key.
- the local key management module of the first device generates a key according to the key generation request
- the local key management module of the first device generates the key according to the key parameter keyParams in the key generation request and the key generation algorithm.
- the local key management module of the first device sends the generated key to the key escrow logic processing module of the first device;
- the key escrow logic processing module of the first device sends a key escrow request to the device connection module of the first device and requests to save the key generated by the local key management module to the second device;
- the key escrow logic processing module of the first device After acquiring the key generated by the local key management module, the key escrow logic processing module of the first device initiates a key escrow request to the device connection module of the first device to initiate a key escrow process.
- the key management logic processing module of the first device sends the device list and the association relationship to the association relationship storage module of the first device.
- the association relationship storage module of the first device stores the device list and the association relationship.
- the association relationship storage module of the first device stores keyAlias_UDID_S_ ⁇ (UDID_1, relation_1), (UDID_2, relation_2)... .
- the device connection module of the first device reads the device list and the association relationship stored in the device association relationship storage module, and sends a key escrow request to at least one second device in the device list, where the key escrow request includes the key .
- the device connection module of the first device sends a key escrow request to at least one second device in the device list according to the association relationship to escrow the key.
- the device connection module of the first device sends a key escrow request to UDID_1 through relation_1.
- the key escrow request may further include at least one of an index of the key, an identifier of the first device, and an identifier of a service module.
- the device connection module of the second device receives the key escrow request sent by the device connection module of the first device, and sends the key escrow request to the key escrow logic processing module of the second device;
- the key escrow request is handed over to the key escrow logic processing module of the second device for processing.
- the key escrow logic processing module of the second device sends the key escrow request to the local key management module of the second device.
- the local key management module of the second device receives and saves the key.
- the local key management module of the second device stores the key in the secure hardware environment of the second device.
- the key generated by the first device is managed by the local key management module stored in the second device.
- the key escrow logic processing module of the second device sends the association relationship between the second device and the first device to the device association relationship storage module of the second device.
- the association relationship between the second device and the first device includes a communication connection manner between the second device and the first device.
- step 711 and step 709 may be performed in parallel.
- the key escrow logic processing module of the second device when the key escrow logic processing module of the second device sends the key to the local key management module, it can also send the association between the second device and the first device to the device of the second device. an association relationship storage module, so that the device association relationship storage module stores the association relationship between the first device and the second device.
- the device association relationship storage module of the second device stores the association relationship between the first device and the second device.
- the association relationship between the first device and the second device is a communication connection mode between the first device and the second device.
- the association relationship can be stored in the secure hardware environment of the second device, so that the security of the data related to the key can be comprehensively guaranteed, thereby improving the security of the key.
- the key escrow logic processing module of the second device sends an escrow completion notification to the device connection module of the second device;
- connection management module of the second device sends a hosting completion notification to the device connection module of the first device
- the first device can implement a secure hardware environment for entrusting the generated key to the second device, thereby ensuring the security during the key storage period.
- the device connection module of the first device may send the key completion notification to the key escrow logic processing module of the first device.
- the method for using a key in an embodiment of the present application includes the following steps:
- the key escrow logic processing module of the first device receives a key use request sent by a service module of the first device, where the key use request includes data to be processed.
- the data to be processed can be understood as the data of the key usage object.
- the key use request further includes parameters required for key use.
- the second device can complete the steps of using the key according to the key, the parameters required when the key is used, and the data to be processed.
- the key usage request may further include the index keyAlias of the escrow key.
- the second device that manages the key can determine the key to be used according to the index keyAlias.
- the service module of the first device When the service module of the first device needs to use the key, it sends a key use request to the key escrow logic processing module of the first device. For example, when the service module for voiceprint recognition needs to encrypt the voiceprint, a key usage request may be sent to the key escrow logic processing module of the first device, so as to use the key to encrypt the voiceprint.
- the voiceprint that needs to be encrypted can be understood as the data to be processed, or the data of the key use object, or the parameters required when the key is used.
- the key escrow logic processing module of the first device sends a key use request to the device connection module.
- the key escrow logic processing module sends the key use request sent by the service module to the device connection module of the first device.
- the device connection module of the first device acquires the device list and the association relationship from the association relationship storage module of the first device.
- the association relationship storage module of the first device stores keyAlias_UDID_S_ ⁇ (UDID_1, relation_1), (UDID_2, relation_2) . . . Then the connection module of the first device can obtain the keyAlias_UDID_S_ ⁇ (UDID_1, relation_1), (UDID_2, relation_2)... stored in the association relationship storage module, so as to obtain the device list corresponding to the key stored with the index keyAlias and associations.
- the device connection module of the first device determines a second device for processing the key use request according to the device list and the association relationship.
- connection mode processing unit of the device connection module checks the connection status of one or more second devices in the device list, and selects a second device for processing the key use request from the one or more devices in the device list. equipment.
- the device connection state sensing unit of the device connection module determines the local connection state, and checks whether each second device (UDID_i) in the device list can be connected through the specified connection relationship relation_i (i is 1, 2, 3, 4, ... n, according to the available connection state of each device, select the optimal connection mode relation_k, and the optimal second device UDID_k.
- the optimal connection mode includes but is not limited to the device that responds first, the security level The highest connection method, etc.
- relation_k is one of relation_1, relation_2, relation_3, ..., relation_n.
- the device connection module of the first device sends a key use request to the second device for processing the key use request.
- the key use request includes an index of the key, data to be processed, and parameters required for key use.
- the parameters required when the key is used can be understood as the relevant algorithm parameters when the key is used.
- the device connection module of the second device receives the key use request sent by the first device, and sends the key use request to the key escrow logic processing module of the second device.
- the device connection module of the second device forwards the received key use request to the key escrow logic processing module of the second device.
- the key escrow logic processing module of the second device acquires the stored association relationship from the device association relationship storage module.
- the key logic escrow processing module of the second device may determine the key to be used according to the key use request, and determine the first key corresponding to the key according to the device list and the association relationship stored in the device association relationship storage module. device, and the connection relationship between the second device and the first device.
- the key escrow logic processing module of the second device verifies whether the key use request is reasonable.
- the key escrow logic processing module of the second device verifies whether the first device that sends the key use request has the authority to request the second device to process the key use request.
- the key usage request may include the identity of the first device.
- the key escrow logic module of the second device can verify whether the first device is a device in the device list according to the identifier of the first device, and verify whether the connection mode between the first device and the second device conforms to the stored The association relationship between the first device and the second device. If the first device is a device in the device list, and the connection relationship between the two also conforms to the stored association relationship between the first device and the second device, verify whether the key use request is reasonable.
- the step 808 and the step 807 may be performed in parallel, or the step 808 may be performed first and then the step 807 may be performed, or the step 807 may be performed first and then the step 808 may be performed.
- the key escrow logic processing module of the second device sends the data to be processed in the key use request and the parameters required for key use to the local key management module of the second device.
- the key escrow logic processing module of the second device may also send the index of the key to the local key management module of the second device.
- the local key management module of the second device can accurately determine which stored key needs to be used to process the data to be processed.
- the local key management module of the second device performs the key use step, and processes the data to be processed by using the stored key and the parameters required for key use to obtain a key use result.
- the key usage steps can be encryption, decryption, signature, signature verification, and so on.
- the local key management module of the second device can encrypt the voiceprint to be encrypted by using the key managed by the first device and related algorithm parameters.
- the key use result may include data obtained after the key use step is performed on the data to be processed, and may also include result information such as whether the key use step is normally performed.
- the local key management module of the second device sends the key use result to the key escrow logic processing module of the second device.
- the key escrow logic processing module of the second device sends the key use result to the device connection module.
- the device connection module of the second device sends the key usage result to the device connection module of the first device.
- the device connection module of the first device sends the key usage result to the key escrow logic processing module of the first device.
- the key escrow logic processing module of the first device feeds back the key use result to the service model.
- the second device feeds back the key use result to the first device, so that the service module sending the key use request can obtain the key use result and complete the key use process.
- the first device stores the key on the second device that has been connected and authenticated, and uses the secure hardware environment of the second device to store the key.
- the first device sends the parameters required for the use of the key and the data to be processed to the second device, and uses the key with the help of the computing power of the second device, or uses the computing power of the second device to perform processing on the data to be processed using the key. deal with.
- the key is hosted on the second device with a secure hardware environment, which can ensure the security of key storage; moreover, the key that can be used by the first device can break through the limitation of the computing power of the first device itself, so that the first device can use the key.
- the embodiments of the present application provide a computer storage medium, including computer instructions, when the computer instructions are run on a terminal, the terminal executes the processing method of the application program in any of the above possible embodiments.
