WO2023072206A1 - Key migration method and related device - Google Patents

Key migration method and related device Download PDF

Info

Publication number
WO2023072206A1
WO2023072206A1 PCT/CN2022/127998 CN2022127998W WO2023072206A1 WO 2023072206 A1 WO2023072206 A1 WO 2023072206A1 CN 2022127998 W CN2022127998 W CN 2022127998W WO 2023072206 A1 WO2023072206 A1 WO 2023072206A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal device
key
uid
application
key file
Prior art date
Application number
PCT/CN2022/127998
Other languages
French (fr)
Chinese (zh)
Inventor
漆昌桂
胡慧锋
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023072206A1 publication Critical patent/WO2023072206A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0643Management of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0646Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
    • G06F3/0647Migration mechanisms

Definitions

  • the present application relates to the technical field of communications, and in particular to a key migration method and related equipment.
  • the embodiment of the present application provides a key migration method and related equipment, which can guarantee service continuity and user experience when the UID of an application is changed.
  • the embodiment of the present application provides a key management method, which is applied to a terminal device, and the terminal device is installed with a first application.
  • the method includes: the terminal device changes the user identity certificate UID of the first application from the first UID to is the second UID, the first application accesses the first key file based on the user identity certificate UID of the first application, and the data stored in the first key file is required for the first application to execute the first business, the second The file name of a key file is generated by the terminal device based on the first UID; the terminal device generates a second key file based on the first key file; wherein, the file name of the second key file is generated by the terminal device based on the second UID Yes, the data stored in the second key file is the same as the data stored in the first key file.
  • the terminal device determines that the application has changed the UID, it can repair the key file of the application stored on the KeyStoreService side before the change of the UID, that is, the key file can be stored in a stored key file.
  • the data of the key file is migrated to another new key file to realize the key migration, so as to ensure that after the application changes the UID, when the application uses the file name of the key file generated based on the changed UID to search for the key file, it can find The correct key file (that is, the new key file), so that the encrypted data can be successfully decrypted by using the correct key file, avoiding decryption failure and loss of encrypted data, improving business continuity and improving user experience.
  • the terminal device generates the second key file based on the first key file, which specifically includes: the terminal device migrating the data stored in the first key file to the second key file; or, the terminal device Generate the second key file by changing the file name of the first key file to the file name of the second key file.
  • the application uses the file name of the key file generated based on the changed UID to search for the key file, the correct key file can be found, so that the encrypted data can be successfully decrypted by using the correct key file.
  • the method before the terminal device changes the UID of the first application from the first UID to the second UID, the method further includes: the terminal device restarts after completing the OTA upgrade over the air; or, the terminal device completes the over-the-air update After the OTA is upgraded, it is detected that the user logging in to the terminal device is switched from the first user to the second user.
  • the terminal device can be triggered to perform an operation of querying the UID, so as to determine whether the UID of the application has changed.
  • the method further includes: the terminal device detects that the first application is started and running.
  • the terminal device can be triggered to perform an operation of querying the UID, so as to determine whether the UID of the application has changed.
  • the terminal device includes an application package management service PMS, and before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device detects the The UID is changed from the first UID to the second UID.
  • the terminal device can determine whether the UID of the application has changed through the PMS.
  • the terminal device includes a key store service KeyStoreService, and before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device detects the The UID is changed from the first UID to the second UID.
  • the terminal device can determine whether the UID of the application has changed through the KeyStoreService.
  • the terminal device includes an Installd module
  • the method further includes: the terminal device queries the first UID and the second UID through the Installd module .
  • the terminal device can query the UID through Installd.
  • the terminal device uses the data stored in the second key file to execute the first service, which specifically includes: the terminal device displays the first user interface, the first user interface includes user data, and the user data is obtained by using The data stored in the second key file is retrieved.
  • the terminal device can use the new key file to decrypt the user data, thereby ensuring that the user data is not lost.
  • the method further includes: the terminal device checks the key integrity of the second key file, and confirms the check Pass; and/or, the terminal device checks the authority of the second key file, and confirms that the check is passed.
  • the method before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device confirms that the first application allows the terminal device to generate the second key file based on the first key file; key file; and/or, the terminal device checks the key integrity of the first key file, and confirms that the check passes; and/or, the terminal device checks the authority of the first key file, and confirms that the check passes.
  • the method further includes: the terminal device saves the second key file.
  • the terminal device can find the key file corresponding to the key when it needs to obtain the key.
  • the first application is a system application
  • the system application is an application preset by an operating system of the terminal device.
  • the UID of the first application is generated based on the user identifier UserId and the application identifier APPId, wherein the user identifier UserId is determined by the terminal device based on the number of users who log in to the terminal device, and the application identifier APPId is determined by the terminal device Determined based on the package name of the first application.
  • an embodiment of the present application provides a terminal device, the terminal device includes one or more processors and one or more memories; wherein, the one or more memories are coupled to the one or more processors, and one or more The multiple memories are used to store computer program codes, and the computer program codes include computer instructions.
  • the terminal device executes the method in any possible implementation manner of the first aspect above.
  • an embodiment of the present application provides a computer storage medium, the computer storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are run on a terminal device, the terminal device executes any of the above-mentioned first aspects.
  • Method in one possible implementation.
  • an embodiment of the present application provides a computer program product, which, when the computer program product is run on a computer, causes the computer to execute the method in any possible implementation manner of the first aspect above.
  • Fig. 1A-Fig. 1B are a set of user interface diagrams provided by the embodiment of the present application.
  • FIG. 2 is a schematic flow diagram of a key migration method triggered to be executed under the scenario of a PMS scanning application package provided by an embodiment of the present application;
  • FIG. 3A-FIG. 3H are schematic diagrams of user interfaces for a group of OTA upgrades and multi-user switching provided by the embodiment of the present application;
  • FIG. 4 is a schematic flow diagram of a key migration method triggered to be executed in another PMS scanning application package scenario provided by an embodiment of the present application;
  • Fig. 5 is a schematic flowchart of a key migration method that is triggered to be executed in a scenario where an application needs to obtain a key during startup and operation provided by an embodiment of the present application;
  • Fig. 6 is a schematic flowchart of another key migration method triggered by execution in a scenario where an application needs to obtain a key during start-up and running according to an embodiment of the present application;
  • FIG. 7 is a schematic structural diagram of a terminal device provided in an embodiment of the present application.
  • FIG. 8 is a schematic diagram of a software architecture of a terminal device provided in an embodiment of the present application.
  • the Android KeyStore System is a keystore management system, which consists of the KeyChain application programming interface (Application Programming Interface, API) introduced in Android 4.0, Android 4.3
  • the Android keystore provider function introduced in .
  • the Android keystore system can store encryption keys in containers, thereby providing the difficulty of extracting the keys in the device. After the keys are in the keystore, they can be used for cryptographic operations, while the key material remains non-exportable.
  • the Android keystore system protects key material from unauthorized use.
  • the Android keystore system can be divided into three parts at the architectural level:
  • the first part Android Key Store (AndroidKeyStore), located in the framework (Framework) layer, is used to provide relevant interfaces for key operations to the application layer.
  • AndroidKeyStore located in the framework (Framework) layer, is used to provide relevant interfaces for key operations to the application layer.
  • KeyStoreService located in the native (Native) layer, is responsible for the management and storage of keys, corresponding to the process keystore.
  • the third part Keymaster trusted application (Trusted Application, TA), which runs in a trusted security environment (Trusted Execution Environment, TEE), used to provide key generation, data encryption and decryption, authentication, signature verification and other related security services realization.
  • Trusted Application Trusted Application
  • TEE Trusted Execution Environment
  • Some applications on the terminal device can use the Android keystore system to encrypt and decrypt their data, and their key files (also called key index files) will be stored in the data directory of the keystore service module.
  • the key file under the management of the Android key store system its file name is generated based on encoding the UID, key type, and key alias (Alias) of the application, for example, the file name of a certain key file is 1000_USRPKEY_XX, then the UID of the application is 1000, the key type is USRPKEY, and the key alias is XX.
  • the key store service module can use the key file as the key entry, and call KeymasterTA to perform data encryption and decryption related operations.
  • the key store system may include but not limited to the Android key store system. Limitations on this Application.
  • each user has a UID, which is mapped to the user name one by one.
  • UID User Identity
  • GID GroupIdentification, GID
  • the Android system did not support multiple users.
  • the multi-user function was added. That is to say, multiple users can be added to one Android device.
  • User types can include primary users, secondary users, guest user. Among them, the primary user is the first user added to the device. Unless the factory settings are restored, the primary user cannot be removed. Other users are running in the foreground, and the primary user will always be running; the secondary user is in addition to the primary user.
  • the secondary user can be removed (either by the user himself or by the primary user) without affecting other users on the device, the secondary user can run in the background and continue to be connected to the network ;Guest user is a temporary secondary user, the system provides an explicit option to delete the guest user, when the guest user is no longer using the device, it can be quickly deleted, there can only be one guest user at a time.
  • UID is an Android application identity based on a specific user.
  • a UID corresponds to an application
  • the UID of an application is the application package management service module (PackageManagerService, PMS) in parsing and installing Android applications. Created when the package (AndroidApplicationPackage, APK) file. All processes in the same Android application share the same UID. If you want to share the same UID between multiple different Android applications, you need to set the same sharedUserId in the XML file of "AndroidManifest.xml", and have the same signature at the same time .
  • PackageManagerService PMS
  • APK ApplicationPackage
  • the multi-user Android system introduces two new concepts: user identifier (UserIdentifier, User Id) and application identifier (ApplicationIdentifier, App Id).
  • the User Id is related to the number of users (such as primary users, secondary users, guest users, etc.) on the terminal device. If there is only one user on the terminal device, that is, single-user status, the User Id of the user is 0; if there are multiple users on the terminal device, that is, multi-user status, each user has its own User Id, and They are different from each other. Except for the default user (the User Id of the default user is 0), the User Id of other users increases sequentially from 10.
  • the App Id is related to the application on the terminal device. Even for different users, applications with the same application package name (package name for short) have the same App Id. That is to say, once the application is deployed, its App Id will be fixed. , will not change during normal operation of the system.
  • the App Id There are two ways to determine the App Id: the first way is automatically assigned by PMS, which is usually applicable to third-party applications, or some system applications; the second way is to specify Android in "AndroidManifest.xml”: sharedUserId for fixed allocation, which is usually applicable to most system applications.
  • UID has the following conversion relationship with User Id and App Id:
  • UID UserId*100000+AppId
  • the value range of App Id is [0,100000]; for User Id, in single user (default user) state, User Id is 0, in multi-user state, default user's User Id is 0, if you add A new user, such as user 1, the User Id of user 1 is 10. If a new user is added, such as user 2, the User Id of user 2 is 11. If a new user is added, such as user 3, the user The User Id of 3 is 12, and so on, that is to say, except the default user (the User Id of the default user is 0), the User Ids of other users increase sequentially from 10, such as 10, 11, 12, 13 and so on.
  • the PMS is responsible for managing various application packages on the system, can install, uninstall, update and analyze the application packages on the terminal device, and can also be responsible for authority management, etc.
  • boot phase which is responsible for the application package scanning process (that is, the PMS scanning process).
  • This process includes five phases: start phase (boot_progress_pms_start), scan system (system) Partition phase (boot_progress_pms_system_scan_start), scan data (data) partition phase (boot_progress_pms_data_scan_start), scan end phase (boot_progress_pms_scan_end), preparation phase (boot_progress_pms_ready).
  • PMS objects can be created by calling the main method, and assigned to member variables in the PMS (such as mSettings, mInstaller, systemConfig, etc.).
  • PMS will scan the application package under the /system directory (system directory).
  • /system can be called the system partition, which is mainly used to store Android system-related files and frameworks. directory
  • PMS will scan the files in each subdirectory, such as /system/app (the subdirectory of /system where the system APP is stored), /system/framework (the subdirectory of /system where the application framework layer jar package is stored) and other directories files under , and do some post-processing on the scanned files.
  • PMS will scan the application packages under the /data directory (data directory).
  • /data can be called the data partition.
  • This partition is mainly used to store personal data and configuration files of all users.
  • the /data directory includes Multiple subdirectories, PMS will scan the files in each subdirectory, such as /data/app (the subdirectory of /data storing the third-party APP), /data/system (the subdirectory of /data storing the system configuration files), / data/data (the subdirectory of /data that stores all the data of the installed APP) and other directories, and update the application information in the data directory in time to remove unnecessary data.
  • /data/app the subdirectory of /data storing the third-party APP
  • /data/system the subdirectory of /data storing the system configuration files
  • data/data the subdirectory of /data that stores all the data of the installed APP
  • the UID information of the applications involved in the embodiments of the present application are all stored in the /data directory.
  • the PMS can determine whether the current platform software development kit (Software Development Kit, SDK) version is different from the SDK version at the last startup, and if so, update the permissions; it can also determine whether it is the first time after the OTA upgrade Start, if so, clear unnecessary buffer data; you can also update files such as package.xml.
  • SDK Software Development Kit
  • PMS will create PackageInstallerService object, perform memory garbage collection, etc.
  • the PMS installs and uninstalls the application package on the terminal device mainly through Installer and Installd.
  • Installer is the API interface provided by the Java layer
  • Installd is the DaemonService started by the init process.
  • the system application on the terminal device is granted high authority.
  • the system application can be run in the system process, and the system application has the system authority ( For example, root authority), you can modify the system configuration, and at the same time, you can also configure multiple applications to run in one process for data sharing.
  • the high authority of system applications can easily bring huge security risks to the system. Once these system applications are compromised, it will cause security risks such as system configuration manipulation, user data and system data leakage. Therefore, in order to reduce security risks, it is necessary to change and rectify the UIDs of these system applications.
  • OS Operating System
  • the UID change of the application will cause the data resources of the application with the old UID (that is, the UID before the change) to be unavailable for the application with the new UID (that is, the UID after the change). That is to say, after the UID of the application is changed, the user cannot access the application.
  • the original directory file before changing the UID resulting in data loss.
  • the current solution is to repair the group and permissions of the application's data directory, so that the new UID application also has access to the old UID application's data directory, so that after the application's UID is changed, the old UID The data of the application is still available for the new UID application, that is, the user can normally access the data directory of the old UID application.
  • the PMS will call the Installd process to prepare user data.
  • the data directory includes the data directory under the credential encrypted (CredentialEncrypted, CE) storage space and the device (Device Encrypted, DE) encrypted storage space.
  • CE CredentialEncrypted
  • DE Device Encrypted
  • the key files used are uniformly managed by the KeyStoreService module (KeyStoreService).
  • the file name is generated by KeyStoreService based on the encoding of the application's UID, key type, and key alias.
  • the UID of the application not only the UID of the data directory of the application will change, but also the expected file name of the key file in the Android keystore used by the application (that is, the file name generated based on the changed UID) Change, the above solution does not take into account the change of the expected file name of the key file in the Android keystore caused by the change of the UID of the application.
  • the new UID application calls the Android keystore
  • KeyStoreService will encode and generate the file name of the new key file based on the new UID (that is, the expected file name), but because the file name of the key file stored in the Android key store does not change with the application Therefore, KeyStoreService cannot find the key file corresponding to the file name of the new key file based on the file name of the new key file, and the new UID application cannot apply to the old UID. If the encrypted data is successfully decrypted, that is, the decryption fails.
  • the failure of the decryption may lead to loss of application data, invalidation of the account information logged into the application, the need for the user to re-sign the relevant agreement, loss of user data, etc., resulting in reduced business continuity at the upper layer , poor user experience.
  • the user interface 100 displays the user's account information (such as account name Mary, etc.) and historical data information (such as my History data recorded in lists such as favorites, recent play, downloads, etc.), that is to say, the terminal device 100 stores the user's account information and historical data information generated during the use of the application before the UID of the application is changed.
  • the user interface 110 no longer displays the account information of the user stored on the terminal device 100 before the UID of the application is changed, and the user’s account information generated during the use of the application before the UID of the application is changed.
  • the historical data information is also cleared (for example, the number of data entries stored in the "My Favorites" list is changed from 30 in Fig. 1A to 0 in Fig. 1B), that is to say, the terminal device 100 has no information about the old UID The application's encrypted data decryption failed, resulting in the loss of encrypted data.
  • the embodiment of this application provides a key migration method.
  • the terminal device determines that the UID of the application changes After that, the key file stored on the KeyStoreService side of the application before changing the UID can be repaired, that is, the key migration can be realized by migrating the data in a stored key file to another new key file, This ensures that after the application changes the UID, when the application uses the file name of the key file generated based on the changed UID to search for the key file, it can find the correct key file (that is, the new key file), so that the application can use the key file.
  • the correct key file can successfully decrypt encrypted data, avoid decryption failure and encrypted data loss, improve business continuity, and improve user experience.
  • the terminal device can change the UID of the application through Over The Air (OTA).
  • OTA Over The Air
  • the change of the UID of the application means that under the same user, the UID of the application is different before the OTA and after the OTA.
  • the execution of the PMS scanning application package is triggered, wherein the triggering condition of the PMS scanning application package is: the terminal device 100 is restarted after the completion of the OTA, or the terminal device 100 responds to the switch user’s request after the completion of the OTA. Operation to perform multi-user switching (for example, switch from default user to user 1).
  • the key migration method provided by the embodiment of the present application can uniformly repair the file names of the key files stored by multiple applications on the KeyStoreService side.
  • the application is triggered to execute when it needs to obtain the key (that is, needs to query the key file) during the startup and running process.
  • the key migration method provided by the embodiment of the present application only repairs the file name of the key file currently stored by a single application on the KeyStoreService side.
  • the terminal device 100 in the embodiment of the present application takes a mobile phone as an example, and the terminal device 100 may also be a tablet computer (Pad), a smart screen, a personal digital assistant (Personal Digital Assistant, PDA), a laptop computer ( Laptop) and other smart terminal devices, the embodiment of the present application does not limit the type, physical form, and size of the terminal device 100 .
  • the terminal device 100 may also be a tablet computer (Pad), a smart screen, a personal digital assistant (Personal Digital Assistant, PDA), a laptop computer ( Laptop) and other smart terminal devices, the embodiment of the present application does not limit the type, physical form, and size of the terminal device 100 .
  • the key migration method provided in the embodiment of this application can be applied to the UID change scenario of the system application on the terminal device 100 using the Android keystore system for data encryption and decryption, but is not limited thereto.
  • the key migration method provided in the embodiment of the application It may also be applicable to UID change scenarios of other applications on the terminal device 100 that use the Android keystore system for encryption and decryption, which is not limited in this embodiment of the present application.
  • the following introduces a key migration method triggered for execution in a scenario where a PMS scans an application package provided by an embodiment of the present application.
  • FIG. 2 exemplarily shows a flow of a method for triggering execution of key migration in a scenario where a PMS scans an application package provided by an embodiment of the present application.
  • the method can be applied to a terminal device 100, wherein the terminal device 100 can include: an application package management service module (PMS), an Installer, a service management module (ServiceManager), Installd, and an Android Keystore (AndroidKeystore) , Keystore service module (KeyStoreService).
  • PMS application package management service module
  • ServiceManager Service Management module
  • Installd an Android Keystore
  • KeyStoreService Keystore service module
  • the terminal device 100 can first obtain the new UID and the old UID of the application, and if it is determined that the new UID and the old UID are different, the terminal device 100 can perform key migration again, so as to ensure that the application can still decrypt data after changing the UID.
  • the correct key file can be found to decrypt the encrypted data, avoiding decryption failure and loss of encrypted data.
  • a possible implementation manner for the terminal device 100 to acquire the new UID and old UID of the application may be the implementation described in the following phase one (step S201-step S207), and the specific execution process of phase one is introduced in detail below :
  • Phase 1 (step S201-step S207): Obtaining the old and new UID phase
  • the application package management service module of the terminal device 100 sends a request to the Installer for querying the old and new UIDs after detecting that the OTA is completed and restarted or multi-user switching.
  • Triggering the terminal device 100 to perform the OTA upgrade may include but not limited to the following two implementations:
  • Implementation mode 1 the terminal device 100 automatically prompts the user to perform an OTA upgrade, and after the user agrees, triggers the terminal device 100 to perform an OTA upgrade.
  • the terminal device 100 may display a pop-up window 300 for prompting the user to update the system version, and the pop-up window 300 may include a prompt message (such as "found a new version of the system") and an "update now" option 301 , the terminal device 100 may detect the user's operation (such as a click operation) on the "update now" option 301, and in response to the operation, the terminal device 100 may perform a system update, that is, perform an OTA upgrade.
  • a prompt message such as "found a new version of the system”
  • an "update now" option 301 the terminal device 100 may detect the user's operation (such as a click operation) on the "update now" option 301, and in response to the operation, the terminal device 100 may perform a system update, that is, perform an OTA upgrade.
  • Implementation Mode 2 The user actively enters the "Settings" application to trigger the terminal device 100 to perform OTA upgrade.
  • FIG. 3B exemplarily shows a user interface 310 of the "Settings" application of the terminal device 100, and the user interface may display multiple setting options (such as "user and account” option 311, " System and Update” option 312, etc.), the terminal device 100 can detect the user's operation (for example, click operation) on the "System and Update” option 312, and in response to the operation, the terminal device 100 can display the exemplarily shown in Figure 3C Further, the terminal device 100 can detect the user's operation (such as a click operation) on the "software update” option 321, and in response to the operation, the terminal device 100 can display the user interface as exemplarily shown in Figure 3D 330, the user interface displays prompt information (for example, "new version found") and an "update now” option 331, and the terminal device 100 may detect the user's operation (for example, click operation) on the "update now” option 331, and respond to the Operation, the terminal device 100 can perform a system update, that is, perform an
  • the terminal device 100 After the terminal device 100 completes the OTA upgrade, it can automatically start and restart, and display a user interface 340 as shown in Figure 3E. Power on and restart.
  • FIG. 3F-FIG. 3H exemplarily show the process of multi-user handover after OTA is completed.
  • the terminal device 100 may detect the user's operation (such as a click operation) on the "user and account" option 311 in FIG. It can be seen that the user who currently logs in to the terminal device 100 is the owner user (also referred to as the default user), the terminal device 100 can detect the user's operation on the option 351 (such as a click operation), and in response to this operation, the terminal device 100 can A user interface 360 as shown in FIG.
  • the user interface displays multiple options (such as option 361, option 362, etc.), and it can be seen that there are two users who can log in to the terminal device 100: the owner user and User 1, the user who currently logs in to the terminal device 100 is the owner user, if the user wants to switch to user 1 to log in to the terminal device 100, then the terminal device 100 can detect the user's operation on option 362 (such as a click operation), and respond to In this operation, the terminal device 100 can display a pop-up window 370 as shown in FIG. The user who logs in to the terminal device 100 is switched from the owner user to user 1, thus completing the multi-user switching.
  • option 362 such as a click operation
  • the package management service module executes the process of scanning application program packages, scans all application program packages under the currently logged-in user in the system, and repairs its data directory.
  • the application package management service module of the terminal device 100 starts to scan the application package after detecting that the OTA is completed and restarted or multi-user switching is completed.
  • the application package management service module may also send a request to the Installer for querying the old and new UIDs, the request may carry information such as the package name of the system application 1, and the request is used to instruct the Installer to query the new UID and the old UID of the system application 1, wherein,
  • the new UID refers to the UID of the system application 1 after the OTA upgrade is restarted/after the multi-user switch of the OTA upgrade, and the old UID refers to the UID of the system application 1 before the OTA upgrade is restarted/before the multi-user switch of the OTA upgrade UID.
  • the Installer of the terminal device 100 After the Installer of the terminal device 100 receives the request for querying the old and new UIDs, it can send a request for querying the old and new UIDs to Installd.
  • One possible implementation is the implementation described in the following steps S203-S204:
  • the Installer of the terminal device 100 sends to the service management module a request for obtaining service 1, the service 1 is a service for querying the old and new UIDs, and after receiving the request for obtaining the service 1 sent by the Installer, the service management module sends a query for the old and new UIDs to Installd request.
  • the Installer of the terminal device 100 may send a request to the service management module to obtain service 1, which is a service for querying the old and new UIDs.
  • service management module receives the request for obtaining service 1 sent by the Installer, it can send a request to Installd to query the old and new UIDs.
  • the request can carry information such as the package name of the system application 1, and the request is used to instruct Installd to query the system application 1. new UID and old UID.
  • the service management module transparently transmits the request for querying the old and new UIDs to Installd through the binder; among them, the binder is an inter-process communication (Inter-Process Communication, IPC) mechanism, which can realize data interaction between multiple processes ; Transparent transmission (that is, transparent transmission) means that in communication, it is only responsible for sending the transmitted content from the source address to the destination address, without making any changes to the transmitted content.
  • IPC Inter-Process Communication
  • the Installd of the terminal device 100 After the Installd of the terminal device 100 receives the request for querying the old and new UIDs, it can send the new UID and the old UID to the application package management service module.
  • One possible implementation is the implementation described in the following steps S205-S207:
  • the Installd of the terminal device 100 sends the new UID and the old UID to the service management module, and after the service management module receives the new UID and the old UID sent by the Installd, it sends the new UID and the old UID to the Installer, and the Installer receives the service management After the new UID and old UID sent by the module, send the new UID and old UID to the application package management service module.
  • the Installd of the terminal device 100 receives the request for querying the old and new UIDs sent by the service management module, it can query the new UID and the old UID of the system application 1, and after the Installd queries the new UID and the old UID of the system application 1,
  • the new UID and old UID of system application 1 can be sent to the service management module, and the service management module can send the new UID and old UID of system application 1 to Installer after receiving the new UID and old UID of system application 1 sent by Installd
  • the Installer may send the new UID and old UID of the system application 1 to the application package management service module.
  • the PMS can obtain the new UID and old UID of all applications installed on the terminal device 100, so as to pave the way for the terminal device 100 to perform the steps in the subsequent stage two, That is, after the above stage 1 is executed, the following stage 2 can be continued. In some embodiments, after the above-mentioned stage 1 is executed, the following stage 2 may not be executed, but other tasks are performed based on the obtained new UID and old UID.
  • the terminal device 100 can determine which applications are sharing the same UID, and can further obtain other relevant information (such as granted permission information) of these applications, so that these applications can be further managed ( For example, rights management), etc.; the terminal device 100 can further determine whether the UID change of the application is successful by judging whether the new UID and the old UID of the same application are different, and so on.
  • Phase 2 (step S208-step S217): key migration phase
  • the application package management service module of the terminal device 100 determines the UID change of the application based on the new UID and the old UID.
  • the application package management service module of the terminal device 100 can compare the new UID and the old UID of the system application 1 to determine the new UID and the old UID Whether they are the same, if they are the same, the application package management service module determines that the UID of the system application 1 has not changed, and the application package management service module does not perform the subsequent steps; if not, the application package management service module determines that the UID of the system application 1 has changed,
  • the application package management service module will also determine whether the currently processed application belongs to a system application. For example, the application package management service module will determine whether the system application 1 belongs to a system application. If so, the application package management service module will continue to execute next steps.
  • the manner in which the application package management service of the terminal device 100 acquires the new UID and the old UID of the application may include but not limited to the manner of acquiring the new UID and the old UID described in the above stage 1.
  • the application package management service module of the terminal device 100 After the application package management service module of the terminal device 100 determines that the UID has changed, it can send an instruction to migrate the key to the key store service module.
  • One possible implementation is the implementation described in the following steps S209-S211:
  • the application package management service module of the terminal device 100 sends an instruction to migrate the key to the Android keystore, the instruction includes information such as the package name of the application, the new UID, the old UID, etc., and the Android keystore receives the instruction Afterwards, a request for obtaining service 2 is sent to the service management module, and the service 2 is a key migration service. After receiving the request, the service management module sends an instruction of key migration to the key store service module.
  • the application package management service module of the terminal device 100 may send an instruction to migrate the key to the Android keystore, and the instruction may include the package name of the system application 1, the new UID, Information such as the old UID.
  • the Android keystore may send a request to the service management module to obtain service 2, which is a migration key service.
  • the service management module receives the request for obtaining service 2 sent by the Android keystore, it can send an instruction to migrate the key to the keystore service module, which can include the package name, new UID, and old UID of the system application 1 and other information, this command is used to instruct the key store service module to perform the key migration operation.
  • the service management module also transparently transmits the above-mentioned key migration instruction to the key store service module through the binder.
  • the key store service module of the terminal device 100 confirms that the calling authority check, the configuration list check, the key integrity check, and the file attribute check all pass.
  • the key store service module of the terminal device 100 can first find all key files corresponding to the package name based on the package name of the system application 1, and further , in order to improve security, you can check the call authority, configuration list, key integrity, and file attributes. After confirming that the above four checks are all passed, the key store service module will perform the next steps.
  • Call authority check the key store service module confirms whether the IPC peer process calling the key store service process is a system process, and if it is a system process, the key store service module confirms that the call authority check passes.
  • the key store service module determines whether the package name of the system application 1 allows key migration based on the configuration information corresponding to the package name of the system application 1 recorded in the configuration list. If it is allowed, the key store service module confirms If the configuration list check is passed, the key store service module will further determine which keys corresponding to the package name of the system application 1 need to be migrated.
  • Key integrity check The key store service module verifies the integrity of the key by calling KeymasterTA to prevent the key from being tampered with. If the verification is successful, the key store service module confirms that the key integrity check of all key files corresponding to the package name of the system application 1 passes.
  • the key store service module checks the attributes and permissions of all key files corresponding to the package name of the system application 1 by calling Installd, so as to eliminate the potential hidden danger of the key being illegally operated.
  • the embodiment of the present application does not limit the time sequence in which the key store service module performs the above four checks.
  • step S212 is optional.
  • the key store service module can execute the next steps.
  • the key store service module can determine that the above two UIDs sent by the service management module are received according to the old UID of the application contained in the file name of the key file. (New UID and old UID), which is the old UID and which is the new UID.
  • the key store service module of the terminal device 100 performs a key migration operation to obtain a new key file.
  • the key store service module of the terminal device 100 can start to perform the key migration operation, that is, the package of the system application 1 All key files corresponding to the name are migrated.
  • the key migration operation performed by the key store service module may include but not limited to the following two possible implementation methods.
  • the following uses the key store service module to migrate one of the key files in the above-mentioned key files. Two possible implementations are introduced:
  • the old UID is 1000
  • the new UID is 5514
  • the key file needed to decrypt data 1 is key file 1
  • the key corresponding to the old UID The file name of file 1 (that is, the current file name of key file 1 above) is 1000_USRPKEY_XX
  • the file name of key file 1 corresponding to the new UID is 5514_USRPKEY_XX. That is to say, after the UID of the application is changed, the same key file Only the UID field changes in the file name of , while other fields (such as key type and key alias) do not change.
  • the key store service module can migrate the data stored in the key file named 1000_USRPKEY_XX (i.e. the above key file 1) to another new key file, the file name of the new key file is 5514_USRPKEY_XX, like this,
  • the data stored in the key file named 1000_USRPKEY_XX is stored in the new key file, wherein the data stored in the key file may include key information required for decrypting the encrypted data.
  • the key store service module may delete the key file named 1000_USRPKEY_XX.
  • the key store service module can only change the file name of the key file 1 corresponding to the old UID from 1000_USRPKEY_XX to the file name of the key file 1 corresponding to the new UID 5514_USRPKEY_XX. In this case, the new key file is still the above key file. key file 1, but its file name has changed from 1000_USRPKEY_XX to 5514_USRPKEY_XX, and the data stored in the file has not changed.
  • the corresponding key file can be found based on the file name of the key file generated by the new UID, and the encryption required for the decryption process can be obtained based on the key file.
  • the key of the data so as to avoid the loss of encrypted data and improve user experience.
  • the key store service module of the terminal device 100 confirms that both the key integrity check and the file attribute check of the new key file pass.
  • the key store service module of the terminal device 100 may perform a key integrity check and a file attribute check on the new key file, and if the key integrity check of the new key file is confirmed , and file attribute checks all pass, the key store service module confirms that the key migration is successful.
  • the specific execution process of the key integrity check and the file attribute check by the key store service module can refer to the above-mentioned related content, and will not be repeated here.
  • step S214 is optional.
  • the key store service module after the key store service module confirms that one of the key integrity check and the file attribute check of the new key file passes, it can confirm that the key migration is successful.
  • the key storage service module of the terminal device 100 After the key storage service module of the terminal device 100 completes the key migration, it can send a key migration success instruction to the application package management service module.
  • One possible implementation is the implementation described in the following steps S215-S217:
  • the key store service module of the terminal device 100 sends a key migration success instruction to the service management module, and after receiving the key migration success instruction, the service management module sends the key migration success instruction to the Android key store, After receiving the key migration success instruction, the Android key store sends the key migration success instruction to the application package management service module.
  • the key migration success instruction is used to notify the application package management service module that the key store service module has successfully completed the key migration.
  • step S215-step S217 are optional.
  • the terminal device 100 can still display the same user interface as the user interface 100 shown in Figure 1A, that is, the terminal device 100 still saves the user's Account information (such as account name Mary, etc.) and historical data information generated during the user's use of the application, that is to say, by implementing the key migration method provided by the embodiment shown in Figure 2, the terminal device 100 determines the UID of the application After the change, the key file stored by the application on the KeyStoreService side is repaired to implement key migration, so that the application can still find the correct key file to decrypt the encrypted data after the UID is changed. Decryption, avoiding decryption failure and loss of encrypted data, improving business continuity and user experience.
  • the following describes another method for triggering key migration in the scenario where the PMS scans the application package provided by the embodiment of the present application.
  • FIG. 4 exemplarily shows the flow of a method for triggering execution of key migration in the scenario of another PMS scanning application package provided by an embodiment of the present application. As shown in FIG. 4, the method can be applied to the terminal device 100. The specific steps of the method will be described below by taking the UID change of the system application on the terminal device 100 as an example:
  • the terminal device 100 scans the application package through the PMS, and queries the new UID and the old UID of the application through Installd.
  • the terminal device 100 performs a power-on restart process (see FIG. 3E ) after the completion of the OTA or detects the operation of multi-user switching after the completion of the OTA (for example, the user's operation for option 371 in FIG.
  • the terminal device 100 can query the new UID and old UID of the system application 1 through Installd, so as to obtain the new UID and old UID of the system application 1, wherein the new UID refers to The UID of the system application 1 after the OTA upgrade is restarted/after the multi-user switching of the OTA upgrade, and the old UID refers to the UID of the system application 1 before the OTA upgrade is restarted/before the multi-user switching of the OTA upgrade.
  • the terminal device 100 judges whether the new UID of the application is different from the old UID.
  • the terminal device 100 can compare the new UID and the old UID of the system application 1 to determine whether the new UID and the old UID are different; 100 determines that the UID of the system application 1 has not changed, and the terminal device 100 does not perform subsequent steps; if so, the terminal device 100 determines that the UID of the system application 1 has changed.
  • the terminal device 100 will also determine whether the currently processed application belongs to a system application, for example, the terminal device 100 will determine whether the system application 1 belongs to a system application, and if so, the terminal device 100 will continue to perform subsequent steps.
  • the terminal device 100 judges whether all of the calling authority check, the configuration list check, the key integrity check, and the file attribute check pass.
  • the terminal device 100 will continue to perform subsequent steps to perform key migration; if the above four checks do not all pass, the terminal device 100 will not perform subsequent steps.
  • step S212 For the specific execution process of the terminal device 100 performing the above four checks, reference may be made to the relevant content in step S212 in the embodiment shown in FIG. 2 , which will not be repeated here.
  • the terminal device 100 migrates the key file to obtain a new key file.
  • step S405 for the specific execution process of step S405, reference may be made to relevant content in step S213 in the embodiment shown in FIG. 2 , which will not be repeated here.
  • the terminal device 100 judges whether the key integrity check and the file attribute check of the new key file pass? If yes, the terminal device 100 confirms that the key migration is successful; if not, the terminal device 100 deletes the new key file, and confirms that the key migration fails.
  • the terminal device 100 migrates the key file and obtains the new key file, it can perform a key integrity check and a file attribute check on the new key file. If both checks pass, the terminal device 100 can confirm that The key migration is successful. If the two checks do not pass, the terminal device 100 may delete the new key file and confirm that the key migration fails.
  • the following describes a key migration method that is triggered and executed in a scenario where an application needs to obtain a key during startup and running provided by the embodiment of the present application.
  • Fig. 5 exemplarily shows a process of triggering execution of a key migration method in a scenario where an application needs to obtain a key during start-up and running provided by an embodiment of the present application.
  • the method can be applied to a terminal device 100, wherein the terminal device 100 can include: an application 1 (APP1), an Android keystore (AndroidKeystore), a keystore service module (KeyStoreService), a service management module ( ServiceManager), Installd.
  • APP1 application 1
  • AndroidKeystore Android keystore
  • KeyStoreService keystore service module
  • ServiceManager service management module
  • the terminal device 100 can obtain the new UID and the old UID of the application. When it is determined that the new UID and the old UID are different, the terminal device 100 can perform key migration again, so as to ensure that the application can still decrypt data after changing the UID. Find the correct key file to decrypt the encrypted data, avoiding decryption failure and loss of encrypted data.
  • a possible implementation manner for the terminal device 100 to obtain the new UID and old UID of the application may be the implementation described in the following phase 1 (step S501-step S509), and the specific execution process of phase 1 will be introduced in detail below :
  • Phase 1 (step S501-step S509): Obtaining the old and new UID phase
  • the application 1 of the terminal device 100 can send a request to obtain a key to the key store service module, and a possible implementation is the implementation described in the following steps S501-S503:
  • the application 1 of the terminal device 100 sends a request to obtain the key 1 to the Android keystore, and the request carries the new UID and the key alias of the key 1 , key type and other information, after receiving the request to obtain the key 1, the Android keystore sends the request to the keystore service module.
