CN116527246A - Data protection method and electronic equipment - Google Patents

Data protection method and electronic equipment Download PDF

Info

Publication number
CN116527246A
CN116527246A CN202310382895.9A CN202310382895A CN116527246A CN 116527246 A CN116527246 A CN 116527246A CN 202310382895 A CN202310382895 A CN 202310382895A CN 116527246 A CN116527246 A CN 116527246A
Authority
CN
China
Prior art keywords
service
interface
user
account
trust ring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310382895.9A
Other languages
Chinese (zh)
Inventor
丁金岩
窦伟明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202310382895.9A priority Critical patent/CN116527246A/en
Publication of CN116527246A publication Critical patent/CN116527246A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

The embodiment of the application provides a data protection method and electronic equipment, wherein the method comprises the following steps: after a first screen locking code of the first electronic equipment is input and a synchronization function of the password safe box service is started, a user triggers a second control in a current display interface, the first electronic equipment is triggered to create a first trust ring corresponding to the first account, and after the first trust ring is created and added, prompt information is displayed on the interface to prompt that the first trust ring is created. According to the data protection method, account-level master key MK is protected based on user secrets such as equipment screen locking codes, and the cloud side cannot decrypt the hosted master key ciphertext because the user secrets are unknown to the cloud side, so that the risk of master key leakage is reduced, the safety of the master key MK is improved, and meanwhile the cloud side can self-prove the master key MK.

Description

Data protection method and electronic equipment
The present application is a divisional application, the name of the original application is data protection method and electronic equipment, the application number of the original application is 202111400200.2, the date of the original application is 2021, 11 and 19, and the whole content of the original application is incorporated by reference in the present application.
Technical Field
The embodiment of the application relates to the field of terminal equipment, in particular to a data protection method and electronic equipment.
Background
Currently, the terminal device may store the data of the user in the cloud end so that the user can upload and download the data in real time. The user's data typically corresponds to a particular user account. However, the security of user data is entirely dependent on account security, which data can be obtained from the cloud side as long as the device is able to pass account verification. If any one of the account number and the cloud side server is attacked, the user data is leaked. In addition, the cloud side server may decrypt the user data, and the cloud side cannot self-verify. Thus, the known solutions are less secure and do not provide support for user data protection with higher security requirements.
Disclosure of Invention
The application provides a data protection method and electronic equipment, wherein under the condition that a current service is a preset service in a white list, a first derivative key stored in a trusted execution environment of first electronic equipment is extracted, a master key is generated, and a master key ciphertext is obtained based on the first derivative key by encrypting the master key; generating a first authentication parameter based on the first derivative key; and uploading the first authentication parameter and the first master key ciphertext to the cloud end so that the first server creates a trust ring for a first account logged in by the first electronic equipment, and adding the first equipment into the ring. According to the data protection method, account-level master key MK is protected based on user secrets such as equipment screen locking codes, and the cloud side cannot decrypt the hosted master key ciphertext because the user secrets are unknown to the cloud side, so that the risk of master key leakage is reduced, the safety of the master key MK is improved, and meanwhile the cloud side can self-prove the master key MK.
In a first aspect, an embodiment of the present application provides a data protection method, which is applied to a first electronic device, including: under the condition that the current service is a preset service in a white list, extracting a first derivative key stored in a trusted execution environment of the first electronic equipment, wherein the first derivative key is generated according to a first screen locking code of the first electronic equipment, and the first electronic equipment logs in a first account; generating a master key in a trusted execution environment of the first electronic device; encrypting the master key based on the first derivative key to generate a first master key ciphertext of the first electronic device; generating a first authentication parameter based on the first derivative key; and sending a ring creation request to the first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and the first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter. According to the method for creating the trust ring, the account-level master key MK is protected based on the user secret such as the equipment screen locking code, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, and meanwhile, the cloud side can self-prove the master key MK. In addition, the method for creating the trust ring does not need to manually input the screen locking code of the second electronic device after the user requests to add the trust ring, and is convenient to operate.
The screen locking code in the application may be replaced by other user information, for example, the user information may be a user birthday, a user name, a birthday of a parent or friend, a name, and the like. These pieces of information are pieces of information unique to the user, only the user knows by himself, and the pieces of information differ from user to user. Such user information is easy for the user to memorize and is not known to the cloud side. When the master key is encrypted based on the user information, the cloud side cannot decrypt, and thus the cloud side can be self-certifying. Besides the user, other people can hardly know which user information is used by the user to encrypt the master key, so that the difficulty in cracking the ciphertext of the master key is greatly increased, the security of the master key is improved, and the security of user data protected by using the derivative key of the master key can be improved. Meanwhile, when the 2 nd device and the 2 nd and subsequent devices in the trust ring are registered, the identity of the registered device can be verified based on the user information, interaction with the registered device is not needed, and convenience is provided for the user.
According to a first aspect, a first electronic device encrypts a master key based on a first derivative key, generates a first master key ciphertext for the first electronic device, comprising: the first electronic device generates a second derivative key according to the first derivative key; and encrypting the master key according to the second derivative key to obtain a first master key ciphertext of the first electronic device. In this way, the master key is encrypted according to the user personalized information such as the screen locking code, so that the cloud side which does not know the user personalized information cannot decrypt the master key, the user data encrypted by the derivative key of the master key is protected, and the safety of the user data is improved.
According to the first aspect, or any implementation manner of the first aspect, the generating, by the first electronic device, the first authentication parameter based on the first derivative key includes: the first electronic device generates a first shared value according to the first derivative key; and encrypting the first shared value according to the HSM public key generated by the first server side to obtain a first authentication parameter. Thus, the authentication parameters are generated according to the user personalized information such as the screen locking code, so that the authentication parameters cannot be forged, and the authentication security is ensured.