- the embodiment of the present application provides a computer program product, when the computer program product runs on a terminal, the terminal executes the processing method of the application program in any of the above possible embodiments.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Telephone Function (AREA)
Abstract
一种密钥使用方法及相关产品,涉及终端技术领域。该方法包括第一设备向第二设备发送密钥使用请求,第二设备包括安全硬件环境;第一设备接收第二设备发送的密钥使用结果,密钥使用结果是第二设备根据安全硬件环境中的密钥对密钥使用请求中的待处理数据进行处理得到的。这样既能够避免密钥存储在不具备安全硬件环境中的第一设备中被破解,也能够使得密钥的复杂程度不受第一设备的计算能力的限制,使得第一设备能够实现支持更多类型、更复杂的密钥。
Description
本申请要求于2020年08月29日提交中国国家知识产权局、申请号为202010890848.1、发明名称为“密钥使用方法及相关产品”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本申请涉及终端技术领域,尤其涉及一种密钥使用方法及相关产品。
随着电子技术以及计算机技术的不断发展,手机、平板电脑、智能可穿戴设备等终端已得到普及。终端的数据加密、数据完整性保护、身份认证等操作通过密钥来保证安全性和可靠性。密钥的完整生命周期包括密钥的生成、存储、使用、传输、销毁。每个阶段都存在泄漏风险。
发明内容
本申请提供了一种密钥使用方法及相关产品。
第一方面,本申请实施方式提供一种密钥使用方法,包括:
第一设备向第二设备发送密钥使用请求,所述第二设备包括安全硬件环境;
所述第一设备接收第二设备发送的密钥使用结果,所述密钥使用结果是所述第二设备根据所述安全硬件环境中的密钥,对所述密钥使用请求中的待处理数据进行处理得到的。
这样,在密钥使用过程中,不需要将密钥保存在不具备安全硬件环境的第一设备,也不需要由第一设备利用密钥对待处理数据进行处理。这样既能够避免密钥存储在不具备安全硬件环境中的第一设备中被破解,也能够使得密钥的复杂程度不受第一设备的计算能力的限制,使得第一设备能够实现支持更多类型、更复杂的密钥。
本申请中,第一设备可为不具备安全硬件环境的设备。第一设备又可称作瘦设备,第二设备可称作富设备。
在某些实施方式中,所述第一设备向第二设备发送密钥使用请求之前,所述方法还包括:
所述第一设备获取设备列表中的一个或多个第二设备与所述第一设备的连接状态;
所述第一设备根据所述一个或多个第二设备与所述第一设备的连接状态,从所述一个或多个第二设备中,选择出用于处理所述密钥使用请求的第二设备;
所述第一设备向第二设备发送密钥使用请求包括:
所述第一设备向所述用于处理所述密钥使用请求的第二设备发送所述密钥使用请求。
这样,第一设备可以从多个第二设备中,选择出连接状态最优的第二设备,从而能够更快速、更高效的利用第二设备中的密钥处理待处理数据。
在某些实施方式中,所述第一设备向第二设备发送密钥使用请求之前,所述方法还包括:
第一设备向第二设备发送密钥托管请求,所述密钥托管请求包括所述密钥,所述密钥托管请求用于请求所述第二设备保存所述密钥。
在某些实施方式中,所述密钥托管请求还包括所述密钥的索引,所述密钥托管还用于请 求所述第二设备保存所述密钥的索引;所述密钥使用请求包括所述密钥的索引和所述待处理数据。
这样,第一设备能够在生成密钥之后,将密钥托管至第二设备。第二设备将密钥存储至安全硬件环境中,从而能够保证密钥的存储安全。
第二方面,本申请实施方式提供另一种密钥使用方法,包括:
第二设备接收第一设备发送的密钥使用请求,所述第二设备包括安全硬件环境;
所述第二设备利用安全硬件环境中的密钥对所述密钥使用请求中的待处理数据进行处理,得到密钥使用结果;
所述第二设备向所述第一设备发送所述密钥使用结果。
这样,在密钥使用过程中,不需要将密钥保存在不具备安全硬件环境的第一设备,也不需要由第一设备利用密钥对待处理数据进行处理。这样既能够避免密钥存储在不具备安全硬件环境中的第一设备中被破解,也能够使得密钥的复杂程度不受第一设备的计算能力的限制,使得第一设备能够实现支持更多类型、更复杂的密钥。
在某些实施方式中,所述第二设备接收第一设备发送的密钥使用请求之前,所述方法还包括:
所述第二设备接收所述第一设备的密钥托管请求,所述密钥托管请求包括所述密钥;
所述第二设备将所述密钥存储至所述安全硬件环境。
这样,第一设备能够在生成密钥之后,将密钥托管至第二设备。第二设备将密钥存储至安全硬件环境中,从而能够保证密钥的存储安全。
在某些实施方式中,所述密钥托管请求还包括所述密钥的索引;所述方法还包括:所述第二设备将所述密钥的索引存储至所述安全硬件环境;
所述密钥使用请求包括所述密钥的索引和所述待处理数据。
这样第二设备能够根据密钥使用请求中的密钥的索引,找到所需使用的密钥,从而有助于提升准确、高效地响应第一设备的密钥使用请求。
第三方面,本申请提供了一种电子设备,包括存储器、一个或多个处理器,以及多个应用程序。存储其中存储一个或多个程序,一个或多个处理器运行所述一个或多个程序时,使得终端执行上述第一方面任一项可能的实施方式中的应用程序的处理方法。
第四方面,本申请实施例提供了一种计算机存储介质,包括计算机指令,当计算机指令在终端上运行时,使得终端执行上述第一方面任一项可能的实施方式中的应用程序的处理方法。
第五方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在终端上运行时,使得终端执行上述第一方面任一项可能的实施方式中的应用程序的处理方法。
图1为本申请实施例的网络架构示意图;
图2为本申请实施例提供的终端的结构示意图;
图3为本申请实施例提供的终端的软件结构框图;
图4A为本申请实施例的密钥使用方法的流程示意图;
图4B为本申请实施例的另一密钥使用方法的流程示意图;
图5为本申请实施例的密钥存储方法的流程示意图;
图6为本申请实施例的第一设备和第二设备的模块示意图;
图7为本申请实施例的密钥存储方法的另一流程示意图;
图8为本申请实施例的密钥使用方法的另一流程示意图。
下面将结合附图对本申请实施例中的技术方案进行清除、详尽地描述。其中,在本申请实施例的描述中,除非另有说明,“/”表示或的意思,例如,A/B可以表示A或B;文本中的“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况,另外,在本申请实施例的描述中,“多个”是指两个或多于两个。
以下,术语“第一”、“第二”仅用于描述目的,而不能理解为暗示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征,在本申请实施例的描述中,除非另有说明,“多个”的含义是两个或两个以上。
请参阅图1,图1为本申请实施例提供的一种网络架构图。如图1所示,该网络架构100包括第一设备10、和第二设备20。一个第一设备10可与一个或多个第二设备20通信。第一设备10与第二设备20之间的通信方式可以为无线通信也可以为有线通信。第一设备10和第二设备20均为电子设备。
第一设备10例如可以是终端。第二设备20例如可以是服务器也可以是终端。第一设备10不包括安全硬件环境,第二设备20包括安全硬件环境。
终端可以包括但不限于个人电脑、智能手机、智能穿戴设备、平板电脑、个人数字助理、蓝牙音箱、蓝牙耳机、智能家电等等。
图2示出了终端的结构示意图。该终端可以是第一设备,也可以是第二设备。
下面以终端为例对实施例进行具体说明。应该理解的是,图2所示终端仅是一个范例,并且终端可以具有比图2中所示的更多的或者更少的部件,可以组合两个或多个的部件,或者可以具有不同的部件配置。图中所示出的各种部件可以在包括一个或多个信号处理和/或专用集成电路在内的硬件、软件、或硬件和软件的组合中实现。
终端可以包括:处理器110,外部存储器接口120,内部存储器121,通用串行总线(universal serial bus,USB)接口130,充电管理模块140,电源管理模块141,电池142,天线1,天线2,移动通信模块150,无线通信模块160,音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,传感器模块180,按键190,马达191,指示器192,摄像头193,显示屏194,以及用户标识模块(subscriber identification module,SIM)卡接口195等。其中传感器模块180可以包括压力传感器180A,陀螺仪传感器180B,气压传感器180C,磁传感器180D,加速度传感器180E,距离传感器180F,接近光传感器180G,指纹传感器180H,温度传感器180J,触摸传感器180K,环境光传感器180L,骨传导传感器180M等。
可以理解的是,本发明实施例示意的结构并不构成对终端的具体限定。在本申请另一些实施例中,终端可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。