  • terminal device 100 can detect that application 1 needs to acquire key 1, and then application 1 can send the acquisition key to the Android keystore 1, the request carries information such as the new UID, the key alias of key 1, and the key type, among which, key 1 is the key required to decrypt the encrypted data in application 1, and the new UID is the current key of application 1.
  • UID the new UID
  • the Android key store may send the request for obtaining the key 1 to the key store service module.
  • the key store service module of the terminal device 100 queries the package name of the application corresponding to the key alias of key 1, and determines that there is an application package name corresponding to the key alias of key 1.
  • the key store service module of the terminal device 100 can query the key 1 in the configuration list based on the key alias of the key 1 carried in the request.
  • the package name of the application corresponding to the key alias of key 1, wherein the mapping relationship between the key alias and the package name of the application is stored in the configuration list.
  • the key store service module can determine that the package name of the application corresponding to the key alias of key 1 exists in the configuration list according to the above mapping relationship, and further, the key store service module can determine the key alias of key 1
  • the package name of the application corresponding to the alias is the package name of application 1.
  • the request for obtaining the key 1 may also carry the package name of the application 1. In this case, step S504 may not be performed.
  • the key store service module of the terminal device 100 generates file name 1 based on the new UID, key alias, and key type, and confirms that the key file corresponding to file name 1 does not exist.
  • the key store service module of the terminal device 100 may encode and generate the file name 1 based on the new UID carried in the request for acquiring the key 1, the key alias of the key 1, and the key type of the key 1, and further Specifically, the key store service module may search for the key file corresponding to the file name 1, and if it is confirmed that the key file corresponding to the file name 1 does not exist, the key store service module may continue to perform subsequent steps.
  • step S504 does not limit the time sequence of executing step S504 and step S505.
  • the key store service module of the terminal device 100 may send a request to Installd to query the old UID, and a possible implementation is the implementation described in the following steps S506-S507:
  • the key store service module of the terminal device 100 sends a request for querying the old UID to the service management module, the request carries information such as the package name of the application corresponding to the key alias of key 1, and the service management module receives After the request for querying the old UID, send the request for querying the old UID to Installd.
  • the key store service module of the terminal device 100 may send a request to the service management module Send a request to query the old UID, which carries information such as the package name of the application corresponding to the key alias of key 1 (that is, the package name of application 1), where the old UID is the initial UID of application 1 (that is, changed to UID before the new UID).
  • the service management module may send a request for querying the old UID to Installd, where the request is used to instruct Installd to query the old UID of the application 1 .
  • the service management module transparently transmits the request for querying the old UID to Installd through the binder.
  • the Installd of the terminal device 100 receives the request for querying the old UID, it can send the old UID to the key store service system.
  • One possible implementation is the implementation described in the following steps S508-S509:
  • Installd of the terminal device 100 sends the old UID to the service management module, and the service management module sends the old UID to the key store service module after receiving the old UID sent by Installd.
  • the Installd of the terminal device 100 receives the request for querying the old UID sent by the service management module, it can query the old UID of the application 1.
  • the Installd queries the old UID of the application 1, the Installd can send the application to the service management module.
  • the service management module may send the old UID of application 1 to the keystore service module after receiving the old UID of application 1 sent by Installd.
  • Phase 2 (step S510-step S517): key migration phase
  • the key store service module of the terminal device 100 determines the UID change of the application 1 based on the new UID and the old UID.
  • the key store service module of the terminal device 100 can compare the old UID of application 1 with the new UID of application 1, and determine the old UID and new UID Whether they are the same, if they are the same, the key store service module determines that the UID of application 1 has not changed, and the key store service module does not perform subsequent steps; if not, the key store service module determines that the UID of application 1 has changed, optional Specifically, the key store service module will also determine whether the current application belongs to the system application, for example, the key store service module will determine whether the application 1 belongs to the system application, and if so, the key store service module will continue to perform subsequent steps.
  • the key store service module of the terminal device 100 generates a file name 2 based on the old UID, key alias, and key type, and confirms that a key file corresponding to the file name 2 exists.
  • the key store service module of the terminal device 100 may encode the key based on the received old UID of the application 1, the key alias of the key 1 carried in the request for obtaining the key 1, and the key type of the key 1
  • the file name 2 is generated. Further, the key store service module can search for the key file corresponding to the file name 2. If it is confirmed that the key file corresponding to the file name 2 exists, the key store service module can continue to perform subsequent steps.
  • the key store service module of the terminal device 100 confirms that the calling authority check, the configuration list check, the key integrity check, and the file attribute check all pass.
  • the key store service module of the terminal device 100 may first perform call permission check, configuration list check, and key integrity check. . Checking the file attributes. After confirming that the above four checks are all passed, the key store service module performs subsequent steps.
  • Call authority check the key store service module confirms whether the IPC peer process calling the key store service process is a system process, and if it is a system process, the key store service module confirms that the call authority check passes.
  • the key store service module determines whether the package name of application 1 allows key migration based on the configuration information corresponding to the package name of application 1 recorded in the configuration list, and if so, the key store service module confirms the configuration list inspection passed.
  • Key integrity check The key store service module verifies the integrity of the key by calling KeymasterTA to prevent the key from being tampered with. If the verification is successful, the key store service module confirms that the key integrity check of the key file corresponding to the above file name 2 passes.
  • the key store service module checks the attribute group and permissions of the key file corresponding to the above file name 2 by calling Installd to eliminate the potential hidden danger of the key being illegally operated.
  • step S512 is optional.
  • the key store service module can execute the next steps.
  • the key store service module of the terminal device 100 performs a key migration operation to obtain a new key file.
  • the key store service module of the terminal device 100 can start to perform the key migration operation, that is, the corresponding file name 2 The key file is migrated to get a new key file.
  • the key migration operation performed by the key store service module may include but not limited to the following two possible implementations:
  • the key store service module can migrate the data stored in the key file corresponding to the aforementioned file name 2 to another new key file, and the file name of the new key file is the aforementioned key based on the new UID and key 1 Alias, the file name 1 generated by the key type of key 1, so that the data stored in the key file corresponding to the previous file name 2 is stored in the new key file.
  • the key store service module may delete the key file corresponding to the aforementioned file name 2.
  • the key store service module can only change the file name of the key file corresponding to the aforementioned file name 2 from file name 2 to file name 1. In this case, the new key file is still the key corresponding to the aforementioned file name 2 file, but its file name has changed from file name 2 to file name 1, and the data stored in the file has not changed.
  • the corresponding key file can be found based on the file name of the key file generated by the new UID, and the encryption required for the decryption process can be obtained based on the key file.
  • the key of the data so as to avoid the loss of encrypted data and improve user experience.
  • the key store service module of the terminal device 100 confirms that both the key integrity check and the file attribute check of the new key file pass.
  • the key store service module of the terminal device 100 may perform a key integrity check and a file attribute check on the new key file, and if the key integrity check of the new key file is confirmed , and file attribute checks all pass, the key store service module confirms that the key migration is successful.
  • the specific execution process of the key integrity check and the file attribute check by the key store service module can refer to the above-mentioned related content, and will not be repeated here.
  • step S514 is optional.
  • the key store service module after the key store service module confirms that one of the key integrity check and the file attribute check of the new key file passes, it can confirm that the key migration is successful.
  • the key store service module of the terminal device 100 confirms that the key migration is successful, it can send the new key file to the application 1.
  • One possible implementation is the implementation described in the following steps S515-S517:
  • the key store service module of the terminal device 100 sends a new key file to the Android key store. After receiving the new key file, the Android key store sends the new key file to Application 1, and Application 1 receives it. After the new key file is obtained, key 1 is obtained based on the new key file.
  • the key store service module of the terminal device 100 can send a new key file to the Android key store, and the new key file is the key file corresponding to the file name 1 after the key migration , after receiving the new key file, the Android keystore can send the new key file to application 1, and after receiving the new key file, application 1 can obtain the new key file based on the data stored in the new key file To the key 1, the encrypted data can be decrypted using the key 1. In this way, the phenomenon of loss of encrypted data and failure of decryption is avoided, and user experience is improved.
  • the following introduces another method for key migration triggered by an application that needs to obtain a key during startup and running provided by the embodiment of the present application.
  • FIG. 6 exemplarily shows the flow of another method for triggering execution of key migration in a scenario where an application needs to obtain a key during startup and operation provided by an embodiment of the present application.
  • the method can be applied to the terminal device 100.
  • the specific steps of the method are described below by taking the UID change of the system application on the terminal device 100 as an example:
  • the terminal device 100 determines that the key 1 needs to be acquired.
  • terminal device 100 may determine that Key 1 needs to be obtained, where Key 1 is the encryption key required to decrypt the encrypted data in Application 1. key.
  • the terminal device 100 determines by querying the configuration list that the package name of the application corresponding to the key alias of the key 1 exists and is the package name of the application 1.
  • step S602 For the specific execution process of step S602, reference may be made to the relevant content in step S504 in the embodiment shown in FIG. 5 , which will not be repeated here.
  • the terminal device 100 acquires the new UID and the old UID of the application 1.
  • the new UID of application 1 may be obtained by terminal device 100 through application 1
  • the old UID of application 1 may be obtained by terminal device 100 through Installd.
  • the terminal device 100 judges whether the new UID and the old UID of the application 1 are different, and whether the key file required for obtaining the key 1 exists.
  • the terminal device 100 may determine whether the new UID of the application 1 is different from the old UID, and if they are different, the terminal device 100 determines that the UID of the application 1 has changed. Further, the terminal device 100 can also determine whether the key file required to obtain the key 1 exists, specifically: the terminal device 100 can generate the file name 1 based on the new UID, the key alias of the key 1, and the key type, And according to the file name 1, the key file required to obtain the key 1 cannot be queried.
  • the terminal device 100 can also generate the file name 2 based on the old UID, the key alias of the key 1, and the key type, and According to the file name 2, the key file required for obtaining the key 1 is queried, and if it can be found, the terminal device 100 determines that the key file required for obtaining the key 1 exists.
  • the terminal device 100 may continue to perform the subsequent steps, otherwise, the subsequent steps will not be performed.
  • the terminal device 100 judges whether all of the calling authority check, the configuration list check, the key integrity check, and the file attribute check pass.
  • step S605 for the specific execution process of step S605, reference may be made to the relevant content in step S512 in the embodiment shown in FIG. 5 , which will not be repeated here.
  • the terminal device 100 migrates the key file to obtain a new key file.
  • step S606 for the specific execution process of step S606, reference may be made to the relevant content in step S513 in the embodiment shown in FIG. 5 , which will not be repeated here.
  • the terminal device 100 judges whether the key integrity check and the file attribute check of the new key file pass? If so, the terminal device 100 confirms that the key migration is successful, and obtains the key 1, if not, the terminal device 100 deletes the new key file, and confirms that the key migration fails.
  • the terminal device 100 migrates the key file and obtains the new key file, it can perform a key integrity check and a file attribute check on the new key file. If both checks pass, the terminal device 100 can confirm that If the key migration is successful, the terminal device 100 can obtain the key 1 based on the new key file, so that the encrypted data can be decrypted using the key 1. If the two checks do not pass, the terminal device 100 can delete the new key file , and confirm that the key migration fails, the terminal device 100 cannot use the key 1 to decrypt the encrypted data.
  • the terminal device 100 can be restarted after the OTA is completed/multi-user switching trigger
  • the PMS scans the application package phase, or the key acquisition phase is required during the startup and running of the application to repair the key file stored by the application on the KeyStoreService side and implement key migration, so that the application can still be used after the UID is changed.
  • Find the correct key file to decrypt the encrypted data avoid decryption failure and loss of encrypted data, improve the fault tolerance of the key migration, improve user experience, and, before and after the key migration, the terminal device 100 will The file is checked for key integrity and file attributes to ensure that the entire key migration process is credible.
  • the first application may refer to system application 1 or application 1
  • the first UID may refer to the old UID
  • the second UID may refer to the new UID
  • the first key file may refer to the old key file
  • the second key file may refer to a new key file
  • the first service may refer to displaying a user interface as shown in Figure 1A (i.e. the first user interface)
  • user data may refer to user account information
  • user application For historical data information generated during the process, the first user may refer to the owner shown in FIG. 3G , and the second user may be user 1 shown in FIG. 3G .
  • the structure of a terminal device 100 provided in the embodiment of the present application is introduced below.
  • FIG. 7 exemplarily shows the structure of a terminal device 100 provided in the embodiment of the present application.
  • the terminal device 100 may include: a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charging management module 140, a power management module 141, a battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, earphone interface 170D, sensor module 180, button 190, motor 191, indicator 192, camera 193, a display screen 194, and a subscriber identification module (subscriber identification module, SIM) card interface 195, etc.
  • SIM subscriber identification module
  • the sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, bone conduction sensor 180M, etc.
  • the structure shown in the embodiment of the present invention does not constitute a specific limitation on the terminal device 100 .
  • the terminal device 100 may include more or fewer components than shown in the figure, or combine certain components, or separate certain components, or arrange different components.
  • the illustrated components can be realized in hardware, software or a combination of software and hardware.
  • the processor 110 may include one or more processing units, for example: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processing unit (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, memory, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural network processor (neural-network processing unit, NPU) wait. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.
  • application processor application processor, AP
  • modem processor graphics processing unit
  • GPU graphics processing unit
  • image signal processor image signal processor
  • ISP image signal processor
  • controller memory
  • video codec digital signal processor
  • DSP digital signal processor
  • baseband processor baseband processor
  • neural network processor neural-network processing unit, NPU
  • the controller may be the nerve center and command center of the terminal device 100 .
  • the controller can generate an operation control signal according to the instruction opcode and timing signal, and complete the control of fetching and executing the instruction.
  • a memory may also be provided in the processor 110 for storing instructions and data.
  • the memory in processor 110 is a cache memory.
  • the memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to use the instruction or data again, it can be directly called from the memory. Repeated access is avoided, and the waiting time of the processor 110 is reduced, thereby improving the efficiency of the system.
  • processor 110 may include one or more interfaces.
  • the interface may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous transmitter (universal asynchronous receiver/transmitter, UART) interface, mobile industry processor interface (mobile industry processor interface, MIPI), general-purpose input and output (general-purpose input/output, GPIO) interface, subscriber identity module (subscriber identity module, SIM) interface, and /or universal serial bus (universal serial bus, USB) interface, etc.
  • I2C integrated circuit
  • I2S integrated circuit built-in audio
  • PCM pulse code modulation
  • PCM pulse code modulation
  • UART universal asynchronous transmitter
  • MIPI mobile industry processor interface
  • GPIO general-purpose input and output
  • subscriber identity module subscriber identity module
  • SIM subscriber identity module
  • USB universal serial bus
  • the I2C interface is a bidirectional synchronous serial bus, including a serial data line (serial data line, SDA) and a serial clock line (derail clock line, SCL).
  • processor 110 may include multiple sets of I2C buses.
  • the processor 110 can be respectively coupled to the touch sensor 180K, the charger, the flashlight, the camera 193 and the like through different I2C bus interfaces.
  • the processor 110 may be coupled to the touch sensor 180K through an I2C interface, so that the processor 110 communicates with the touch sensor 180K through an I2C bus interface to realize the touch function of the terminal device 100 .
  • the I2S interface can be used for audio communication.
  • processor 110 may include multiple sets of I2S buses.
  • the processor 110 may be coupled to the audio module 170 through an I2S bus to implement communication between the processor 110 and the audio module 170 .
  • the audio module 170 can transmit audio signals to the wireless communication module 160 through the I2S interface, so as to realize the function of answering calls through the Bluetooth headset.
  • the PCM interface can also be used for audio communication, sampling, quantizing and encoding the analog signal.
  • the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface.
  • the audio module 170 can also transmit audio signals to the wireless communication module 160 through the PCM interface, so as to realize the function of answering calls through the Bluetooth headset. Both I2S interface and PCM interface can be used for audio communication.
  • the UART interface is a universal serial data bus used for asynchronous communication.
  • the bus can be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication.
  • a UART interface is generally used to connect the processor 110 and the wireless communication module 160 .
  • the processor 110 communicates with the Bluetooth module in the wireless communication module 160 through the UART interface to realize the Bluetooth function.
  • the audio module 170 can transmit audio signals to the wireless communication module 160 through the UART interface, so as to realize the function of playing music through the Bluetooth headset.
  • the MIPI interface can be used to connect the processor 110 with peripheral devices such as the display screen 194 and the camera 193 .
  • MIPI interface includes camera serial interface (camera serial interface, CSI), display serial interface (display serial interface, DSI), etc.
  • the processor 110 communicates with the camera 193 through a CSI interface to realize the shooting function of the terminal device 100 .
  • the processor 110 communicates with the display screen 194 through the DSI interface to realize the display function of the terminal device 100 .
  • the GPIO interface can be configured by software.
  • the GPIO interface can be configured as a control signal or as a data signal.
  • the GPIO interface can be used to connect the processor 110 with the camera 193 , the display screen 194 , the wireless communication module 160 , the audio module 170 , the sensor module 180 and so on.
  • the GPIO interface can also be configured as an I2C interface, I2S interface, UART interface, MIPI interface, etc.
  • the USB interface 130 is an interface conforming to the USB standard specification, specifically, it can be a Mini USB interface, a Micro USB interface, a USB Type C interface, and the like.
  • the USB interface 130 can be used to connect a charger to charge the terminal device 100, and can also be used to transmit data between the terminal device 100 and peripheral devices. It can also be used to connect headphones and play audio through them. This interface can also be used to connect other terminal devices, such as AR devices.
  • the interface connection relationship between modules shown in the embodiment of the present invention is only a schematic illustration, and does not constitute a structural limitation of the terminal device 100 .
  • the terminal device 100 may also adopt different interface connection modes in the foregoing embodiments, or a combination of multiple interface connection modes.
  • the charging management module 140 is configured to receive a charging input from a charger.
  • the charger may be a wireless charger or a wired charger.
  • the charging management module 140 can receive charging input from the wired charger through the USB interface 130 .
  • the charging management module 140 may receive wireless charging input through the wireless charging coil of the terminal device 100 . While the charging management module 140 is charging the battery 142 , it can also supply power to the terminal device 100 through the power management module 141 .
  • the power management module 141 is used for connecting the battery 142 , the charging management module 140 and the processor 110 .
  • the power management module 141 receives the input from the battery 142 and/or the charging management module 140 to provide power for the processor 110 , the internal memory 121 , the external memory, the display screen 194 , the camera 193 , and the wireless communication module 160 .
  • the power management module 141 can also be used to monitor parameters such as battery capacity, battery cycle times, and battery health status (leakage, impedance).
  • the power management module 141 may also be disposed in the processor 110 .
  • the power management module 141 and the charging management module 140 may also be set in the same device.
  • the wireless communication function of the terminal device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.
  • Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals.
  • Each antenna in the terminal device 100 can be used to cover single or multiple communication frequency bands. Different antennas can also be multiplexed to improve the utilization of the antennas.
  • Antenna 1 can be multiplexed as a diversity antenna of a wireless local area network.
  • the antenna may be used in conjunction with a tuning switch.
  • the mobile communication module 150 can provide wireless communication solutions including 2G/3G/4G/5G applied on the terminal device 100 .
  • the mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA) and the like.
  • the mobile communication module 150 can receive electromagnetic waves through the antenna 1, filter and amplify the received electromagnetic waves, and send them to the modem processor for demodulation.
  • the mobile communication module 150 can also amplify the signals modulated by the modem processor, and convert them into electromagnetic waves through the antenna 1 for radiation.
  • at least part of the functional modules of the mobile communication module 150 may be set in the processor 110 .
  • at least part of the functional modules of the mobile communication module 150 and at least part of the modules of the processor 110 may be set in the same device.
  • a modem processor may include a modulator and a demodulator.
  • the modulator is used for modulating the low-frequency baseband signal to be transmitted into a medium-high frequency signal.
  • the demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. Then the demodulator sends the demodulated low-frequency baseband signal to the baseband processor for processing.
  • the low-frequency baseband signal is passed to the application processor after being processed by the baseband processor.
  • the application processor outputs sound signals through audio equipment (not limited to speaker 170A, receiver 170B, etc.), or displays images or videos through display screen 194 .
  • the modem processor may be a stand-alone device.
  • the modem processor may be independent from the processor 110, and be set in the same device as the mobile communication module 150 or other functional modules.
  • the wireless communication module 160 can provide wireless local area networks (wireless local area networks, WLAN) (such as wireless fidelity (Wireless Fidelity, Wi-Fi) network), bluetooth (bluetooth, BT), global navigation satellite, etc. System (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions.
  • the wireless communication module 160 may be one or more devices integrating at least one communication processing module.
  • the wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency-modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 .
  • the wireless communication module 160 can also receive the signal to be sent from the processor 110 , frequency-modulate it, amplify it, and convert it into electromagnetic waves through the antenna 2 for radiation.
  • the antenna 1 of the terminal device 100 is coupled to the mobile communication module 150, and the antenna 2 is coupled to the wireless communication module 160, so that the terminal device 100 can communicate with the network and other devices through wireless communication technology.
  • Wireless communication technologies may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband code division Multiple access (wideband code division multiple access, WCDMA), time-division code division multiple access (TD-SCDMA), long term evolution (LTE), BT, GNSS, WLAN, NFC, FM , and/or IR technology, etc.
  • GNSS can include global positioning system (global positioning system, GPS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou satellite navigation system (beidou navigation satellite system, BDS), quasi-zenith satellite system (quasi-zenith) satellite system (QZSS) and/or satellite based augmentation systems (SBAS).
  • GPS global positioning system
  • GLONASS global navigation satellite system
  • Beidou satellite navigation system beidou navigation satellite system, BDS
  • quasi-zenith satellite system quasi-zenith satellite system
  • QZSS quasi-zenith satellite system
  • SBAS satellite based augmentation systems
  • the terminal device 100 implements a display function through a GPU, a display screen 194, an application processor, and the like.
  • the GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor. GPUs are used to perform mathematical and geometric calculations for graphics rendering.
  • Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.
  • the display screen 194 is used to display images, videos and the like.
  • the display screen 194 includes a display panel.
  • the display panel may be a liquid crystal display (LCD).
  • the display panel can also use organic light-emitting diodes (organic light-emitting diode, OLED), active matrix organic light-emitting diodes or active-matrix organic light emitting diodes (active-matrix organic light emitting diode, AMOLED), flexible light-emitting diodes (flex light-emitting diode, FLED), miniled, microled, micro-oled, quantum dot light emitting diodes (quantum dot light emitting diodes, QLED), etc.
  • the terminal device 100 may include 1 or N display screens 194, where N is a positive integer greater than 1.
  • the terminal device 100 can realize the shooting function through the ISP, the camera 193 , the video codec, the GPU, the display screen 194 and the application processor.
  • the ISP is used for processing the data fed back by the camera 193 .
  • the light is transmitted to the photosensitive element of the camera through the lens, and the optical signal is converted into an electrical signal, and the photosensitive element of the camera transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye.
  • ISP can also perform algorithm optimization on image noise, brightness, etc.
  • ISP can also optimize the exposure, color temperature and other parameters of the shooting scene.
  • the ISP may be located in the camera 193 .
  • Camera 193 is used to capture still images or video.
  • the object generates an optical image through the lens and projects it to the photosensitive element.
  • the photosensitive element may be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor.
  • CMOS complementary metal-oxide-semiconductor
  • the photosensitive element converts the light signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal.
  • the ISP outputs the digital image signal to the DSP for processing.
  • DSP converts digital image signals into standard RGB, YUV and other image signals.
  • the terminal device 100 may include 1 or N cameras 193, where N is a positive integer greater than 1.
  • Digital signal processors are used to process digital signals. In addition to digital image signals, they can also process other digital signals. For example, when the terminal device 100 selects a frequency point, the digital signal processor is used to perform Fourier transform on the energy of the frequency point.
  • Video codecs are used to compress or decompress digital video.
  • the terminal device 100 may support one or more video codecs.
  • the terminal device 100 can play or record videos in various encoding formats, for example: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4, etc.
  • the NPU is a neural-network (NN) computing processor.
  • NN neural-network
  • the NPU can quickly process input information and continuously learn by itself.
  • Applications such as intelligent cognition of the terminal device 100 can be implemented through the NPU, such as image recognition, face recognition, speech recognition, text understanding, and the like.
  • the external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the terminal device 100.
  • the external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. Such as saving music, video and other files in the external memory card.
  • the internal memory 121 may be used to store computer-executable program codes including instructions.
  • the processor 110 executes various functional applications and data processing of the terminal device 100 by executing instructions stored in the internal memory 121 .
  • the internal memory 121 may include an area for storing programs and an area for storing data.
  • the stored program area can store an operating system, at least one application program required by a function (such as a sound playing function, an image playing function, etc.) and the like.
  • the storage data area can store data created during the use of the terminal device 100 (such as audio data, phonebook, etc.) and the like.
  • the internal memory 121 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, universal flash storage (universal flash storage, UFS) and the like.
  • the terminal device 100 may implement an audio function through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, and an application processor. Such as music playback, recording, etc.
  • the audio module 170 is used to convert digital audio information into analog audio signal output, and is also used to convert analog audio input into digital audio signal.
  • the audio module 170 may also be used to encode and decode audio signals.
  • the audio module 170 may be set in the processor 110 , or some functional modules of the audio module 170 may be set in the processor 110 .
  • Speaker 170A also referred to as a "horn" is used to convert audio electrical signals into sound signals.
  • the terminal device 100 can listen to music through the speaker 170A, or listen to hands-free calls.
  • Receiver 170B also called “earpiece” is used to convert audio electrical signals into sound signals.
  • the receiver 170B can be placed close to the human ear to receive the voice.
  • the microphone 170C also called “microphone” or “microphone” is used to convert sound signals into electrical signals. When making a phone call or sending a voice message, the user can put his mouth close to the microphone 170C to make a sound, and input the sound signal to the microphone 170C.
  • the terminal device 100 may be provided with at least one microphone 170C. In some other embodiments, the terminal device 100 may be provided with two microphones 170C, which may also implement a noise reduction function in addition to collecting sound signals. In some other embodiments, the terminal device 100 can also be provided with three, four or more microphones 170C to realize sound signal collection, noise reduction, identify sound sources, and realize directional recording functions, etc.
  • the earphone interface 170D is used for connecting wired earphones.
  • the earphone interface 170D may be a USB interface 130, or a 3.5mm open mobile terminal platform (open mobile terminal platform, OMTP) standard interface, or a cellular telecommunications industry association of the USA (CTIA) standard interface.
  • OMTP open mobile terminal platform
  • CTIA cellular telecommunications industry association of the USA
  • the pressure sensor 180A is used to sense the pressure signal and convert the pressure signal into an electrical signal.
  • pressure sensor 180A may be disposed on display screen 194 .
  • pressure sensors 180A such as resistive pressure sensors, inductive pressure sensors, and capacitive pressure sensors.
  • a capacitive pressure sensor may be comprised of at least two parallel plates with conductive material.
  • the terminal device 100 determines the intensity of pressure according to the change in capacitance.
  • the terminal device 100 detects the intensity of the touch operation according to the pressure sensor 180A.
  • the terminal device 100 may also calculate the touched position according to the detection signal of the pressure sensor 180A.
  • touch operations acting on the same touch position but with different touch operation intensities may correspond to different operation instructions. For example: when there is a touch operation with a touch operation intensity less than the first pressure threshold acting on the short message application icon, execute the instruction of viewing the short message. When a touch operation whose intensity is greater than or equal to the first pressure threshold acts on the icon of the short message application, the instruction of creating a new short message is executed.
  • the gyroscope sensor 180B can be used to determine the motion posture of the terminal device 100 .
  • the angular velocity of the terminal device 100 around three axes ie, x, y and z axes
  • the gyro sensor 180B can be used for image stabilization.
  • the gyro sensor 180B detects the shaking angle of the terminal device 100, calculates the distance that the lens module needs to compensate according to the angle, and allows the lens to counteract the shaking of the terminal device 100 through reverse motion to achieve anti-shake.
  • the gyro sensor 180B can also be used for navigation and somatosensory game scenes.
  • the air pressure sensor 180C is used to measure air pressure.
  • the terminal device 100 calculates the altitude based on the air pressure value measured by the air pressure sensor 180C to assist positioning and navigation.
  • the magnetic sensor 180D includes a Hall sensor.
  • the terminal device 100 may use the magnetic sensor 180D to detect the opening and closing of the flip holster.
  • the terminal device 100 may detect opening and closing of the clamshell according to the magnetic sensor 180D.
  • features such as automatic unlocking of the flip cover are set.
  • the acceleration sensor 180E can detect the acceleration of the terminal device 100 in various directions (generally three axes). When the terminal device 100 is stationary, the magnitude and direction of gravity can be detected. It can also be used to identify the posture of the terminal device 100, and can be applied to applications such as horizontal and vertical screen switching, pedometers, etc.
  • the distance sensor 180F is used to measure the distance.
  • the terminal device 100 can measure the distance by infrared or laser. In some embodiments, when shooting a scene, the terminal device 100 may use the distance sensor 180F for distance measurement to achieve fast focusing.
  • Proximity light sensor 180G may include, for example, light emitting diodes (LEDs) and light detectors, such as photodiodes.
  • the light emitting diodes may be infrared light emitting diodes.
  • the terminal device 100 emits infrared light through the light emitting diode.
  • the terminal device 100 detects infrared reflected light from nearby objects using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the terminal device 100 . When insufficient reflected light is detected, the terminal device 100 may determine that there is no object near the terminal device 100 .
  • the terminal device 100 can use the proximity light sensor 180G to detect that the user holds the terminal device 100 close to the ear to make a call, so as to automatically turn off the screen to save power.
  • the proximity light sensor 180G can also be used in leather case mode, automatic unlock and lock screen in pocket mode.
  • the ambient light sensor 180L is used for sensing ambient light brightness.
  • the terminal device 100 can adaptively adjust the brightness of the display screen 194 according to the perceived ambient light brightness.
  • the ambient light sensor 180L can also be used to automatically adjust the white balance when taking pictures.
  • the ambient light sensor 180L can also cooperate with the proximity light sensor 180G to detect whether the terminal device 100 is in the pocket to prevent accidental touch.
  • the fingerprint sensor 180H is used to collect fingerprints.
  • the terminal device 100 can use the collected fingerprint characteristics to realize fingerprint unlocking, access to the application lock, take pictures with fingerprints, answer incoming calls with fingerprints, and so on.
  • the temperature sensor 180J is used to detect temperature.
  • the terminal device 100 uses the temperature detected by the temperature sensor 180J to implement a temperature processing strategy. For example, when the temperature reported by the temperature sensor 180J exceeds the threshold, the terminal device 100 may reduce the performance of a processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection.
  • the terminal device 100 when the temperature is lower than another threshold, the terminal device 100 heats the battery 142 to avoid abnormal shutdown of the terminal device 100 caused by the low temperature.
  • the terminal device 100 boosts the output voltage of the battery 142 to avoid abnormal shutdown caused by low temperature.
  • Touch sensor 180K also known as "touch panel”.
  • the touch sensor 180K can be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, also called a “touch screen”.
  • the touch sensor 180K is used to detect a touch operation on or near it.
  • the touch sensor can pass the detected touch operation to the application processor to determine the type of touch event.
  • Visual output related to the touch operation can be provided through the display screen 194 .
  • the touch sensor 180K may also be disposed on the surface of the terminal device 100 , which is different from the position of the display screen 194 .
  • the bone conduction sensor 180M can acquire vibration signals. In some embodiments, the bone conduction sensor 180M can acquire the vibration signal of the vibrating bone mass of the human voice. The bone conduction sensor 180M can also contact the human pulse and receive the blood pressure beating signal. In some embodiments, the bone conduction sensor 180M can also be disposed in the earphone, combined into a bone conduction earphone.
  • the audio module 170 can analyze the voice signal based on the vibration signal of the vibrating bone mass of the vocal part acquired by the bone conduction sensor 180M, so as to realize the voice function.
  • the application processor can analyze the heart rate information based on the blood pressure beating signal acquired by the bone conduction sensor 180M, so as to realize the heart rate detection function.
  • the keys 190 include a power key, a volume key and the like.
  • the key 190 may be a mechanical key. It can also be a touch button.
  • the terminal device 100 may receive key input and generate key signal input related to user settings and function control of the terminal device 100 .
  • the motor 191 can generate a vibrating reminder.
  • the motor 191 can be used for incoming call vibration prompts, and can also be used for touch vibration feedback.
  • touch operations applied to different applications may correspond to different vibration feedback effects.
  • the motor 191 may also correspond to different vibration feedback effects for touch operations acting on different areas of the display screen 194 .
  • Different application scenarios for example: time reminder, receiving information, alarm clock, games, etc.
  • the touch vibration feedback effect can also support customization.
  • the indicator 192 can be an indicator light, and can be used to indicate charging status, power change, and can also be used to indicate messages, missed calls, notifications, and the like.
  • the SIM card interface 195 is used for connecting a SIM card.
  • the SIM card can be connected and separated from the terminal device 100 by inserting it into the SIM card interface 195 or pulling it out from the SIM card interface 195 .
  • the terminal device 100 may support 1 or N SIM card interfaces, where N is a positive integer greater than 1.
  • SIM card interface 195 can support Nano SIM card, Micro SIM card, SIM card etc. Multiple cards can be inserted into the same SIM card interface 195 at the same time. The types of multiple cards may be the same or different.
  • the SIM card interface 195 is also compatible with different types of SIM cards.
  • the SIM card interface 195 is also compatible with external memory cards.
  • the terminal device 100 interacts with the network through the SIM card to implement functions such as calling and data communication.
  • the terminal device 100 adopts an eSIM, that is, an embedded SIM card.
  • the eSIM card can be embedded in the terminal device 100 and cannot be separated from the terminal device 100 .
  • terminal device 100 shown in FIG. 7 is only an example, and the terminal device 100 may have more or fewer components than those shown in FIG. 7, two or more components may be combined, or Different component configurations are possible.
  • the various components shown in Figure 7 may be implemented in hardware, software, or a combination of hardware and software including one or more signal processing and/or application specific integrated circuits.
  • FIG. 8 exemplarily shows a software structure of a terminal device 100 provided in the embodiment of the present application.
  • the software system of the terminal device 100 may adopt a layered architecture, an event-driven architecture, a micro-kernel architecture, a micro-service architecture, or a cloud architecture.
  • an Android system with a layered architecture is taken as an example to illustrate the software structure of the terminal device 100 .
  • the layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate through software interfaces.
  • the Android system is divided into four layers, which are respectively the application program layer, the application program framework layer, the Android runtime (Android runtime) and the system library, and the kernel layer from top to bottom.
  • the application layer can consist of a series of application packages.
  • the application package may include applications such as camera, gallery, calendar, call, map, clock, WLAN, Bluetooth, music, video, and short message.
  • the application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer.
  • the application framework layer includes some predefined functions.
  • the application framework layer can include window manager, content provider, view system, phone manager, resource manager, notification manager, etc.
  • a window manager is used to manage window programs.
  • the window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, capture the screen, etc.
  • Content providers are used to store and retrieve data and make it accessible to applications.
  • Said data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebook, etc.
  • the view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on.
  • the view system can be used to build applications.
  • a display interface can consist of one or more views.
  • a display interface including a text message notification icon may include a view for displaying text and a view for displaying pictures.
  • the phone manager is used to provide the communication function of the terminal device 100 .
  • the management of call status including connected, hung up, etc.).
  • the resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and so on.
  • the notification manager enables the application to display notification information in the status bar, which can be used to convey notification-type messages, and can automatically disappear after a short stay without user interaction.
  • the notification manager is used to notify the download completion, message reminder, etc.
  • the notification manager can also be a notification that appears on the top status bar of the system in the form of a chart or scroll bar text, such as a notification of an application running in the background, or a notification that appears on the screen in the form of a dialog window.
  • prompting text information in the status bar issuing a prompt sound, vibrating the electronic device, and flashing the indicator light, etc.
  • the application framework layer can also include the following modules: Android Keystore (AndroidKeystore), application package management service module (PMS), service management module (ServiceManager), and Installer module.
  • AndroidKeystore Android Keystore
  • PMS application package management service module
  • ServiceManager service management module
  • Installer module Installer module
  • the Android Runtime includes core library and virtual machine. The Android runtime is responsible for the scheduling and management of the Android system.
  • the core library consists of two parts: one part is the function function that the java language needs to call, and the other part is the core library of Android.
  • the application layer and the application framework layer run in virtual machines.
  • the virtual machine executes the java files of the application program layer and the application program framework layer as binary files.
  • the virtual machine is used to perform functions such as object life cycle management, stack management, thread management, security and exception management, and garbage collection.
  • a system library can include multiple function modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc.
  • the surface manager is used to manage the display subsystem and provides the fusion of 2D and 3D layers for multiple applications.
  • the media library supports playback and recording of various commonly used audio and video formats, as well as still image files, etc.
  • the media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
  • the 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing, etc.
  • 2D graphics engine is a drawing engine for 2D drawing.
  • Installd module key store service module (KeyStoreService)
  • KeyStoreService key store service module
  • the kernel layer is the layer between hardware and software.
  • the kernel layer includes at least a display driver, a camera driver, a Bluetooth driver, and a sensor driver.
  • the workflow of the software and hardware of the terminal device 100 will be exemplarily described below in conjunction with capturing and photographing scenes.
  • a corresponding hardware interrupt is sent to the kernel layer.
  • the kernel layer processes touch operations into original input events (including touch coordinates, time stamps of touch operations, and other information). Raw input events are stored at the kernel level.
  • the application framework layer obtains the original input event from the kernel layer, and identifies the control corresponding to the input event. Take the touch operation as a touch click operation, and the control corresponding to the click operation is the control of the camera application icon as an example.
  • the camera application calls the interface of the application framework layer to start the camera application, and then starts the camera driver by calling the kernel layer.
  • Camera 193 captures still images or video.
  • all or part of them may be implemented by software, hardware, firmware or any combination thereof.
  • software When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the present application will be generated in whole or in part.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, DSL) or wireless (eg, infrared, wireless, microwave, etc.) means.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media.
  • the available medium may be a magnetic medium (such as a floppy disk, a hard disk, or a magnetic tape), an optical medium (such as a DVD), or a semiconductor medium (such as a solid state disk (solid state disk, SSD)), etc.
  • the processes can be completed by computer programs to instruct related hardware.
  • the programs can be stored in computer-readable storage media.
  • When the programs are executed may include the processes of the foregoing method embodiments.
  • the aforementioned storage medium includes: ROM or random access memory RAM, magnetic disk or optical disk, and other various media that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Stored Programmes (AREA)