According to the first aspect, or any implementation manner of the first aspect, the method further includes: responding to the operation of modifying the screen locking code of the first electronic equipment, and generating a hash value based on the modified new screen locking code; generating a first derivative key based on the hash value; the first derivative key is saved to a trusted execution environment of the first electronic device. The first derivative key is generated based on the screen locking code in advance, the first derivative key is directly extracted from the trusted execution environment when the first derivative key is needed in the loop adding process, the screen locking code is not needed to be input by a user, the frequency of the screen locking code input by the user can be reduced, and the user experience can be improved.
According to the first aspect, or any implementation manner of the first aspect, the method further includes: detecting a registration state of the first electronic device under the condition that a registration request is received; under the condition that the first electronic equipment is not registered, a registration state comparison request is sent to a first server, wherein the registration state comparison request carries an equipment identifier of the first electronic equipment and an account identifier of a first account; and receiving a first registration state confirmation message returned by the first server, wherein the first registration state confirmation message is used for indicating that the trust ring does not exist under the first account. The method comprises the steps of firstly detecting the registration state at the equipment end, and when the fact that the equipment end is not registered locally is determined, comparing the registration state with the cloud end, and compared with the method of directly requesting the cloud end to carry out registration state comparison, the method can reduce the access times to the cloud end.
According to the first aspect, or any implementation manner of the first aspect, the ring creation request carries a device identifier of the first device and an account identifier of the first account; after the first electronic device is added to the first trust ring, the trust ring data of the first trust ring includes: the account identification of the first account, the device identification of the first device, the first authentication parameter and the first master key ciphertext. And relevant trust ring data of the equipment are correspondingly stored, so that the trust ring data can be conveniently managed subsequently.
According to the first aspect, or any implementation manner of the first aspect, the method further includes: deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext; and sending the first service data ciphertext to the second server so that the second server stores the first service data ciphertext. The cloud-up synchronization method based on the service key derived from the master key encrypts the service data ciphertext and then performs cloud-up synchronization, and the cloud-up service data ciphertext is unknown because the master key cloud is unknown, so that the security of service data can be ensured, and the cloud can be self-verified.
According to the first aspect, or any implementation manner of the first aspect, the method further includes: the first electronic device acquires a second service data ciphertext from a second server; deriving a first service key based on the master key; and decrypting the second service data ciphertext by using the first service key to obtain second service data. According to the method for decrypting the service data ciphertext locally in the electronic equipment after the service data ciphertext is obtained from the cloud, even if the service data ciphertext transmitted between the cloud and the electronic equipment is intercepted, the interception imitations can not obtain the rule of the master key and the rule of deriving the first service key from the master key, so that the obtained service data can not be decrypted, and the safety of the service data can be improved.
In a second aspect, an embodiment of the present application provides a data protection method, applied to a second electronic device, where the method includes: under the condition that the current service is a preset service in a white list, the second electronic equipment extracts a third derivative key stored in a trusted execution environment of the second electronic equipment, wherein the third derivative key is generated according to a second screen locking code of the second electronic equipment, and the second electronic equipment logs in the first account; receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to a first account number acquired from a first server; when the authentication of the first electronic equipment based on the first screen locking code passes, receiving a first master key ciphertext of the first electronic equipment, which is sent by a first server; decrypting the first master key ciphertext based on the first screen locking code to obtain a master key; encrypting the master key based on the third derivative key, generating a second master key ciphertext for the second electronic device, and generating a second authentication parameter based on the third derivative key; and sending a ring adding request to the first server so that the first server adds the second master key ciphertext and the second authentication parameter to the trust ring data of the first trust ring.
According to the method for joining the trust ring, the cloud side sends the managed master key ciphertext of the registered device to the ring adding device, the ring adding device decrypts the master key ciphertext of the registered device based on the user secret of the registered device to obtain the master key MK, and the user secret of the registered device is unknown to the cloud side and does not need to be forwarded by the cloud side, so that the cloud side cannot decrypt the master key ciphertext and can self-prove the master key ciphertext. In addition, the method for joining the trust ring does not need to manually input the screen locking code of the second electronic device after the user requests to join the ring, and is convenient to operate.
According to a second aspect, after extracting the third derivative key stored in the trusted execution environment of the second electronic device, the method further comprises: sending an information acquisition request of the ring equipment to a first server, wherein the information acquisition request of the ring equipment carries an account identifier of a first account; receiving ring equipment information of a first trust ring corresponding to a first account returned by a first server, wherein the ring equipment comprises first electronic equipment; and displaying a screen locking code input interface of the first electronic equipment. Thus, the screen locking code input interface of the default equipment is displayed, and the screen locking code of the verification equipment is directly input by a user, so that the operation is convenient.
According to a second aspect, or any implementation manner of the second aspect, after the second electronic device extracts a third derivative key stored in a trusted execution environment of the second electronic device, the method further includes: sending an information acquisition request of the ring equipment to a first server, wherein the information acquisition request of the ring equipment carries an account identifier of a first account; receiving ring equipment information of a first trust ring corresponding to the first account returned by a first server, wherein the ring equipment comprises first electronic equipment and third electronic equipment; and responding to the selected operation of the third electronic equipment in the ring equipment information, and displaying a screen locking code input interface of the third electronic equipment. The first server returns all the information of the ring devices, and the user can flexibly select any ring device as the verification device, so that the verification is more flexible.
According to a second aspect, or any implementation manner of the second aspect, before the authentication of the first electronic device based on the first screen locking code passes, the method further includes: generating a first authentication parameter based on the first screen locking code; and sending the first authentication parameter to the first server so that the first server can carry out identity verification on the first electronic equipment according to the first authentication parameter. Thus, the authentication parameters are generated according to the user personalized information such as the screen locking code, so that the authentication parameters cannot be forged, and the authentication security is ensured.