处理器110可以包括一个或多个处理单元,例如:处理器110可以包括应用处理器(application processor,AP),调制解调处理器,图形处理器(graphics processing unit,GPU), 图像信号处理器(image signal processor,ISP),控制器,存储器,视频编解码器,数字信号处理器(digital signal processor,DSP),基带处理器,和/或神经网络处理器(neural-network processing unit,NPU)等。其中,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。
其中,控制器可以是终端的神经中枢和指挥中心。控制器可以根据指令操作码和时序信号,产生操作控制信号,完成取指令和执行指令的控制。
处理器110中还可以设置存储器,用于存储指令和数据。在一些实施例中,处理器110中的存储器为高速缓冲存储器。该存储器可以保存处理器110刚用过或循环使用的指令或数据。如果处理器110需要再次使用该指令或数据,可从所述存储器中直接调用。避免了重复存取,减少了处理器110的等待时间,因而提高了系统的效率。
在一些实施例中,处理器110可以包括一个或多个接口。接口可以包括集成电路(inter-integrated circuit,I2C)接口,集成电路内置音频(inter-integrated circuit sound,I2S)接口,脉冲编码调制(pulse code modulation,PCM)接口,通用异步收发传输器(universal asynchronous receiver/transmitter,UART)接口,移动产业处理器接口(mobile industry processor interface,MIPI),通用输入输出(general-purpose input/output,GPIO)接口,用户标识模块(subscriber identity module,SIM)接口,和/或通用串行总线(universal serial bus,USB)接口等。
I2C接口是一种双向同步串行总线,包括一根串行数据线(serial data line,SDA)和一根串行时钟线(derail clock line,SCL)。在一些实施例中,处理器110可以包含多组I2C总线。处理器110可以通过不同的I2C总线接口分别耦合触摸传感器180K,充电器,闪光灯,摄像头193等。例如:处理器110可以通过I2C接口耦合触摸传感器180K,使处理器110与触摸传感器180K通过I2C总线接口通信,实现终端的触摸功能。
I2S接口可以用于音频通信。在一些实施例中,处理器110可以包含多组I2S总线。处理器110可以通过I2S总线与音频模块170耦合,实现处理器110与音频模块170之间的通信。在一些实施例中,音频模块170可以通过I2S接口向无线通信模块160传递音频信号,实现通过蓝牙耳机接听电话的功能。
PCM接口也可以用于音频通信,将模拟信号抽样,量化和编码。在一些实施例中,音频模块170与无线通信模块160可以通过PCM总线接口耦合。在一些实施例中,音频模块170也可以通过PCM接口向无线通信模块160传递音频信号,实现通过蓝牙耳机接听电话的功能。所述I2S接口和所述PCM接口都可以用于音频通信。
UART接口是一种通用串行数据总线,用于异步通信。该总线可以为双向通信总线。它将要传输的数据在串行通信与并行通信之间转换。在一些实施例中,UART接口通常被用于连接处理器110与无线通信模块160。例如:处理器110通过UART接口与无线通信模块160中的蓝牙模块通信,实现蓝牙功能。在一些实施例中,音频模块170可以通过UART接口向无线通信模块160传递音频信号,实现通过蓝牙耳机播放音乐的功能。
MIPI接口可以被用于连接处理器110与显示屏194,摄像头193等外围器件。MIPI接口包括摄像头串行接口(camera serial interface,CSI),显示屏串行接口(display serial interface,DSI)等。在一些实施例中,处理器110和摄像头193通过CSI接口通信,实现终端的拍摄功能。处理器110和显示屏194通过DSI接口通信,实现终端的显示功能。
GPIO接口可以通过软件配置。GPIO接口可以被配置为控制信号,也可被配置为数据信号。在一些实施例中,GPIO接口可以用于连接处理器110与摄像头193,显示屏194,无线通信模块160,音频模块170,传感器模块180等。GPIO接口还可以被配置为I2C接口,I2S 接口,UART接口,MIPI接口等。
USB接口130是符合USB标准规范的接口,具体可以是Mini USB接口,Micro USB接口,USB Type C接口等。USB接口130可以用于连接充电器为终端充电,也可以用于终端与外围设备之间传输数据。也可以用于连接耳机,通过耳机播放音频。该接口还可以用于连接其他电子设备,例如AR设备等。
可以理解的是,本发明实施例示意的各模块间的接口连接关系,只是示意性说明,并不构成对终端的结构限定。在本申请另一些实施例中,终端也可以采用上述实施例中不同的接口连接方式,或多种接口连接方式的组合。
充电管理模块140用于从充电器接收充电输入。其中,充电器可以是无线充电器,也可以是有线充电器。在一些有线充电的实施例中,充电管理模块140可以通过USB接口130接收有线充电器的充电输入。在一些无线充电的实施例中,充电管理模块140可以通过终端的无线充电线圈接收无线充电输入。充电管理模块140为电池142充电的同时,还可以通过电源管理模块141为电子设备供电。
电源管理模块141用于连接电池142,充电管理模块140与处理器110。电源管理模块141接收电池142和/或充电管理模块140的输入,为处理器110,内部存储器121,外部存储器,显示屏194,摄像头193,和无线通信模块160等供电。电源管理模块141还可以用于监测电池容量,电池循环次数,电池健康状态(漏电,阻抗)等参数。在其他一些实施例中,电源管理模块141也可以设置于处理器110中。在另一些实施例中,电源管理模块141和充电管理模块140也可以设置于同一个器件中。
终端的无线通信功能可以通过天线1,天线2,移动通信模块150,无线通信模块160,调制解调处理器以及基带处理器等实现。
天线1和天线2用于发射和接收电磁波信号。终端中的每个天线可用于覆盖单个或多个通信频带。不同的天线还可以复用,以提高天线的利用率。例如:可以将天线1复用为无线局域网的分集天线。在另外一些实施例中,天线可以和调谐开关结合使用。
移动通信模块150可以提供应用在终端上的包括2G/3G/4G/5G等无线通信的解决方案。移动通信模块150可以包括至少一个滤波器,开关,功率放大器,低噪声放大器(low noise amplifier,LNA)等。移动通信模块150可以由天线1接收电磁波,并对接收的电磁波进行滤波,放大等处理,传送至调制解调处理器进行解调。移动通信模块150还可以对经调制解调处理器调制后的信号放大,经天线1转为电磁波辐射出去。在一些实施例中,移动通信模块150的至少部分功能模块可以被设置于处理器110中。在一些实施例中,移动通信模块150的至少部分功能模块可以与处理器110的至少部分模块被设置在同一个器件中。
调制解调处理器可以包括调制器和解调器。其中,调制器用于将待发送的低频基带信号调制成中高频信号。解调器用于将接收的电磁波信号解调为低频基带信号。随后解调器将解调得到的低频基带信号传送至基带处理器处理。低频基带信号经基带处理器处理后,被传递给应用处理器。应用处理器通过音频设备(不限于扬声器170A,受话器170B等)输出声音信号,或通过显示屏194显示图像或视频。在一些实施例中,调制解调处理器可以是独立的器件。在另一些实施例中,调制解调处理器可以独立于处理器110,与移动通信模块150或其他功能模块设置在同一个器件中。
无线通信模块160可以提供应用在终端上的包括无线局域网(wireless local area networks,WLAN)(如无线保真(wireless fidelity,Wi-Fi)网络),蓝牙(bluetooth,BT),全球导航卫星系统(global navigation satellite system,GNSS),调频(frequency modulation,FM),近距离无线通信 技术(near field communication,NFC),红外技术(infrared,IR)等无线通信的解决方案。无线通信模块160可以是集成至少一个通信处理模块的一个或多个器件。无线通信模块160经由天线2接收电磁波,将电磁波信号调频以及滤波处理,将处理后的信号发送到处理器110。无线通信模块160还可以从处理器110接收待发送的信号,对其进行调频,放大,经天线2转为电磁波辐射出去。
在一些实施例中,终端的天线1和移动通信模块150耦合,天线2和无线通信模块160耦合,使得终端可以通过无线通信技术与网络以及其他设备通信。所述无线通信技术可以包括全球移动通讯系统(global system for mobile communications,GSM),通用分组无线服务(general packet radio service,GPRS),码分多址接入(code division multiple access,CDMA),宽带码分多址(wideband code division multiple access,WCDMA),时分码分多址(time-division code division multiple access,TD-SCDMA),长期演进(long term evolution,LTE),BT,GNSS,WLAN,NFC,FM,和/或IR技术等。所述GNSS可以包括全球卫星定位系统(global positioning system,GPS),全球导航卫星系统(global navigation satellite system,GLONASS),北斗卫星导航系统(beidou navigation satellite system,BDS),准天顶卫星系统(quasi-zenith satellite system,QZSS)和/或星基增强系统(satellite based augmentation systems,SBAS)。