Abstract

A key migration method and a related device. After determining that an application changes a UID, a terminal device can restore a key file, which is stored on a KeyStore service side before the application changes the UID, that is, key migration can be implemented by means of migrating data that has been stored in one key file into another new key file, thereby ensuring that, after the application changes the UID, when the application searches for a key file by using a file name of a key file that is generated on the basis of the changed UID, a correct key file (i.e. the new key file) can be found, such that encrypted data can be successfully decrypted by using the correct key file, thereby avoiding decryption failure and the loss of the encrypted data, improving service continuity, and improving the user experience.

Description

密钥迁移方法及相关设备Key migration method and related equipment
本申请要求于2021年10月29日提交中国国家知识产权局、申请号为202111279912.3、申请名称为“密钥迁移方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to a Chinese patent application filed with the State Intellectual Property Office of China on October 29, 2021 with application number 202111279912.3 and titled "Key Migration Method and Related Equipment", the entire contents of which are hereby incorporated by reference Applying.
技术领域technical field
本申请涉及通信技术领域,尤其涉及一种密钥迁移方法及相关设备。The present application relates to the technical field of communications, and in particular to a key migration method and related equipment.
背景技术Background technique
随着智能终端设备的普及和互联网技术的发展,智能手机、笔记本电脑、平板电脑等一些终端设备已经成为人们日常生活中不可或缺的产品。为满足用户日益增长的使用需求,这些终端设备上安装的应用的种类和数量也日益增多。With the popularization of smart terminal devices and the development of Internet technology, some terminal devices such as smart phones, notebook computers, and tablet computers have become indispensable products in people's daily life. In order to meet the increasing demands of users, the types and quantities of applications installed on these terminal devices are also increasing.
通常,终端设备上的系统应用被授予高权限,一旦这些系统应用被攻破,将会造成系统配置被操控、用户数据和系统数据被泄露等安全风险,给系统带来巨大的安全隐患。因此,需要对这些系统应用的用户身份证明(useridentification,UID)进行变更、整改。由于终端设备是依据应用的UID来查找密钥文件的,变更应用的UID之后,终端设备无法根据新UID(变更后的UID)查找到旧UID(变更前的UID)下存储的密钥文件,因此会导致新UID应用无法对旧UID应用的加密数据进行解密,进一步导致加密数据丢失,业务连续性降低,用户体验差。Usually, system applications on terminal devices are granted high authority. Once these system applications are compromised, it will cause security risks such as system configuration manipulation, user data and system data leakage, and bring huge security risks to the system. Therefore, it is necessary to change and rectify the user identification (UID) of these system applications. Since the terminal device searches for the key file based on the UID of the application, after the UID of the application is changed, the terminal device cannot find the key file stored under the old UID (the UID before the change) according to the new UID (the UID after the change). Therefore, the new UID application cannot decrypt the encrypted data of the old UID application, further resulting in loss of encrypted data, reduced service continuity, and poor user experience.
发明内容Contents of the invention
本申请实施例提供了一种密钥迁移方法及相关设备,在应用的UID变更的情况下,可以保障业务的连续性和用户体验。The embodiment of the present application provides a key migration method and related equipment, which can guarantee service continuity and user experience when the UID of an application is changed.
第一方面,本申请实施例提供了一种密钥管理方法,应用于终端设备,终端设备安装有第一应用,该方法包括:终端设备将第一应用的用户身份证明UID由第一UID变化为第二UID,第一应用是依据第一应用的用户身份证明UID来访问第一密钥文件的,第一密钥文件中存储的数据是第一应用执行第一业务时需要使用的,第一密钥文件的文件名是终端设备基于第一UID生成的;终端设备基于第一密钥文件生成第二密钥文件;其中,第二密钥文件的文件名是终端设备基于第二UID生成的,第二密钥文件中存储的数据与第一密钥文件中存储的数据相同。In the first aspect, the embodiment of the present application provides a key management method, which is applied to a terminal device, and the terminal device is installed with a first application. The method includes: the terminal device changes the user identity certificate UID of the first application from the first UID to is the second UID, the first application accesses the first key file based on the user identity certificate UID of the first application, and the data stored in the first key file is required for the first application to execute the first business, the second The file name of a key file is generated by the terminal device based on the first UID; the terminal device generates a second key file based on the first key file; wherein, the file name of the second key file is generated by the terminal device based on the second UID Yes, the data stored in the second key file is the same as the data stored in the first key file.
通过实施本申请实施例提供的方法,终端设备在确定应用变更UID之后,可以对该应用在变更UID之前存储在KeyStoreService侧的密钥文件进行修复,即可以通过将已存储的一个密钥文件中的数据迁移到另一个新密钥文件中来实现密钥迁移,从而保证应用在变更UID之后,该应用利用基于变更后的UID生成的密钥文件的文件名查找密钥文件时,可以查找到正确的密钥文件(即新密钥文件),从而可以利用该正确的密钥文件成功解密加密数据,避免解密失败和加密数据丢失,提高业务连续性,提高用户体验。By implementing the method provided by the embodiment of this application, after the terminal device determines that the application has changed the UID, it can repair the key file of the application stored on the KeyStoreService side before the change of the UID, that is, the key file can be stored in a stored key file. The data of the key file is migrated to another new key file to realize the key migration, so as to ensure that after the application changes the UID, when the application uses the file name of the key file generated based on the changed UID to search for the key file, it can find The correct key file (that is, the new key file), so that the encrypted data can be successfully decrypted by using the correct key file, avoiding decryption failure and loss of encrypted data, improving business continuity and improving user experience.
在一种可能的实现方式中,终端设备基于第一密钥文件生成第二密钥文件,具体包括: 终端设备将第一密钥文件存储的数据迁移至第二密钥文件;或,终端设备通过将第一密钥文件的文件名修改为第二密钥文件的文件名,生成第二密钥文件。In a possible implementation manner, the terminal device generates the second key file based on the first key file, which specifically includes: the terminal device migrating the data stored in the first key file to the second key file; or, the terminal device Generate the second key file by changing the file name of the first key file to the file name of the second key file.
这样,应用利用基于变更后的UID生成的密钥文件的文件名查找密钥文件时,可以查找到正确的密钥文件,从而可以利用该正确的密钥文件成功解密加密数据。In this way, when the application uses the file name of the key file generated based on the changed UID to search for the key file, the correct key file can be found, so that the encrypted data can be successfully decrypted by using the correct key file.
在一种可能的实现方式中,在终端设备将第一应用的UID由第一UID变化为第二UID之前,该方法还包括:终端设备完成空中升级OTA之后开机重启;或,终端设备完成空中升级OTA之后检测到登录终端设备的用户由第一用户切换到第二用户。In a possible implementation, before the terminal device changes the UID of the first application from the first UID to the second UID, the method further includes: the terminal device restarts after completing the OTA upgrade over the air; or, the terminal device completes the over-the-air update After the OTA is upgraded, it is detected that the user logging in to the terminal device is switched from the first user to the second user.
这样,可以触发终端设备执行查询UID的操作,从而可以确定应用的UID有无变更。In this way, the terminal device can be triggered to perform an operation of querying the UID, so as to determine whether the UID of the application has changed.
在一种可能的实现方式中,在终端设备将第一应用的UID由第一UID变化为第二UID之前,该方法还包括:终端设备检测到第一应用启动并运行。In a possible implementation manner, before the terminal device changes the UID of the first application from the first UID to the second UID, the method further includes: the terminal device detects that the first application is started and running.
这样,可以触发终端设备执行查询UID的操作,从而可以确定应用的UID有无变更。In this way, the terminal device can be triggered to perform an operation of querying the UID, so as to determine whether the UID of the application has changed.
在一种可能的实现方式中,终端设备包括应用包管理服务PMS,在终端设备基于第一密钥文件生成第二密钥文件之前,该方法还包括:终端设备通过PMS检测到第一应用的UID由第一UID变化为第二UID。In a possible implementation manner, the terminal device includes an application package management service PMS, and before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device detects the The UID is changed from the first UID to the second UID.
这样,终端设备可以通过PMS来确定应用的UID有无变更。In this way, the terminal device can determine whether the UID of the application has changed through the PMS.
在一种可能的实现方式中,终端设备包括密钥库服务KeyStoreService,在终端设备基于第一密钥文件生成第二密钥文件之前,该方法还包括:终端设备通过KeyStoreService检测到第一应用的UID由第一UID变化为第二UID。In a possible implementation manner, the terminal device includes a key store service KeyStoreService, and before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device detects the The UID is changed from the first UID to the second UID.
这样,终端设备可以通过KeyStoreService来确定应用的UID有无变更。In this way, the terminal device can determine whether the UID of the application has changed through the KeyStoreService.
在一种可能的实现方式中,终端设备包括Installd模块,在终端设备基于第一密钥文件生成第二密钥文件之前,该方法还包括:终端设备通过Installd模块查询第一UID和第二UID。In a possible implementation manner, the terminal device includes an Installd module, and before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device queries the first UID and the second UID through the Installd module .
这样,终端设备可以通过Installd查询UID。In this way, the terminal device can query the UID through Installd.
在一种可能的实现方式中,终端设备利用第二密钥文件中存储的数据执行第一业务,具体包括:终端设备显示第一用户界面,第一用户界面中包括用户数据,用户数据是利用第二密钥文件中存储的数据获取到的。In a possible implementation manner, the terminal device uses the data stored in the second key file to execute the first service, which specifically includes: the terminal device displays the first user interface, the first user interface includes user data, and the user data is obtained by using The data stored in the second key file is retrieved.
这样,终端设备可以利用新密钥文件来解密用户数据,从而保证用户数据不丢失。In this way, the terminal device can use the new key file to decrypt the user data, thereby ensuring that the user data is not lost.
在一种可能的实现方式中,在第一应用的UID由第一UID变化为第二UID的情况下,第一应用的系统访问权限变低。In a possible implementation manner, when the UID of the first application is changed from the first UID to the second UID, the system access authority of the first application becomes lower.
这样,可以通过变更UID来降低应用的系统访问权限,从而提高安全性。In this way, the system access authority of the application can be reduced by changing the UID, thereby improving security.
在一种可能的实现方式中,在终端设备基于第一密钥文件生成第二密钥文件之后,该方法还包括:终端设备对第二密钥文件的密钥完整性进行检查,并确认检查通过;和/或,终端设备对第二密钥文件的权限进行检查,并确认检查通过。In a possible implementation manner, after the terminal device generates the second key file based on the first key file, the method further includes: the terminal device checks the key integrity of the second key file, and confirms the check Pass; and/or, the terminal device checks the authority of the second key file, and confirms that the check is passed.
这样,通过对新密钥文件进行密钥完整性检查、文件权限检查,可以防止密钥篡改,消 除密钥被非法操作的潜在隐患。In this way, by performing key integrity check and file permission check on the new key file, key tampering can be prevented and potential hidden dangers of key being illegally manipulated can be eliminated.
在一种可能的实现方式中,在终端设备基于第一密钥文件生成第二密钥文件之前,该方法还包括:终端设备确认第一应用允许终端设备基于第一密钥文件生成第二密钥文件;和/或,终端设备对第一密钥文件的密钥完整性进行检查,并确认检查通过;和/或,终端设备对第一密钥文件的权限进行检查,并确认检查通过。In a possible implementation manner, before the terminal device generates the second key file based on the first key file, the method further includes: the terminal device confirms that the first application allows the terminal device to generate the second key file based on the first key file; key file; and/or, the terminal device checks the key integrity of the first key file, and confirms that the check passes; and/or, the terminal device checks the authority of the first key file, and confirms that the check passes.
这样,通过对旧密钥文件进行密钥完整性检查、文件权限检查,可以防止密钥篡改,消除密钥被非法操作的潜在隐患。In this way, key integrity checks and file authority checks can be performed on old key files to prevent key tampering and eliminate potential hidden dangers of keys being illegally manipulated.
在一种可能的实现方式中,在终端设备基于第一密钥文件生成第二密钥文件之后,该方法还包括:终端设备保存第二密钥文件。In a possible implementation manner, after the terminal device generates the second key file based on the first key file, the method further includes: the terminal device saves the second key file.
这样,终端设备在需要获取密钥时可以查找到该密钥对应的密钥文件。In this way, the terminal device can find the key file corresponding to the key when it needs to obtain the key.
在一种可能的实现方式中,第一应用为系统应用,系统应用为终端设备的操作系统预置的应用。In a possible implementation manner, the first application is a system application, and the system application is an application preset by an operating system of the terminal device.
在一种可能的实现方式中,第一应用的UID是基于用户标识UserId和应用标识APPId生成的,其中,用户标识UserId是终端设备基于登录终端设备的用户数量确定的,应用标识APPId是终端设备基于第一应用的包名确定的。In a possible implementation manner, the UID of the first application is generated based on the user identifier UserId and the application identifier APPId, wherein the user identifier UserId is determined by the terminal device based on the number of users who log in to the terminal device, and the application identifier APPId is determined by the terminal device Determined based on the package name of the first application.
第二方面,本申请实施例提供了一种终端设备,该终端设备包括一个或多个处理器和一个或多个存储器;其中,一个或多个存储器与一个或多个处理器耦合,一个或多个存储器用于存储计算机程序代码,计算机程序代码包括计算机指令,当一个或多个处理器执行计算机指令时,使得终端设备执行上述第一方面任一项可能的实现方式中的方法。In a second aspect, an embodiment of the present application provides a terminal device, the terminal device includes one or more processors and one or more memories; wherein, the one or more memories are coupled to the one or more processors, and one or more The multiple memories are used to store computer program codes, and the computer program codes include computer instructions. When one or more processors execute the computer instructions, the terminal device executes the method in any possible implementation manner of the first aspect above.
第三方面,本申请实施例提供了一种计算机存储介质,该计算机存储介质存储有计算机程序,计算机程序包括程序指令,当程序指令在终端设备上运行时,使得终端设备执行上述第一方面任一项可能的实现方式中的方法。In a third aspect, an embodiment of the present application provides a computer storage medium, the computer storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are run on a terminal device, the terminal device executes any of the above-mentioned first aspects. Method in one possible implementation.
第四方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在计算机上运行时,使得计算机执行上述第一方面任一项可能的实现方式中的方法。In a fourth aspect, an embodiment of the present application provides a computer program product, which, when the computer program product is run on a computer, causes the computer to execute the method in any possible implementation manner of the first aspect above.
附图说明Description of drawings
图1A-图1B是本申请实施例提供的一组用户界面示意图;Fig. 1A-Fig. 1B are a set of user interface diagrams provided by the embodiment of the present application;
图2是本申请实施例提供的一种PMS扫描应用程序包的场景下触发执行的密钥迁移方法的流程示意图;2 is a schematic flow diagram of a key migration method triggered to be executed under the scenario of a PMS scanning application package provided by an embodiment of the present application;
图3A-图3H是本申请实施例提供的一组OTA升级和多用户切换的用户界面示意图;FIG. 3A-FIG. 3H are schematic diagrams of user interfaces for a group of OTA upgrades and multi-user switching provided by the embodiment of the present application;
图4是本申请实施例提供的另一种PMS扫描应用程序包的场景下触发执行的密钥迁移方法的流程示意图;FIG. 4 is a schematic flow diagram of a key migration method triggered to be executed in another PMS scanning application package scenario provided by an embodiment of the present application;
图5是本申请实施例提供的一种应用在启动并运行过程中需要获取密钥的场景下触发执 行的密钥迁移方法的流程示意图;Fig. 5 is a schematic flowchart of a key migration method that is triggered to be executed in a scenario where an application needs to obtain a key during startup and operation provided by an embodiment of the present application;
图6是本申请实施例提供的另一种应用在启动并运行过程中需要获取密钥的场景下触发执行的密钥迁移方法的流程示意图;Fig. 6 is a schematic flowchart of another key migration method triggered by execution in a scenario where an application needs to obtain a key during start-up and running according to an embodiment of the present application;
图7是本申请实施例提供的一种终端设备的结构示意图;FIG. 7 is a schematic structural diagram of a terminal device provided in an embodiment of the present application;
图8是本申请实施例提供的一种终端设备的软件架构示意图。FIG. 8 is a schematic diagram of a software architecture of a terminal device provided in an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。其中,在本申请实施例的描述中,除非另有说明,“/”表示或的意思,例如,A/B可以表示A或B;文本中的“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况,另外,在本申请实施例的描述中,“多个”是指两个或多于两个。The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Among them, in the description of the embodiments of this application, unless otherwise specified, "/" means or means, for example, A/B can mean A or B; "and/or" in the text is only a description of associated objects The association relationship indicates that there may be three kinds of relationships, for example, A and/or B, which may indicate: A exists alone, A and B exist at the same time, and B exists alone. In addition, in the description of the embodiment of the present application , "plurality" means two or more than two.
应当理解,本申请的说明书和权利要求书及附图中的术语“第一”、“第二”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be understood that the terms "first" and "second" in the specification, claims and drawings of the present application are used to distinguish different objects, rather than to describe a specific order. Furthermore, the terms "include" and "have", as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally further includes For other steps or units inherent in these processes, methods, products or apparatuses.
在本申请中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本申请所描述的实施例可以与其它实施例相结合。Reference in this application to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The occurrences of this phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is understood explicitly and implicitly by those skilled in the art that the embodiments described in this application can be combined with other embodiments.
为了便于理解,下面对本申请实施例中涉及的一些相关概念进行说明。For ease of understanding, some related concepts involved in the embodiments of the present application are described below.
1、密钥库系统(KeyStoreSystem)1. Keystore System (KeyStoreSystem)
以安卓密钥库系统(Android KeyStoreSystem)为例,安卓密钥库系统是一个密钥库管理系统,由Android 4.0中引入的密钥串(KeyChain)应用程序编程接口(ApplicationProgrammingInterface,API)、Android 4.3中引入的安卓密钥库提供程序功能。安卓密钥库系统可以在容器中存储加密密钥,从而提供在设备中提取密钥的难度,在密钥进入密钥库之后,可以将它们用于加密操作,而密钥材料仍不可导出。安卓密钥库系统可以保护密钥材料免遭未经授权的使用。Taking the Android KeyStore System as an example, the Android KeyStore System is a keystore management system, which consists of the KeyChain application programming interface (Application Programming Interface, API) introduced in Android 4.0, Android 4.3 The Android keystore provider function introduced in . The Android keystore system can store encryption keys in containers, thereby providing the difficulty of extracting the keys in the device. After the keys are in the keystore, they can be used for cryptographic operations, while the key material remains non-exportable. The Android keystore system protects key material from unauthorized use.
安卓密钥库系统在架构层面可以分为三部分:The Android keystore system can be divided into three parts at the architectural level:
第一部分:安卓密钥库(AndroidKeyStore),位于框架(Framework)层,用于向应用层提供密钥操作的相关接口。The first part: Android Key Store (AndroidKeyStore), located in the framework (Framework) layer, is used to provide relevant interfaces for key operations to the application layer.
第二部分:密钥库服务模块(KeyStoreService),位于原生(Native)层,用于负责密钥的管理与存储,对应进程keystore。The second part: the key store service module (KeyStoreService), located in the native (Native) layer, is responsible for the management and storage of keys, corresponding to the process keystore.
第三部分:Keymaster可信应用(Trusted Application,TA),运行于可信安全环境(Trusted Execution Environment,TEE),用于提供密钥生成、数据加解密、鉴权、签名验证等相关的安全业务的实现。The third part: Keymaster trusted application (Trusted Application, TA), which runs in a trusted security environment (Trusted Execution Environment, TEE), used to provide key generation, data encryption and decryption, authentication, signature verification and other related security services realization.
终端设备上的一些应用可以使用安卓密钥库系统对其数据进行加解密,其密钥文件(也可以称为密钥索引文件)会存储在密钥库服务模块中的数据目录下,通常,在安卓密钥库系 统管理下的密钥文件,其文件名是基于对该应用的UID、密钥类型、密钥别名(Alias)进行编码来生成的,例如,某个密钥文件的文件名为1000_USRPKEY_XX,那么该应用的UID为1000,密钥类型为USRPKEY,密钥别名为XX。密钥库服务模块可以通过密钥文件作为获取密钥入口,调用KeymasterTA来进行数据的加解密相关操作。Some applications on the terminal device can use the Android keystore system to encrypt and decrypt their data, and their key files (also called key index files) will be stored in the data directory of the keystore service module. Usually, The key file under the management of the Android key store system, its file name is generated based on encoding the UID, key type, and key alias (Alias) of the application, for example, the file name of a certain key file is 1000_USRPKEY_XX, then the UID of the application is 1000, the key type is USRPKEY, and the key alias is XX. The key store service module can use the key file as the key entry, and call KeymasterTA to perform data encryption and decryption related operations.
需要说明的是,密钥库系统可以包括但不限于安卓密钥库系统,本申请实施例仅仅以密钥库系统是安卓密钥库系统为例来对密钥库系统进行说明,不应构成对本申请的限定。It should be noted that the key store system may include but not limited to the Android key store system. Limitations on this Application.
2、用户身份证明(useridentification,UID)2. User identification (UID)
对于Linux系统这种多用户系统来说,每一个用户都拥有一个UID,这个UID是和用户名一一映射的,为了便于用户管理,可以将多个用户归于一个群组,每个群组拥有一个群组ID(GroupIdentification,GID)。For a multi-user system such as the Linux system, each user has a UID, which is mapped to the user name one by one. In order to facilitate user management, multiple users can be assigned to a group, and each group has A group ID (GroupIdentification, GID).
Android系统在Android 4.2之前,不支持多用户,在Android 4.2之后,增加了多用户功能,也即是说,一台Android设备上可以添加多个用户,用户类型可以包括主要用户、次要用户、访客用户。其中,主要用户是添加到设备的第一个用户,除非恢复出厂设置,否则无法移除主要用户,其他用户在前台运行,主要用户也会始终处于运行状态;次要用户是除主要用户之外添加到设备的任何用户,次要用户可以移除(由用户自行移除或由主要用户移除),其不会影响设备上的其他用户,次要用户可以在后台运行且可以继续连接到网络;访客用户是临时的次要用户,系统提供了删除访客用户的明确选项,当访客用户不再使用该设备时,可以快速将其删除,一次只能有一个访客用户。Before Android 4.2, the Android system did not support multiple users. After Android 4.2, the multi-user function was added. That is to say, multiple users can be added to one Android device. User types can include primary users, secondary users, guest user. Among them, the primary user is the first user added to the device. Unless the factory settings are restored, the primary user cannot be removed. Other users are running in the foreground, and the primary user will always be running; the secondary user is in addition to the primary user. Any user added to the device, the secondary user can be removed (either by the user himself or by the primary user) without affecting other users on the device, the secondary user can run in the background and continue to be connected to the network ;Guest user is a temporary secondary user, the system provides an explicit option to delete the guest user, when the guest user is no longer using the device, it can be quickly deleted, there can only be one guest user at a time.
对于Android系统来说,UID是一个基于特定用户的Android应用身份标识,通常情况下,一个UID对应一个应用,一个应用的UID是应用包管理服务模块(PackageManagerService,PMS)在解析、安装安卓应用程序包(AndroidApplicationPackage,APK)文件的时候创建的。同一个Android应用中的所有进程共享同一个UID,若要多个不同的Android应用之间共享同一个UID,则需要在“AndroidManifest.xml”的XML文件中设置相同的sharedUserId,同时拥有相同的签名。For the Android system, UID is an Android application identity based on a specific user. Usually, a UID corresponds to an application, and the UID of an application is the application package management service module (PackageManagerService, PMS) in parsing and installing Android applications. Created when the package (AndroidApplicationPackage, APK) file. All processes in the same Android application share the same UID. If you want to share the same UID between multiple different Android applications, you need to set the same sharedUserId in the XML file of "AndroidManifest.xml", and have the same signature at the same time .
多用户的Android系统引入了两个新的概念:用户标识符(UserIdentifier,User Id)和应用标识符(ApplicationIdentifier,App Id)。The multi-user Android system introduces two new concepts: user identifier (UserIdentifier, User Id) and application identifier (ApplicationIdentifier, App Id).
其中,User Id与终端设备上的用户(例如主要用户、次要用户、访客用户等)的数量相关。如果终端设备上的用户只有一个,即单用户状态,则该用户的User Id为0;如果终端设备上的用户有多个,即多用户状态,则每个用户均有自己的User Id,且互不相同,除默认用户(默认用户的User Id为0)外,其他用户的User Id从10开始依次递增。Wherein, the User Id is related to the number of users (such as primary users, secondary users, guest users, etc.) on the terminal device. If there is only one user on the terminal device, that is, single-user status, the User Id of the user is 0; if there are multiple users on the terminal device, that is, multi-user status, each user has its own User Id, and They are different from each other. Except for the default user (the User Id of the default user is 0), the User Id of other users increases sequentially from 10.
其中,App Id与终端设备上的应用相关,即便是不同用户,应用包名称(简称包名)相同的应用,其App Id也相同,也即是说,应用一旦部署,其App Id便固定下来,在系统的正常运行过程中都不会改变。Among them, the App Id is related to the application on the terminal device. Even for different users, applications with the same application package name (package name for short) have the same App Id. That is to say, once the application is deployed, its App Id will be fixed. , will not change during normal operation of the system.
App Id的确定方式有两种:第一种方式是由PMS自动分配,这种方式通常适用于第三方应用,或,部分系统应用;第二种方式是在“AndroidManifest.xml”中指定Android:sharedUserId来进行固定分配,这种方式通常适用于大部分系统应用。There are two ways to determine the App Id: the first way is automatically assigned by PMS, which is usually applicable to third-party applications, or some system applications; the second way is to specify Android in "AndroidManifest.xml": sharedUserId for fixed allocation, which is usually applicable to most system applications.
UID与User Id、App Id存在如下的转换关系:UID has the following conversion relationship with User Id and App Id:
UID=User Id*100000+App Id;UID=UserId*100000+AppId;
其中,App Id的取值范围为[0,100000];对于User Id,在单用户(默认用户)状态下, User Id为0,在多用户状态下,默认用户的User Id为0,如果添加一个新用户,例如用户1,则用户1的User Id为10,如果再添加一个新用户,例如用户2,则用户2的User Id为11,如果再添加一个新用户,例如用户3,则用户3的User Id为12,依次类推,也就是说,除默认用户(默认用户的User Id为0)外,其他用户的User Id从10开始依次递增,例如10、11、12、13等等。Among them, the value range of App Id is [0,100000]; for User Id, in single user (default user) state, User Id is 0, in multi-user state, default user's User Id is 0, if you add A new user, such as user 1, the User Id of user 1 is 10. If a new user is added, such as user 2, the User Id of user 2 is 11. If a new user is added, such as user 3, the user The User Id of 3 is 12, and so on, that is to say, except the default user (the User Id of the default user is 0), the User Ids of other users increase sequentially from 10, such as 10, 11, 12, 13 and so on.
根据上述UID与User Id、App Id存在的转换关系,假设某一应用的App Id为5514,对于默认用户来说,其User Id为0,则UID为5514,即UID=App Id;对于用户1来说,其User Id为10,则UID为1005514。也即是说,对于同一个应用来说,用户不同,该应用的UID也不同,容易理解,UID可以作为区别同一应用在不同用户下的标识符。According to the above-mentioned conversion relationship between UID, User Id and App Id, assuming that the App Id of an application is 5514, for the default user, the User Id is 0, and the UID is 5514, that is, UID=App Id; for user 1 For example, if its User Id is 10, its UID is 1005514. That is to say, for the same application, different users have different UIDs of the application. It is easy to understand that the UID can be used as an identifier to distinguish the same application under different users.
3、应用包管理服务模块(PackageManagerService,PMS)3. Application package management service module (PackageManagerService, PMS)
PMS负责管理系统上的各种应用程序包,可以对终端设备上的应用程序包进行安装、卸载、更新和解析,还可以负责权限管理等。The PMS is responsible for managing various application packages on the system, can install, uninstall, update and analyze the application packages on the terminal device, and can also be responsible for authority management, etc.
PMS的作用阶段主要集中在终端设备开机重启阶段(boot阶段),负责进行应用程序包扫描过程(即PMS扫包过程),该过程包括五个阶段:开始阶段(boot_progress_pms_start)、扫描系统(system)分区阶段(boot_progress_pms_system_scan_start)、扫描数据(data)分区阶段(boot_progress_pms_data_scan_start)、扫描结束阶段(boot_progress_pms_scan_end)、准备阶段(boot_progress_pms_ready)。The role of PMS is mainly concentrated in the terminal device startup and restart phase (boot phase), which is responsible for the application package scanning process (that is, the PMS scanning process). This process includes five phases: start phase (boot_progress_pms_start), scan system (system) Partition phase (boot_progress_pms_system_scan_start), scan data (data) partition phase (boot_progress_pms_data_scan_start), scan end phase (boot_progress_pms_scan_end), preparation phase (boot_progress_pms_ready).
在开始阶段,通过调用main方法可以创建很多PMS对象,并赋值给PMS中的成员变量(例如mSettings、mInstaller、systemConfig等)。In the initial stage, many PMS objects can be created by calling the main method, and assigned to member variables in the PMS (such as mSettings, mInstaller, systemConfig, etc.).
在扫描系统分区阶段,PMS会扫描/system目录(系统目录)下的应用程序包,/system可以称作system分区,该分区主要用于存储Android系统相关文件和框架,/system目录下包括多个子目录,PMS会扫描各个子目录下的文件,例如/system/app(存放系统APP的/system的子目录)、/system/framework(存放应用程序框架层jar包的/system的子目录)等目录下的文件,并对扫描的文件进行一些后续处理。In the stage of scanning the system partition, PMS will scan the application package under the /system directory (system directory). /system can be called the system partition, which is mainly used to store Android system-related files and frameworks. directory, PMS will scan the files in each subdirectory, such as /system/app (the subdirectory of /system where the system APP is stored), /system/framework (the subdirectory of /system where the application framework layer jar package is stored) and other directories files under , and do some post-processing on the scanned files.
在扫描数据分区阶段,PMS会扫描/data目录(数据目录)下的应用程序包,/data可以称作data分区,该分区主要用于存储所有用户的个人数据和配置文件,/data目录下包括多个子目录,PMS会扫描各个子目录下的文件,例如/data/app(存放第三方APP的/data的子目录)、/data/system(存放系统配置文件的/data的子目录)、/data/data(存放所有已安装APP的数据的/data的子目录)等目录下的文件,并及时更新数据目录下的应用信息,去除不必要的数据。In the phase of scanning data partitions, PMS will scan the application packages under the /data directory (data directory). /data can be called the data partition. This partition is mainly used to store personal data and configuration files of all users. The /data directory includes Multiple subdirectories, PMS will scan the files in each subdirectory, such as /data/app (the subdirectory of /data storing the third-party APP), /data/system (the subdirectory of /data storing the system configuration files), / data/data (the subdirectory of /data that stores all the data of the installed APP) and other directories, and update the application information in the data directory in time to remove unnecessary data.
本申请实施例中涉及的应用的UID信息均存放在/data目录下。The UID information of the applications involved in the embodiments of the present application are all stored in the /data directory.
在扫描结束阶段,PMS可以判断当前平台软件开发工具包(SoftwareDevelopmentKit,SDK)版本和上次启动时的SDK版本是否不同,若不同,则更新权限;还可以判断是否为OTA升级后的第一次启动,若是,则清除不必要的缓冲数据;还可以更新package.xml等文件。At the end of the scan, the PMS can determine whether the current platform software development kit (Software Development Kit, SDK) version is different from the SDK version at the last startup, and if so, update the permissions; it can also determine whether it is the first time after the OTA upgrade Start, if so, clear unnecessary buffer data; you can also update files such as package.xml.
在准备阶段,PMS会创建PackageInstallerService对象,进行内存垃圾回收等。In the preparation phase, PMS will create PackageInstallerService object, perform memory garbage collection, etc.
PMS对终端设备上的应用程序包进行安装、卸载等工作主要通过Installer和Installd来完成的,其中,Installer是Java层提供的API接口,Installd是init进程启动的DaemonService。The PMS installs and uninstalls the application package on the terminal device mainly through Installer and Installd. Among them, Installer is the API interface provided by the Java layer, and Installd is the DaemonService started by the init process.