According to a second aspect, or any implementation manner of the second aspect, the second electronic device encrypts the master key based on the third derivative key, and generates a second master key ciphertext of the second electronic device, including: generating a fourth derivative key according to the third derivative key; and encrypting the master key according to the fourth derivative key to obtain a second master key ciphertext of the second electronic device. In this way, the master key is encrypted according to the user personalized information such as the screen locking code, so that the cloud side which does not know the user personalized information cannot decrypt the master key, the user data encrypted by the derivative key of the master key is protected, and the safety of the user data is improved.
According to a second aspect, or any implementation manner of the second aspect above, generating the second authentication parameter based on the third derivative key includes: generating a second shared value according to the third derivative key; and encrypting the second shared value according to the HSM public key generated by the first server side to obtain a second authentication parameter. Thus, the authentication parameters are generated according to the user personalized information such as the screen locking code, so that the authentication parameters cannot be forged, and the authentication security is ensured.
According to a second aspect, or any implementation manner of the second aspect, the method further includes: detecting a registration state of the second electronic device under the condition that a registration request is received; under the condition that the second electronic equipment is not registered, a registration state comparison request is sent to the first server, wherein the registration state comparison request carries the equipment identifier of the second electronic equipment and the account identifier of the first account; and receiving a second registration state confirmation message returned by the first server, wherein the second registration state confirmation message is used for indicating that the first trust ring exists under the first account, but the second electronic equipment is not on the first trust ring. The method comprises the steps of firstly detecting the registration state at the equipment end, and when the fact that the equipment end is not registered locally is determined, comparing the registration state with the cloud end, and compared with the method of directly requesting the cloud end to carry out registration state comparison, the method can reduce the access times to the cloud end.
According to a second aspect, or any implementation manner of the second aspect, the method further includes: the second electronic equipment derives a first service key based on the master key, and encrypts the first service data by using the first service key to obtain a first service data ciphertext; and sending the first service data ciphertext to the second server so that the second server stores the first service data ciphertext. The cloud-up synchronization method based on the service key derived from the master key encrypts the service data ciphertext and then performs cloud-up synchronization, and the cloud-up service data ciphertext is unknown because the master key cloud is unknown, so that the security of service data can be ensured, and the cloud can be self-verified.
According to a second aspect, or any implementation manner of the second aspect, the method further includes: acquiring a second service data ciphertext from a second server; generating a first service key based on the master key group; and decrypting the second service data ciphertext by using the first service key to obtain second service data. According to the method for decrypting the service data ciphertext locally in the electronic equipment after the service data ciphertext is obtained from the cloud, even if the service data ciphertext transmitted between the cloud and the electronic equipment is intercepted, the interception imitations can not obtain the rule of the master key and the rule of deriving the first service key from the master key, so that the obtained service data can not be decrypted, and the safety of the service data can be improved.
In a third aspect, an embodiment of the present application provides an electronic device, as a first electronic device, including: a trust ring module and a trust ring service module; a trust ring module for: under the condition that the current service is a preset service in a white list, extracting a first derivative key stored in a trusted execution environment of the first electronic equipment, wherein the first derivative key is generated according to a first screen locking code of the first electronic equipment, and the first electronic equipment logs in a first account; generating a master key in a trusted execution environment of the first electronic device; then, encrypting the master key based on the first derivative key to generate a first master key ciphertext of the first electronic device; transmitting the first derivative key to a trust ring service module; a trust ring service module for: generating a first authentication parameter based on the first derivative key; and sending a ring creation request to the first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and the first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter.
According to the method for creating the trust ring, the account-level master key MK is protected based on the user secret such as the equipment screen locking code, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, and meanwhile, the cloud side can self-prove the master key MK.
In a fourth aspect, an embodiment of the present application provides an electronic device, as a second electronic device, including: a trust ring module and a trust ring service module; a trust ring module for: under the condition that the current service is a preset service in a white list, extracting a third derivative key stored in a trusted execution environment of the second electronic equipment, wherein the third derivative key is generated according to a second screen locking code of the second electronic equipment, and the second electronic equipment logs in the first account; a trust ring service module for: receiving a first screen locking code of first electronic equipment input by a user, wherein the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to a first account number acquired from a first server; when the authentication of the first electronic equipment based on the first screen locking code passes, receiving a first master key ciphertext of the first electronic equipment, which is sent by a first server; the first master key ciphertext and the first screen locking code are sent to a trust ring module; a trust ring module for: decrypting the first master key ciphertext based on the first screen locking code to obtain a master key; encrypting the master key based on the third derivative key to generate a second master key ciphertext for the second electronic device; transmitting the third derivative key to the trust ring service module; the trust ring service module is further configured to: generating a second authentication parameter based on the third derivative key; and sending a ring adding request to the first server so that the first server adds the second master key ciphertext and the second authentication parameter to the trust ring data of the first trust ring.
According to the method for joining the trust ring, the cloud side sends the managed master key ciphertext of the registered device to the ring adding device, the ring adding device decrypts the master key ciphertext of the registered device based on the user secret of the registered device to obtain the master key MK, and the user secret of the registered device is unknown to the cloud side and does not need to be forwarded by the cloud side, so that the cloud side cannot decrypt the master key ciphertext and can self-prove the master key ciphertext. In addition, the method for joining the trust ring does not need to manually input the screen locking code of the second electronic device after the user requests to join the ring, and is convenient to operate.
In a fifth aspect, the present application provides a computer readable medium storing a computer program comprising instructions for performing the method of the first aspect or any possible implementation of the first aspect, or instructions for performing the method of the second aspect or any possible implementation of the second aspect.