终端通过GPU,显示屏194,以及应用处理器等实现显示功能。GPU为图像处理的微处理器,连接显示屏194和应用处理器。GPU用于执行数学和几何计算,用于图形渲染。处理器110可包括一个或多个GPU,其执行程序指令以生成或改变显示信息。
显示屏194用于显示图像,视频等。显示屏194包括显示面板。显示面板可以采用液晶显示屏(liquid crystal display,LCD),有机发光二极管(organic light-emitting diode,OLED),有源矩阵有机发光二极体或主动矩阵有机发光二极体(active-matrix organic light emitting diode的,AMOLED),柔性发光二极管(flex light-emitting diode,FLED),Miniled,MicroLed,Micro-oLed,量子点发光二极管(quantum dot light emitting diodes,QLED)等。在一些实施例中,终端可以包括1个或N个显示屏194,N为大于1的正整数。
终端可以通过ISP,摄像头193,视频编解码器,GPU,显示屏194以及应用处理器等实现拍摄功能。
ISP用于处理摄像头193反馈的数据。例如,拍照时,打开快门,光线通过镜头被传递到摄像头感光元件上,光信号转换为电信号,摄像头感光元件将所述电信号传递给ISP处理,转化为肉眼可见的图像。ISP还可以对图像的噪点,亮度,肤色进行算法优化。ISP还可以对拍摄场景的曝光,色温等参数优化。在一些实施例中,ISP可以设置在摄像头193中。
摄像头193用于捕获静态图像或视频。物体通过镜头生成光学图像投射到感光元件。感光元件可以是电荷耦合器件(charge coupled device,CCD)或互补金属氧化物半导体(complementary metal-oxide-semiconductor,CMOS)光电晶体管。感光元件把光信号转换成电信号,之后将电信号传递给ISP转换成数字图像信号。ISP将数字图像信号输出到DSP加工处理。DSP将数字图像信号转换成标准的RGB,YUV等格式的图像信号。在一些实施例中,终端可以包括1个或N个摄像头193,N为大于1的正整数。
数字信号处理器用于处理数字信号,除了可以处理数字图像信号,还可以处理其他数字信号。例如,当终端在频点选择时,数字信号处理器用于对频点能量进行傅里叶变换等。
视频编解码器用于对数字视频压缩或解压缩。终端可以支持一种或多种视频编解码器。这样,终端可以播放或录制多种编码格式的视频,例如:动态图像专家组(moving picture experts group,MPEG)1,MPEG2,MPEG3,MPEG4等。
NPU为神经网络(neural-network,NN)计算处理器,通过借鉴生物神经网络结构,例如借鉴人脑神经元之间传递模式,对输入信息快速处理,还可以不断的自学习。通过NPU可以实现终端的智能认知等应用,例如:图像识别,人脸识别,语音识别,文本理解等。
外部存储器接口120可以用于连接外部存储卡,例如Micro SD卡,实现扩展终端的存储能力。外部存储卡通过外部存储器接口120与处理器110通信,实现数据存储功能。例如将音乐,视频等文件保存在外部存储卡中。
内部存储器121可以用于存储计算机可执行程序代码,所述可执行程序代码包括指令。处理器110通过运行存储在内部存储器121的指令,从而执行终端的各种功能应用以及数据处理。内部存储器121可以包括存储程序区和存储数据区。其中,存储程序区可存储操作系统,至少一个功能所需的应用程序(比如声音播放功能,图像播放功能等)等。存储数据区可存储终端使用过程中所创建的数据(比如音频数据,电话本等)等。此外,内部存储器121可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件,闪存器件,通用闪存存储器(universal flash storage,UFS)等。
终端可以通过音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,以及应用处理器等实现音频功能。例如音乐播放,录音等。
音频模块170用于将数字音频信息转换成模拟音频信号输出,也用于将模拟音频输入转换为数字音频信号。音频模块170还可以用于对音频信号编码和解码。在一些实施例中,音频模块170可以设置于处理器110中,或将音频模块170的部分功能模块设置于处理器110中。
扬声器170A,也称“喇叭”,用于将音频电信号转换为声音信号。终端可以通过扬声器170A收听音乐,或收听免提通话。
受话器170B,也称“听筒”,用于将音频电信号转换成声音信号。当终端接听电话或语音信息时,可以通过将受话器170B靠近人耳接听语音。
麦克风170C,也称“话筒”,“传声器”,用于将声音信号转换为电信号。当拨打电话或发送语音信息时,用户可以通过人嘴靠近麦克风170C发声,将声音信号输入到麦克风170C。终端可以设置至少一个麦克风170C。在另一些实施例中,终端可以设置两个麦克风170C,除了采集声音信号,还可以实现降噪功能。在另一些实施例中,终端还可以设置三个,四个或更多麦克风170C,实现采集声音信号,降噪,还可以识别声音来源,实现定向录音功能等。
耳机接口170D用于连接有线耳机。耳机接口170D可以是USB接口130,也可以是3.5mm的开放移动电子设备平台(open mobile terminal platform,OMTP)标准接口,美国蜂窝电信工业协会(cellular telecommunications industry association of the USA,CTIA)标准接口。
压力传感器180A用于感受压力信号,可以将压力信号转换成电信号。在一些实施例中,压力传感器180A可以设置于显示屏194。压力传感器180A的种类很多,如电阻式压力传感器,电感式压力传感器,电容式压力传感器等。电容式压力传感器可以是包括至少两个具有导电材料的平行板。当有力作用于压力传感器180A,电极之间的电容改变。终端根据电容的变化确定压力的强度。当有触摸操作作用于显示屏194,终端根据压力传感器180A检测所述触摸操作强度。终端也可以根据压力传感器180A的检测信号计算触摸的位置。在一些实施例中,作用于相同触摸位置,但不同触摸操作强度的触摸操作,可以对应不同的操作指令。例如:当有触摸操作强度小于第一压力阈值的触摸操作作用于短消息应用图标时,执行查看短消息的指令。当有触摸操作强度大于或等于第一压力阈值的触摸操作作用于短消息应用图标时,执行新建短消息的指令。
陀螺仪传感器180B可以用于确定终端的运动姿态。在一些实施例中,可以通过陀螺仪传感器180B确定终端围绕三个轴(即,x,y和z轴)的角速度。陀螺仪传感器180B可以用于拍摄防抖。示例性的,当按下快门,陀螺仪传感器180B检测终端抖动的角度,根据角度计算出镜头模组需要补偿的距离,让镜头通过反向运动抵消终端的抖动,实现防抖。陀螺仪传感器180B还可以用于导航,体感游戏场景。
气压传感器180C用于测量气压。在一些实施例中,终端通过气压传感器180C测得的气压值计算海拔高度,辅助定位和导航。
磁传感器180D包括霍尔传感器。终端可以利用磁传感器180D检测翻盖皮套的开合。在一些实施例中,当终端是翻盖机时,终端可以根据磁传感器180D检测翻盖的开合。进而根据检测到的皮套的开合状态或翻盖的开合状态,设置翻盖自动解锁等特性。
加速度传感器180E可检测终端在各个方向上(一般为三轴)加速度的大小。当终端静止时可检测出重力的大小及方向。还可以用于识别电子设备姿态,应用于横竖屏切换,计步器等应用。
距离传感器180F,用于测量距离。终端可以通过红外或激光测量距离。在一些实施例中,拍摄场景,终端可以利用距离传感器180F测距以实现快速对焦。
接近光传感器180G可以包括例如发光二极管(LED)和光检测器,例如光电二极管。发光二极管可以是红外发光二极管。终端通过发光二极管向外发射红外光。终端使用光电二极管检测来自附近物体的红外反射光。当检测到充分的反射光时,可以确定终端附近有物体。当检测到不充分的反射光时,终端可以确定终端附近没有物体。终端可以利用接近光传感器180G检测用户手持终端贴近耳朵通话,以便自动熄灭屏幕达到省电的目的。接近光传感器180G也可用于皮套模式,口袋模式自动解锁与锁屏。
环境光传感器180L用于感知环境光亮度。终端可以根据感知的环境光亮度自适应调节显示屏194亮度。环境光传感器180L也可用于拍照时自动调节白平衡。环境光传感器180L还可以与接近光传感器180G配合,检测终端是否在口袋里,以防误触。
指纹传感器180H用于采集指纹。终端可以利用采集的指纹特性实现指纹解锁,访问应用锁,指纹拍照,指纹接听来电等。
温度传感器180J用于检测温度。在一些实施例中,终端利用温度传感器180J检测的温度,执行温度处理策略。例如,当温度传感器180J上报的温度超过阈值,终端执行降低位于温度传感器180J附近的处理器的性能,以便降低功耗实施热保护。在另一些实施例中,当温度低于另一阈值时,终端对电池142加热,以避免低温导致终端异常关机。在其他一些实施例中,当温度低于又一阈值时,终端对电池142的输出电压执行升压,以避免低温导致的异常关机。