通常,终端设备上的系统应用被授予高权限,例如,可以通过设置Android:sharedUserId=“android.uid.system”,来把系统应用放到系统进程中运行,该系统应用就拥有了系统权限(例如root权限),可以修改系统配置,同时,也可以配置多个应用运行在一个进程中进行数据共 享。这样,系统应用的高权限很容易给系统带来巨大的安全隐患,一旦这些系统应用被攻破,将会造成系统配置被操控、用户数据和系统数据被泄露等安全风险。因此,为降低安全风险,需要对这些系统应用的UID进行变更、整改,例如可以通过去掉系统应用Android:sharedUserId=“android.uid.system”这个属性来改变系统应用的AppId,从而也就进一步改变了该系统应用的UID,其中,系统应用可以是指终端设备的操作系统(Operting System,OS)预置的应用,例如设置、信息、拨号等应用。Usually, the system application on the terminal device is granted high authority. For example, by setting Android:sharedUserId="android.uid.system", the system application can be run in the system process, and the system application has the system authority ( For example, root authority), you can modify the system configuration, and at the same time, you can also configure multiple applications to run in one process for data sharing. In this way, the high authority of system applications can easily bring huge security risks to the system. Once these system applications are compromised, it will cause security risks such as system configuration manipulation, user data and system data leakage. Therefore, in order to reduce security risks, it is necessary to change and rectify the UIDs of these system applications. For example, the AppId of the system applications can be changed by removing the attribute of the system application Android:sharedUserId="android.uid.system", thereby further changing the The UID of the system application is indicated, where the system application may refer to an application preset in the operating system (Operting System, OS) of the terminal device, such as applications such as setting, information, and dialing.
应用的UID变更会导致旧UID(即变更前的UID)应用的数据资源对于新UID(即变更后的UID)应用不可用,也即是说,在应用的UID变更之后,用户无法访问该应用在变更UID之前的原始目录文件,造成数据丢失。The UID change of the application will cause the data resources of the application with the old UID (that is, the UID before the change) to be unavailable for the application with the new UID (that is, the UID after the change). That is to say, after the UID of the application is changed, the user cannot access the application. The original directory file before changing the UID, resulting in data loss.
针对上述问题,当前的解决方案是对应用的数据目录的属组和权限进行修复,使得新UID应用也拥有访问旧UID应用的数据目录的权限,从而可以保证在应用的UID变更之后,旧UID应用的数据对于新UID应用依然可用,即用户可以正常访问旧UID应用的数据目录。In view of the above problems, the current solution is to repair the group and permissions of the application's data directory, so that the new UID application also has access to the old UID application's data directory, so that after the application's UID is changed, the old UID The data of the application is still available for the new UID application, that is, the user can normally access the data directory of the old UID application.
该解决方案的具体执行过程如下:The specific implementation process of this solution is as follows:
首先,在PMS对应用程序包进行扫描的过程中,对于终端设备上的每一个应用,PMS都会调用Installd进程来准备用户数据。First, in the process of scanning the application package by the PMS, for each application on the terminal device, the PMS will call the Installd process to prepare user data.
进一步地,通过调用Installd进程来扫描当前应用的数据目录所属的UID/GID,该数据目录包括凭据加密(CredentialEncrypted,CE)存储空间下的数据目录和设备(Device Encrypted,DE)加密存储空间下的数据目录,其中,CE存储空间是可供应用使用的默认存储位置,只能在用户解锁终端设备后才可以使用;DE存储空间是终端设备在直接启动模式下和用户解锁终端设备后均可以使用。Further, by calling the Installd process to scan the UID/GID to which the data directory of the current application belongs, the data directory includes the data directory under the credential encrypted (CredentialEncrypted, CE) storage space and the device (Device Encrypted, DE) encrypted storage space. Data directory, among which, the CE storage space is the default storage location available for applications, which can only be used after the user unlocks the terminal device; the DE storage space is available to the terminal device in the direct startup mode and after the user unlocks the terminal device .
进一步地,扫描之后,若确定数据目录所属的UID/GID发生变更,则进行修复,将原始的UID/GID改为变更后的UID/GID。Further, after the scanning, if it is determined that the UID/GID to which the data directory belongs has changed, repair is performed, and the original UID/GID is changed to a changed UID/GID.
然而,对于某些使用安卓密钥库系统(AndroidKeystoreSystem)来对数据进行加解密的应用来说,其使用的密钥文件是由密钥库服务模块(KeyStoreService)进行统一管理,其密钥文件的文件名是KeyStoreService基于对该应用的UID、密钥类型、密钥别名进行编码生成的。在对应用进行UID变更之后,不仅会导致应用的数据目录的UID变更,还会导致应用使用的安卓密钥库内的密钥文件的期望文件名(即基于变更后的UID生成的文件名)变更,上述解决方案中并没有考虑到应用的UID变更所引起的安卓密钥库内的密钥文件的期望文件名变更问题,因此,应用的UID变更之后,新UID应用在调用安卓密钥库进行数据解密时,KeyStoreService会基于新的UID来编码生成新的密钥文件的文件名(即期望文件名),但是由于安卓密钥库内存储的密钥文件的文件名并不会随着应用的UID变更而自动被重命名,因此,KeyStoreService无法基于新的密钥文件的文件名查找到该新的密钥文件的文件名对应的密钥文件,那么新UID应用也就无法对旧UID应用的加密数据成功进行解密,即解密失败,解密失败可能会导致应用数据丢失,已登录该应用的账号信息失效、用户需重新签署相关协议、用户数据丢失等情况发生,从而造成上层业务连续性降低,用户体验差。However, for some applications that use the Android Keystore System (AndroidKeystoreSystem) to encrypt and decrypt data, the key files used are uniformly managed by the KeyStoreService module (KeyStoreService). The file name is generated by KeyStoreService based on the encoding of the application's UID, key type, and key alias. After changing the UID of the application, not only the UID of the data directory of the application will change, but also the expected file name of the key file in the Android keystore used by the application (that is, the file name generated based on the changed UID) Change, the above solution does not take into account the change of the expected file name of the key file in the Android keystore caused by the change of the UID of the application. Therefore, after the UID of the application is changed, the new UID application calls the Android keystore When decrypting data, KeyStoreService will encode and generate the file name of the new key file based on the new UID (that is, the expected file name), but because the file name of the key file stored in the Android key store does not change with the application Therefore, KeyStoreService cannot find the key file corresponding to the file name of the new key file based on the file name of the new key file, and the new UID application cannot apply to the old UID. If the encrypted data is successfully decrypted, that is, the decryption fails. The failure of the decryption may lead to loss of application data, invalidation of the account information logged into the application, the need for the user to re-sign the relevant agreement, loss of user data, etc., resulting in reduced business continuity at the upper layer , poor user experience.
举例来说,如图1A所示,在应用的UID变更之前,用户界面100上显示有用户的账号信息(例如账号名称Mary等)和用户使用该应用过程中产生的历史数据信息(例如我的收藏、最近播放、下载等列表中记录的历史数据),也即是说,终端设备100在应用的UID变更之前存储了用户的账号信息和使用该应用过程中产生的历史数据信息。在应用的UID变更 之后,如图1B所示,用户界面110上不再显示有应用的UID变更之前终端设备100上存储的用户的账号信息,而且应用的UID变更之前用户使用该应用过程中产生的历史数据信息也被清零(例如“我的收藏”列表中存储的数据条目数量由图1A中的30条变为图1B中的0条),也即是说,终端设备100对旧UID应用的加密数据解密失败,从而造成了加密数据丢失。For example, as shown in FIG. 1A, before the UID of the application is changed, the user interface 100 displays the user's account information (such as account name Mary, etc.) and historical data information (such as my History data recorded in lists such as favorites, recent play, downloads, etc.), that is to say, the terminal device 100 stores the user's account information and historical data information generated during the use of the application before the UID of the application is changed. After the UID of the application is changed, as shown in FIG. 1B , the user interface 110 no longer displays the account information of the user stored on the terminal device 100 before the UID of the application is changed, and the user’s account information generated during the use of the application before the UID of the application is changed. The historical data information is also cleared (for example, the number of data entries stored in the "My Favorites" list is changed from 30 in Fig. 1A to 0 in Fig. 1B), that is to say, the terminal device 100 has no information about the old UID The application's encrypted data decryption failed, resulting in the loss of encrypted data.
针对上述由于应用的UID变更但KeyStoreService侧存储的密钥文件的文件名未变更而导致加密数据解密失败这一问题,本申请实施例提供了一种密钥迁移方法,终端设备在确定应用变更UID之后,可以对该应用在变更UID之前存储在KeyStoreService侧的密钥文件进行修复,即可以通过将已存储的一个密钥文件中的数据迁移到另一个新密钥文件中来实现密钥迁移,从而保证应用在变更UID之后,该应用利用基于变更后的UID生成的密钥文件的文件名查找密钥文件时,可以查找到正确的密钥文件(即新密钥文件),从而可以利用该正确的密钥文件成功解密加密数据,避免解密失败和加密数据丢失,提高业务连续性,提高用户体验。To solve the above-mentioned problem that decryption of encrypted data fails because the UID of the application changes but the file name of the key file stored on the KeyStoreService side does not change, the embodiment of this application provides a key migration method. When the terminal device determines that the UID of the application changes After that, the key file stored on the KeyStoreService side of the application before changing the UID can be repaired, that is, the key migration can be realized by migrating the data in a stored key file to another new key file, This ensures that after the application changes the UID, when the application uses the file name of the key file generated based on the changed UID to search for the key file, it can find the correct key file (that is, the new key file), so that the application can use the key file. The correct key file can successfully decrypt encrypted data, avoid decryption failure and encrypted data loss, improve business continuity, and improve user experience.
在本申请实施例中,终端设备可以通过空中升级(OverTheAir,OTA)来对应用的UID进行变更,应用的UID变更是指在同一用户下,应用的UID在OTA之前与OTA之后不同。In the embodiment of the present application, the terminal device can change the UID of the application through Over The Air (OTA). The change of the UID of the application means that under the same user, the UID of the application is different before the OTA and after the OTA.
本申请实施例提供的密钥迁移方法可以在以下两个场景下被触发执行:The key migration method provided in the embodiment of this application can be triggered to execute in the following two scenarios:
1、PMS扫描应用程序包的场景下被触发执行,其中,触发PMS扫描应用程序包的条件是:终端设备100在OTA完成后开机重启,或,终端设备100在OTA完成后响应于切换用户的操作来进行多用户切换(例如由默认用户切换到用户1)。在这个场景下,本申请实施例提供的密钥迁移方法可以对多个应用在KeyStoreService侧存储的密钥文件的文件名进行统一修复。1. The execution of the PMS scanning application package is triggered, wherein the triggering condition of the PMS scanning application package is: the terminal device 100 is restarted after the completion of the OTA, or the terminal device 100 responds to the switch user’s request after the completion of the OTA. Operation to perform multi-user switching (for example, switch from default user to user 1). In this scenario, the key migration method provided by the embodiment of the present application can uniformly repair the file names of the key files stored by multiple applications on the KeyStoreService side.
2、应用在启动并运行过程中需要获取密钥(即需要查询密钥文件)的场景下被触发执行。在这个场景下,本申请实施例提供的密钥迁移方法仅针对当前单个应用在KeyStoreService侧存储的密钥文件的文件名进行修复。2. The application is triggered to execute when it needs to obtain the key (that is, needs to query the key file) during the startup and running process. In this scenario, the key migration method provided by the embodiment of the present application only repairs the file name of the key file currently stored by a single application on the KeyStoreService side.
后续实施例中会详细介绍在这两种场景下触发执行密钥迁移方法的具体过程,在此先不展开。The specific process of triggering the execution of the key migration method in these two scenarios will be introduced in detail in subsequent embodiments, which will not be expanded here.
本申请的实施例中的终端设备100以手机(mobile phone)为例,终端设备100还可以是平板电脑(Pad)、智慧屏、个人数字助理(Personal Digital Assistant,PDA)、膝上型电脑(Laptop)等智能终端设备,本申请实施例对终端设备100的类型、物理形态、尺寸不作限定。The terminal device 100 in the embodiment of the present application takes a mobile phone as an example, and the terminal device 100 may also be a tablet computer (Pad), a smart screen, a personal digital assistant (Personal Digital Assistant, PDA), a laptop computer ( Laptop) and other smart terminal devices, the embodiment of the present application does not limit the type, physical form, and size of the terminal device 100 .
本申请实施例提供的密钥迁移方法可以适用于使用安卓密钥库系统进行数据加解密的终端设备100上的系统应用的UID变更场景,不限于此,本申请实施例提供的密钥迁移方法还可以适用于使用安卓密钥库系统进行加解密的终端设备100上的其他应用的UID变更场景,本申请实施例对此不作限定。The key migration method provided in the embodiment of this application can be applied to the UID change scenario of the system application on the terminal device 100 using the Android keystore system for data encryption and decryption, but is not limited thereto. The key migration method provided in the embodiment of the application It may also be applicable to UID change scenarios of other applications on the terminal device 100 that use the Android keystore system for encryption and decryption, which is not limited in this embodiment of the present application.
下面介绍本申请实施例提供的一种PMS扫描应用程序包的场景下触发执行的密钥迁移方法。The following introduces a key migration method triggered for execution in a scenario where a PMS scans an application package provided by an embodiment of the present application.
图2示例性示出了本申请实施例提供的一种PMS扫描应用程序包的场景下触发执行密钥迁移方法的流程。如图2所示,该方法可以应用于终端设备100,其中,终端设备100可以包括:应用包管理服务模块(PMS)、Installer、服务管理模块(ServiceManager)、Installd、安卓密钥库(AndroidKeystore)、密钥库服务模块(KeyStoreService)。FIG. 2 exemplarily shows a flow of a method for triggering execution of key migration in a scenario where a PMS scans an application package provided by an embodiment of the present application. As shown in FIG. 2, the method can be applied to a terminal device 100, wherein the terminal device 100 can include: an application package management service module (PMS), an Installer, a service management module (ServiceManager), Installd, and an Android Keystore (AndroidKeystore) , Keystore service module (KeyStoreService).
下面以终端设备100上的系统应用的UID变更为例详细介绍该方法的具体步骤:The specific steps of the method are described in detail below by taking the UID change of the system application on the terminal device 100 as an example:
终端设备100可以先获取到应用的新UID和旧UID,在确定新UID和旧UID不同的情况下,终端设备100可以再进行密钥迁移,从而保证变更UID之后该应用在进行数据解密时仍然可以查找到正确的密钥文件来对加密数据进行解密,避免解密失败和加密数据丢失。The terminal device 100 can first obtain the new UID and the old UID of the application, and if it is determined that the new UID and the old UID are different, the terminal device 100 can perform key migration again, so as to ensure that the application can still decrypt data after changing the UID. The correct key file can be found to decrypt the encrypted data, avoiding decryption failure and loss of encrypted data.
示例性地,终端设备100获取应用的新UID和旧UID的一种可能的实现方式可以为下述阶段一(步骤S201-步骤S207)中描述的实现方式,下面详细介绍阶段一的具体执行过程:Exemplarily, a possible implementation manner for the terminal device 100 to acquire the new UID and old UID of the application may be the implementation described in the following phase one (step S201-step S207), and the specific execution process of phase one is introduced in detail below :
阶段一(步骤S201-步骤S207):获取新旧UID阶段Phase 1 (step S201-step S207): Obtaining the old and new UID phase
S201-S202、终端设备100的应用包管理服务模块在检测到OTA完成后开机重启或多用户切换之后,向Installer发送查询新旧UID的请求。S201-S202, the application package management service module of the terminal device 100 sends a request to the Installer for querying the old and new UIDs after detecting that the OTA is completed and restarted or multi-user switching.
触发终端设备100进行OTA升级可以包括但不限于以下两种实现方式:Triggering the terminal device 100 to perform the OTA upgrade may include but not limited to the following two implementations:
实现方式1:终端设备100自动提示用户进行OTA升级,用户同意后,则触发终端设备100进行OTA升级。Implementation mode 1: the terminal device 100 automatically prompts the user to perform an OTA upgrade, and after the user agrees, triggers the terminal device 100 to perform an OTA upgrade.
示例性地,参阅图3A,终端设备100可以显示弹窗300,用于提示用户更新系统版本,弹窗300中可以包括提示消息(例如“发现系统有新版本”)和“立即更新”选项301,终端设备100可以检测到用户针对“立即更新”选项301的操作(例如点击操作),响应于该操作,终端设备100可以进行系统更新,即进行OTA升级。Exemplarily, referring to FIG. 3A , the terminal device 100 may display a pop-up window 300 for prompting the user to update the system version, and the pop-up window 300 may include a prompt message (such as "found a new version of the system") and an "update now" option 301 , the terminal device 100 may detect the user's operation (such as a click operation) on the "update now" option 301, and in response to the operation, the terminal device 100 may perform a system update, that is, perform an OTA upgrade.
实现方式2:用户主动进入“设置”应用触发终端设备100进行OTA升级。Implementation Mode 2: The user actively enters the "Settings" application to trigger the terminal device 100 to perform OTA upgrade.
示例性地,参阅图3B,图3B示例性示出了终端设备100的“设置”应用的一个用户界面310,该用户界面可以显示有多个设置选项(例如“用户和账户”选项311、“系统和更新”选项312等等),终端设备100可以检测到用户针对“系统和更新”选项312的操作(例如点击操作),响应于该操作,终端设备100可以显示如图3C示例性所示的用户界面320,进一步地,终端设备100可以检测到用户针对“软件更新”选项321的操作(例如点击操作),响应于该操作,终端设备100可以显示如图3D示例性所示的用户界面330,该用户界面显示有提示信息(例如“发现新版本”)和“立即更新”选项331,终端设备100可以检测到用户针对“立即更新”选项331的操作(例如点击操作),响应于该操作,终端设备100可以进行系统更新,即进行OTA升级。Exemplarily, referring to FIG. 3B, FIG. 3B exemplarily shows a user interface 310 of the "Settings" application of the terminal device 100, and the user interface may display multiple setting options (such as "user and account" option 311, " System and Update" option 312, etc.), the terminal device 100 can detect the user's operation (for example, click operation) on the "System and Update" option 312, and in response to the operation, the terminal device 100 can display the exemplarily shown in Figure 3C Further, the terminal device 100 can detect the user's operation (such as a click operation) on the "software update" option 321, and in response to the operation, the terminal device 100 can display the user interface as exemplarily shown in Figure 3D 330, the user interface displays prompt information (for example, "new version found") and an "update now" option 331, and the terminal device 100 may detect the user's operation (for example, click operation) on the "update now" option 331, and respond to the Operation, the terminal device 100 can perform a system update, that is, perform an OTA upgrade.
在终端设备100完成OTA升级之后,可以自动进行开机重启,并显示如图3E示例性所示的用户界面340,该用户界面可以显示有提示信息“开机中”,用于提示用户终端设备100正在开机重启。After the terminal device 100 completes the OTA upgrade, it can automatically start and restart, and display a user interface 340 as shown in Figure 3E. Power on and restart.
参阅图3F-图3H,图3F-图3H示例性示出了在OTA完成后多用户切换的过程。Referring to FIG. 3F-FIG. 3H, FIG. 3F-FIG. 3H exemplarily show the process of multi-user handover after OTA is completed.
终端设备100可以检测到用户针对图3B中的“用户和账户”选项311的操作(例如点击操作),响应于该操作,终端设备100可以显示如图3F示例性所示的用户界面350,可以看出,当前登录终端设备100的用户为机主用户(也可以称为默认用户),终端设备100可以检测到用户针对选项351的操作(例如点击操作),响应于该操作,终端设备100可以显示如图3G示例性所示的用户界面360,该用户界面显示有多个选项(例如选项361、选项362 等),可以看出,可以登录终端设备100的用户有两个:机主用户和用户1,当前登录终端设备100的用户为机主用户,如果用户想要切换到用户1来登录终端设备100,则终端设备100可以检测到用户针对选项362的操作(例如点击操作),响应于该操作,终端设备100可以显示如图3H所示的弹窗370,进一步地,终端设备100可以检测到用户针对选项371的操作(例如点击操作),响应于该操作,终端设备100可以将当前登录终端设备100的用户由机主用户切换到用户1,从而完成多用户切换。The terminal device 100 may detect the user's operation (such as a click operation) on the "user and account" option 311 in FIG. It can be seen that the user who currently logs in to the terminal device 100 is the owner user (also referred to as the default user), the terminal device 100 can detect the user's operation on the option 351 (such as a click operation), and in response to this operation, the terminal device 100 can A user interface 360 as shown in FIG. 3G is displayed, and the user interface displays multiple options (such as option 361, option 362, etc.), and it can be seen that there are two users who can log in to the terminal device 100: the owner user and User 1, the user who currently logs in to the terminal device 100 is the owner user, if the user wants to switch to user 1 to log in to the terminal device 100, then the terminal device 100 can detect the user's operation on option 362 (such as a click operation), and respond to In this operation, the terminal device 100 can display a pop-up window 370 as shown in FIG. The user who logs in to the terminal device 100 is switched from the owner user to user 1, thus completing the multi-user switching.
终端设备100在OTA完成后执行开机重启过程(参阅图3E)或检测到在OTA完成后多用户切换的操作(例如用户针对图3H中的选项371的操作)之后,可以触发终端设备100的应用包管理服务模块执行扫描应用程序包的过程,对系统内当前登录的用户下所有的应用程序包进行扫描,对其数据目录进行修复。After the terminal device 100 performs a power-on restart process (see FIG. 3E ) after the completion of the OTA or detects the operation of multi-user switching after the completion of the OTA (for example, the user's operation on option 371 in FIG. 3H ), the application of the terminal device 100 can be triggered. The package management service module executes the process of scanning application program packages, scans all application program packages under the currently logged-in user in the system, and repairs its data directory.
在本申请实施例中,终端设备100的应用包管理服务模块在检测到OTA完成后开机重启或OTA完成后多用户切换之后,开始执行扫描应用程序包的过程,以扫描系统应用1为例,应用包管理服务模块还可以向Installer发送查询新旧UID的请求,该请求中可以携带有系统应用1的包名等信息,该请求用于指示Installer查询系统应用1的新UID和旧UID,其中,新UID是指本次OTA升级开机重启之后/本次OTA升级多用户切换之后系统应用1的UID,旧UID是指本次OTA升级开机重启之前/本次OTA升级多用户切换之前系统应用1的UID。In the embodiment of the present application, the application package management service module of the terminal device 100 starts to scan the application package after detecting that the OTA is completed and restarted or multi-user switching is completed. Taking the scanning system application 1 as an example, The application package management service module may also send a request to the Installer for querying the old and new UIDs, the request may carry information such as the package name of the system application 1, and the request is used to instruct the Installer to query the new UID and the old UID of the system application 1, wherein, The new UID refers to the UID of the system application 1 after the OTA upgrade is restarted/after the multi-user switch of the OTA upgrade, and the old UID refers to the UID of the system application 1 before the OTA upgrade is restarted/before the multi-user switch of the OTA upgrade UID.
终端设备100的Installer在接收到查询新旧UID的请求之后,可以向Installd发送查询新旧UID的请求,一种可能的实现方式是下述步骤S203-S204中描述的实现方式:After the Installer of the terminal device 100 receives the request for querying the old and new UIDs, it can send a request for querying the old and new UIDs to Installd. One possible implementation is the implementation described in the following steps S203-S204:
S203-S204、终端设备100的Installer向服务管理模块发送获取服务1的请求,该服务1为查询新旧UID服务,服务管理模块接收到Installer发送的获取服务1的请求之后,向Installd发送查询新旧UID的请求。S203-S204, the Installer of the terminal device 100 sends to the service management module a request for obtaining service 1, the service 1 is a service for querying the old and new UIDs, and after receiving the request for obtaining the service 1 sent by the Installer, the service management module sends a query for the old and new UIDs to Installd request.
具体地,终端设备100的Installer接收到应用包管理服务模块发送的查询新旧UID的请求之后,可以向服务管理模块发送获取服务1的请求,该服务1为查询新旧UID服务。服务管理模块接收到Installer发送的获取服务1的请求之后,可以向Installd发送查询新旧UID的请求,该请求中可以携带有系统应用1的包名等信息,该请求用于指示Installd查询系统应用1的新UID和旧UID。Specifically, after the Installer of the terminal device 100 receives the request for querying the old and new UIDs sent by the application package management service module, it may send a request to the service management module to obtain service 1, which is a service for querying the old and new UIDs. After the service management module receives the request for obtaining service 1 sent by the Installer, it can send a request to Installd to query the old and new UIDs. The request can carry information such as the package name of the system application 1, and the request is used to instruct Installd to query the system application 1. new UID and old UID.
其中,服务管理模块是通过binder将上述查询新旧UID的请求透传给Installd的;其中,binder是一种进程间通信(Inter-Process Communication,IPC)的机制,可以实现多个进程间的数据交互;透传(即透明传输)是指在通讯中只负责将传输的内容由源地址发送到目的地址,而不对传输的内容做任何改变。Among them, the service management module transparently transmits the request for querying the old and new UIDs to Installd through the binder; among them, the binder is an inter-process communication (Inter-Process Communication, IPC) mechanism, which can realize data interaction between multiple processes ; Transparent transmission (that is, transparent transmission) means that in communication, it is only responsible for sending the transmitted content from the source address to the destination address, without making any changes to the transmitted content.
终端设备100的Installd在接收到查询新旧UID的请求之后,可以向应用包管理服务模块发送新UID、旧UID,一种可能的实现方式是下述步骤S205-S207中描述的实现方式:After the Installd of the terminal device 100 receives the request for querying the old and new UIDs, it can send the new UID and the old UID to the application package management service module. One possible implementation is the implementation described in the following steps S205-S207:
S205-S207、终端设备100的Installd向服务管理模块发送新UID、旧UID,服务管理模块接收到Installd发送的新UID、旧UID之后,向Installer发送该新UID、旧UID,Installer接收到服务管理模块发送的新UID、旧UID之后,向应用包管理服务模块发送该新UID、旧UID。S205-S207, the Installd of the terminal device 100 sends the new UID and the old UID to the service management module, and after the service management module receives the new UID and the old UID sent by the Installd, it sends the new UID and the old UID to the Installer, and the Installer receives the service management After the new UID and old UID sent by the module, send the new UID and old UID to the application package management service module.
具体地,终端设备100的Installd在接收到服务管理模块发送的查询新旧UID的请求之 后,可以查询系统应用1的新UID和旧UID,Installd在查询到系统应用1的新UID和旧UID之后,可以向服务管理模块发送系统应用1的新UID和旧UID,服务管理模块在接收到Installd发送的系统应用1的新UID和旧UID之后,可以向Installer发送该系统应用1的新UID和旧UID,Installer在接收到服务管理模块发送的系统应用1的新UID和旧UID之后,可以向应用包管理服务模块发送该系统应用1的新UID和旧UID。Specifically, after the Installd of the terminal device 100 receives the request for querying the old and new UIDs sent by the service management module, it can query the new UID and the old UID of the system application 1, and after the Installd queries the new UID and the old UID of the system application 1, The new UID and old UID of system application 1 can be sent to the service management module, and the service management module can send the new UID and old UID of system application 1 to Installer after receiving the new UID and old UID of system application 1 sent by Installd After receiving the new UID and old UID of the system application 1 sent by the service management module, the Installer may send the new UID and old UID of the system application 1 to the application package management service module.
可以看出,通过执行阶段一的步骤S201-步骤S209,PMS可以获取到终端设备100上安装的所有应用的新UID和旧UID,从而可以为终端设备100执行后续阶段二中的步骤做铺垫,即执行完上述阶段一之后可以继续执行下述阶段二。在一些实施例中,执行完上述阶段一也可以不再执行下述阶段二,而是基于获取到的新UID和旧UID来执行其他任务,例如,执行完上述阶段一之后,基于获取到的所有应用的新UID和旧UID,终端设备100可以判断哪些应用正在共享同一个UID,进一步可以获取到这些应用的其他相关信息(例如被授予的权限信息),从而可以对这些应用做进一步管理(例如权限管理)等;终端设备100还可以通过判断同一个应用的新UID和旧UID是否不同来进一步确定该应用的UID变更是否成功,等等。It can be seen that, by executing steps S201-S209 of the first stage, the PMS can obtain the new UID and old UID of all applications installed on the terminal device 100, so as to pave the way for the terminal device 100 to perform the steps in the subsequent stage two, That is, after the above stage 1 is executed, the following stage 2 can be continued. In some embodiments, after the above-mentioned stage 1 is executed, the following stage 2 may not be executed, but other tasks are performed based on the obtained new UID and old UID. For example, after the above-mentioned stage 1 is executed, based on the obtained The new UID and old UID of all applications, the terminal device 100 can determine which applications are sharing the same UID, and can further obtain other relevant information (such as granted permission information) of these applications, so that these applications can be further managed ( For example, rights management), etc.; the terminal device 100 can further determine whether the UID change of the application is successful by judging whether the new UID and the old UID of the same application are different, and so on.
阶段二(步骤S208-步骤S217):密钥迁移阶段Phase 2 (step S208-step S217): key migration phase
S208、终端设备100的应用包管理服务模块基于新UID和旧UID确定应用的UID变更。S208. The application package management service module of the terminal device 100 determines the UID change of the application based on the new UID and the old UID.
具体地,终端设备100的应用包管理服务模块在接收到Installer发送的系统应用1的新UID和旧UID之后,可以将该系统应用1的新UID和旧UID进行比较,判断新UID和旧UID是否相同,若相同,则应用包管理服务模块确定系统应用1的UID没有变更,应用包管理服务模块不再执行后续步骤;若不同,则应用包管理服务模块确定系统应用1的UID变更了,可选地,应用包管理服务模块还会判断当前处理的应用是否属于系统应用,例如,应用包管理服务模块会判断系统应用1是否属于系统应用,若是,则应用包管理服务模块则会继续执行后续步骤。Specifically, after receiving the new UID and old UID of the system application 1 sent by the Installer, the application package management service module of the terminal device 100 can compare the new UID and the old UID of the system application 1 to determine the new UID and the old UID Whether they are the same, if they are the same, the application package management service module determines that the UID of the system application 1 has not changed, and the application package management service module does not perform the subsequent steps; if not, the application package management service module determines that the UID of the system application 1 has changed, Optionally, the application package management service module will also determine whether the currently processed application belongs to a system application. For example, the application package management service module will determine whether the system application 1 belongs to a system application. If so, the application package management service module will continue to execute next steps.
需要说明的是,终端设备100的应用包管理服务获取应用的新UID和旧UID的方式可以包括但不限于上述阶段一中所述的获取新UID和旧UID的方式。It should be noted that, the manner in which the application package management service of the terminal device 100 acquires the new UID and the old UID of the application may include but not limited to the manner of acquiring the new UID and the old UID described in the above stage 1.
终端设备100的应用包管理服务模块在确定UID变更之后,可以向密钥库服务模块发送迁移密钥的指令,一种可能的实现方式是下述步骤S209-S211中描述的实现方式:After the application package management service module of the terminal device 100 determines that the UID has changed, it can send an instruction to migrate the key to the key store service module. One possible implementation is the implementation described in the following steps S209-S211:
S209-S211、终端设备100的应用包管理服务模块向安卓密钥库发送迁移密钥的指令,该指令中包括应用的包名、新UID、旧UID等信息,安卓密钥库接收到该指令后,向服务管理模块发送获取服务2的请求,该服务2为迁移密钥服务,服务管理模块接收到该请求之后,向密钥库服务模块发送迁移密钥的指令。S209-S211, the application package management service module of the terminal device 100 sends an instruction to migrate the key to the Android keystore, the instruction includes information such as the package name of the application, the new UID, the old UID, etc., and the Android keystore receives the instruction Afterwards, a request for obtaining service 2 is sent to the service management module, and the service 2 is a key migration service. After receiving the request, the service management module sends an instruction of key migration to the key store service module.
具体地,终端设备100的应用包管理服务模块在确定系统应用1的UID变更之后,可以向安卓密钥库发送迁移密钥的指令,该指令中可以包括系统应用1的包名、新UID、旧UID等信息。安卓密钥库在接收到应用包管理服务模块发送的迁移密钥的指令之后,可以向服务管理模块发送获取服务2的请求,该服务2为迁移密钥服务。服务管理模块在接收到安卓密钥库发送的获取服务2的请求之后,可以向密钥库服务模块发送迁移密钥的指令,该指令中可以包括系统应用1的包名、新UID、旧UID等信息,该指令用于指示密钥库服务模块执行 密钥迁移操作。Specifically, after the application package management service module of the terminal device 100 determines that the UID of the system application 1 has changed, it may send an instruction to migrate the key to the Android keystore, and the instruction may include the package name of the system application 1, the new UID, Information such as the old UID. After receiving the key migration instruction sent by the application package management service module, the Android keystore may send a request to the service management module to obtain service 2, which is a migration key service. After the service management module receives the request for obtaining service 2 sent by the Android keystore, it can send an instruction to migrate the key to the keystore service module, which can include the package name, new UID, and old UID of the system application 1 and other information, this command is used to instruct the key store service module to perform the key migration operation.