In a sixth aspect, the present application provides a computer program comprising instructions for performing the method of the first aspect or any possible implementation of the first aspect, instructions for performing the method of the second aspect or any possible implementation of the second aspect.
Drawings
Fig. 1 is a schematic structural diagram of an exemplary electronic device 100;
fig. 2 is a software architecture block diagram of an electronic device 100 of an embodiment of the present application, which is exemplarily shown;
FIG. 3 is a schematic diagram illustrating information interaction during creation of a trust ring;
FIG. 4 is a schematic diagram illustrating interaction between a device and a cloud side during creation of a trust ring;
FIG. 5A is a schematic diagram of an interface into a My device application with an exemplary shown logged-in account;
FIG. 5B is a schematic diagram of an interface into a My device application with an unregistered account shown by way of example;
FIG. 6 is a schematic diagram illustrating an interface from a "My devices" application in device A to a "password safe synchronization" application;
FIG. 7A is a schematic diagram illustrating a process for entering a "password safe" interface with device A having set a lock screen code;
FIG. 7B is a schematic diagram illustrating a process for entering a "password safe" interface without a lock screen code being set by device A;
FIG. 8 is a schematic diagram illustrating a process for opening a "password safe sync" switch in a scenario in which a trust ring is created;
FIG. 9 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario in which a trust ring is created;
FIG. 10 is a schematic flow diagram of an exemplary illustrated creation of a trust ring;
FIG. 11 is a schematic diagram illustrating an exemplary embodiment of a device A synchronizing a service data ciphertext to an account management server after creating a trust ring;
FIG. 12 is a schematic diagram illustrating the interaction of modules of a synchronous traffic data ciphertext;
FIG. 13 is a schematic diagram illustrating an interface of a synchronous service data ciphertext to an account management server;
FIG. 14 is a schematic diagram illustrating information interaction during a device B joining a trust ring;
FIG. 15 is a schematic diagram illustrating an interface from a "My device" application in device B to a "password safe synchronization" application;
FIG. 16A is a schematic diagram illustrating the process of entering the "safe in password" interface and opening the "safe in password" switch with device B having set the lock screen code;
FIG. 16B is a schematic diagram illustrating a process for entering the "safe" interface and opening the "safe sync" switch without the lock screen code set by device B;
FIG. 17 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in the scenario where device B joins a trust ring;
FIG. 18 is a flow chart illustrating the joining of a trust ring by device B;
Fig. 19 is a schematic diagram illustrating synchronization of service data ciphertext from an account management server after a device B joins a trust ring;
FIG. 20 is a schematic diagram illustrating an interface for synchronizing business data ciphertext from an account management server;
FIG. 21 is a schematic diagram illustrating an interface during creation of a trust ring by device A under a cryptographic safe service;
FIG. 22 is a schematic flow diagram of an exemplary illustrated creation of a trust ring;
FIG. 23 is a schematic diagram illustrating an interface during the joining of device B to a trust ring under a cryptographic safe service;
fig. 24 is a flow diagram schematically illustrating joining a trust ring.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
The terms first and second and the like in the description and in the claims of embodiments of the present application are used for distinguishing between different objects and not necessarily for describing a particular sequential order of objects. For example, the first target object and the second target object, etc., are used to distinguish between different target objects, and are not used to describe a particular order of target objects.
In the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations, or descriptions. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more. For example, the plurality of processing units refers to two or more processing units; the plurality of systems means two or more systems.
Fig. 1 is a schematic diagram of an exemplary illustrated electronic device 100. It should be understood that the electronic device 100 shown in fig. 1 is only one example of an electronic device, and that the electronic device 100 may have more or fewer components than shown in the figures, may combine two or more components, or may have a different configuration of components. The various components shown in fig. 1 may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
The electronic device 100 may be a mobile phone, a tablet, etc.
The electronic device 100 may include: processor 110, external memory interface 120, internal memory 121, universal serial bus (universal serial bus, USB) interface 130, charge management module 140, power management module 141, battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headset interface 170D, sensor module 180, keys 190, motor 191, indicator 192, camera 193, display 194, and subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In this embodiment, taking an Android system with a layered architecture as an example, a software structure of the electronic device 100 is illustrated.
The layered architecture of the electronic device 100 divides the software into several layers, each with a distinct role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into three layers, an application layer, an application framework layer, and a kernel layer from top to bottom.
The application layer may include a series of application packages.
As shown in FIG. 2, the application package may include applications such as sensors (which may also be referred to as desktops and wallpapers), HMS core, trust ring, password safe, and the like. For example, the sensor may monitor user sliding, pressing, etc. of the screen, and the HMS core provides a collection of electronic device side, cloud opening capabilities. The trust ring application is used for creating and managing the trust ring for the account number, wherein the management of the trust ring includes but is not limited to: adding devices to the trust ring, deleting devices from the trust ring, deleting the trust ring, freezing the trust ring, updating master key ciphertext under the trust ring, and the like. The password safe is used for managing business data synchronized to an account management server by a user, for example: a login account and a password for a service.
The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.
As shown in fig. 2, the application framework layer may include a window manager, a view system, an F interface, and a resource manager, among others.
The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen, send interface information display instructions to the view system, and the like.
The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.
The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.
The F interface is an external service interface of the trust ring.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: a two-dimensional graphics engine (e.g., SGL), a key asset trust ring CA, a surface manager, etc.
The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications. The two-dimensional graphics engine is a drawing engine for two-dimensional images.
The key asset trust ring CA may also be referred to as a trust ring service module, and is mainly used for message transparent transmission between an upper layer trust ring application and a lower layer key asset trust ring TA.