触摸传感器180K,也称“触控面板”。触摸传感器180K可以设置于显示屏194,由触摸传感器180K与显示屏194组成触摸屏,也称“触控屏”。触摸传感器180K用于检测作用于其上或附近的触摸操作。触摸传感器可以将检测到的触摸操作传递给应用处理器,以确定触摸事件类型。可以通过显示屏194提供与触摸操作相关的视觉输出。在另一些实施例中,触摸传感器180K也可以设置于终端的表面,与显示屏194所处的位置不同。
骨传导传感器180M可以获取振动信号。在一些实施例中,骨传导传感器180M可以获取人体声部振动骨块的振动信号。骨传导传感器180M也可以接触人体脉搏,接收血压跳动信号。在一些实施例中,骨传导传感器180M也可以设置于耳机中,结合成骨传导耳机。音频模块170可以基于所述骨传导传感器180M获取的声部振动骨块的振动信号,解析出语音 信号,实现语音功能。应用处理器可以基于所述骨传导传感器180M获取的血压跳动信号解析心率信息,实现心率检测功能。
按键190包括开机键,音量键等。按键190可以是机械按键。也可以是触摸式按键。终端可以接收按键输入,产生与终端的用户设置以及功能控制有关的键信号输入。
马达191可以产生振动提示。马达191可以用于来电振动提示,也可以用于触摸振动反馈。例如,作用于不同应用(例如拍照,音频播放等)的触摸操作,可以对应不同的振动反馈效果。作用于显示屏194不同区域的触摸操作,马达191也可对应不同的振动反馈效果。不同的应用场景(例如:时间提醒,接收信息,闹钟,游戏等)也可以对应不同的振动反馈效果。触摸振动反馈效果还可以支持自定义。
指示器192可以是指示灯,可以用于指示充电状态,电量变化,也可以用于指示消息,未接来电,通知等。
SIM卡接口195用于连接SIM卡。SIM卡可以通过插入SIM卡接口195,或从SIM卡接口195拔出,实现和终端的接触和分离。终端可以支持1个或N个SIM卡接口,N为大于1的正整数。SIM卡接口195可以支持Nano SIM卡,Micro SIM卡,SIM卡等。同一个SIM卡接口195可以同时插入多张卡。所述多张卡的类型可以相同,也可以不同。SIM卡接口195也可以兼容不同类型的SIM卡。SIM卡接口195也可以兼容外部存储卡。终端通过SIM卡和网络交互,实现通话以及数据通信等功能。在一些实施例中,终端采用eSIM,即:嵌入式SIM卡。eSIM卡可以嵌在终端中,不能和终端分离。
终端的软件系统可以采用分层架构,事件驱动架构,微核架构,微服务架构,或云架构。本发明实施例以分层架构的Android系统为例,示例性说明终端的软件结构。
图3是本发明实施例的终端的软件结构框图。
分层架构将软件分成若干个层,每一层都有清晰的角色和分工。层与层之间通过软件接口通信。在一些实施例中,将Android系统分为四层,从上至下分别为应用程序层,应用程序框架层,安卓运行时(Android runtime)和系统库,以及内核层。
应用程序层可以包括一系列应用程序包。
应用程序框架层为应用程序层的应用程序提供应用编程接口(application programming interface,API)和编程框架。应用程序框架层包括一些预先定义的函数。
如图3所示,应用程序框架层可以包括窗口管理器,内容提供器,视图系统,电话管理器,资源管理器,通知管理器等。
窗口管理器用于管理窗口程序。窗口管理器可以获取显示屏大小,判断是否有状态栏,锁定屏幕,截取屏幕等。
内容提供器用来存放和获取数据,并使这些数据可以被应用程序访问。所述数据可以包括视频,图像,音频,拨打和接听的电话,浏览历史和书签,电话簿等。
视图系统包括可视控件,例如显示文字的控件,显示图片的控件等。视图系统可用于构建应用程序。显示界面可以由一个或多个视图组成的。例如,包括短信通知图标的显示界面,可以包括显示文字的视图以及显示图片的视图。
电话管理器用于提供终端的通信功能。例如通话状态的管理(包括接通,挂断等)。
资源管理器为应用程序提供各种资源,比如本地化字符串,图标,图片,布局文件,视频文件等等。
通知管理器使应用程序可以在状态栏中显示通知信息,可以用于传达告知类型的消息, 可以短暂停留后自动消失,无需用户交互。比如通知管理器被用于告知下载完成,消息提醒等。通知管理器还可以是以图表或者滚动条文本形式出现在系统顶部状态栏的通知,例如后台运行的应用程序的通知,还可以是以对话窗口形式出现在屏幕上的通知。例如在状态栏提示文本信息,发出提示音,电子设备振动,指示灯闪烁等。
Android Runtime包括核心库和虚拟机。Android runtime负责安卓系统的调度和管理。
核心库包含两部分:一部分是java语言需要调用的功能函数,另一部分是安卓的核心库。
应用程序层和应用程序框架层运行在安卓虚拟机中(DALVIK)。安卓虚拟机将应用程序层和应用程序框架层的java文件执行为二进制文件。安卓虚拟机用于执行对象生命周期的管理,堆栈管理,线程管理,安全和异常的管理,以及垃圾回收等功能。
系统库可以包括多个功能模块。例如:表面管理器(surface manager),媒体库(Media Libraries),三维图形处理库(例如:OpenGL ES),2D图形引擎(例如:SGL)等。
表面管理器用于对显示子系统进行管理,并且为多个应用程序提供了2D和3D图层的融合。
媒体库支持多种常用的音频,视频格式回放和录制,以及静态图像文件等。媒体库可以支持多种音视频编码格式,例如:MPEG4,H.264,MP3,AAC,AMR,JPG,PNG等。
三维图形处理库用于实现三维图形绘图,图像渲染,合成,和图层处理等。
2D图形引擎是2D绘图的绘图引擎。
内核层是硬件和软件之间的层。内核层至少包含显示驱动,摄像头驱动,音频驱动,传感器驱动。
在现有技术中,密钥管理方案包括密钥本地管理方案和依赖云端交互的密钥管理方案。
本地管理方案中,采用根密钥至工作密钥的多层级密钥管理方案。根密钥由密钥组件组合而成。密钥存储时,根密钥的保护依赖对密钥组件进行硬编码。密钥组件分散存储在本地存储器中。使用密钥时,先通过密钥组件恢复密钥,再使用密钥对需要加密的数据进行加密。然而这样的方案,密钥组件硬编码不能防止反编译。非法用户对密码进行反编译之后,可以获取到密钥组件及其组装方式,从而可以破解密钥。
在依赖云端交互的密钥管理方案中,终端可以将密钥存储在云端的服务器中。这样可以保证密钥在存储期间的安全,但是终端设备计算能力有限,在使用密钥时,终端需要利用密钥进行加密、解密等操作,而终端的计算能力是有限的,导致支持的密钥类型有限。
本申请实施例提供一种密钥保护方案,该方案基于图1所示的网络架构,第一设备与一个或多个第二设备关联。第一设备可理解为瘦设备,第二设备可理解为富设备。富设备为具有安全硬件环境的设备,瘦设备为不具有安全硬件环境的设备。
第一设备在密钥存储的过程中,将密钥存储在多个第二设备。在第一设备需要使用密钥时,例如在第一设备需要利用密钥对待加密的数据进行加密时,可将待加密的数据发送至第二设备,第二设备利用存储的密钥对该待加密的数据进行加密之后,向第一设备发送加密后的数据。这样第一设备可以从第二设备获得加密后的数据。即使在第一设备没有安全硬件环境的情况下,由于密钥并没有存储在第一设备上,所以可以避免非法入侵的用户窃取密钥并对密钥进行反编译。而且,加密过程在第二设备上实现,这样密钥的复杂度不受第一设备的计算能力的限制,从而可以支持更多的、更复杂的密钥类型。
本申请中,第一设备可以理解为瘦设备,第二设备可以理解为富设备。
第一设备例如可以为不具备安全硬件环境的终端设备。具体来说,第一设备例如可以是 但不限于智能音箱,智能家电、不具备安全硬件环境的手机、媒体播放器等等。
第二设备例如可以是但不限于,服务器、具备安全硬件环境的手机、个人电脑、平板电脑等等。
在一种可能的实现方式中,安全硬件环境为可信执行环境(trusted execution environment,TEE)。例如,第二设备包括可信执行环境(trusted execution environment,TEE)和富执行环境(rich execution environment,REE)。TEE提供了可信应用(trusted application,TA)的安全行环境,同时也保护TA的资源和数据的保密性、完整性和访问权限。富执行环境REE中运行有终端的操作系统,例如安卓系统。
在另一种可能的实现方式中,安全硬件环境为软件防护扩展(software guard xtensions,SGX)。SGX是Intel芯片上的安全硬件环境。
在又一种可能的实现方式中,安全硬件环境为安全领域处理器(Secure Enclave Processor,SEP)。第二设备上可包括运行ios系统的硬件环境,以及SEP。
下面结合密钥使用方法详细阐述本申请的技术方案。
如图4A所示的密钥使用方法的流程示意图,本申请实施例的密钥使用方法包括以下步骤:
401、第一设备向第二设备发送密钥使用请求,所述第二设备包括安全硬件环境;
第一设备为用户侧的终端设备,第二设备可以为终端设备,也可以为服务器或者云端设备。第一设备与第二设备之间可通过有线或无线的通信方式通信。
具体地,第一设备根据业务模块的密钥使用请求,向第二设备发送密钥使用请求。
密钥使用请求包括待处理数据。该待处理数据可以理解为密钥使用的对象。可选的,密钥使用请求还可以包括第一设备的标识、密钥的索引、密钥使用时所需的参数、业务模块的标识、密钥使用操作中的至少一种。
密钥使用操作例如可以是但不限于请求对待处理数据进行加密或解密,请求生成证书或验证证书等密钥使用步骤。