其中,与前述步骤S204中的数据传输方式相同,服务管理模块同样是通过binder将上述迁移密钥的指令透传给密钥库服务模块的。Wherein, the same as the data transmission method in the aforementioned step S204, the service management module also transparently transmits the above-mentioned key migration instruction to the key store service module through the binder.
S212、终端设备100的密钥库服务模块确认调用权限检查、配置列表检查、密钥完整性检查、文件属性检查均通过。S212. The key store service module of the terminal device 100 confirms that the calling authority check, the configuration list check, the key integrity check, and the file attribute check all pass.
具体地,终端设备100的密钥库服务模块在接收到服务管理模块发送的迁移密钥的指令之后,可以先基于系统应用1的包名查找到该包名对应的全部密钥文件,进一步地,为提高安全性,可以再进行调用权限检查、配置列表检查、密钥完整性检查、文件属性检查,在确认上述四项检查均通过之后,密钥库服务模块再执行后续步骤。Specifically, after receiving the key migration instruction sent by the service management module, the key store service module of the terminal device 100 can first find all key files corresponding to the package name based on the package name of the system application 1, and further , in order to improve security, you can check the call authority, configuration list, key integrity, and file attributes. After confirming that the above four checks are all passed, the key store service module will perform the next steps.
其中,密钥库服务模块执行上述四项检查的具体执行过程如下:Among them, the specific execution process of the key store service module to perform the above four checks is as follows:
调用权限检查:密钥库服务模块确认调用密钥库服务进程的IPC对端进程是否为系统进程,若为系统进程,则密钥库服务模块确认调用权限检查通过。Call authority check: the key store service module confirms whether the IPC peer process calling the key store service process is a system process, and if it is a system process, the key store service module confirms that the call authority check passes.
配置列表检查:密钥库服务模块基于配置列表中记录的系统应用1的包名对应的配置信息来确定系统应用1的包名是否允许进行密钥迁移,若允许,则密钥库服务模块确认配置列表检查通过,密钥库服务模块还会进一步确定需要迁移与系统应用1的包名对应的哪些密钥。Configuration list check: The key store service module determines whether the package name of the system application 1 allows key migration based on the configuration information corresponding to the package name of the system application 1 recorded in the configuration list. If it is allowed, the key store service module confirms If the configuration list check is passed, the key store service module will further determine which keys corresponding to the package name of the system application 1 need to be migrated.
密钥完整性检查:密钥库服务模块通过调用KeymasterTA来对密钥的完整性进行校验,防止密钥被篡改。若校验成功,则密钥库服务模块确认系统应用1的包名对应的全部密钥文件的密钥完整性检查通过。Key integrity check: The key store service module verifies the integrity of the key by calling KeymasterTA to prevent the key from being tampered with. If the verification is successful, the key store service module confirms that the key integrity check of all key files corresponding to the package name of the system application 1 passes.
文件属性检查:密钥库服务模块通过调用Installd对系统应用1的包名对应的全部密钥文件的属组和权限进行检查,用于消除密钥被非法操作的潜在隐患。File attribute check: The key store service module checks the attributes and permissions of all key files corresponding to the package name of the system application 1 by calling Installd, so as to eliminate the potential hidden danger of the key being illegally operated.
本申请实施例对密钥库服务模块执行上述四项检查的时间顺序不作限定。The embodiment of the present application does not limit the time sequence in which the key store service module performs the above four checks.
在一些实施例中,步骤S212是可选的。In some embodiments, step S212 is optional.
在一些实施例中,上述四项检查中的一项或多项通过之后,密钥库服务模块即可执行后续步骤。In some embodiments, after one or more of the above four checks pass, the key store service module can execute the next steps.
在一种可能的实现方式中,密钥库服务模块基于系统应用1的包名查找到该包名对应的全部密钥文件之后,由于当前全部密钥文件的文件名是基于系统应用1的旧UID、密钥类型、密钥别名来编码生成的,因此,密钥库服务模块可以根据密钥文件的文件名中包含的应用的旧UID来确定接收到来自服务管理模块发送的上述两个UID(新UID和旧UID)中,哪个是旧UID,哪个是新UID。In a possible implementation, after the keystore service module finds all the key files corresponding to the package name based on the package name of the system application 1, since the file names of all the current key files are based on the old key files of the system application 1 UID, key type, and key alias are encoded and generated. Therefore, the key store service module can determine that the above two UIDs sent by the service management module are received according to the old UID of the application contained in the file name of the key file. (New UID and old UID), which is the old UID and which is the new UID.
S213、终端设备100的密钥库服务模块执行密钥迁移操作,得到新密钥文件。S213. The key store service module of the terminal device 100 performs a key migration operation to obtain a new key file.
具体地,终端设备100的密钥库服务模块在确认调用权限检查、配置列表检查、密钥完整性检查、文件属性检查均通过之后,可以开始执行密钥迁移操作,即对系统应用1的包名对应的全部密钥文件进行迁移。Specifically, after confirming that the call authority check, configuration list check, key integrity check, and file attribute check all pass, the key store service module of the terminal device 100 can start to perform the key migration operation, that is, the package of the system application 1 All key files corresponding to the name are migrated.
其中,密钥库服务模块执行密钥迁移操作可以包括但不限于以下两种可能的实现方式, 下面以密钥库服务模块对上述全部密钥文件中的其中一个密钥文件进行迁移来对这两种可能的实现方式进行介绍:Among them, the key migration operation performed by the key store service module may include but not limited to the following two possible implementation methods. The following uses the key store service module to migrate one of the key files in the above-mentioned key files. Two possible implementations are introduced:
假设旧UID为1000,新UID为5514,解密数据1需要用到的密钥文件为密钥文件1,那么,根据安卓密钥库系统对密钥文件的命名规则,若旧UID对应的密钥文件1的文件名(即上述密钥文件1当前的文件名)为1000_USRPKEY_XX,则新UID对应的密钥文件1的文件名为5514_USRPKEY_XX,也即是说,应用的UID变更之后,同一密钥文件的文件名中变化的字段只有UID字段,而其他字段(例如密钥类型、密钥别名)均没有变化。Suppose the old UID is 1000, the new UID is 5514, and the key file needed to decrypt data 1 is key file 1, then, according to the naming rules of the key file in the Android keystore system, if the key corresponding to the old UID The file name of file 1 (that is, the current file name of key file 1 above) is 1000_USRPKEY_XX, and the file name of key file 1 corresponding to the new UID is 5514_USRPKEY_XX. That is to say, after the UID of the application is changed, the same key file Only the UID field changes in the file name of , while other fields (such as key type and key alias) do not change.
可能的实现方式1:Possible implementation 1:
密钥库服务模块可以将文件名为1000_USRPKEY_XX的密钥文件(即上述密钥文件1)中存储的数据迁移到另一个新密钥文件中,该新密钥文件的文件名为5514_USRPKEY_XX,这样,新密钥文件中就存储了文件名为1000_USRPKEY_XX的密钥文件中存储的数据,其中,密钥文件中存储的数据可以包括对加密数据进行解密所需要的密钥信息。The key store service module can migrate the data stored in the key file named 1000_USRPKEY_XX (i.e. the above key file 1) to another new key file, the file name of the new key file is 5514_USRPKEY_XX, like this, The data stored in the key file named 1000_USRPKEY_XX is stored in the new key file, wherein the data stored in the key file may include key information required for decrypting the encrypted data.
可选地,在数据迁移结束后,密钥库服务模块可以将文件名为1000_USRPKEY_XX的密钥文件删除。Optionally, after the data migration is completed, the key store service module may delete the key file named 1000_USRPKEY_XX.
可能的实现方式2:Possible implementation 2:
密钥库服务模块可以只将旧UID对应的密钥文件1的文件名由1000_USRPKEY_XX修改为新UID对应的密钥文件1的文件名5514_USRPKEY_XX,在这种情况下,新密钥文件仍然为上述密钥文件1,只是其文件名由1000_USRPKEY_XX变为了5514_USRPKEY_XX,文件中存储的数据并没有变化。The key store service module can only change the file name of the key file 1 corresponding to the old UID from 1000_USRPKEY_XX to the file name of the key file 1 corresponding to the new UID 5514_USRPKEY_XX. In this case, the new key file is still the above key file. key file 1, but its file name has changed from 1000_USRPKEY_XX to 5514_USRPKEY_XX, and the data stored in the file has not changed.
这样,通过执行密钥迁移操作,在应用的UID变更之后,可以基于新UID生成的密钥文件的文件名来查找到对应的密钥文件,并基于该密钥文件得到解密过程所需要的加密数据的密钥,从而可以避免加密数据丢失,提高用户体验。In this way, by performing the key migration operation, after the UID of the application is changed, the corresponding key file can be found based on the file name of the key file generated by the new UID, and the encryption required for the decryption process can be obtained based on the key file. The key of the data, so as to avoid the loss of encrypted data and improve user experience.
S214、终端设备100的密钥库服务模块确认新密钥文件的密钥完整性检查、文件属性检查均通过。S214. The key store service module of the terminal device 100 confirms that both the key integrity check and the file attribute check of the new key file pass.
具体地,终端设备100的密钥库服务模块在执行完密钥迁移操作之后,可以对新密钥文件进行密钥完整性检查和文件属性检查,若确认新密钥文件的密钥完整性检查、文件属性检查均通过,则密钥库服务模块确认密钥迁移成功。Specifically, after performing the key migration operation, the key store service module of the terminal device 100 may perform a key integrity check and a file attribute check on the new key file, and if the key integrity check of the new key file is confirmed , and file attribute checks all pass, the key store service module confirms that the key migration is successful.
其中,密钥库服务模块进行密钥完整性检查和文件属性检查的具体执行过程可以参照前述相关内容,在此不再赘述。Wherein, the specific execution process of the key integrity check and the file attribute check by the key store service module can refer to the above-mentioned related content, and will not be repeated here.
在一些实施例中,步骤S214是可选的。In some embodiments, step S214 is optional.
在一些实施例中,密钥库服务模块确认新密钥文件的密钥完整性检查、文件属性检查中的其中一项通过之后,即可确认密钥迁移成功。In some embodiments, after the key store service module confirms that one of the key integrity check and the file attribute check of the new key file passes, it can confirm that the key migration is successful.
终端设备100的密钥库服务模块在完成密钥迁移之后,可以向应用包管理服务模块发送密钥迁移成功指令,一种可能的实现方式是下述步骤S215-S217中描述的实现方式:After the key storage service module of the terminal device 100 completes the key migration, it can send a key migration success instruction to the application package management service module. One possible implementation is the implementation described in the following steps S215-S217:
S215-S217、终端设备100的密钥库服务模块向服务管理模块发送密钥迁移成功指令,服务管理模块接收到该密钥迁移成功指令之后,向安卓密钥库发送该密钥迁移成功指令,安卓 密钥库接收到该密钥迁移成功指令之后,向应用包管理服务模块发送该密钥迁移成功指令。S215-S217, the key store service module of the terminal device 100 sends a key migration success instruction to the service management module, and after receiving the key migration success instruction, the service management module sends the key migration success instruction to the Android key store, After receiving the key migration success instruction, the Android key store sends the key migration success instruction to the application package management service module.
其中,上述密钥迁移成功指令用于向应用程序包管理服务模块通知密钥库服务模块已经成功完成密钥迁移。Wherein, the key migration success instruction is used to notify the application package management service module that the key store service module has successfully completed the key migration.
在一些实施例中,步骤S215-步骤S217是可选的。In some embodiments, step S215-step S217 are optional.
通过实施图2所示实施例提供的密钥迁移方法,应用的UID变更之后,终端设备100依然可以显示与图1A所示的用户界面100相同的用户界面,即终端设备100依然保存有用户的账号信息(例如账号名称Mary等)和用户使用该应用过程中产生的历史数据信息,也即是说,通过实施图2所示实施例提供的密钥迁移方法,终端设备100在确定应用的UID变更之后,通过对该应用在KeyStoreService侧存储的密钥文件进行修复,实现密钥迁移,从而可以保证变更UID之后该应用在进行数据解密时仍然可以查找到正确的密钥文件来对加密数据进行解密,避免解密失败和加密数据丢失,提高业务连续性,提高用户体验。By implementing the key migration method provided by the embodiment shown in Figure 2, after the UID of the application is changed, the terminal device 100 can still display the same user interface as the user interface 100 shown in Figure 1A, that is, the terminal device 100 still saves the user's Account information (such as account name Mary, etc.) and historical data information generated during the user's use of the application, that is to say, by implementing the key migration method provided by the embodiment shown in Figure 2, the terminal device 100 determines the UID of the application After the change, the key file stored by the application on the KeyStoreService side is repaired to implement key migration, so that the application can still find the correct key file to decrypt the encrypted data after the UID is changed. Decryption, avoiding decryption failure and loss of encrypted data, improving business continuity and user experience.
下面介绍本申请实施例提供的另一种PMS扫描应用程序包的场景下触发执行的密钥迁移方法。The following describes another method for triggering key migration in the scenario where the PMS scans the application package provided by the embodiment of the present application.
图4示例性示出了本申请实施例提供的另一种PMS扫描应用程序包的场景下触发执行密钥迁移方法的流程。如图4所示,该方法可以应用于终端设备100,下面以终端设备100上的系统应用的UID变更为例介绍该方法的具体步骤:FIG. 4 exemplarily shows the flow of a method for triggering execution of key migration in the scenario of another PMS scanning application package provided by an embodiment of the present application. As shown in FIG. 4, the method can be applied to the terminal device 100. The specific steps of the method will be described below by taking the UID change of the system application on the terminal device 100 as an example:
S401-S402、终端设备100通过PMS来扫描应用程序包,并通过Installd来查询应用的新UID和旧UID。S401-S402, the terminal device 100 scans the application package through the PMS, and queries the new UID and the old UID of the application through Installd.
具体地,终端设备100在OTA完成后执行开机重启过程(参阅图3E)或检测到OTA完成后多用户切换的操作(例如用户针对图3H中的选项371的操作)之后,可以触发PMS来扫描应用程序包,以扫描系统应用1为例,终端设备100可以通过Installd来查询系统应用1的新UID和旧UID,从而可以获取到系统应用1的新UID和旧UID,其中,新UID是指本次OTA升级开机重启之后/本次OTA升级多用户切换之后系统应用1的UID,旧UID是指本次OTA升级开机重启之前/本次OTA升级多用户切换之前系统应用1的UID。Specifically, after the terminal device 100 performs a power-on restart process (see FIG. 3E ) after the completion of the OTA or detects the operation of multi-user switching after the completion of the OTA (for example, the user's operation for option 371 in FIG. 3H ), it can trigger the PMS to scan Application package, taking the scanning system application 1 as an example, the terminal device 100 can query the new UID and old UID of the system application 1 through Installd, so as to obtain the new UID and old UID of the system application 1, wherein the new UID refers to The UID of the system application 1 after the OTA upgrade is restarted/after the multi-user switching of the OTA upgrade, and the old UID refers to the UID of the system application 1 before the OTA upgrade is restarted/before the multi-user switching of the OTA upgrade.
S403、终端设备100判断应用的新UID和旧UID是否不同。S403. The terminal device 100 judges whether the new UID of the application is different from the old UID.
具体地,终端设备100在获取到系统应用1的新UID和旧UID之后,可以将该系统应用1的新UID和旧UID进行比较,判断新UID和旧UID是否不同,若否,则终端设备100确定系统应用1的UID没有变更,终端设备100不再执行后续步骤;若是,则终端设备100确定系统应用1的UID变更了。可选地,终端设备100还会判断当前处理的应用是否属于系统应用,例如,终端设备100会判断系统应用1是否属于系统应用,若是,则终端设备100则会继续执行后续步骤。Specifically, after acquiring the new UID and the old UID of the system application 1, the terminal device 100 can compare the new UID and the old UID of the system application 1 to determine whether the new UID and the old UID are different; 100 determines that the UID of the system application 1 has not changed, and the terminal device 100 does not perform subsequent steps; if so, the terminal device 100 determines that the UID of the system application 1 has changed. Optionally, the terminal device 100 will also determine whether the currently processed application belongs to a system application, for example, the terminal device 100 will determine whether the system application 1 belongs to a system application, and if so, the terminal device 100 will continue to perform subsequent steps.
S404、终端设备100判断调用权限检查、配置列表检查、密钥完整性检查、文件属性检查是否均通过。S404. The terminal device 100 judges whether all of the calling authority check, the configuration list check, the key integrity check, and the file attribute check pass.
具体地,若上述四项检查均通过,则终端设备100则继续执行后续步骤,进行密钥迁移,若上述四项检查未全部通过,则终端设备100不再执行后续步骤。Specifically, if the above four checks all pass, the terminal device 100 will continue to perform subsequent steps to perform key migration; if the above four checks do not all pass, the terminal device 100 will not perform subsequent steps.
其中,终端设备100进行上述四项检查的具体执行过程可以参照图2所示实施例中的步骤S212中的相关内容,在此不再赘述。For the specific execution process of the terminal device 100 performing the above four checks, reference may be made to the relevant content in step S212 in the embodiment shown in FIG. 2 , which will not be repeated here.
S405、终端设备100迁移密钥文件,得到新密钥文件。S405. The terminal device 100 migrates the key file to obtain a new key file.
其中,步骤S405的具体执行过程可以参照图2所示实施例中的步骤S213中的相关内容,在此不再赘述。Wherein, for the specific execution process of step S405, reference may be made to relevant content in step S213 in the embodiment shown in FIG. 2 , which will not be repeated here.
S406-S409、终端设备100判断新密钥文件的密钥完整性检查、文件属性检查是否均通过?若是,则终端设备100确认密钥迁移成功,若否,则终端设备100删除新密钥文件,并确认密钥迁移失败。S406-S409. The terminal device 100 judges whether the key integrity check and the file attribute check of the new key file pass? If yes, the terminal device 100 confirms that the key migration is successful; if not, the terminal device 100 deletes the new key file, and confirms that the key migration fails.
具体地,终端设备100在迁移密钥文件,得到新密钥文件之后,可以对新密钥文件进行密钥完整性检查、文件属性检查,若这两项检查均通过,则终端设备100可以确认密钥迁移成功,若这两项检查未全部通过,则终端设备100可以删除新密钥文件,并确认密钥迁移失败。Specifically, after the terminal device 100 migrates the key file and obtains the new key file, it can perform a key integrity check and a file attribute check on the new key file. If both checks pass, the terminal device 100 can confirm that The key migration is successful. If the two checks do not pass, the terminal device 100 may delete the new key file and confirm that the key migration fails.
其中,终端设备100进行密钥完整性检查和文件属性检查的具体执行过程可以参照前述图2所示实施例中的相关内容,在此不再赘述。For the specific execution process of the key integrity check and file attribute check performed by the terminal device 100, reference may be made to the relevant content in the embodiment shown in FIG. 2 , which will not be repeated here.
下面介绍本申请实施例提供的一种应用在启动并运行过程中需要获取密钥的场景下触发执行的密钥迁移方法。The following describes a key migration method that is triggered and executed in a scenario where an application needs to obtain a key during startup and running provided by the embodiment of the present application.
图5示例性示出了本申请实施例提供的一种应用在启动并运行过程中需要获取密钥的场景下触发执行密钥迁移方法的流程。如图5所示,该方法可以应用于终端设备100,其中,终端设备100可以包括:应用1(APP1)、安卓密钥库(AndroidKeystore)、密钥库服务模块(KeyStoreService)、服务管理模块(ServiceManager)、Installd。Fig. 5 exemplarily shows a process of triggering execution of a key migration method in a scenario where an application needs to obtain a key during start-up and running provided by an embodiment of the present application. As shown in FIG. 5, the method can be applied to a terminal device 100, wherein the terminal device 100 can include: an application 1 (APP1), an Android keystore (AndroidKeystore), a keystore service module (KeyStoreService), a service management module ( ServiceManager), Installd.
下面以终端设备100上的系统应用的UID变更为例详细介绍该方法的具体步骤:The specific steps of the method are described in detail below by taking the UID change of the system application on the terminal device 100 as an example:
终端设备100可以获取到应用的新UID和旧UID,在确定新UID和旧UID不同的情况下,终端设备100可以再进行密钥迁移,从而保证变更UID之后该应用在进行数据解密时仍然可以查找到正确的密钥文件来对加密数据进行解密,避免解密失败和加密数据丢失。The terminal device 100 can obtain the new UID and the old UID of the application. When it is determined that the new UID and the old UID are different, the terminal device 100 can perform key migration again, so as to ensure that the application can still decrypt data after changing the UID. Find the correct key file to decrypt the encrypted data, avoiding decryption failure and loss of encrypted data.
示例性地,终端设备100获取应用的新UID和旧UID的一种可能的实现方式可以为下述阶段一(步骤S501-步骤S509)中描述的实现方式,下面详细介绍阶段一的具体执行过程:Exemplarily, a possible implementation manner for the terminal device 100 to obtain the new UID and old UID of the application may be the implementation described in the following phase 1 (step S501-step S509), and the specific execution process of phase 1 will be introduced in detail below :
阶段一(步骤S501-步骤S509):获取新旧UID阶段Phase 1 (step S501-step S509): Obtaining the old and new UID phase
首先,终端设备100的应用1可以向密钥库服务模块发送获取密钥的请求,一种可能的实现方式是下述步骤S501-S503中描述的实现方式:First, the application 1 of the terminal device 100 can send a request to obtain a key to the key store service module, and a possible implementation is the implementation described in the following steps S501-S503:
S501-S503、终端设备100在检测到应用1启动并运行之后,终端设备100的应用1向安卓密钥库发送获取密钥1的请求,该请求中携带新UID、密钥1的密钥别名、密钥类型等信息,安卓密钥库在接收到该获取密钥1的请求之后,向密钥库服务模块发送该获取密钥的请求。S501-S503, after the terminal device 100 detects that the application 1 is started and running, the application 1 of the terminal device 100 sends a request to obtain the key 1 to the Android keystore, and the request carries the new UID and the key alias of the key 1 , key type and other information, after receiving the request to obtain the key 1, the Android keystore sends the request to the keystore service module.
具体地,以应用1是系统应用为例,终端设备100在检测到应用1启动并运行之后,可以检测到应用1需要获取密钥1,之后,应用1可以向安卓密钥库发送获取密钥1的请求,该请求中携带新UID、密钥1的密钥别名、密钥类型等信息,其中,密钥1为解密应用1中的加密数据所需要的密钥,新UID为应用1当前的UID。安卓密钥库在接收到应用1发送的获取密钥1的请求之后,可以向密钥库服务模块发送该获取密钥1的请求。Specifically, taking application 1 as a system application as an example, after detecting that application 1 is started and running, terminal device 100 can detect that application 1 needs to acquire key 1, and then application 1 can send the acquisition key to the Android keystore 1, the request carries information such as the new UID, the key alias of key 1, and the key type, among which, key 1 is the key required to decrypt the encrypted data in application 1, and the new UID is the current key of application 1. UID. After receiving the request for obtaining the key 1 sent by the application 1, the Android key store may send the request for obtaining the key 1 to the key store service module.
S504、终端设备100的密钥库服务模块查询密钥1的密钥别名对应的应用的包名,并确 定存在与密钥1的密钥别名对应的应用的包名。S504. The key store service module of the terminal device 100 queries the package name of the application corresponding to the key alias of key 1, and determines that there is an application package name corresponding to the key alias of key 1.
具体地,终端设备100的密钥库服务模块在接收到安卓密钥库发送的获取密钥1的请求之后,可以基于该请求中携带的密钥1的密钥别名在配置列表中查询该密钥1的密钥别名对应的应用的包名,其中,配置列表中存储有密钥别名与应用的包名之间的映射关系。进一步地,密钥库服务模块可以根据上述映射关系确定配置列表中存在与密钥1的密钥别名对应的应用的包名,进一步地,密钥库服务模块可以确定与密钥1的密钥别名对应的应用的包名为应用1的包名。Specifically, after the key store service module of the terminal device 100 receives the request for obtaining key 1 sent by the Android key store, it can query the key 1 in the configuration list based on the key alias of the key 1 carried in the request. The package name of the application corresponding to the key alias of key 1, wherein the mapping relationship between the key alias and the package name of the application is stored in the configuration list. Further, the key store service module can determine that the package name of the application corresponding to the key alias of key 1 exists in the configuration list according to the above mapping relationship, and further, the key store service module can determine the key alias of key 1 The package name of the application corresponding to the alias is the package name of application 1.
在一些实施例中,上述获取密钥1的请求中还可以携带有应用1的包名,在这种情况下,可以不用执行步骤S504。In some embodiments, the request for obtaining the key 1 may also carry the package name of the application 1. In this case, step S504 may not be performed.
S505、终端设备100的密钥库服务模块基于新UID、密钥别名、密钥类型生成文件名1,并确认文件名1对应的密钥文件不存在。S505. The key store service module of the terminal device 100 generates file name 1 based on the new UID, key alias, and key type, and confirms that the key file corresponding to file name 1 does not exist.
具体地,终端设备100的密钥库服务模块可以基于上述获取密钥1的请求中携带的新UID、密钥1的密钥别名、密钥1的密钥类型来编码生成文件名1,进一步地,密钥库服务模块可以查找该文件名1对应的密钥文件,若确认该文件名1对应的密钥文件不存在,则密钥库服务模块可以继续执行后续步骤。Specifically, the key store service module of the terminal device 100 may encode and generate the file name 1 based on the new UID carried in the request for acquiring the key 1, the key alias of the key 1, and the key type of the key 1, and further Specifically, the key store service module may search for the key file corresponding to the file name 1, and if it is confirmed that the key file corresponding to the file name 1 does not exist, the key store service module may continue to perform subsequent steps.
需要说明的是,本申请实施例对执行步骤S504和执行步骤S505的时间顺序不作限定。It should be noted that, the embodiment of the present application does not limit the time sequence of executing step S504 and step S505.
进一步地,终端设备100的密钥库服务模块可以向Installd发送查询旧UID的请求,一种可能的实现方式是下述步骤S506-S507中描述的实现方式:Further, the key store service module of the terminal device 100 may send a request to Installd to query the old UID, and a possible implementation is the implementation described in the following steps S506-S507:
S506-S507、终端设备100的密钥库服务模块向服务管理模块发送查询旧UID的请求,该请求中携带密钥1的密钥别名对应的应用的包名等信息,服务管理模块在接收到该查询旧UID的请求之后,向Installd发送该查询旧UID的请求。S506-S507, the key store service module of the terminal device 100 sends a request for querying the old UID to the service management module, the request carries information such as the package name of the application corresponding to the key alias of key 1, and the service management module receives After the request for querying the old UID, send the request for querying the old UID to Installd.
具体地,终端设备100的密钥库服务模块在确定存在与密钥1的密钥别名对应的应用的包名,且确定不存在上述文件名1对应的密钥文件之后,可以向服务管理模块发送查询旧UID的请求,该请求中携带有密钥1的密钥别名对应的应用的包名(即应用1的包名)等信息,其中,旧UID为应用1的初始UID(即变更为新UID之前的UID)。服务管理模块在接收到查询旧UID的请求之后,可以向Installd发送查询旧UID的请求,该请求用于指示Installd查询应用1的旧UID。Specifically, after the key store service module of the terminal device 100 determines that there is an application package name corresponding to the key alias of key 1 and that there is no key file corresponding to the above-mentioned file name 1, it may send a request to the service management module Send a request to query the old UID, which carries information such as the package name of the application corresponding to the key alias of key 1 (that is, the package name of application 1), where the old UID is the initial UID of application 1 (that is, changed to UID before the new UID). After receiving the request for querying the old UID, the service management module may send a request for querying the old UID to Installd, where the request is used to instruct Installd to query the old UID of the application 1 .
其中,服务管理模块是通过binder将上述查询旧UID的请求透传给Installd的。Wherein, the service management module transparently transmits the request for querying the old UID to Installd through the binder.
进一步地,终端设备100的Installd在接收到查询旧UID的请求之后,可以向密钥库服务系统发送旧UID,一种可能的实现方式是下述步骤S508-S509中描述的实现方式:Further, after the Installd of the terminal device 100 receives the request for querying the old UID, it can send the old UID to the key store service system. One possible implementation is the implementation described in the following steps S508-S509:
S508-S509、终端设备100的Installd向服务管理模块发送旧UID,服务管理模块在接收到Installd发送的旧UID之后,向密钥库服务模块发送该旧UID。S508-S509, Installd of the terminal device 100 sends the old UID to the service management module, and the service management module sends the old UID to the key store service module after receiving the old UID sent by Installd.
具体地,终端设备100的Installd在接收到服务管理模块发送的查询旧UID的请求之后,可以查询应用1的旧UID,Installd在查询到应用1的旧UID之后,Installd可以向服务管理模块发送应用1的旧UID,服务管理模块接收到Installd发送的应用1的旧UID之后,可以向密钥库服务模块发送该应用1的旧UID。Specifically, after the Installd of the terminal device 100 receives the request for querying the old UID sent by the service management module, it can query the old UID of the application 1. After the Installd queries the old UID of the application 1, the Installd can send the application to the service management module. 1, the service management module may send the old UID of application 1 to the keystore service module after receiving the old UID of application 1 sent by Installd.
阶段二(步骤S510-步骤S517):密钥迁移阶段Phase 2 (step S510-step S517): key migration phase
S510、终端设备100的密钥库服务模块基于新UID和旧UID确定应用1的UID变更。S510, the key store service module of the terminal device 100 determines the UID change of the application 1 based on the new UID and the old UID.
具体地,终端设备100的密钥库服务模块在接收到服务管理模块发送的应用1的旧UID之后,可以将该应用1的旧UID与应用1的新UID进行比较,判断旧UID和新UID是否相同,若相同,则密钥库服务模块确定应用1的UID没有变更,密钥库服务模块不再执行后续步骤;若不同,则密钥库服务模块确定应用1的UID变更了,可选地,密钥库服务模块还会判断当前应用是否属于系统应用,例如,密钥库服务模块会判断应用1是否属于系统应用,若是,则密钥库服务模块则会继续执行后续步骤。Specifically, after receiving the old UID of application 1 sent by the service management module, the key store service module of the terminal device 100 can compare the old UID of application 1 with the new UID of application 1, and determine the old UID and new UID Whether they are the same, if they are the same, the key store service module determines that the UID of application 1 has not changed, and the key store service module does not perform subsequent steps; if not, the key store service module determines that the UID of application 1 has changed, optional Specifically, the key store service module will also determine whether the current application belongs to the system application, for example, the key store service module will determine whether the application 1 belongs to the system application, and if so, the key store service module will continue to perform subsequent steps.
S511、终端设备100的密钥库服务模块基于旧UID、密钥别名、密钥类型生成文件名2,并确认文件名2对应的密钥文件存在。S511. The key store service module of the terminal device 100 generates a file name 2 based on the old UID, key alias, and key type, and confirms that a key file corresponding to the file name 2 exists.
具体地,终端设备100的密钥库服务模块可以基于接收到的应用1的旧UID、上述获取密钥1的请求中携带的密钥1的密钥别名、密钥1的密钥类型来编码生成文件名2,进一步地,密钥库服务模块可以查找该文件名2对应的密钥文件,若确认该文件名2对应的密钥文件存在,则密钥库服务模块可以继续执行后续步骤。Specifically, the key store service module of the terminal device 100 may encode the key based on the received old UID of the application 1, the key alias of the key 1 carried in the request for obtaining the key 1, and the key type of the key 1 The file name 2 is generated. Further, the key store service module can search for the key file corresponding to the file name 2. If it is confirmed that the key file corresponding to the file name 2 exists, the key store service module can continue to perform subsequent steps.
S512、终端设备100的密钥库服务模块确认调用权限检查、配置列表检查、密钥完整性检查、文件属性检查均通过。S512. The key store service module of the terminal device 100 confirms that the calling authority check, the configuration list check, the key integrity check, and the file attribute check all pass.
具体地,终端设备100的密钥库服务模块在确定应用1的UID变更,且确定存在上述文件名2对应的密钥文件之后,可以先进行调用权限检查、配置列表检查、密钥完整性检查、文件属性检查,在确认上述四项检查均通过之后,密钥库服务模块再执行后续步骤。Specifically, after the key store service module of the terminal device 100 determines that the UID of application 1 has changed and that the key file corresponding to the above-mentioned file name 2 exists, it may first perform call permission check, configuration list check, and key integrity check. . Checking the file attributes. After confirming that the above four checks are all passed, the key store service module performs subsequent steps.
其中,密钥库服务模块执行上述四项检查的具体过程如下:Among them, the specific process of the key store service module performing the above four checks is as follows:
调用权限检查:密钥库服务模块确认调用密钥库服务进程的IPC对端进程是否为系统进程,若为系统进程,则密钥库服务模块确认调用权限检查通过。Call authority check: the key store service module confirms whether the IPC peer process calling the key store service process is a system process, and if it is a system process, the key store service module confirms that the call authority check passes.
配置列表检查:密钥库服务模块基于配置列表中记录的应用1的包名对应的配置信息来确定应用1的包名是否允许进行密钥迁移,若允许,则密钥库服务模块确认配置列表检查通过。Configuration list check: The key store service module determines whether the package name of application 1 allows key migration based on the configuration information corresponding to the package name of application 1 recorded in the configuration list, and if so, the key store service module confirms the configuration list inspection passed.