The kernel layer is a layer between hardware and software. The kernel layer contains at least a display driver, a sensor driver, a W-iFi driver, and a key asset trust ring TA. The display driver is used to drive the display 194, the wi-Fi driver is used to drive the wireless communication module 160, and the sensor driver is used to drive the sensor module 180.
The key asset trust ring TA may also be referred to as a trust ring module, and is configured to implement core security logic, provide a trusted execution environment, generate a master key in the trusted execution environment, encrypt the master key to generate a master key ciphertext, and so on. For the specific functions of the key asset trust ring CA and the key asset trust ring TA, the related description in the flow description such as ring creation, ring addition, ring deletion, riot prevention, equipment offline in the trust ring, master key updating, master key ciphertext updating and the like is referred to.
It is to be understood that the components contained in the system framework layer and runtime layer shown in fig. 2 do not constitute a particular limitation of the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components.
When using an electronic device, a user typically needs to memorize a lot of password data, such as a password of a mailbox account, a password of a network disk account, a password of a smart home control right, and the like. When such password data is large, if the user is allowed to record the password data of each service independently, great difficulty is caused to the user's memory. Therefore, the user hopes to upload the password data to the cloud side for storage through the data synchronization function, and the password data is directly obtained from the cloud side when in use, and the user does not need to memorize the password data.
However, for such cryptographic data, the user has different security requirements than for general data to be synchronized, e.g. for pictures, address books, short messages, etc. Such cryptographic data, once compromised, would cause significant loss to the user. Therefore, users have high security requirements for such cryptographic data. At this time, the disadvantage that the cloud side cannot self-prove the security of the data synchronized to the cloud side is greatly reduced, and the high security requirement of the password data cannot be met.
The data protection method enables the cloud side to be self-certificated and can provide support for data synchronization of service data with high security requirements such as password data.
The data protection method of the present application will be described in detail with reference to the accompanying drawings.
First create trust ring
FIG. 3 is a schematic diagram illustrating information interaction during creation of a trust ring. FIG. 4 is a schematic diagram illustrating interaction of a device with the cloud side during creation of a trust ring. Fig. 10 is a schematic flow diagram illustrating creation of a trust ring.
The process of creating a trust ring according to embodiments of the present application is described in detail below in conjunction with fig. 3, 4, and 10.
In the embodiment of the present application, assuming that the glowing account number of the device a is account number 1, taking the process of creating the trust ring by taking the process of creating the trust ring 1 by taking the process of initiating registration to the trust ring cloud by the device a for the first time as an example, the process of creating the trust ring is described. The application that can trigger the creation of the trust ring flow may be any application under the glowing account, and here, the creation of the trust ring flow is illustrated by triggering the "password safe synchronization" application under the glowing account.
Where "registration" herein refers to the process of adding a device to a trust ring. When the first device is registered, because the trust ring is not yet established under the account, the trust ring needs to be established first, and then the device is added into the trust ring, and the process of registering the first device is called establishing the trust ring. The non-head device registration process is referred to herein as joining the trust ring, as it only requires the device to be added to the existing trust ring.
It is assumed herein that account number 1 includes 3 devices, respectively glowing V40 (i.e., device a), glowing V30 (noted device B), and glowing V50 (noted device C).
It should be noted that, the actions performed by the various clouds herein should be understood as actions performed by the servers in the respective clouds. For example, the actions performed by the account management server are performed by the account management server, and the actions performed by the trust ring cloud are performed by the trust ring cloud server.
Referring to fig. 3, in the process of creating a trust ring, a device a sends a request of a login account 1 to an account management server, and after the request of the account management server for the login account 1 is verified, a verification passing message is returned to the device a; after receiving the verification passing message, the device A generates a master key ciphertext EMK11 of the device A and an authentication parameter PAKE11 of the device A, sends the EMK11 and the PAKE11 to the trust ring cloud, and after receiving the EMK11 and the PAKE11 sent by the device A, the trust ring cloud creates a trust ring 1 for the account number 1 and adds the device A into the trust ring 1.
Referring to fig. 10, in an embodiment of the present application, a process of creating a trust ring by a device a may include the following steps:
step S1: device a logs in to account 1.
The device a is described herein as an example of a glory V40 cell phone. It should be understood that device a may be any electronic device that has installed the trust ring creation functionality of the present application, and the present application is not limited.
Device a needs to initiate registration with the trust ring cloud with the logged-in account to create the trust ring. If device A does not have a login account, it needs to first login account.
FIG. 5A is a schematic diagram of an interface into a My device application with an exemplary illustrated logged-in account. FIG. 5B is a schematic illustration of an interface into a My device application with an unregistered account shown exemplary. Fig. 6 is a schematic diagram illustrating an interface from a my device application to a password safe synchronization application in device a.
Referring to fig. 5A and 6, in the case where device a has logged in to account 1 (assuming account 1 is 1581991 ××), the user may click on the "set" application icon in the device a main interface (as shown in fig. 5A (a)), and enter the "set" interface shown in fig. 5A (b). At the "setup" interface, the user clicks on account 1 (i.e., 1581991 ××), and enters the "account center" interface shown in fig. 5A, diagram (b). At the "Account center" interface, the user clicks on "My device" and proceeds to the "My device" interface shown in FIG. 6 (b). Find the current device in the My device interface, i.e., glory V40, click on glory V40 to enter the device info interface shown in FIG. 6 (c). In the "device info" interface, the user continues to click on the "password safe synchronization" application in the interface, and may enter the "password safe" interface. And after the ' password safe ' interface is opened, the ' password safe synchronization ' switch is clicked to be synchronized to the glowing account number ', namely, the process of creating the trust ring is triggered. The processes of entering the "password safe" interface, opening the "password safe synchronization" switch, and opening the "synchronize to glowing account" switch are described later herein.