业务模块用于实现第一设备的功能业务。例如,智能音箱能够实现声纹加密的业务功能,但是智能音箱不具备安全硬件环境,智能音箱利用密钥对声纹进行加密并保存密钥可能会导致密钥被窃取。那么采用本申请的技术方案,在智能音箱需要利用密钥对声纹进行加密并保存密钥时,可在生成密钥之后,向第二设备发送密钥使用请求,该密钥使用请求包括待处理数据,该待处理数据可包括待加密的声纹。第二设备包括安全硬件环境,那么可利用第二设备存储的密钥对声纹进行加密。该第二设备存储的密钥可以是第一设备发送给第二设备的。
402、第二设备根据密钥使用请求,利用存储在安全硬件环境中的密钥,处理该密钥使用请求,得到密钥使用结果。
具体地,第二设备利用存储在安全环境中的密钥对待处理数据进行处理,得到密钥使用结果。
例如,若密钥使用请求是对声纹进行加密,则第二设备可利用存储在安全环境中的密钥,对声纹进行加密,得到密钥使用结果,该密钥使用结果包括加密后的声纹。当然,密钥使用结果也可以包括密钥使用结果为成功或失败,密钥使用结果也还可以包括其他信息。
可选的,密钥使用请求中可包括第一设备的验证信息,第二设备可根据第一设备的验证信息验证第一设备的发送的密钥使用请求合法之后,再对待加密数据进行处理,得到密钥使用结果。
403、第二设备向第一设备发送密钥使用结果。
该密钥使用结果,可包括对待处理数据执行密钥使用步骤之后得到的数据,还可以包括密钥使用步骤是否正常执行等结果信息。
这样第二设备可以将密钥使用结果发送给第一设备。例如,第二设备对声纹加密之后,将得到的包括加密后的声纹发送给第一设备。
第一设备则可以获取到加密后的声纹。
可以看出,在本申请的技术方案中,不具备安全硬件环境的第一设备,可以将密钥托管至具备安全硬件环境的第二设备。在第一设备需要使用密钥时,可以向第二设备发送密钥使用请求,密钥使用请求中包括待处理数据,该待处理数据可理解为密钥使用对象。第二设备利用存储在安全环境中的密钥对待处理数据进行处理之后,得到密钥使用结果,并向第一设备发送密钥使用结果。这样,在密钥使用过程中,不需要将密钥保存在不具备安全硬件环境的第一设备,也不需要由第一设备利用密钥对待处理数据进行处理。这样既能够避免密钥存储在不具备安全硬件环境中的第一设备中被破解,也能够使得密钥的复杂程度不受第一设备的计算能力的限制,使得第一设备能够实现支持更多类型、更复杂的密钥。
可选的,如图4B所示的流程示意图,在步骤401之前,密钥使用方法还可以包括步骤:
404、第一设备检查设备列表中的一个或多个第二设备的连接状态,从设备列表的一个或多个设备中选择出一个用于处理密钥使用请求的第二设备;在步骤401中,第一设备可向该选择出的用于处理密钥使用请求的第二设备发送密钥使用请求。
第一设备存储有设备列表和关联关系,设备列表包括与第一设备具有连接关系且存储有第一设备的密钥的第二设备的标识,关联关系包括设备列表中的各个第二设备与第一设备的连接方式。
例如设备列表中,可包括与第一设备具有关联关系且存储有第一设备的密钥的第二设备1的标识、第二设备2的标识、第二设备3的标识、第二设备4的标识。关联关系包括:第一设备与第二设备1的关联关系为蓝牙链接,第一设备与第二设备2的关联关系为蓝牙链接,第一设备与第二设备3的关联关系为WiFi连接,第一设备与第二设备4的关联关系为有线连接。
第一设备获取设备列表中的一个或多个第二设备的连接状态时,先确定设备列表中的各个第二设备是否能够按照存储的关联关系中的连接方式与第一设备正常连接。第一设备再从能够正常连接的第二设备中,选出连接状态最优的第二设备。连接状态最优的第二设备例如可以是最先响应连接的第二设备,也可以是与第一设备的连接方式的安全等级最高的第二设备。
若按照上述的选择方式,第一设备选择出第二设备k,则第一设备向第二设备k发送密钥使用请求。
这样,第一设备可以从多个第二设备中,选择出连接状态最优的第二设备,从而能够更快速、更高效的利用第二设备中的密钥处理待处理数据。
应理解,上述步骤401-404是使用密钥的过程中的步骤。在使用密钥之前,第一设备可将密钥托管至第二设备。也即,在使用密钥之前,第一设备可将密钥发送给第二设备,由第二设备在安全硬件环境中的存储密钥。
具体地,在使用密钥之前,本申请实施例的密钥使用方法还可以包括托管密钥的步骤,该托管密钥的步骤也可以理解为存储密钥的步骤,如图5所示的流程示意图,托管密钥的步骤可包括:
501、第一设备生成密钥;
具体地,第一设备根据业务模块的业务请求,生成密钥。具体地,第一设备按照业务输入的密钥参数生成密钥。密钥参数例如可以为业务模块提供的明文,第一设备对该明文进行加密得到密钥。
502、第一设备向第二设备发送密钥托管请求,该密钥托管请求包括密钥;
第一设备生成密钥之后,通过向第二设备发送密钥托管请求,将密钥托管至第二设备。
具体地,该密钥托管请求中,还可以包括密钥的索引,或者是托管密钥的索引。这样后续业务模块有使用该密钥的需求时,第一设备和第二设备能够根据该密钥的索引,确定业务模块所需使用的密钥时哪一个密钥。
可选的,该密钥托管请求还可以包括第一设备的标识。这样第二设备能够根据密钥托管请求识别出是哪个第一设备发送的密钥。
可选的,该密钥托管请求还可以包括业务模块对应的业务标识。这样,第二设备能够根据密钥托管请求中的业务标识,识别出是哪个业务模块对应的密钥。
503、第二设备存储接收到的密钥;
具体地,第二设备在安全硬件环境中存储该密钥。
可选的,第二设备包括设备列表和关联关系。第二设备的设备列表中包括多个第一设备的标识,该第二设备的设备列表中的第一设备的标识,为与该第二设备具有通信连接关系,且托管该第二设备存储密钥的第一设备的标识。第二设备存储的关联关系中包括设备列表中的各个第一设备与该第二设备的连接方式。
例如,第二设备的设备列表中包括第一设备1的标识、第一设备2的标识、第一设备3的标识和第一设备4的标识。第二设备还存储有第一设备1与该第二设备的关联关系为relation_1,第一设备2与该第二设备的关联关系为relation_2,第一设备3与该第二设备的关联关系为relation_3,第一设备4与该第二设备的关联关系为relation_4。
若发送该密钥的第一设备为第一设备5,该第一设备5与第二设备的连接方式为WiFi连接,则第二设备在设备列表中新增第一设备5的标识,并存储该第一设备5与该第二设备的关联关系为WiFi连接。
这样,第一设备能够在生成密钥之后,将密钥托管至第二设备。第二设备将密钥存储至安全硬件环境中,从而能够保证密钥的存储安全。
密钥托管阶段的第一设备与第二设备的关联关系,和密钥使用时的第一设备和第二设备的关联关系是相同的。在密钥使用阶段,在密钥使用阶段,第二设备能够根据第二设备存储设备列表中的关联关系,确定与第一设备的通信方式。
可选的,托管密钥的步骤还可包括:
504、第二设备向第一设备发送托管完成通知消息。
这样,第二设备在存储密钥之后,通过发送托管完成通知消息通知第一设备,已成功保存密钥。第一设备根据该托管完成通知消息,确认已完成密钥的托管。
具体地,如图6所示,本申请的技术方案中,第一设备和第二设备均包括密钥托管逻辑处理模块、本地密钥管理模块、设备连接模块和设备关联关系存储模块。
密钥托管逻辑处理模块,用于与上层业务和下层功能模块对接,具体用于密钥托管和使用时流程的逻辑处理。
本地密钥管理模块,用于处理密钥生成,密钥存储,密钥使用、密钥销毁等与密钥生命 周期管理有关的过程。
设备连接模块,包括设备连接状态感知子模块和连接方式处理模块。设备连接状态感知子模块用于感知本机设备和被托管设备列表中的富设备的链接状态。连接方式处理模块用于管理第一设备和第二设备连接之间的连接。
设备关联关系存储模块,用于存储设备列表和设备列表中的各个设备与自身的关联关系。
为了更好的描述本申请的技术方案,下面基于图6所示的第一设备和第二设备的模块结构,结合密钥的存储方法和密钥的使用方法详细阐述本申请的技术方案。
如图7所示的密钥存储方法的流程示意图,本申请实施例的密钥存储方法包括以下步骤:
701、第一设备UDID_S的密钥托管逻辑处理模块接收业务模块发送的密钥托管请求;
第一设备的业务模块在需要生成并存储密钥时,向第一设备的密钥托管逻辑处理模块发送密钥托管请求。该托管请求中,可包括用于生成密钥的密钥参数。例如可以为明文,以使得本地密钥管理模块能够根据该明文生成密钥。
可选的,业务模块可以指定密钥索引keyAlias、设备列表和关联关系。该关联关系可理解为第一设备和第二设备的通信连接方式。
例如,业务模块可以指定设备列表包括第二设备1(UDID_1)、第二设备2(UDID_2)、第二设备3(UDID_3)和第二设备4(UDID_4),并指示第二设备1-第二设备4分别与该第一设备的连接关系。
具体地,业务模块可指定被托管密钥的索引keyAlias,并输入指定托管设备列表和相应关联关系{(UDID_1,relation_1),(UDID_2,relation_2)……}。
702、第一设备的密钥托管逻辑处理模块向本地密钥管理模块发送密钥生成请求;
第一设备的密钥托管逻辑处理模块接收到业务模块的密钥托管请求之后,第一设备的密钥托管逻辑处理模块向本地密钥管理模块发送密钥生成请求,该密钥生成请求包括用于生成密钥的密钥参数keyParams。
703、第一设备的本地密钥管理模块根据密钥生成请求生成密钥;
第一设备的本地密钥管理模块根据密钥生成请求中的密钥参数keyParams,以及密钥生成算法生成密钥。
704、第一设备的本地密钥管理模块向第一设备的密钥托管逻辑处理模块发送生成的密钥;
705、第一设备的密钥托管逻辑处理模块向第一设备的设备连接模块发送密钥托管请求以及,请求将本地密钥管理模块生成的密钥保存至第二设备;