密钥完整性检查:密钥库服务模块通过调用KeymasterTA来对密钥的完整性进行校验,防止密钥被篡改。若校验成功,则密钥库服务模块确认上述文件名2对应的密钥文件的密钥完整性检查通过。Key integrity check: The key store service module verifies the integrity of the key by calling KeymasterTA to prevent the key from being tampered with. If the verification is successful, the key store service module confirms that the key integrity check of the key file corresponding to the above file name 2 passes.
文件属性检查:密钥库服务模块通过调用Installd对上述文件名2对应的密钥文件的属组和权限进行检查,用于消除密钥被非法操作的潜在隐患。File attribute check: The key store service module checks the attribute group and permissions of the key file corresponding to the above file name 2 by calling Installd to eliminate the potential hidden danger of the key being illegally operated.
在一些实施例中,步骤S512是可选的。In some embodiments, step S512 is optional.
在一些实施例中,上述四项检查中的一项或多项通过之后,密钥库服务模块即可执行后续步骤。In some embodiments, after one or more of the above four checks pass, the key store service module can execute the next steps.
S513、终端设备100的密钥库服务模块执行密钥迁移操作,得到新密钥文件。S513. The key store service module of the terminal device 100 performs a key migration operation to obtain a new key file.
具体地,终端设备100的密钥库服务模块在确认调用权限检查、配置列表检查、密钥完整性检查、文件属性检查均通过之后,可以开始执行密钥迁移操作,即对上述文件名2对应的密钥文件进行迁移,得到新密钥文件。Specifically, after confirming that the call authority check, configuration list check, key integrity check, and file attribute check all pass, the key store service module of the terminal device 100 can start to perform the key migration operation, that is, the corresponding file name 2 The key file is migrated to get a new key file.
其中,密钥库服务模块执行密钥迁移操作可以包括但不限于以下两种可能的实现方式:Among them, the key migration operation performed by the key store service module may include but not limited to the following two possible implementations:
可能的实现方式1:Possible implementation 1:
密钥库服务模块可以将前述文件名2对应的密钥文件中存储的数据迁移到另一个新密钥文件中,该新密钥文件的文件名为前述基于新UID、密钥1的密钥别名、密钥1的密钥类型生成的文件名1,这样新密钥文件中就存储了前述文件名2对应的密钥文件中存储的数据。The key store service module can migrate the data stored in the key file corresponding to the aforementioned file name 2 to another new key file, and the file name of the new key file is the aforementioned key based on the new UID and key 1 Alias, the file name 1 generated by the key type of key 1, so that the data stored in the key file corresponding to the previous file name 2 is stored in the new key file.
可选地,在数据迁移结束后,密钥库服务模块可以将前述文件名2对应的密钥文件删除。Optionally, after the data migration is completed, the key store service module may delete the key file corresponding to the aforementioned file name 2.
可能的实现方式2:Possible implementation 2:
密钥库服务模块可以只将前述文件名2对应的密钥文件的文件名由文件名2修改为文件名1,在这种情况下,新密钥文件仍然为前述文件名2对应的密钥文件,只是其文件名由文件名2变为了文件名1,文件中存储的数据并没有变化。The key store service module can only change the file name of the key file corresponding to the aforementioned file name 2 from file name 2 to file name 1. In this case, the new key file is still the key corresponding to the aforementioned file name 2 file, but its file name has changed from file name 2 to file name 1, and the data stored in the file has not changed.
这样,通过执行密钥迁移操作,在应用的UID变更之后,可以基于新UID生成的密钥文件的文件名来查找到对应的密钥文件,并基于该密钥文件得到解密过程所需要的加密数据的密钥,从而可以避免加密数据丢失,提高用户体验。In this way, by performing the key migration operation, after the UID of the application is changed, the corresponding key file can be found based on the file name of the key file generated by the new UID, and the encryption required for the decryption process can be obtained based on the key file. The key of the data, so as to avoid the loss of encrypted data and improve user experience.
S514、终端设备100的密钥库服务模块确认新密钥文件的密钥完整性检查、文件属性检查均通过。S514. The key store service module of the terminal device 100 confirms that both the key integrity check and the file attribute check of the new key file pass.
具体地,终端设备100的密钥库服务模块在执行完密钥迁移操作之后,可以对新密钥文件进行密钥完整性检查和文件属性检查,若确认新密钥文件的密钥完整性检查、文件属性检查均通过,则密钥库服务模块确认密钥迁移成功。Specifically, after performing the key migration operation, the key store service module of the terminal device 100 may perform a key integrity check and a file attribute check on the new key file, and if the key integrity check of the new key file is confirmed , and file attribute checks all pass, the key store service module confirms that the key migration is successful.
其中,密钥库服务模块进行密钥完整性检查和文件属性检查的具体执行过程可以参照前述相关内容,在此不再赘述。Wherein, the specific execution process of the key integrity check and the file attribute check by the key store service module can refer to the above-mentioned related content, and will not be repeated here.
在一些实施例中,步骤S514是可选的。In some embodiments, step S514 is optional.
在一些实施例中,密钥库服务模块确认新密钥文件的密钥完整性检查、文件属性检查中的其中一项通过之后,即可确认密钥迁移成功。In some embodiments, after the key store service module confirms that one of the key integrity check and the file attribute check of the new key file passes, it can confirm that the key migration is successful.
进一步地,终端设备100的密钥库服务模块在确认密钥迁移成功之后,可以向应用1发送新密钥文件,一种可能的实现方式是下述步骤S515-S517中描述的实现方式:Further, after the key store service module of the terminal device 100 confirms that the key migration is successful, it can send the new key file to the application 1. One possible implementation is the implementation described in the following steps S515-S517:
S515-S517、终端设备100的密钥库服务模块向安卓密钥库发送新密钥文件,安卓密钥库接收到该新密钥文件之后,向应用1发送该新密钥文件,应用1接收到该新密钥文件之后,基于该新密钥文件获取密钥1。S515-S517. The key store service module of the terminal device 100 sends a new key file to the Android key store. After receiving the new key file, the Android key store sends the new key file to Application 1, and Application 1 receives it. After the new key file is obtained, key 1 is obtained based on the new key file.
具体地,在密钥迁移成功之后,终端设备100的密钥库服务模块可以向安卓密钥库发送新密钥文件,该新密钥文件即为密钥迁移之后文件名1对应的密钥文件,安卓密钥库在接收到该新密钥文件之后,可以向应用1发送该新密钥文件,应用1在接收到该新密钥文件之后,可以基于该新密钥文件中存储的数据获取到密钥1,从而可以利用该密钥1对加密数据进行解密。这样,避免了加密数据丢失和解密失败现象的发生,提高了用户体验。Specifically, after the key migration is successful, the key store service module of the terminal device 100 can send a new key file to the Android key store, and the new key file is the key file corresponding to the file name 1 after the key migration , after receiving the new key file, the Android keystore can send the new key file to application 1, and after receiving the new key file, application 1 can obtain the new key file based on the data stored in the new key file To the key 1, the encrypted data can be decrypted using the key 1. In this way, the phenomenon of loss of encrypted data and failure of decryption is avoided, and user experience is improved.
下面介绍本申请实施例提供的另一种应用在启动并运行过程中需要获取密钥的场景下触发执行的密钥迁移方法。The following introduces another method for key migration triggered by an application that needs to obtain a key during startup and running provided by the embodiment of the present application.
图6示例性示出了本申请实施例提供的另一种应用在启动并运行过程中需要获取密钥的场景下触发执行密钥迁移方法的流程。如图6所示,该方法可以应用于终端设备100,下面以终端设备100上的系统应用的UID变更为例介绍该方法的具体步骤:FIG. 6 exemplarily shows the flow of another method for triggering execution of key migration in a scenario where an application needs to obtain a key during startup and operation provided by an embodiment of the present application. As shown in FIG. 6, the method can be applied to the terminal device 100. The specific steps of the method are described below by taking the UID change of the system application on the terminal device 100 as an example:
S601、终端设备100确定需要获取密钥1。S601. The terminal device 100 determines that the key 1 needs to be acquired.
具体地,以应用1是系统应用为例,终端设备100在检测到应用1启动并运行之后,可以确定需要获取密钥1,其中,密钥1为解密应用1中的加密数据所需要的密钥。Specifically, taking Application 1 as a system application as an example, after detecting that Application 1 is started and running, terminal device 100 may determine that Key 1 needs to be obtained, where Key 1 is the encryption key required to decrypt the encrypted data in Application 1. key.
S602、终端设备100通过查询配置列表确定密钥1的密钥别名对应的应用的包名存在且为应用1的包名。S602. The terminal device 100 determines by querying the configuration list that the package name of the application corresponding to the key alias of the key 1 exists and is the package name of the application 1.
其中,步骤S602的具体执行过程可以参照图5所示实施例中步骤S504中的相关内容,在此不再赘述。Wherein, for the specific execution process of step S602, reference may be made to the relevant content in step S504 in the embodiment shown in FIG. 5 , which will not be repeated here.
S603、终端设备100获取应用1的新UID和旧UID。S603. The terminal device 100 acquires the new UID and the old UID of the application 1.
其中,应用1的新UID可以是终端设备100通过应用1来获取到的,应用1的旧UID可以是终端设备100通过Installd来获取到的。Wherein, the new UID of application 1 may be obtained by terminal device 100 through application 1, and the old UID of application 1 may be obtained by terminal device 100 through Installd.
S604、终端设备100判断应用1的新UID和旧UID是否不同,且获取密钥1所需要的密钥文件是否存在。S604. The terminal device 100 judges whether the new UID and the old UID of the application 1 are different, and whether the key file required for obtaining the key 1 exists.
具体地,终端设备100可以判断应用1的新UID和旧UID是否不同,若不同,则终端设备100确定应用1的UID变更了。进一步地,终端设备100还可以判断获取密钥1所需要的密钥文件是否存在,具体为:终端设备100可以基于新UID、密钥1的密钥别名、密钥类型来生成文件名1,并且根据该文件名1无法查询到获取密钥1所需要的密钥文件,进一步地,终端设备100还可以基于旧UID、密钥1的密钥别名、密钥类型来生成文件名2,并根据该文件名2查询获取密钥1所需要的密钥文件,若可以查询到,则终端设备100确定获取密钥1所需要的密钥文件是存在的。Specifically, the terminal device 100 may determine whether the new UID of the application 1 is different from the old UID, and if they are different, the terminal device 100 determines that the UID of the application 1 has changed. Further, the terminal device 100 can also determine whether the key file required to obtain the key 1 exists, specifically: the terminal device 100 can generate the file name 1 based on the new UID, the key alias of the key 1, and the key type, And according to the file name 1, the key file required to obtain the key 1 cannot be queried. Further, the terminal device 100 can also generate the file name 2 based on the old UID, the key alias of the key 1, and the key type, and According to the file name 2, the key file required for obtaining the key 1 is queried, and if it can be found, the terminal device 100 determines that the key file required for obtaining the key 1 exists.
终端设备100在确定应用1的新UID和旧UID不同,且获取密钥1所需要的密钥文件是存在的之后,可以继续执行后续步骤,否则,不再执行后续步骤。After the terminal device 100 determines that the new UID of the application 1 is different from the old UID, and the key file required to obtain the key 1 exists, the terminal device 100 may continue to perform the subsequent steps, otherwise, the subsequent steps will not be performed.
S605、终端设备100判断调用权限检查、配置列表检查、密钥完整性检查、文件属性检查是否均通过。S605. The terminal device 100 judges whether all of the calling authority check, the configuration list check, the key integrity check, and the file attribute check pass.
其中,步骤S605的具体执行过程可以参照图5所示实施例中步骤S512中的相关内容,在此不再赘述。Wherein, for the specific execution process of step S605, reference may be made to the relevant content in step S512 in the embodiment shown in FIG. 5 , which will not be repeated here.
S606、终端设备100迁移密钥文件,得到新密钥文件。S606. The terminal device 100 migrates the key file to obtain a new key file.
其中,步骤S606的具体执行过程可以参照图5所示实施例中步骤S513中的相关内容,在此不再赘述。Wherein, for the specific execution process of step S606, reference may be made to the relevant content in step S513 in the embodiment shown in FIG. 5 , which will not be repeated here.
S607-S610、终端设备100判断新密钥文件的密钥完整性检查、文件属性检查是否均通过?若是,则终端设备100确认密钥迁移成功,并获取到密钥1,若否,则终端设备100删除新 密钥文件,并确认密钥迁移失败。S607-S610. The terminal device 100 judges whether the key integrity check and the file attribute check of the new key file pass? If so, the terminal device 100 confirms that the key migration is successful, and obtains the key 1, if not, the terminal device 100 deletes the new key file, and confirms that the key migration fails.
具体地,终端设备100在迁移密钥文件,得到新密钥文件之后,可以对新密钥文件进行密钥完整性检查、文件属性检查,若这两项检查均通过,则终端设备100可以确认密钥迁移成功,终端设备100可以基于新密钥文件获取到密钥1,从而可以利用密钥1进行加密数据解密,若这两项检查未全部通过,则终端设备100可以删除新密钥文件,并确认密钥迁移失败,终端设备100则无法利用密钥1来进行加密数据解密。Specifically, after the terminal device 100 migrates the key file and obtains the new key file, it can perform a key integrity check and a file attribute check on the new key file. If both checks pass, the terminal device 100 can confirm that If the key migration is successful, the terminal device 100 can obtain the key 1 based on the new key file, so that the encrypted data can be decrypted using the key 1. If the two checks do not pass, the terminal device 100 can delete the new key file , and confirm that the key migration fails, the terminal device 100 cannot use the key 1 to decrypt the encrypted data.
其中,终端设备100进行密钥完整性检查和文件属性检查的具体执行过程可以参照前述图5所示实施例中的相关内容,在此不再赘述。For the specific execution process of the terminal device 100 performing the key integrity check and the file attribute check, reference may be made to the relevant content in the embodiment shown in FIG. 5 , and details are not repeated here.
从图4-图6所示的实施例可以看出,通过实施本申请提供的密钥迁移方法,在应用的UID变更的情况下,终端设备100可以在OTA完成后开机重启/多用户切换触发的PMS扫描应用程序包阶段,或,应用启动并运行过程中需要获取密钥阶段,来对应用在KeyStoreService侧存储的密钥文件进行修复,实现密钥迁移,从而可以保证变更UID之后应用仍然可以查找到正确的密钥文件来对加密数据进行解密,避免解密失败和加密数据丢失,提高密钥迁移的容错性,提高用户体验,并且,在密钥迁移前后,终端设备100均会对密钥文件进行密钥完整性检查和文件属性检查,确保了整个密钥迁移过程是可信的。From the embodiments shown in Figures 4-6, it can be seen that by implementing the key migration method provided by this application, when the UID of the application is changed, the terminal device 100 can be restarted after the OTA is completed/multi-user switching trigger The PMS scans the application package phase, or the key acquisition phase is required during the startup and running of the application to repair the key file stored by the application on the KeyStoreService side and implement key migration, so that the application can still be used after the UID is changed. Find the correct key file to decrypt the encrypted data, avoid decryption failure and loss of encrypted data, improve the fault tolerance of the key migration, improve user experience, and, before and after the key migration, the terminal device 100 will The file is checked for key integrity and file attributes to ensure that the entire key migration process is credible.
在本申请实施例中,第一应用可以是指系统应用1或应用1,第一UID可以是指旧UID,第二UID可以是指新UID,第一密钥文件可以是指旧密钥文件,第二密钥文件可以是指新密钥文件,第一业务可以是指显示如图1A所示的用户界面(即第一用户界面),用户数据可以是指用户的账号信息、用户使用应用过程中产生的历史数据信息等,第一用户可以是指图3G中所示的机主,第二用户可以是图3G中所示的用户1。In this embodiment of the application, the first application may refer to system application 1 or application 1, the first UID may refer to the old UID, the second UID may refer to the new UID, and the first key file may refer to the old key file , the second key file may refer to a new key file, the first service may refer to displaying a user interface as shown in Figure 1A (i.e. the first user interface), and user data may refer to user account information, user application For historical data information generated during the process, the first user may refer to the owner shown in FIG. 3G , and the second user may be user 1 shown in FIG. 3G .
下面介绍本申请实施例提供的一种终端设备100的结构。The structure of a terminal device 100 provided in the embodiment of the present application is introduced below.
图7示例性示出了本申请实施例中提供的一种终端设备100的结构。FIG. 7 exemplarily shows the structure of a terminal device 100 provided in the embodiment of the present application.
如图7所示,终端设备100可以包括:处理器110,外部存储器接口120,内部存储器121,通用串行总线(universal serial bus,USB)接口130,充电管理模块140,电源管理模块141,电池142,天线1,天线2,移动通信模块150,无线通信模块160,音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,传感器模块180,按键190,马达191,指示器192,摄像头193,显示屏194,以及用户标识模块(subscriber identification module,SIM)卡接口195等。其中传感器模块180可以包括压力传感器180A,陀螺仪传感器180B,气压传感器180C,磁传感器180D,加速度传感器180E,距离传感器180F,接近光传感器180G,指纹传感器180H,温度传感器180J,触摸传感器180K,环境光传感器180L,骨传导传感器180M等。As shown in Figure 7, the terminal device 100 may include: a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charging management module 140, a power management module 141, a battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, earphone interface 170D, sensor module 180, button 190, motor 191, indicator 192, camera 193, a display screen 194, and a subscriber identification module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, bone conduction sensor 180M, etc.
可以理解的是,本发明实施例示意的结构并不构成对终端设备100的具体限定。在本申请另一些实施例中,终端设备100可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。It can be understood that, the structure shown in the embodiment of the present invention does not constitute a specific limitation on the terminal device 100 . In other embodiments of the present application, the terminal device 100 may include more or fewer components than shown in the figure, or combine certain components, or separate certain components, or arrange different components. The illustrated components can be realized in hardware, software or a combination of software and hardware.
处理器110可以包括一个或多个处理单元,例如:处理器110可以包括应用处理器(application processor,AP),调制解调处理器,图形处理器(graphics processing unit,GPU), 图像信号处理器(image signal processor,ISP),控制器,存储器,视频编解码器,数字信号处理器(digital signal processor,DSP),基带处理器,和/或神经网络处理器(neural-network processing unit,NPU)等。其中,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。The processor 110 may include one or more processing units, for example: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processing unit (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, memory, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural network processor (neural-network processing unit, NPU) wait. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.
其中,控制器可以是终端设备100的神经中枢和指挥中心。控制器可以根据指令操作码和时序信号,产生操作控制信号,完成取指令和执行指令的控制。Wherein, the controller may be the nerve center and command center of the terminal device 100 . The controller can generate an operation control signal according to the instruction opcode and timing signal, and complete the control of fetching and executing the instruction.
处理器110中还可以设置存储器,用于存储指令和数据。在一些实施例中,处理器110中的存储器为高速缓冲存储器。该存储器可以保存处理器110刚用过或循环使用的指令或数据。如果处理器110需要再次使用该指令或数据,可从存储器中直接调用。避免了重复存取,减少了处理器110的等待时间,因而提高了系统的效率。A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to use the instruction or data again, it can be directly called from the memory. Repeated access is avoided, and the waiting time of the processor 110 is reduced, thereby improving the efficiency of the system.
在一些实施例中,处理器110可以包括一个或多个接口。接口可以包括集成电路(inter-integrated circuit,I2C)接口,集成电路内置音频(inter-integrated circuit sound,I2S)接口,脉冲编码调制(pulse code modulation,PCM)接口,通用异步收发传输器(universal asynchronous receiver/transmitter,UART)接口,移动产业处理器接口(mobile industry processor interface,MIPI),通用输入输出(general-purpose input/output,GPIO)接口,用户标识模块(subscriber identity module,SIM)接口,和/或通用串行总线(universal serial bus,USB)接口等。In some embodiments, processor 110 may include one or more interfaces. The interface may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous transmitter (universal asynchronous receiver/transmitter, UART) interface, mobile industry processor interface (mobile industry processor interface, MIPI), general-purpose input and output (general-purpose input/output, GPIO) interface, subscriber identity module (subscriber identity module, SIM) interface, and /or universal serial bus (universal serial bus, USB) interface, etc.
I2C接口是一种双向同步串行总线,包括一根串行数据线(serial data line,SDA)和一根串行时钟线(derail clock line,SCL)。在一些实施例中,处理器110可以包含多组I2C总线。处理器110可以通过不同的I2C总线接口分别耦合触摸传感器180K,充电器,闪光灯,摄像头193等。例如:处理器110可以通过I2C接口耦合触摸传感器180K,使处理器110与触摸传感器180K通过I2C总线接口通信,实现终端设备100的触摸功能。The I2C interface is a bidirectional synchronous serial bus, including a serial data line (serial data line, SDA) and a serial clock line (derail clock line, SCL). In some embodiments, processor 110 may include multiple sets of I2C buses. The processor 110 can be respectively coupled to the touch sensor 180K, the charger, the flashlight, the camera 193 and the like through different I2C bus interfaces. For example, the processor 110 may be coupled to the touch sensor 180K through an I2C interface, so that the processor 110 communicates with the touch sensor 180K through an I2C bus interface to realize the touch function of the terminal device 100 .
I2S接口可以用于音频通信。在一些实施例中,处理器110可以包含多组I2S总线。处理器110可以通过I2S总线与音频模块170耦合,实现处理器110与音频模块170之间的通信。在一些实施例中,音频模块170可以通过I2S接口向无线通信模块160传递音频信号,实现通过蓝牙耳机接听电话的功能。The I2S interface can be used for audio communication. In some embodiments, processor 110 may include multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 through an I2S bus to implement communication between the processor 110 and the audio module 170 . In some embodiments, the audio module 170 can transmit audio signals to the wireless communication module 160 through the I2S interface, so as to realize the function of answering calls through the Bluetooth headset.
PCM接口也可以用于音频通信,将模拟信号抽样,量化和编码。在一些实施例中,音频模块170与无线通信模块160可以通过PCM总线接口耦合。在一些实施例中,音频模块170也可以通过PCM接口向无线通信模块160传递音频信号,实现通过蓝牙耳机接听电话的功能。I2S接口和PCM接口都可以用于音频通信。The PCM interface can also be used for audio communication, sampling, quantizing and encoding the analog signal. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface. In some embodiments, the audio module 170 can also transmit audio signals to the wireless communication module 160 through the PCM interface, so as to realize the function of answering calls through the Bluetooth headset. Both I2S interface and PCM interface can be used for audio communication.
UART接口是一种通用串行数据总线,用于异步通信。该总线可以为双向通信总线。它将要传输的数据在串行通信与并行通信之间转换。在一些实施例中,UART接口通常被用于连接处理器110与无线通信模块160。例如:处理器110通过UART接口与无线通信模块160中的蓝牙模块通信,实现蓝牙功能。在一些实施例中,音频模块170可以通过UART接口向无线通信模块160传递音频信号,实现通过蓝牙耳机播放音乐的功能。The UART interface is a universal serial data bus used for asynchronous communication. The bus can be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is generally used to connect the processor 110 and the wireless communication module 160 . For example: the processor 110 communicates with the Bluetooth module in the wireless communication module 160 through the UART interface to realize the Bluetooth function. In some embodiments, the audio module 170 can transmit audio signals to the wireless communication module 160 through the UART interface, so as to realize the function of playing music through the Bluetooth headset.
MIPI接口可以被用于连接处理器110与显示屏194,摄像头193等外围器件。MIPI接口包括摄像头串行接口(camera serial interface,CSI),显示屏串行接口(display serial interface,DSI)等。在一些实施例中,处理器110和摄像头193通过CSI接口通信,实现终端设备100的拍摄功能。处理器110和显示屏194通过DSI接口通信,实现终端设备100的显示功能。The MIPI interface can be used to connect the processor 110 with peripheral devices such as the display screen 194 and the camera 193 . MIPI interface includes camera serial interface (camera serial interface, CSI), display serial interface (display serial interface, DSI), etc. In some embodiments, the processor 110 communicates with the camera 193 through a CSI interface to realize the shooting function of the terminal device 100 . The processor 110 communicates with the display screen 194 through the DSI interface to realize the display function of the terminal device 100 .
GPIO接口可以通过软件配置。GPIO接口可以被配置为控制信号,也可被配置为数据信号。在一些实施例中,GPIO接口可以用于连接处理器110与摄像头193,显示屏194,无线通信模块160,音频模块170,传感器模块180等。GPIO接口还可以被配置为I2C接口,I2S 接口,UART接口,MIPI接口等。The GPIO interface can be configured by software. The GPIO interface can be configured as a control signal or as a data signal. In some embodiments, the GPIO interface can be used to connect the processor 110 with the camera 193 , the display screen 194 , the wireless communication module 160 , the audio module 170 , the sensor module 180 and so on. The GPIO interface can also be configured as an I2C interface, I2S interface, UART interface, MIPI interface, etc.
USB接口130是符合USB标准规范的接口,具体可以是Mini USB接口,Micro USB接口,USB Type C接口等。USB接口130可以用于连接充电器为终端设备100充电,也可以用于终端设备100与外围设备之间传输数据。也可以用于连接耳机,通过耳机播放音频。该接口还可以用于连接其他终端设备,例如AR设备等。The USB interface 130 is an interface conforming to the USB standard specification, specifically, it can be a Mini USB interface, a Micro USB interface, a USB Type C interface, and the like. The USB interface 130 can be used to connect a charger to charge the terminal device 100, and can also be used to transmit data between the terminal device 100 and peripheral devices. It can also be used to connect headphones and play audio through them. This interface can also be used to connect other terminal devices, such as AR devices.
可以理解的是,本发明实施例示意的各模块间的接口连接关系,只是示意性说明,并不构成对终端设备100的结构限定。在本申请另一些实施例中,终端设备100也可以采用上述实施例中不同的接口连接方式,或多种接口连接方式的组合。It can be understood that the interface connection relationship between modules shown in the embodiment of the present invention is only a schematic illustration, and does not constitute a structural limitation of the terminal device 100 . In other embodiments of the present application, the terminal device 100 may also adopt different interface connection modes in the foregoing embodiments, or a combination of multiple interface connection modes.
充电管理模块140用于从充电器接收充电输入。其中,充电器可以是无线充电器,也可以是有线充电器。在一些有线充电的实施例中,充电管理模块140可以通过USB接口130接收有线充电器的充电输入。在一些无线充电的实施例中,充电管理模块140可以通过终端设备100的无线充电线圈接收无线充电输入。充电管理模块140为电池142充电的同时,还可以通过电源管理模块141为终端设备100供电。The charging management module 140 is configured to receive a charging input from a charger. Wherein, the charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 can receive charging input from the wired charger through the USB interface 130 . In some wireless charging embodiments, the charging management module 140 may receive wireless charging input through the wireless charging coil of the terminal device 100 . While the charging management module 140 is charging the battery 142 , it can also supply power to the terminal device 100 through the power management module 141 .
电源管理模块141用于连接电池142,充电管理模块140与处理器110。电源管理模块141接收电池142和/或充电管理模块140的输入,为处理器110,内部存储器121,外部存储器,显示屏194,摄像头193,和无线通信模块160等供电。电源管理模块141还可以用于监测电池容量,电池循环次数,电池健康状态(漏电,阻抗)等参数。在其他一些实施例中,电源管理模块141也可以设置于处理器110中。在另一些实施例中,电源管理模块141和充电管理模块140也可以设置于同一个器件中。The power management module 141 is used for connecting the battery 142 , the charging management module 140 and the processor 110 . The power management module 141 receives the input from the battery 142 and/or the charging management module 140 to provide power for the processor 110 , the internal memory 121 , the external memory, the display screen 194 , the camera 193 , and the wireless communication module 160 . The power management module 141 can also be used to monitor parameters such as battery capacity, battery cycle times, and battery health status (leakage, impedance). In some other embodiments, the power management module 141 may also be disposed in the processor 110 . In some other embodiments, the power management module 141 and the charging management module 140 may also be set in the same device.
终端设备100的无线通信功能可以通过天线1,天线2,移动通信模块150,无线通信模块160,调制解调处理器以及基带处理器等实现。The wireless communication function of the terminal device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.
天线1和天线2用于发射和接收电磁波信号。终端设备100中的每个天线可用于覆盖单个或多个通信频带。不同的天线还可以复用,以提高天线的利用率。例如:可以将天线1复用为无线局域网的分集天线。在另外一些实施例中,天线可以和调谐开关结合使用。Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in the terminal device 100 can be used to cover single or multiple communication frequency bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: Antenna 1 can be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
移动通信模块150可以提供应用在终端设备100上的包括2G/3G/4G/5G等无线通信的解决方案。移动通信模块150可以包括至少一个滤波器,开关,功率放大器,低噪声放大器(low noise amplifier,LNA)等。移动通信模块150可以由天线1接收电磁波,并对接收的电磁波进行滤波,放大等处理,传送至调制解调处理器进行解调。移动通信模块150还可以对经调制解调处理器调制后的信号放大,经天线1转为电磁波辐射出去。在一些实施例中,移动通信模块150的至少部分功能模块可以被设置于处理器110中。在一些实施例中,移动通信模块150的至少部分功能模块可以与处理器110的至少部分模块被设置在同一个器件中。The mobile communication module 150 can provide wireless communication solutions including 2G/3G/4G/5G applied on the terminal device 100 . The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA) and the like. The mobile communication module 150 can receive electromagnetic waves through the antenna 1, filter and amplify the received electromagnetic waves, and send them to the modem processor for demodulation. The mobile communication module 150 can also amplify the signals modulated by the modem processor, and convert them into electromagnetic waves through the antenna 1 for radiation. In some embodiments, at least part of the functional modules of the mobile communication module 150 may be set in the processor 110 . In some embodiments, at least part of the functional modules of the mobile communication module 150 and at least part of the modules of the processor 110 may be set in the same device.
调制解调处理器可以包括调制器和解调器。其中,调制器用于将待发送的低频基带信号调制成中高频信号。解调器用于将接收的电磁波信号解调为低频基带信号。随后解调器将解调得到的低频基带信号传送至基带处理器处理。低频基带信号经基带处理器处理后,被传递给应用处理器。应用处理器通过音频设备(不限于扬声器170A,受话器170B等)输出声音信号,或通过显示屏194显示图像或视频。在一些实施例中,调制解调处理器可以是独立的器件。在另一些实施例中,调制解调处理器可以独立于处理器110,与移动通信模块150或其他功能模块设置在同一个器件中。A modem processor may include a modulator and a demodulator. Wherein, the modulator is used for modulating the low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. Then the demodulator sends the demodulated low-frequency baseband signal to the baseband processor for processing. The low-frequency baseband signal is passed to the application processor after being processed by the baseband processor. The application processor outputs sound signals through audio equipment (not limited to speaker 170A, receiver 170B, etc.), or displays images or videos through display screen 194 . In some embodiments, the modem processor may be a stand-alone device. In some other embodiments, the modem processor may be independent from the processor 110, and be set in the same device as the mobile communication module 150 or other functional modules.
无线通信模块160可以提供应用在终端设备100上的包括无线局域网(wireless local area networks,WLAN)(如无线保真(wireless fidelity,Wi-Fi)网络),蓝牙(bluetooth,BT),全球导航卫星系统(global navigation satellite system,GNSS),调频(frequency modulation,FM),近距 离无线通信技术(near field communication,NFC),红外技术(infrared,IR)等无线通信的解决方案。无线通信模块160可以是集成至少一个通信处理模块的一个或多个器件。无线通信模块160经由天线2接收电磁波,将电磁波信号调频以及滤波处理,将处理后的信号发送到处理器110。无线通信模块160还可以从处理器110接收待发送的信号,对其进行调频,放大,经天线2转为电磁波辐射出去。The wireless communication module 160 can provide wireless local area networks (wireless local area networks, WLAN) (such as wireless fidelity (Wireless Fidelity, Wi-Fi) network), bluetooth (bluetooth, BT), global navigation satellite, etc. System (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency-modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 . The wireless communication module 160 can also receive the signal to be sent from the processor 110 , frequency-modulate it, amplify it, and convert it into electromagnetic waves through the antenna 2 for radiation.
在一些实施例中,终端设备100的天线1和移动通信模块150耦合,天线2和无线通信模块160耦合,使得终端设备100可以通过无线通信技术与网络以及其他设备通信。无线通信技术可以包括全球移动通讯系统(global system for mobile communications,GSM),通用分组无线服务(general packet radio service,GPRS),码分多址接入(code division multiple access,CDMA),宽带码分多址(wideband code division multiple access,WCDMA),时分码分多址(time-division code division multiple access,TD-SCDMA),长期演进(long term evolution,LTE),BT,GNSS,WLAN,NFC,FM,和/或IR技术等。GNSS可以包括全球卫星定位系统(global positioning system,GPS),全球导航卫星系统(global navigation satellite system,GLONASS),北斗卫星导航系统(beidou navigation satellite system,BDS),准天顶卫星系统(quasi-zenith satellite system,QZSS)和/或星基增强系统(satellite based augmentation systems,SBAS)。In some embodiments, the antenna 1 of the terminal device 100 is coupled to the mobile communication module 150, and the antenna 2 is coupled to the wireless communication module 160, so that the terminal device 100 can communicate with the network and other devices through wireless communication technology. Wireless communication technologies may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband code division Multiple access (wideband code division multiple access, WCDMA), time-division code division multiple access (TD-SCDMA), long term evolution (LTE), BT, GNSS, WLAN, NFC, FM , and/or IR technology, etc. GNSS can include global positioning system (global positioning system, GPS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou satellite navigation system (beidou navigation satellite system, BDS), quasi-zenith satellite system (quasi-zenith) satellite system (QZSS) and/or satellite based augmentation systems (SBAS).