It should be noted that if a trust ring is already present under account number 1, a "trusted device" will be displayed under the device that has joined the trust ring on the my device interface. The device identified as the "trusted device" is the device that has joined the trust ring, i.e., the registered device, see the interface shown in the subsequent figure 15 (b). If there is no trust ring under account number 1, for example on the "my devices" interface of device a shown in figure 6 (b), none of the 3 glowing devices are trusted devices, indicating that there is no trust ring under account number 1 currently.
Referring to fig. 5A, 5B and 6, in the case that the device a does not log in to the account number 1, after clicking the "set" application icon (as shown in fig. 5A) in the main interface of the device a, the user enters the "set" interface shown in fig. 5B (a). At the "setup" interface, the user clicks "login glowing account", and enters the glowing account login interface shown in fig. 5B (B). In the glory account login interface, the user inputs account 1 (1581991 ××) and a login password (assuming key 1), and device a sends a request for login account 1 to the account management server, with account 1 (1581991 ×) and login password key1.
Referring to fig. 4, a user may send a request for logging in an account 1 to an account management server through an account management module of an application layer of the device a to log in the account 1.
After the device a successfully logs in to the account number 1, the process of creating the trust ring is triggered according to the process under the condition of the logged-in account number, and the process is shown in fig. 5A (c), fig. 5 (d) and fig. 6, which are not repeated here.
Step S2: the account management server returns a verification passing message.
The information of the account number 1 is pre-stored in the account number management server, the information comprises a login password corresponding to the account number 1, and the login password of the account number 1 stored in the account number management server is assumed to be key0. After receiving the request of the login account 1 sent by the equipment A, the account management server verifies the request of the login account 1 according to the information of the account 1 locally stored by the account management server. If the password key1 of the login account 1 carried in the request of the login account 1 is consistent with the login password key0 of the account 1 stored locally by the account management server, the account management server determines that the login verification of the account 1 is passed. At this time, the account management server returns a verification passing message to the device a.
If the password key1 of the login account 1 carried in the request of the login account 1 is inconsistent with the login password key0 of the account 1 stored locally by the account management server, the account management server determines that the login verification of the account 1 fails. At this time, the account management server returns a verification failure message to the device a. At this time, the user needs to reenter the account number and the login password through the diagram (B) of fig. 5B.
Referring to fig. 4 and 10, the device a receives a verification passing message or a verification failure message through the account management module.
S3: and sending a registration opening notification.
Referring to fig. 4 and fig. 10, in the case that the account management module of the device a receives a verification passing message returned by the account management server, the account management module in the device a sends a registration opening notification to the trust ring service module of the application framework layer. The registration initiation notification is used to instruct the trust ring service module to initiate a registration process.
Here, a process of device a entering the "safe in password" interface and turning on the "safe in password" switch in the process of creating the trust ring will be described.
Fig. 7A is a schematic diagram illustrating a process of entering a "password safe" interface with device a having set a lock screen code. Referring to fig. 7A, in the case where the user of the device a has set the screen lock code (may also be referred to as a screen lock code) of the device a, when the user clicks the "safe synchronization for password" application in the "device information" interface (refer to fig. 7A (a)), the device a pops up the "enter screen lock code" interface (refer to fig. 7A (b)). If the user inputs the screen locking code on the screen locking code input interface and the screen locking code is correct, the screen of the device a enters the code safe interface (see fig. 7A (c)). At this time, both the "password safe synchronization" switch and the "synchronize to glowing account" switch on the "password safe" interface are in the off state.
Fig. 7B is a schematic diagram illustrating a process of entering a "password safe" interface without a lock screen code being set by device a. Referring to fig. 7B, in the case where the user of the device a does not set the screen lock code of the device a, when the user clicks the "password safe synchronization" application in the "device information" interface (refer to fig. 7B (a)), the device a pops up the "set digital screen lock password" interface (refer to fig. 7B (B)). After the user inputs the screen locking code on the interface "set digital screen locking code" shown in fig. 7B (B), the device a pops up the interface "set digital screen locking code" for confirming the code (see fig. 7B (c)). The user inputs the screen locking code again on the interface shown in fig. 7B (c), and if the screen locking code input again is identical to the screen locking code input by the user on the interface shown in fig. 7B (B), the screen of the apparatus a enters into the "password safe" interface shown in fig. 7B (d), which is identical to the interface shown in fig. 7A (c).
Fig. 8 is a schematic diagram illustrating a process of turning on a "password safe sync" switch in a scenario of creating a trust ring. Referring to fig. 8, when the user clicks the "safe synchronization" switch on the "safe synchronization" interface (refer to fig. 8 (a)), the device a pops up the alert interface shown in fig. 8 (b) on the screen, and the alert interface is used to alert the user whether to agree to start the safe synchronization service. When the user clicks the "agree" button on the reminder interface (see fig. 8 (b)), the "password safe synchronization" switch on the "password safe" interface is turned on (see fig. 8 (c)).
The trust ring service module, upon receiving the registration initiation notification, cannot determine whether to initiate a process of creating a trust ring or join a process of joining a trust ring, and needs to determine by detecting a registration state.
S4: the trust ring service module in device a detects the registration status of device a.
The registration state includes both unregistered and registered states. The unregistered state is used to indicate that the device is currently unregistered with the trust ring, and the registered state is used to indicate that the device is currently registered with the trust ring.
S5: and when detecting that the registration state of the equipment A is unregistered, the equipment A sends a registration state comparison request to the trust ring cloud.
The registration state comparison request is used for indicating a comparison result of the registration state of the device A detected by the trust ring service module and the registration state of the device A stored in the trust ring cloud.
The registration status comparison request includes the UID (device identifier) of the device a and the UDID (account identifier) of the account to which the device a belongs.