第一设备的密钥托管逻辑处理模块获取到本地密钥管理模块生成的密钥之后,向第一设备的设备连接模块发起密钥托管请求,以发起密钥托管的过程。
706、第一设备的密钥管理逻辑处理模块向第一设备的关联关系存储模块发送设备列表和关联关系。
这样第一设备的关联关系存储模块存储设备列表和关联关系。
具体地,第一设备的关联关系存储模块存储keyAlias—UDID_S—{(UDID_1,relation_1),(UDID_2,relation_2)……。
707、第一设备的设备连接模块读取设备关联关系存储模块存储的设备列表和关联关系,向该设备列表中的至少一个第二设备发送密钥托管请求,该密钥托管请求包括该密钥。
第一设备的设备连接模块,根据关联关系向该设备列表中的至少一个第二设备发送密钥 托管请求,以托管该密钥。
例如,第一设备的设备连接模块通过relation_1向UDID_1发送密钥托管请求。
该密钥托管请求还可以包括密钥的索引、第一设备的标识、业务模块的标识中的至少一种。
708、第二设备的设备连接模块接收第一设备的设备连接模块发送的密钥托管请求,并向第二设备的密钥托管逻辑处理模块发送该密钥托管请求;
第二设备的设备连接模块接收到密钥托管请求之后,将该密钥托管请求交由第二设备的密钥托管逻辑处理模块处理。
709、第二设备的密钥托管逻辑处理模块向第二设备的本地密钥管理模块发送该密钥托管请求。
710、第二设备的本地密钥管理模块接收并保存该密钥。
第二设备的本地密钥管理模块将该密钥保存在第二设备的安全硬件环境中。
这样,第一设备生成的密钥,由第二设备保存的本地密钥管理模块托管。
711、第二设备的密钥托管逻辑处理模块将该第二设备与该第一设备的关联关系发送给第二设备的设备关联关系存储模块。
第二设备与该第一设备的关联关系包括第二设备与第一设备的通信连接方式。
可选的,步骤711和步骤709可以并行地执行。
也即是说,第二设备的密钥托管逻辑处理模块将密钥发送给本地密钥管理模块的同时,也可以将该第二设备与该第一设备的关联关系送给第二设备的设备关联关系存储模块,以使得设备关联关系存储模块存储该第一设备和该第二设备的关联关系。
712、第二设备的设备关联关系存储模块存储第一设备和第二设备关联关系。
该第一设备和第二设备联关系为第一设备和第二设备的通信连接方式。
该关联关系可存储在第二设备的安全硬件环境中,这样能够较全面的保障与密钥有关的数据的安全,从而提升密钥的安全性。
例如,第二设备i的设备关联关系存储模块可存储UDID_S—UDID_i,relation_i,i=1,2,3,4中的任一个。
713、第二设备的密钥托管逻辑处理模块向第二设备的设备连接模块发送托管完成通知;
714、第二设备的连接管理模块向第一设备的设备连接模块发送托管完成通知;
这样,通过上述存储密钥的步骤,第一设备能够实现将生成的密钥托管至第二设备的安全硬件环境,从而能够保证密钥存储期间的安全性。
可选的,第一设备的设备连接模块可向第一设备的密钥托管逻辑处理模块发送该密钥完成通知。
如图8所示的密钥的使用方法的流程示意图,本申请实施例的密钥使用方法包括以下步骤:
801、第一设备的密钥托管逻辑处理模块接收第一设备的业务模块发送的密钥使用请求,该密钥使用请求包括待处理数据。该待处理数据可以理解为密钥使用对象的数据。
可选的,密钥使用请求还包括密钥使用时所需的参数。这样,使得第二设备能够根据密钥、密钥使用时所需的参数以及待处理数据,完成密钥使用的步骤。
可选的,该密钥使用请求还可包括托管密钥的索引keyAlias。这样,使得托管密钥的第二设备,能够根据该索引keyAlias确定所要使用的密钥。
第一设备的业务模块在需要使用密钥时,向第一设备的密钥托管逻辑处理模块发送密钥使用请求。例如,当用于声纹识别的业务模块需要加密声纹时,可向第一设备的密钥托管逻辑处理模块发送密钥使用请求,以使用密钥对声纹进行加密。需要加密的声纹则可以理解为待处理的数据,或者密钥使用对象的数据,或者密钥使用时所需的参数。
802、第一设备的密钥托管逻辑处理模块向设备连接模块发送密钥使用请求。
密钥托管逻辑处理模块将业务模块发送的密钥使用请求发送至该第一设备的设备连接模块。
803、第一设备的设备连接模块从第一设备的关联关系存储模块获取设备列表和关联关系。
例如,第一设备的关联关系存储模块存储有keyAlias—UDID_S—{(UDID_1,relation_1),(UDID_2,relation_2)……。则第一设备的连接模块可获取到关联关系存储模块存储的keyAlias—UDID_S—{(UDID_1,relation_1),(UDID_2,relation_2)……,从而能够得到存储有索引为keyAlias的密钥对应的设备列表和关联关系。
804、第一设备的设备连接模块根据设备列表和关联关系确定用于处理密钥使用请求的第二设备。
具体地,设备连接模块的连接方式处理单元检查设备列表中的一个或多个第二设备的连接状态,从设备列表的一个或多个设备中选择出一个用于处理密钥使用请求的第二设备。
设备连接模块选择用于处理密钥使用请求的第二设备的方案,可参考上述步骤404的解释说明中的相关描述,此处不再详述。
举例来说,设备连接模块的设备连接状态感知单元确定本机连接状态,逐个检查设备列表中的各个第二设备(UDID_i)能否通过指定的连接关系relation_i连接(i为1,2,3,4,……n,根据每个设备的可用连接状态,选择最优的连接方式relation_k,以及最优的第二设备UDID_k。该最优的连接方式包括但不限于最先响应的设备、安全等级最高的连接方式等。relation_k为relation_1,relation_2,relation_3,……,relation_n中的一个。
805、第一设的设备连接模块向该用于处理密钥使用请求的第二设备发送密钥使用请求。
可选的,该密钥使用请求包括密钥的索引、待处理数据以及密钥使用时所需的参数。密钥使用时所需的参数可以理解为密钥使用时的相关算法参数。
806、该第二设备的设备连接模块接收第一设备发送的密钥使用请求,并向第二设备的密钥托管逻辑处理模块发送该密钥使用请求。
可以理解,该第二设备的设备连接模块将接收到的密钥使用请求转发给第二设备的密钥托管逻辑处理模块。
807、第二设备的密钥托管逻辑处理模块从设备关联关系存储模块获取存储的关联关系。
例如,第二设备的密钥逻辑托管处理模块可根据该密钥使用请求,确定所要使用的密钥,并根据设备关联关系存储模块存储的设备列表以及关联关系确定与该密钥对应的第一设备,以及第二设备与该第一设备的连接关系。
808、第二设备的密钥托管逻辑处理模块验证该密钥使用请求是否合理。
具体地,第二设备的密钥托管逻辑处理模块验证发送该密钥使用请求的第一设备是否具备请求该第二设备处理密钥使用请求的权限。例如,密钥使用请求中可包括该第一设备的标识。第二设备的密钥托管逻辑模块可根据该第一设备的标识,验证该第一设备是否为设备列表中的设备,并验证该第一设备与该第二设备的连接方式是否符合存储的该第一设备和第二设备的关联关系。若该第一设备是设备列表中的设备,且两者的连接关系,也符合存储的该 第一设备和第二设备的关联关系,则验证该密钥使用请求是否合理。
该步骤808和步骤807可以并行地执行,也可以先执行步骤808再执行步骤807,或者先执行步骤807再执行步骤808。
809、密钥使用请求合理时,第二设备的密钥托管逻辑处理模块向第二设备的本地密钥管理模块发送该密钥使用请求中的待处理数据以及密钥使用所需时的参数。
可选的,第二设备的密钥托管逻辑处理模块还可以向第二设备的本地密钥管理模块发送密钥的索引。这样第二设备的本地密钥管理模块能够准确的确定需要利用存储的哪个密钥对待处理数据进行处理。
810、第二设备的本地密钥管理模块执行密钥使用步骤,利用存储的密钥以及密钥使用时所需的参数对待处理数据进行处理,得到密钥使用结果。
密钥使用步骤可以为加密、解密、签名、验证签名等等。基于上述待处理数据为待加密的声纹的举例,第二设备的本地密钥管理模块可利用第一设备托管的密钥以及相关算法参数对待加密的声纹进行加密。
该密钥使用结果,可包括对待处理数据执行密钥使用步骤之后得到的数据,还可以包括密钥使用步骤是否正常执行等结果信息。
811、第二设备的本地密钥管理模块向第二设备的密钥托管逻辑处理模块发送该密钥使用结果。
812、第二设备的密钥托管逻辑处理模块向设备连接模块发送该密钥使用结果。
813、第二设备的设备连接模块向第一设备的设备连接模块发送该密钥使用结果。
814、第一设备的设备连接模块向第一设备的密钥托管逻辑处理模块发送该密钥使用结果。
815、第一设备的密钥托管逻辑处理模块向业务模反馈该密钥使用结果。
通过步骤810-步骤815,第二设备向第一设备反馈密钥使用结果,使得发送该密钥使用请求的业务模块能够获取到密钥使用结果,完成密钥的使用过程。
由此可见,本申请的技术方案,第一设备将密钥存储在已连接认证的第二设备上,使用第二设备的安全硬件环境存储密钥。第一设备将密钥使用时所需的参数以及待处理数据发送给第二设备,借助第二设备的计算能力使用密钥,或者说借助第二设备的计算能力,利用密钥对待处理数据进行处理。这样,密钥托管在具备安全硬件环境的第二设备,可以保障密钥存储的安全性;而且,第一设备所能使用的密钥,能够突破第一设备本身的计算能力的限制,使得第一设备可以使用的密钥的种类更多样。
本申请实施例提供了一种计算机存储介质,包括计算机指令,当计算机指令在终端上运行时,使得终端执行上述任一可能的实施例中的应用程序的处理方法。
本申请实施例提供了一种计算机程序产品,当计算机程序产品在终端上运行时,使得终端执行上述任一可能的实施例中的应用程序的处理方法。
以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。