终端设备100通过GPU,显示屏194,以及应用处理器等实现显示功能。GPU为图像处理的微处理器,连接显示屏194和应用处理器。GPU用于执行数学和几何计算,用于图形渲染。处理器110可包括一个或多个GPU,其执行程序指令以生成或改变显示信息。The terminal device 100 implements a display function through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor. GPUs are used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.
显示屏194用于显示图像,视频等。显示屏194包括显示面板。显示面板可以采用液晶显示屏(liquid crystal display,LCD)。显示面板还可以采用有机发光二极管(organic light-emitting diode,OLED),有源矩阵有机发光二极体或主动矩阵有机发光二极体(active-matrix organic light emitting diode的,AMOLED),柔性发光二极管(flex light-emitting diode,FLED),miniled,microled,micro-oled,量子点发光二极管(quantum dot light emitting diodes,QLED)等制造。在一些实施例中,终端设备100可以包括1个或N个显示屏194,N为大于1的正整数。The display screen 194 is used to display images, videos and the like. The display screen 194 includes a display panel. The display panel may be a liquid crystal display (LCD). The display panel can also use organic light-emitting diodes (organic light-emitting diode, OLED), active matrix organic light-emitting diodes or active-matrix organic light emitting diodes (active-matrix organic light emitting diode, AMOLED), flexible light-emitting diodes (flex light-emitting diode, FLED), miniled, microled, micro-oled, quantum dot light emitting diodes (quantum dot light emitting diodes, QLED), etc. In some embodiments, the terminal device 100 may include 1 or N display screens 194, where N is a positive integer greater than 1.
终端设备100可以通过ISP,摄像头193,视频编解码器,GPU,显示屏194以及应用处理器等实现拍摄功能。The terminal device 100 can realize the shooting function through the ISP, the camera 193 , the video codec, the GPU, the display screen 194 and the application processor.
ISP用于处理摄像头193反馈的数据。例如,拍照时,打开快门,光线通过镜头被传递到摄像头感光元件上,光信号转换为电信号,摄像头感光元件将电信号传递给ISP处理,转化为肉眼可见的图像。ISP还可以对图像的噪点,亮度等进行算法优化。ISP还可以对拍摄场景的曝光,色温等参数优化。在一些实施例中,ISP可以设置在摄像头193中。The ISP is used for processing the data fed back by the camera 193 . For example, when taking a picture, open the shutter, the light is transmitted to the photosensitive element of the camera through the lens, and the optical signal is converted into an electrical signal, and the photosensitive element of the camera transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye. ISP can also perform algorithm optimization on image noise, brightness, etc. ISP can also optimize the exposure, color temperature and other parameters of the shooting scene. In some embodiments, the ISP may be located in the camera 193 .
摄像头193用于捕获静态图像或视频。物体通过镜头生成光学图像投射到感光元件。感光元件可以是电荷耦合器件(charge coupled device,CCD)或互补金属氧化物半导体(complementary metal-oxide-semiconductor,CMOS)光电晶体管。感光元件把光信号转换成电信号,之后将电信号传递给ISP转换成数字图像信号。ISP将数字图像信号输出到DSP加工处理。DSP将数字图像信号转换成标准的RGB,YUV等格式的图像信号。在一些实施例中,终端设备100可以包括1个或N个摄像头193,N为大于1的正整数。Camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects it to the photosensitive element. The photosensitive element may be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the light signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. DSP converts digital image signals into standard RGB, YUV and other image signals. In some embodiments, the terminal device 100 may include 1 or N cameras 193, where N is a positive integer greater than 1.
数字信号处理器用于处理数字信号,除了可以处理数字图像信号,还可以处理其他数字信号。例如,当终端设备100在频点选择时,数字信号处理器用于对频点能量进行傅里叶变换等。Digital signal processors are used to process digital signals. In addition to digital image signals, they can also process other digital signals. For example, when the terminal device 100 selects a frequency point, the digital signal processor is used to perform Fourier transform on the energy of the frequency point.
视频编解码器用于对数字视频压缩或解压缩。终端设备100可以支持一种或多种视频编解码器。这样,终端设备100可以播放或录制多种编码格式的视频,例如:动态图像专家组 (moving picture experts group,MPEG)1,MPEG2,MPEG3,MPEG4等。Video codecs are used to compress or decompress digital video. The terminal device 100 may support one or more video codecs. In this way, the terminal device 100 can play or record videos in various encoding formats, for example: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4, etc.
NPU为神经网络(neural-network,NN)计算处理器,通过借鉴生物神经网络结构,例如借鉴人脑神经元之间传递模式,对输入信息快速处理,还可以不断的自学习。通过NPU可以实现终端设备100的智能认知等应用,例如:图像识别,人脸识别,语音识别,文本理解等。The NPU is a neural-network (NN) computing processor. By referring to the structure of biological neural networks, such as the transfer mode between neurons in the human brain, it can quickly process input information and continuously learn by itself. Applications such as intelligent cognition of the terminal device 100 can be implemented through the NPU, such as image recognition, face recognition, speech recognition, text understanding, and the like.
外部存储器接口120可以用于连接外部存储卡,例如Micro SD卡,实现扩展终端设备100的存储能力。外部存储卡通过外部存储器接口120与处理器110通信,实现数据存储功能。例如将音乐,视频等文件保存在外部存储卡中。The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the terminal device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. Such as saving music, video and other files in the external memory card.
内部存储器121可以用于存储计算机可执行程序代码,可执行程序代码包括指令。处理器110通过运行存储在内部存储器121的指令,从而执行终端设备100的各种功能应用以及数据处理。内部存储器121可以包括存储程序区和存储数据区。其中,存储程序区可存储操作系统,至少一个功能所需的应用程序(比如声音播放功能,图像播放功能等)等。存储数据区可存储终端设备100使用过程中所创建的数据(比如音频数据,电话本等)等。此外,内部存储器121可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件,闪存器件,通用闪存存储器(universal flash storage,UFS)等。The internal memory 121 may be used to store computer-executable program codes including instructions. The processor 110 executes various functional applications and data processing of the terminal device 100 by executing instructions stored in the internal memory 121 . The internal memory 121 may include an area for storing programs and an area for storing data. Wherein, the stored program area can store an operating system, at least one application program required by a function (such as a sound playing function, an image playing function, etc.) and the like. The storage data area can store data created during the use of the terminal device 100 (such as audio data, phonebook, etc.) and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, universal flash storage (universal flash storage, UFS) and the like.
终端设备100可以通过音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,以及应用处理器等实现音频功能。例如音乐播放,录音等。The terminal device 100 may implement an audio function through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, and an application processor. Such as music playback, recording, etc.
音频模块170用于将数字音频信息转换成模拟音频信号输出,也用于将模拟音频输入转换为数字音频信号。音频模块170还可以用于对音频信号编码和解码。在一些实施例中,音频模块170可以设置于处理器110中,或将音频模块170的部分功能模块设置于处理器110中。The audio module 170 is used to convert digital audio information into analog audio signal output, and is also used to convert analog audio input into digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be set in the processor 110 , or some functional modules of the audio module 170 may be set in the processor 110 .
扬声器170A,也称“喇叭”,用于将音频电信号转换为声音信号。终端设备100可以通过扬声器170A收听音乐,或收听免提通话。Speaker 170A, also referred to as a "horn", is used to convert audio electrical signals into sound signals. The terminal device 100 can listen to music through the speaker 170A, or listen to hands-free calls.
受话器170B,也称“听筒”,用于将音频电信号转换成声音信号。当终端设备100接听电话或语音信息时,可以通过将受话器170B靠近人耳接听语音。Receiver 170B, also called "earpiece", is used to convert audio electrical signals into sound signals. When the terminal device 100 receives a phone call or voice information, the receiver 170B can be placed close to the human ear to receive the voice.
麦克风170C,也称“话筒”,“传声器”,用于将声音信号转换为电信号。当拨打电话或发送语音信息时,用户可以通过人嘴靠近麦克风170C发声,将声音信号输入到麦克风170C。终端设备100可以设置至少一个麦克风170C。在另一些实施例中,终端设备100可以设置两个麦克风170C,除了采集声音信号,还可以实现降噪功能。在另一些实施例中,终端设备100还可以设置三个,四个或更多麦克风170C,实现采集声音信号,降噪,还可以识别声音来源,实现定向录音功能等。The microphone 170C, also called "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a phone call or sending a voice message, the user can put his mouth close to the microphone 170C to make a sound, and input the sound signal to the microphone 170C. The terminal device 100 may be provided with at least one microphone 170C. In some other embodiments, the terminal device 100 may be provided with two microphones 170C, which may also implement a noise reduction function in addition to collecting sound signals. In some other embodiments, the terminal device 100 can also be provided with three, four or more microphones 170C to realize sound signal collection, noise reduction, identify sound sources, and realize directional recording functions, etc.
耳机接口170D用于连接有线耳机。耳机接口170D可以是USB接口130,也可以是3.5mm的开放移动终端设备平台(open mobile terminal platform,OMTP)标准接口,美国蜂窝电信工业协会(cellular telecommunications industry association of the USA,CTIA)标准接口。The earphone interface 170D is used for connecting wired earphones. The earphone interface 170D may be a USB interface 130, or a 3.5mm open mobile terminal platform (open mobile terminal platform, OMTP) standard interface, or a cellular telecommunications industry association of the USA (CTIA) standard interface.
压力传感器180A用于感受压力信号,可以将压力信号转换成电信号。在一些实施例中,压力传感器180A可以设置于显示屏194。压力传感器180A的种类很多,如电阻式压力传感器,电感式压力传感器,电容式压力传感器等。电容式压力传感器可以是包括至少两个具有导电材料的平行板。当有力作用于压力传感器180A,电极之间的电容改变。终端设备100根据电容的变化确定压力的强度。当有触摸操作作用于显示屏194,终端设备100根据压力传感器180A检测触摸操作强度。终端设备100也可以根据压力传感器180A的检测信号计算触摸的位置。在一些实施例中,作用于相同触摸位置,但不同触摸操作强度的触摸操作,可以对应不同的操作指令。例如:当有触摸操作强度小于第一压力阈值的触摸操作作用于短消息 应用图标时,执行查看短消息的指令。当有触摸操作强度大于或等于第一压力阈值的触摸操作作用于短消息应用图标时,执行新建短消息的指令。The pressure sensor 180A is used to sense the pressure signal and convert the pressure signal into an electrical signal. In some embodiments, pressure sensor 180A may be disposed on display screen 194 . There are many types of pressure sensors 180A, such as resistive pressure sensors, inductive pressure sensors, and capacitive pressure sensors. A capacitive pressure sensor may be comprised of at least two parallel plates with conductive material. When a force is applied to the pressure sensor 180A, the capacitance between the electrodes changes. The terminal device 100 determines the intensity of pressure according to the change in capacitance. When a touch operation acts on the display screen 194, the terminal device 100 detects the intensity of the touch operation according to the pressure sensor 180A. The terminal device 100 may also calculate the touched position according to the detection signal of the pressure sensor 180A. In some embodiments, touch operations acting on the same touch position but with different touch operation intensities may correspond to different operation instructions. For example: when there is a touch operation with a touch operation intensity less than the first pressure threshold acting on the short message application icon, execute the instruction of viewing the short message. When a touch operation whose intensity is greater than or equal to the first pressure threshold acts on the icon of the short message application, the instruction of creating a new short message is executed.
陀螺仪传感器180B可以用于确定终端设备100的运动姿态。在一些实施例中,可以通过陀螺仪传感器180B确定终端设备100围绕三个轴(即,x,y和z轴)的角速度。陀螺仪传感器180B可以用于拍摄防抖。示例性的,当按下快门,陀螺仪传感器180B检测终端设备100抖动的角度,根据角度计算出镜头模组需要补偿的距离,让镜头通过反向运动抵消终端设备100的抖动,实现防抖。陀螺仪传感器180B还可以用于导航,体感游戏场景。The gyroscope sensor 180B can be used to determine the motion posture of the terminal device 100 . In some embodiments, the angular velocity of the terminal device 100 around three axes (ie, x, y and z axes) can be determined by the gyro sensor 180B. The gyro sensor 180B can be used for image stabilization. Exemplarily, when the shutter is pressed, the gyro sensor 180B detects the shaking angle of the terminal device 100, calculates the distance that the lens module needs to compensate according to the angle, and allows the lens to counteract the shaking of the terminal device 100 through reverse motion to achieve anti-shake. The gyro sensor 180B can also be used for navigation and somatosensory game scenes.
气压传感器180C用于测量气压。在一些实施例中,终端设备100通过气压传感器180C测得的气压值计算海拔高度,辅助定位和导航。The air pressure sensor 180C is used to measure air pressure. In some embodiments, the terminal device 100 calculates the altitude based on the air pressure value measured by the air pressure sensor 180C to assist positioning and navigation.
磁传感器180D包括霍尔传感器。终端设备100可以利用磁传感器180D检测翻盖皮套的开合。在一些实施例中,当终端设备100是翻盖机时,终端设备100可以根据磁传感器180D检测翻盖的开合。进而根据检测到的皮套的开合状态或翻盖的开合状态,设置翻盖自动解锁等特性。The magnetic sensor 180D includes a Hall sensor. The terminal device 100 may use the magnetic sensor 180D to detect the opening and closing of the flip holster. In some embodiments, when the terminal device 100 is a clamshell machine, the terminal device 100 may detect opening and closing of the clamshell according to the magnetic sensor 180D. Furthermore, according to the detected opening and closing state of the leather case or the opening and closing state of the flip cover, features such as automatic unlocking of the flip cover are set.
加速度传感器180E可检测终端设备100在各个方向上(一般为三轴)加速度的大小。当终端设备100静止时可检测出重力的大小及方向。还可以用于识别终端设备100姿态,应用于横竖屏切换,计步器等应用。The acceleration sensor 180E can detect the acceleration of the terminal device 100 in various directions (generally three axes). When the terminal device 100 is stationary, the magnitude and direction of gravity can be detected. It can also be used to identify the posture of the terminal device 100, and can be applied to applications such as horizontal and vertical screen switching, pedometers, etc.
距离传感器180F,用于测量距离。终端设备100可以通过红外或激光测量距离。在一些实施例中,拍摄场景,终端设备100可以利用距离传感器180F测距以实现快速对焦。The distance sensor 180F is used to measure the distance. The terminal device 100 can measure the distance by infrared or laser. In some embodiments, when shooting a scene, the terminal device 100 may use the distance sensor 180F for distance measurement to achieve fast focusing.
接近光传感器180G可以包括例如发光二极管(LED)和光检测器,例如光电二极管。发光二极管可以是红外发光二极管。终端设备100通过发光二极管向外发射红外光。终端设备100使用光电二极管检测来自附近物体的红外反射光。当检测到充分的反射光时,可以确定终端设备100附近有物体。当检测到不充分的反射光时,终端设备100可以确定终端设备100附近没有物体。终端设备100可以利用接近光传感器180G检测用户手持终端设备100贴近耳朵通话,以便自动熄灭屏幕达到省电的目的。接近光传感器180G也可用于皮套模式,口袋模式自动解锁与锁屏。Proximity light sensor 180G may include, for example, light emitting diodes (LEDs) and light detectors, such as photodiodes. The light emitting diodes may be infrared light emitting diodes. The terminal device 100 emits infrared light through the light emitting diode. The terminal device 100 detects infrared reflected light from nearby objects using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the terminal device 100 . When insufficient reflected light is detected, the terminal device 100 may determine that there is no object near the terminal device 100 . The terminal device 100 can use the proximity light sensor 180G to detect that the user holds the terminal device 100 close to the ear to make a call, so as to automatically turn off the screen to save power. The proximity light sensor 180G can also be used in leather case mode, automatic unlock and lock screen in pocket mode.
环境光传感器180L用于感知环境光亮度。终端设备100可以根据感知的环境光亮度自适应调节显示屏194亮度。环境光传感器180L也可用于拍照时自动调节白平衡。环境光传感器180L还可以与接近光传感器180G配合,检测终端设备100是否在口袋里,以防误触。The ambient light sensor 180L is used for sensing ambient light brightness. The terminal device 100 can adaptively adjust the brightness of the display screen 194 according to the perceived ambient light brightness. The ambient light sensor 180L can also be used to automatically adjust the white balance when taking pictures. The ambient light sensor 180L can also cooperate with the proximity light sensor 180G to detect whether the terminal device 100 is in the pocket to prevent accidental touch.
指纹传感器180H用于采集指纹。终端设备100可以利用采集的指纹特性实现指纹解锁,访问应用锁,指纹拍照,指纹接听来电等。The fingerprint sensor 180H is used to collect fingerprints. The terminal device 100 can use the collected fingerprint characteristics to realize fingerprint unlocking, access to the application lock, take pictures with fingerprints, answer incoming calls with fingerprints, and so on.
温度传感器180J用于检测温度。在一些实施例中,终端设备100利用温度传感器180J检测的温度,执行温度处理策略。例如,当温度传感器180J上报的温度超过阈值,终端设备100执行降低位于温度传感器180J附近的处理器的性能,以便降低功耗实施热保护。在另一些实施例中,当温度低于另一阈值时,终端设备100对电池142加热,以避免低温导致终端设备100异常关机。在其他一些实施例中,当温度低于又一阈值时,终端设备100对电池142的输出电压执行升压,以避免低温导致的异常关机。The temperature sensor 180J is used to detect temperature. In some embodiments, the terminal device 100 uses the temperature detected by the temperature sensor 180J to implement a temperature processing strategy. For example, when the temperature reported by the temperature sensor 180J exceeds the threshold, the terminal device 100 may reduce the performance of a processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection. In some other embodiments, when the temperature is lower than another threshold, the terminal device 100 heats the battery 142 to avoid abnormal shutdown of the terminal device 100 caused by the low temperature. In some other embodiments, when the temperature is lower than another threshold, the terminal device 100 boosts the output voltage of the battery 142 to avoid abnormal shutdown caused by low temperature.
触摸传感器180K,也称“触控面板”。触摸传感器180K可以设置于显示屏194,由触摸传感器180K与显示屏194组成触摸屏,也称“触控屏”。触摸传感器180K用于检测作用于其上或附近的触摸操作。触摸传感器可以将检测到的触摸操作传递给应用处理器,以确定触摸事件类型。可以通过显示屏194提供与触摸操作相关的视觉输出。在另一些实施例中,触摸传感器180K也可以设置于终端设备100的表面,与显示屏194所处的位置不同。Touch sensor 180K, also known as "touch panel". The touch sensor 180K can be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, also called a “touch screen”. The touch sensor 180K is used to detect a touch operation on or near it. The touch sensor can pass the detected touch operation to the application processor to determine the type of touch event. Visual output related to the touch operation can be provided through the display screen 194 . In other embodiments, the touch sensor 180K may also be disposed on the surface of the terminal device 100 , which is different from the position of the display screen 194 .
骨传导传感器180M可以获取振动信号。在一些实施例中,骨传导传感器180M可以获取人体声部振动骨块的振动信号。骨传导传感器180M也可以接触人体脉搏,接收血压跳动信号。在一些实施例中,骨传导传感器180M也可以设置于耳机中,结合成骨传导耳机。音频模块170可以基于骨传导传感器180M获取的声部振动骨块的振动信号,解析出语音信号,实现语音功能。应用处理器可以基于骨传导传感器180M获取的血压跳动信号解析心率信息,实现心率检测功能。The bone conduction sensor 180M can acquire vibration signals. In some embodiments, the bone conduction sensor 180M can acquire the vibration signal of the vibrating bone mass of the human voice. The bone conduction sensor 180M can also contact the human pulse and receive the blood pressure beating signal. In some embodiments, the bone conduction sensor 180M can also be disposed in the earphone, combined into a bone conduction earphone. The audio module 170 can analyze the voice signal based on the vibration signal of the vibrating bone mass of the vocal part acquired by the bone conduction sensor 180M, so as to realize the voice function. The application processor can analyze the heart rate information based on the blood pressure beating signal acquired by the bone conduction sensor 180M, so as to realize the heart rate detection function.
按键190包括开机键,音量键等。按键190可以是机械按键。也可以是触摸式按键。终端设备100可以接收按键输入,产生与终端设备100的用户设置以及功能控制有关的键信号输入。The keys 190 include a power key, a volume key and the like. The key 190 may be a mechanical key. It can also be a touch button. The terminal device 100 may receive key input and generate key signal input related to user settings and function control of the terminal device 100 .
马达191可以产生振动提示。马达191可以用于来电振动提示,也可以用于触摸振动反馈。例如,作用于不同应用(例如拍照,音频播放等)的触摸操作,可以对应不同的振动反馈效果。作用于显示屏194不同区域的触摸操作,马达191也可对应不同的振动反馈效果。不同的应用场景(例如:时间提醒,接收信息,闹钟,游戏等)也可以对应不同的振动反馈效果。触摸振动反馈效果还可以支持自定义。The motor 191 can generate a vibrating reminder. The motor 191 can be used for incoming call vibration prompts, and can also be used for touch vibration feedback. For example, touch operations applied to different applications (such as taking pictures, playing audio, etc.) may correspond to different vibration feedback effects. The motor 191 may also correspond to different vibration feedback effects for touch operations acting on different areas of the display screen 194 . Different application scenarios (for example: time reminder, receiving information, alarm clock, games, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect can also support customization.
指示器192可以是指示灯,可以用于指示充电状态,电量变化,也可以用于指示消息,未接来电,通知等。The indicator 192 can be an indicator light, and can be used to indicate charging status, power change, and can also be used to indicate messages, missed calls, notifications, and the like.
SIM卡接口195用于连接SIM卡。SIM卡可以通过插入SIM卡接口195,或从SIM卡接口195拔出,实现和终端设备100的接触和分离。终端设备100可以支持1个或N个SIM卡接口,N为大于1的正整数。SIM卡接口195可以支持Nano SIM卡,Micro SIM卡,SIM卡等。同一个SIM卡接口195可以同时插入多张卡。多张卡的类型可以相同,也可以不同。SIM卡接口195也可以兼容不同类型的SIM卡。SIM卡接口195也可以兼容外部存储卡。终端设备100通过SIM卡和网络交互,实现通话以及数据通信等功能。在一些实施例中,终端设备100采用eSIM,即:嵌入式SIM卡。eSIM卡可以嵌在终端设备100中,不能和终端设备100分离。The SIM card interface 195 is used for connecting a SIM card. The SIM card can be connected and separated from the terminal device 100 by inserting it into the SIM card interface 195 or pulling it out from the SIM card interface 195 . The terminal device 100 may support 1 or N SIM card interfaces, where N is a positive integer greater than 1. SIM card interface 195 can support Nano SIM card, Micro SIM card, SIM card etc. Multiple cards can be inserted into the same SIM card interface 195 at the same time. The types of multiple cards may be the same or different. The SIM card interface 195 is also compatible with different types of SIM cards. The SIM card interface 195 is also compatible with external memory cards. The terminal device 100 interacts with the network through the SIM card to implement functions such as calling and data communication. In some embodiments, the terminal device 100 adopts an eSIM, that is, an embedded SIM card. The eSIM card can be embedded in the terminal device 100 and cannot be separated from the terminal device 100 .
应当理解的是,图7所示终端设备100仅是一个范例,并且终端设备100可以具有比图7中所示的更多的或者更少的部件,可以组合两个或多个的部件,或者可以具有不同的部件配置。图7中所示出的各种部件可以在包括一个或多个信号处理和/或专用集成电路在内的硬件、软件、或硬件和软件的组合中实现。It should be understood that the terminal device 100 shown in FIG. 7 is only an example, and the terminal device 100 may have more or fewer components than those shown in FIG. 7, two or more components may be combined, or Different component configurations are possible. The various components shown in Figure 7 may be implemented in hardware, software, or a combination of hardware and software including one or more signal processing and/or application specific integrated circuits.
下面介绍本申请实施例提供的一种终端设备100的软件结构。The software structure of a terminal device 100 provided in the embodiment of the present application is introduced below.
图8示例性示出了本申请实施例中提供的一种终端设备100的软件结构。FIG. 8 exemplarily shows a software structure of a terminal device 100 provided in the embodiment of the present application.
如图8所示,终端设备100的软件系统可以采用分层架构,事件驱动架构,微核架构,微服务架构,或云架构。本申请实施例以分层架构的Android系统为例,示例性说明终端设备100的软件结构。As shown in FIG. 8 , the software system of the terminal device 100 may adopt a layered architecture, an event-driven architecture, a micro-kernel architecture, a micro-service architecture, or a cloud architecture. In this embodiment of the present application, an Android system with a layered architecture is taken as an example to illustrate the software structure of the terminal device 100 .
分层架构将软件分成若干个层,每一层都有清晰的角色和分工。层与层之间通过软件接口通信。在一些实施例中,将Android系统分为四层,从上至下分别为应用程序层,应用程序框架层,安卓运行时(Android runtime)和系统库,以及内核层。The layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate through software interfaces. In some embodiments, the Android system is divided into four layers, which are respectively the application program layer, the application program framework layer, the Android runtime (Android runtime) and the system library, and the kernel layer from top to bottom.
应用程序层可以包括一系列应用程序包。The application layer can consist of a series of application packages.
如图8所示,应用程序包可以包括相机,图库,日历,通话,地图,时钟,WLAN,蓝牙,音乐,视频,短信息等应用程序。As shown in FIG. 8, the application package may include applications such as camera, gallery, calendar, call, map, clock, WLAN, Bluetooth, music, video, and short message.
应用程序框架层为应用程序层的应用程序提供应用编程接口(application programming  interface,API)和编程框架。应用程序框架层包括一些预先定义的函数。The application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer. The application framework layer includes some predefined functions.
如图8所示,应用程序框架层可以包括窗口管理器,内容提供器,视图系统,电话管理器,资源管理器,通知管理器等。As shown in Figure 8, the application framework layer can include window manager, content provider, view system, phone manager, resource manager, notification manager, etc.
窗口管理器用于管理窗口程序。窗口管理器可以获取显示屏大小,判断是否有状态栏,锁定屏幕,截取屏幕等。A window manager is used to manage window programs. The window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, capture the screen, etc.
内容提供器用来存放和获取数据,并使这些数据可以被应用程序访问。所述数据可以包括视频,图像,音频,拨打和接听的电话,浏览历史和书签,电话簿等。Content providers are used to store and retrieve data and make it accessible to applications. Said data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebook, etc.
视图系统包括可视控件,例如显示文字的控件,显示图片的控件等。视图系统可用于构建应用程序。显示界面可以由一个或多个视图组成的。例如,包括短信通知图标的显示界面,可以包括显示文字的视图以及显示图片的视图。The view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. The view system can be used to build applications. A display interface can consist of one or more views. For example, a display interface including a text message notification icon may include a view for displaying text and a view for displaying pictures.
电话管理器用于提供终端设备100的通信功能。例如通话状态的管理(包括接通,挂断等)。The phone manager is used to provide the communication function of the terminal device 100 . For example, the management of call status (including connected, hung up, etc.).
资源管理器为应用程序提供各种资源,比如本地化字符串,图标,图片,布局文件,视频文件等等。The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and so on.
通知管理器使应用程序可以在状态栏中显示通知信息,可以用于传达告知类型的消息,可以短暂停留后自动消失,无需用户交互。比如通知管理器被用于告知下载完成,消息提醒等。通知管理器还可以是以图表或者滚动条文本形式出现在系统顶部状态栏的通知,例如后台运行的应用程序的通知,还可以是以对话窗口形式出现在屏幕上的通知。例如在状态栏提示文本信息,发出提示音,电子设备振动,指示灯闪烁等。The notification manager enables the application to display notification information in the status bar, which can be used to convey notification-type messages, and can automatically disappear after a short stay without user interaction. For example, the notification manager is used to notify the download completion, message reminder, etc. The notification manager can also be a notification that appears on the top status bar of the system in the form of a chart or scroll bar text, such as a notification of an application running in the background, or a notification that appears on the screen in the form of a dialog window. For example, prompting text information in the status bar, issuing a prompt sound, vibrating the electronic device, and flashing the indicator light, etc.
在本申请实施例中,应用程序框架层还可以包括以下模块:安卓密钥库(AndroidKeystore)、应用包管理服务模块(PMS)、服务管理模块(ServiceManager)、Installer模块,其中,各个模块的具体功能以及工作细节可以参照前述各个实施例中的相关内容,在此不再赘述。In the embodiment of the present application, the application framework layer can also include the following modules: Android Keystore (AndroidKeystore), application package management service module (PMS), service management module (ServiceManager), and Installer module. For the functions and working details, reference may be made to relevant content in the above-mentioned embodiments, and details are not repeated here.
Android Runtime包括核心库和虚拟机。Android runtime负责安卓系统的调度和管理。Android Runtime includes core library and virtual machine. The Android runtime is responsible for the scheduling and management of the Android system.
核心库包含两部分:一部分是java语言需要调用的功能函数,另一部分是安卓的核心库。The core library consists of two parts: one part is the function function that the java language needs to call, and the other part is the core library of Android.
应用程序层和应用程序框架层运行在虚拟机中。虚拟机将应用程序层和应用程序框架层的java文件执行为二进制文件。虚拟机用于执行对象生命周期的管理,堆栈管理,线程管理,安全和异常的管理,以及垃圾回收等功能。The application layer and the application framework layer run in virtual machines. The virtual machine executes the java files of the application program layer and the application program framework layer as binary files. The virtual machine is used to perform functions such as object life cycle management, stack management, thread management, security and exception management, and garbage collection.
系统库可以包括多个功能模块。例如:表面管理器(surface manager),媒体库(Media Libraries),三维图形处理库(例如:OpenGL ES),2D图形引擎(例如:SGL)等。A system library can include multiple function modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc.
表面管理器用于对显示子系统进行管理,并且为多个应用程序提供了2D和3D图层的融合。The surface manager is used to manage the display subsystem and provides the fusion of 2D and 3D layers for multiple applications.
媒体库支持多种常用的音频,视频格式回放和录制,以及静态图像文件等。媒体库可以支持多种音视频编码格式,例如:MPEG4,H.264,MP3,AAC,AMR,JPG,PNG等。The media library supports playback and recording of various commonly used audio and video formats, as well as still image files, etc. The media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
三维图形处理库用于实现三维图形绘图,图像渲染,合成,和图层处理等。The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing, etc.
2D图形引擎是2D绘图的绘图引擎。2D graphics engine is a drawing engine for 2D drawing.
在本申请实施例中,系统库中还可以包括以下模块:Installd模块、密钥库服务模块(KeyStoreService),其中,这两个模块的具体功能以及工作细节可以参照前述各个实施例中的相关内容,在此不再赘述。In the embodiment of the present application, the following modules can also be included in the system library: Installd module, key store service module (KeyStoreService), wherein, the specific functions and working details of these two modules can refer to the relevant content in the foregoing embodiments , which will not be repeated here.
内核层是硬件和软件之间的层。内核层至少包含显示驱动,摄像头驱动,蓝牙驱动,传感器驱动。The kernel layer is the layer between hardware and software. The kernel layer includes at least a display driver, a camera driver, a Bluetooth driver, and a sensor driver.
下面结合捕获拍照场景,示例性说明终端设备100软件以及硬件的工作流程。The workflow of the software and hardware of the terminal device 100 will be exemplarily described below in conjunction with capturing and photographing scenes.
当触摸传感器180K接收到触摸操作,相应的硬件中断被发给内核层。内核层将触摸操作加工成原始输入事件(包括触摸坐标,触摸操作的时间戳等信息)。原始输入事件被存储在内核层。应用程序框架层从内核层获取原始输入事件,识别该输入事件所对应的控件。以该触摸操作是触摸单击操作,该单击操作所对应的控件为相机应用图标的控件为例,相机应用调用应用框架层的接口,启动相机应用,进而通过调用内核层启动摄像头驱动,通过摄像头193捕获静态图像或视频。When the touch sensor 180K receives a touch operation, a corresponding hardware interrupt is sent to the kernel layer. The kernel layer processes touch operations into original input events (including touch coordinates, time stamps of touch operations, and other information). Raw input events are stored at the kernel level. The application framework layer obtains the original input event from the kernel layer, and identifies the control corresponding to the input event. Take the touch operation as a touch click operation, and the control corresponding to the click operation is the control of the camera application icon as an example. The camera application calls the interface of the application framework layer to start the camera application, and then starts the camera driver by calling the kernel layer. Camera 193 captures still images or video.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the present application will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, DSL) or wireless (eg, infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (such as a floppy disk, a hard disk, or a magnetic tape), an optical medium (such as a DVD), or a semiconductor medium (such as a solid state disk (solid state disk, SSD)), etc.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,该流程可以由计算机程序来指令相关的硬件完成,该程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法实施例的流程。而前述的存储介质包括:ROM或随机存储记忆体RAM、磁碟或者光盘等各种可存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments are realized. The processes can be completed by computer programs to instruct related hardware. The programs can be stored in computer-readable storage media. When the programs are executed , may include the processes of the foregoing method embodiments. The aforementioned storage medium includes: ROM or random access memory RAM, magnetic disk or optical disk, and other various media that can store program codes.
以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。The above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still apply to the foregoing embodiments Modifications are made to the recorded technical solutions, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of each embodiment of the application.