S6: the trust ring cloud returns a first registration state confirmation message to the trust ring service module in device a.
The first registration status confirmation message is used for indicating that no trust ring exists under the account number 1.
After receiving the registration state comparison request of the equipment A, the trust ring cloud compares whether a trust ring exists under the account number 1, and compares whether the equipment A is in the trust ring under the condition that the trust ring exists under the account number 1. When no trust ring exists under the account number 1, the trust ring cloud generates a first registration state confirmation message and sends the first registration state confirmation message to the device A.
Based on the first registration state confirmation message returned by the trust ring cloud, the equipment A determines that the registration execution creates a trust ring flow.
S7: the trust ring service module in device a receives the lockscreen code pw11 of device a entered by the user.
Here, a procedure of turning on a "synchronize to glory account" switch in creating a trust ring will be described.
Fig. 9 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario of creating a trust ring. Referring to fig. 9, when the user clicks the "synchronize to glowing account" switch on the "password safe" interface where the "password safe synchronization" switch is turned on (see fig. 9 (a)), the "enter screen password" interface pops up on the screen of the device a (see fig. 9 (b)). If the user inputs the screen locking code of the device A on the screen locking code input interface, the trust ring service module in the device A receives the screen locking code of the device A input by the user. If the screen locking password of the device a input by the user is correct, after the device a completes the process of creating the trust ring, the device a enters a "password safe" interface in which both the "password safe synchronization" switch and the "synchronize to glowing account" switch are in an on state (see (c) diagram of fig. 9).
Note that, the user clicks the "synchronize to glowing account" switch on the interface shown in fig. 9 (a) (see fig. 9 (a)) to trigger the device a to execute step S3 in fig. 10 and the step of creating the trust circulation flow after step S3.
The screen locking code of the device a belongs to the secret of the user of the device a, and is unknown to the cloud side.
S8: the trust ring service module of device a verifies the lockscreen code pw11 of device a.
The process of verifying the screen locking code of the device a may be: and the equipment A compares the screen locking code input by the user with the screen locking code stored in the equipment A in advance, if the screen locking code and the screen locking code are consistent, the verification is passed, and otherwise, the verification fails.
Here, the trust ring service module verifies the screen locking code of the device a input by the user on the interface shown in fig. 9 (b), and after the verification is passed, the subsequent step S9 can be continuously performed. If the verification fails, device A will revert back to the interface shown in FIG. 9 (b) and prompt the entered lockscreen code for errors at the interface.
S9: the trust ring service module derives PWUATH11 based on the lock screen code of device a.
Assuming that the screen locking code input by the user at this time is pw11, the trust ring service module derives PWUATH11 based on pw11.
Since pw11 belongs to the user secret of device a, pw11 cannot be obtained by the cloud side, and PWUATH11 derived based on pw11 cannot be obtained by the cloud side.
Since PWUATH11 is generated based on the user secret pw11 unknown to the cloud side, PWUATH11 is unknown to the cloud side.
S10: the trust ring service module of device a sends PWAUTH11 to the trust ring module in the trusted execution environment of device a.
Subsequently, the trust ring module generates the master key ciphertext EMK11 and the parameter PAKE11 based on the PWAUTH11, and the generation manner of the EMK11 and the PAKE11 is detailed in steps S11 to S14 of fig. 10.
S11: the trust ring module generates MK.
The device A generates MK, namely a master key, through the trust ring module, and MK is stored in a trusted execution environment of the device A, so that the device A cannot be stolen even if the device A is attacked by MK, and therefore the security is high.
S12: the trust ring module encrypts MK based on PWAUTH11, generating EMK11.
EMK11 is the first master key ciphertext. The trust ring module derives a key KEK11 based on PWAUTH11 and generates EMK11 based on the KEK11 encrypting MK.
S13: the trust ring module of device a sends EMK11 to the trust ring service module of device a.
After the trust ring module generates the EMK11, the EMK11 is sent to the trust ring service module, and the salt_enc11 is also sent to the trust ring service module while the EMK11 is sent.
S14: the trust ring service module in device a generates a parameter PAKE11 based on PWAUTH 11.
S15: and the device A sends a ring creation request carrying the EMK11 and the parameter PAKE11 to the trust ring cloud through the trust ring service module.
Device A sends a ring creation request to the trust ring cloud through the trust ring service module, and PAKE11 parameter registration and EMK11 hosting can be completed through the request.
In order to improve the security of the EMK11, before sending the EMK11, the trust ring service module may perform secondary encryption on the EMK11 based on the public key of the trust ring cloud HSM obtained during login, to obtain a two-layer ciphertext of the master key.
S16: the trust ring cloud creates a trust ring 1 for account number 1 in response to the ring creation request and adds device a to the trust ring 1.
The trust ring cloud responds to the ring creation request sent by the device A to create a trust ring 1 for the account number 1, when other devices under the account number 1, such as the device B and the device C, send registration state comparison requests to the trust ring cloud, the trust ring cloud returns confirmation messages which exist in the trust ring 1 but the device B and the device C are not in the trust ring, the device B and the device C execute a process of joining the trust ring, and the specific process of joining the trust ring refers to the following related description.
After the trust ring 1 is created, the trust ring 1 data managed in the trust ring cloud is shown in table 1:
TABLE 1
UID UDID Parameter PAKE Master key ciphertext
Account number 1 Device A PAKE11 EMK11
S17: the trust ring cloud returns a ring creation success message to the trust ring service module of the device A.