Claims (10)
- 一种密钥使用方法,其特征在于,包括:第一设备向第二设备发送密钥使用请求,所述第二设备包括安全硬件环境;所述第一设备接收第二设备发送的密钥使用结果,所述密钥使用结果是所述第二设备根据所述安全硬件环境中的密钥,对所述密钥使用请求中的待处理数据进行处理得到的。
- 根据权利要求1所述的方法,其特征在于,所述第一设备向第二设备发送密钥使用请求之前,所述方法还包括:所述第一设备获取设备列表中的一个或多个第二设备与所述第一设备的连接状态;所述第一设备根据所述一个或多个第二设备与所述第一设备的连接状态,从所述一个或多个第二设备中,选择出用于处理所述密钥使用请求的第二设备;所述第一设备向第二设备发送密钥使用请求包括:所述第一设备向所述用于处理所述密钥使用请求的第二设备发送所述密钥使用请求。
- 根据权利要求1所述的方法,其特征在于,所述第一设备向第二设备发送密钥使用请求之前,所述方法还包括:第一设备向第二设备发送密钥托管请求,所述密钥托管请求包括所述密钥,所述密钥托管请求用于请求所述第二设备保存所述密钥。
- 根据权利要求3所述的方法,其特征在于,所述密钥托管请求还包括所述密钥的索引,所述密钥托管还用于请求所述第二设备保存所述密钥的索引;所述密钥使用请求包括所述密钥的索引和所述待处理数据。
- 一种密钥使用方法,其特征在于包括:第二设备接收第一设备发送的密钥使用请求,所述第二设备包括安全硬件环境;所述第二设备利用安全硬件环境中的密钥对所述密钥使用请求中的待处理数据进行处理,得到密钥使用结果;所述第二设备向所述第一设备发送所述密钥使用结果。
- 根据权利要求5所述的方法,其特征在于,所述第二设备接收第一设备发送的密钥使用请求之前,所述方法还包括:所述第二设备接收所述第一设备的密钥托管请求,所述密钥托管请求包括所述密钥;所述第二设备将所述密钥存储至所述安全硬件环境。
- 根据权利要求6所述的方法,其特征在于,所述密钥托管请求还包括所述密钥的索引;所述方法还包括:所述第二设备将所述密钥的索引存储至所述安全硬件环境;所述密钥使用请求包括所述密钥的索引和所述待处理数据。
- 一种电子设备,包括存储器,一个或多个处理器,以及多个应用程序,其中,所述存储器中存储一个或多个程序;其特征在于,所述一个或多个处理器在运行所述一个或多个程序时,使得所述终端执行如权利要求1至7任一项所述的方法。
- 一种计算机存储介质,其特征在于,包括计算机指令,当所述计算机指令在终端上运行时,使得所述终端执行如权利要求1至7任一项所述的方法。
- 一种计算机程序产品,其特征在于,当所述计算机程序产品在终端上运行时,使得所述终端执行如权利要求1至7任一项所述的方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010890848.1A CN114117458A (zh) | 2020-08-29 | 2020-08-29 | 密钥使用方法及相关产品 |
CN202010890848.1 | 2020-08-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022042273A1 true WO2022042273A1 (zh) | 2022-03-03 |
Family
ID=80354525
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/111406 WO2022042273A1 (zh) | 2020-08-29 | 2021-08-09 | 密钥使用方法及相关产品 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114117458A (zh) |
WO (1) | WO2022042273A1 (zh) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161402A (zh) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | 基于云环境的加密机密钥注入系统、方法及装置 |
CN106921673A (zh) * | 2017-03-28 | 2017-07-04 | 联想(北京)有限公司 | 网络安全管理方法及服务器 |
CN107454590A (zh) * | 2017-07-26 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | 一种数据加密方法、解密方法及无线路由器 |
CN109150502A (zh) * | 2018-09-19 | 2019-01-04 | 广州通达汽车电气股份有限公司 | 数据加密方法、装置、系统、计算机设备和存储介质 |
-
2020
- 2020-08-29 CN CN202010890848.1A patent/CN114117458A/zh active Pending
-
2021
- 2021-08-09 WO PCT/CN2021/111406 patent/WO2022042273A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161402A (zh) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | 基于云环境的加密机密钥注入系统、方法及装置 |
CN106921673A (zh) * | 2017-03-28 | 2017-07-04 | 联想(北京)有限公司 | 网络安全管理方法及服务器 |
CN107454590A (zh) * | 2017-07-26 | 2017-12-08 | 上海斐讯数据通信技术有限公司 | 一种数据加密方法、解密方法及无线路由器 |
CN109150502A (zh) * | 2018-09-19 | 2019-01-04 | 广州通达汽车电气股份有限公司 | 数据加密方法、装置、系统、计算机设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN114117458A (zh) | 2022-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111466099B (zh) | 一种登录方法、令牌发送方法、设备及存储介质 | |
CN113609498B (zh) | 数据保护方法及电子设备 | |
EP3859576B1 (en) | Application permission management method and electronic device | |
EP4152190A1 (en) | Permission management method and apparatus for application, and electronic device | |
WO2021057982A1 (zh) | 应用程序的处理方法及相关产品 | |
WO2022160991A1 (zh) | 权限控制方法和电子设备 | |
CN113408016B (zh) | 保存密文的方法和装置 | |
WO2022089121A1 (zh) | 处理推送消息的方法和装置 | |
WO2022095820A1 (zh) | 一种文本输入的方法、电子设备和系统 | |
CN114827098B (zh) | 合拍的方法、装置、电子设备和可读存储介质 | |
CN114692119A (zh) | 校验应用的方法和电子设备 | |
WO2023284555A1 (zh) | 安全调用服务的方法、安全注册服务的方法及装置 | |
CN115017498B (zh) | 小应用程序的操作方法和电子设备 | |
WO2022037405A1 (zh) | 信息验证的方法、电子设备及计算机可读存储介质 | |
EP4138357A1 (en) | Method and device for negotiating permission during communication process, and electronic apparatus | |
CN113676440B (zh) | 通信过程中的权限协商方法、装置和电子设备 | |
WO2022042273A1 (zh) | 密钥使用方法及相关产品 | |
CN116527266A (zh) | 数据归集方法及相关设备 | |
CN115941220A (zh) | 跨设备认证方法和装置 | |
CN114117367A (zh) | 一种数据保护方法及电子设备 | |
CN114254334A (zh) | 数据处理方法、装置、设备及存储介质 | |
WO2024046418A1 (zh) | 一种数据保护方法及电子设备 | |
US20240233933A1 (en) | Contact tracing method and related device | |
CN114826636B (zh) | 访问控制系统及相关方法和设备 | |
WO2024002137A1 (zh) | 通信方法、通信系统及电子设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21860112 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21860112 Country of ref document: EP Kind code of ref document: A1 |