Claims (14)

  1. 一种密钥管理方法,应用于终端设备,所述终端设备安装有第一应用,其特征在于,所述方法包括:A key management method, applied to a terminal device, the terminal device is installed with a first application, characterized in that the method includes:
    所述终端设备将所述第一应用的用户身份证明UID由第一UID变化为第二UID,所述第一应用是依据所述第一应用的UID来访问第一密钥文件的,所述第一密钥文件中存储的数据是所述第一应用执行第一业务时需要使用的,所述第一密钥文件的文件名是所述终端设备基于所述第一UID生成的;The terminal device changes the user identification UID of the first application from the first UID to a second UID, and the first application accesses the first key file according to the UID of the first application, and the The data stored in the first key file is required for the first application to execute the first service, and the file name of the first key file is generated by the terminal device based on the first UID;
    所述终端设备基于所述第一密钥文件生成第二密钥文件;The terminal device generates a second key file based on the first key file;
    其中,所述第二密钥文件的文件名是所述终端设备基于所述第二UID生成的,所述第二密钥文件中存储的数据与所述第一密钥文件中存储的数据相同。Wherein, the file name of the second key file is generated by the terminal device based on the second UID, and the data stored in the second key file is the same as the data stored in the first key file .
  2. 根据权利要求1所述的方法,其特征在于,所述终端设备基于所述第一密钥文件生成第二密钥文件,具体包括:The method according to claim 1, wherein the terminal device generates a second key file based on the first key file, specifically comprising:
    所述终端设备将所述第一密钥文件存储的数据迁移至所述第二密钥文件;The terminal device migrates the data stored in the first key file to the second key file;
    或,or,
    所述终端设备通过将所述第一密钥文件的文件名修改为所述第二密钥文件的文件名,生成所述第二密钥文件。The terminal device generates the second key file by modifying the file name of the first key file to the file name of the second key file.
  3. 根据权利要求1或2所述的方法,其特征在于,在所述终端设备将所述第一应用的UID由第一UID变化为第二UID之前,所述方法还包括:The method according to claim 1 or 2, wherein before the terminal device changes the UID of the first application from the first UID to the second UID, the method further comprises:
    所述终端设备完成空中升级OTA之后开机重启;The terminal device restarts after completing the over-the-air upgrade OTA;
    或,or,
    所述终端设备完成空中升级OTA之后检测到登录所述终端设备的用户由第一用户切换到第二用户。After the terminal device completes the over-the-air upgrade OTA, it detects that the user logging in to the terminal device is switched from the first user to the second user.
  4. 根据权利要求1或2所述的方法,其特征在于,在所述终端设备将所述第一应用的UID由第一UID变化为第二UID之前,所述方法还包括:The method according to claim 1 or 2, wherein before the terminal device changes the UID of the first application from the first UID to the second UID, the method further comprises:
    所述终端设备检测到所述第一应用启动并运行。The terminal device detects that the first application is started and running.
  5. 根据权利要求3所述的方法,其特征在于,所述终端设备包括应用包管理服务PMS,在所述终端设备基于所述第一密钥文件生成第二密钥文件之前,所述方法还包括:The method according to claim 3, wherein the terminal device includes an application package management service (PMS), and before the terminal device generates a second key file based on the first key file, the method further includes :
    所述终端设备通过所述PMS检测到所述第一应用的UID由第一UID变化为第二UID。The terminal device detects through the PMS that the UID of the first application has changed from the first UID to the second UID.
  6. 根据权利要求4所述的方法,其特征在于,所述终端设备包括密钥库服务KeyStoreService,在所述终端设备基于所述第一密钥文件生成第二密钥文件之前,所述方法还包括:The method according to claim 4, wherein the terminal device includes a key store service KeyStoreService, and before the terminal device generates a second key file based on the first key file, the method further includes :
    所述终端设备通过所述KeyStoreService检测到所述第一应用的UID由第一UID变化为第二UID。The terminal device detects through the KeyStoreService that the UID of the first application has changed from the first UID to the second UID.
  7. 根据权利要求1-6任一项所述的方法,其特征在于,所述终端设备包括Installd模块, 在所述终端设备基于所述第一密钥文件生成第二密钥文件之前,所述方法还包括:The method according to any one of claims 1-6, wherein the terminal device includes an Installd module, and before the terminal device generates a second key file based on the first key file, the method Also includes:
    所述终端设备通过Installd模块查询所述第一UID和所述第二UID。The terminal device queries the first UID and the second UID through the Installd module.
  8. 根据权利要求1-7所述的方法,其特征在于,所述终端设备利用第二密钥文件中存储的数据执行所述第一业务,具体包括:The method according to claims 1-7, wherein the terminal device uses the data stored in the second key file to execute the first service, specifically comprising:
    所述终端设备显示第一用户界面,所述第一用户界面中包括用户数据,所述用户数据是利用所述第二密钥文件中存储的数据获取到的。The terminal device displays a first user interface, the first user interface includes user data, and the user data is obtained by using the data stored in the second key file.
  9. 根据权利要求1-8所述的方法,其特征在于,在所述第一应用的UID由所述第一UID变化为所述第二UID的情况下,所述第一应用的系统访问权限变低。The method according to claim 1-8, wherein when the UID of the first application changes from the first UID to the second UID, the system access authority of the first application changes to Low.
  10. 根据权利要求1-9任一项所述的方法,其特征在于,在所述终端设备基于第一密钥文件生成第二密钥文件之后,所述方法还包括:The method according to any one of claims 1-9, wherein after the terminal device generates a second key file based on the first key file, the method further comprises:
    所述终端设备保存所述第二密钥文件。The terminal device saves the second key file.
  11. 根据权利要求1-10任一项所述的方法,其特征在于,所述第一应用为系统应用,所述系统应用为所述终端设备的操作系统预置的应用。The method according to any one of claims 1-10, wherein the first application is a system application, and the system application is an application preset by an operating system of the terminal device.
  12. 根据权利要求1-11任一项所述的方法,其特征在于,所述第一应用的UID是基于用户标识UserId和应用标识APPId生成的,其中,所述用户标识UserId是所述终端设备基于登录所述终端设备的用户数量确定的,所述应用标识APPId是所述终端设备基于所述第一应用的包名确定的。The method according to any one of claims 1-11, wherein the UID of the first application is generated based on a user identifier UserId and an application identifier APPId, wherein the user identifier UserId is generated by the terminal device based on The number of users logging into the terminal device is determined, and the application identifier APPId is determined by the terminal device based on the package name of the first application.
  13. 一种终端设备,其特征在于,所述终端设备包括一个或多个处理器和一个或多个存储器;其中,所述一个或多个存储器与所述一个或多个处理器耦合,所述一个或多个存储器用于存储计算机程序代码,所述计算机程序代码包括计算机指令,当所述一个或多个处理器执行所述计算机指令时,使得所述终端设备执行如权利要求1-12中任一项所述的方法。A terminal device, characterized in that the terminal device includes one or more processors and one or more memories; wherein the one or more memories are coupled to the one or more processors, and the one or more or a plurality of memories are used to store computer program codes, the computer program codes include computer instructions, and when the one or more processors execute the computer instructions, the terminal device performs any of claims 1-12 one of the methods described.
  14. 一种计算机存储介质,其特征在于,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,当所述程序指令在终端设备上运行时,使得所述终端设备执行如权利要求1-12中任一项所述的方法。A computer storage medium, characterized in that the computer storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are run on a terminal device, the terminal device is made to execute the computer program according to claim 1. - The method described in any one of 12.
PCT/CN2022/127998 2021-10-29 2022-10-27 Key migration method and related device WO2023072206A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111279912.3 2021-10-29
CN202111279912.3A CN116070222A (en) 2021-10-29 2021-10-29 Key migration method and related equipment

Publications (1)

Publication Number Publication Date
WO2023072206A1 true WO2023072206A1 (en) 2023-05-04

Family

ID=86160497

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/127998 WO2023072206A1 (en) 2021-10-29 2022-10-27 Key migration method and related device

Country Status (2)

Country Link
CN (1) CN116070222A (en)
WO (1) WO2023072206A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080232598A1 (en) * 2005-08-05 2008-09-25 Ravigopal Vennelakanti System, Method and Apparatus to Obtain a Key for Encryption/Decryption/Data Recovery From an Enterprise Cryptography Key Management System
WO2009153974A1 (en) * 2008-06-20 2009-12-23 コニカミノルタホールディングス株式会社 Data management system, data management method, and computer program
CN105681039A (en) * 2016-04-15 2016-06-15 上海上讯信息技术股份有限公司 Method and device for secret key generation and corresponding decryption
CN106506159A (en) * 2016-11-18 2017-03-15 上海艾讯云计算有限公司 Encryption method and equipment for key safety
CN111177735A (en) * 2019-07-30 2020-05-19 腾讯科技(深圳)有限公司 Identity authentication method, device, system and equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080232598A1 (en) * 2005-08-05 2008-09-25 Ravigopal Vennelakanti System, Method and Apparatus to Obtain a Key for Encryption/Decryption/Data Recovery From an Enterprise Cryptography Key Management System
WO2009153974A1 (en) * 2008-06-20 2009-12-23 コニカミノルタホールディングス株式会社 Data management system, data management method, and computer program
CN105681039A (en) * 2016-04-15 2016-06-15 上海上讯信息技术股份有限公司 Method and device for secret key generation and corresponding decryption
CN106506159A (en) * 2016-11-18 2017-03-15 上海艾讯云计算有限公司 Encryption method and equipment for key safety
CN111177735A (en) * 2019-07-30 2020-05-19 腾讯科技(深圳)有限公司 Identity authentication method, device, system and equipment and storage medium

Also Published As

Publication number Publication date
CN116070222A (en) 2023-05-05

Similar Documents

Publication Publication Date Title
CN111466099B (en) Login method, token sending method, device and storage medium
CN113609498B (en) Data protection method and electronic equipment
EP3822835B1 (en) Method for deleting secure service, and electronic apparatus
WO2020010584A1 (en) Data recovery method for when restoring factory settings of terminal, and terminal
WO2021159746A1 (en) File sharing method and system, and related device
WO2020150917A1 (en) Application permission management method and electronic device
CN113408016B (en) Method and device for storing ciphertext
CN110752929B (en) Application program processing method and related product
CN111615820B (en) Method and equipment for performing domain name resolution by sending key value to GRS server
CN113821767A (en) Application program authority management method and device and electronic equipment
EP4033354A1 (en) Method and apparatus for installing plug-in, and storage medium
CN114553814A (en) Method and device for processing push message
WO2022166502A1 (en) Data protection method and system, and medium and electronic device
CN114741720A (en) Authority management method and terminal equipment
WO2022111469A1 (en) File sharing method and apparatus, and electronic device
WO2023284555A1 (en) Method for securely calling service, and method and apparatus for securely registering service
CN115017498B (en) Method for operating applet and electronic device
WO2023072206A1 (en) Key migration method and related device
CN114254334A (en) Data processing method, device, equipment and storage medium
CN114567871A (en) File sharing method and device, electronic equipment and readable storage medium
WO2023142935A1 (en) Application component management method and related device
WO2023142940A1 (en) Application component sharing method and related device
WO2023045876A1 (en) Application installation method and related devices
CN114168115B (en) Communication system, application downloading method and device
WO2024093703A1 (en) Instance management method and apparatus, and electronic device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22886081

Country of ref document: EP

Kind code of ref document: A1