After the trust ring cloud creates the trust ring 1 for the account number 1 and adds the device A to the trust ring 1, a ring creation success message is returned to the device A, and after the device A receives the ring creation success message, a switch of synchronizing to the glowing account number in a password safe interface is started, as shown in a (c) diagram of fig. 9. After the switch of synchronizing to the glowing account number is turned on, the user can perceive that the device A has successfully joined the trust ring, and the service data in the password safe can be synchronized to the account management server, so that other devices in the trust ring 1 under the account number 1 can share the service data.
The trust ring creation process ends, and device a completes registration.
After the device A completes registration, the trust ring service module of the device A modifies the registration state of the device A to registered.
Through the trust ring creation process, the account-level master key MK is protected based on the user secret, and the cloud side cannot decrypt the hosted master key ciphertext because the user secret is unknown to the cloud side, so that the risk of master key leakage is reduced, the security of the master key MK is improved, and meanwhile, the cloud side can self-prove the master key MK.
It should be noted that the above procedure should be understood as a schematic example of the process of creating a trust ring in the present application, and is not intended to limit the present application.
Fig. 11 is a schematic diagram schematically illustrating that after a trust ring is created, device a synchronizes a service data ciphertext to an account management server. Fig. 12 is a schematic diagram illustrating the module interaction of the synchronous service data ciphertext. Fig. 13 is a schematic diagram illustrating an interface between the ciphertext of the synchronous service data and the account management server. Referring to fig. 11, 12 and 13, in the case that the trust ring 1 of the account number 1 has been created and the device a has been added to the trust ring 1, the device a may encrypt the sensitive service data with MK to obtain a service data ciphertext, and upload the service data ciphertext to the account number management server.
The process of synchronizing the service data ciphertext to the account management server by the device A after the trust ring is created is as follows:
referring to fig. 12, a cryptographic safe of an application layer in a device a reads a service data plaintext, then stores the service data plaintext in a service data storage service module of an application framework layer, the service data storage service module sends the service data plaintext to a key management module in a trusted execution environment, a trust ring module generates a service key dkey according to MK, the key management module reads the service key dkey from the trust ring module, and encrypts service data by using dkey to obtain service data ciphertext Edata. The key management module returns the service data ciphertext Edata to the service data storage service module, and the service data storage service module uploads the service data ciphertext Edata to the account management server through the service data synchronization service module and the account management server synchronization framework of the application program layer.
It should be noted that, the service keys dkey corresponding to different services are different, and the device a may generate the service keys of different services according to MK.
For example, referring to fig. 13, when a user uses service 1 on device a, the user needs to input the account number and the password of service 1, as shown in fig. 13 (a). After the account number and password of service 1 are input, device a pops up information indicating whether to synchronize the account number and password of service 1 to the password safe, as shown in fig. 13 (b). If the user agrees, the device a takes the account number and the password of the service 1 as the service data1 of the service 1, and uploads the ciphertext Edata1 of the data1 to the account management server according to the same synchronization process as the service data.
As can be seen from the above, in the embodiment of the present application, the service data ciphertext in the account management server does not depend on the account security completely, but also depends on the security of MK, so that even if the account is stolen, the security of the data on the cloud is not affected.
The service data of the user is encrypted based on the master key with high security, and then the service data ciphertext is synchronized to the account management server, so that the risk of leakage of the service data ciphertext is reduced, and the security of data synchronous backup is improved.
First joining trust ring
On the basis that device a has created the trust ring 1 of account number 1, device B under account number 1 may join the trust ring 1 according to the join trust ring procedure in the following embodiment. Before device B joins trust ring 1, only device a is the ring device in trust ring 1.
Fig. 14 is a schematic diagram illustrating information interaction during joining of a trust ring by a device B. Fig. 18 is a flow chart illustrating joining of the trust ring by the device B.
The process of joining a trust ring in an embodiment of the present application is described in detail below in conjunction with fig. 14 and 18.
Referring to fig. 14, after the device a is registered as the first device, the process of creating the trust ring is completed, the device a has uploaded the master key ciphertext EMK11 of the device a, that is, the first master key ciphertext, and the authentication parameter PAKE11 of the device a to the trust ring cloud, and thereafter, other devices, for example, the device B, are registered by joining the trust ring flow. In the process that the device B joins the trust ring 1, the device B sends an authentication parameter PAKE12 of the device A in the trust ring 1 to the trust ring cloud, and after confirming that the PAKE12 is consistent with the authentication parameter PAKE11 of the device A stored in the trust ring 1, the trust ring cloud returns a master key ciphertext EMK11 of the device A to the device B. Then, the device B decrypts MK from the EMK11, encrypts MK based on the lock screen code of the device B, generates a master key ciphertext EMK21 of the device B, that is, a second master key ciphertext, and an authentication parameter PAKE21 of the device B, and sends the EMK21 and the PAKE21 to the trust ring cloud.
Referring to fig. 18, in an embodiment of the present application, the process of joining a trust ring by a device B may include the following steps:
s1: device B logs in to account 1.
Like device a, device B logs in to account 1 by sending a request to the account management server to log in to account 1. For details of the process of the login account 1 of the device B, please refer to the process description of the login account 1 of the device a, and the details are not repeated here.
And S2, the account management server returns a verification passing message to the equipment B.
The processing procedure of the request of the account management server for the login account 1 of the device B is referred to the processing procedure of the request of the account management server for the login account 1 of the device a, and will not be described herein.
After device B successfully logs into account 1, the user may enter the "account center" interface through the flow indicated in (B) and (c) of fig. 5A, and find the "my device" application.
S3: and sending a registration opening notification.
Referring to fig. 4 and fig. 18, in the case that the account management module of the device B receives the verification passing message returned by the account management server, the account management module in the device B sends a registration opening notification to the trust ring service module of the application framework layer. The registration initiation notification is used to instruct the trust ring service module of device B to initiate a registration procedure.
Here, a process of entering the "safe in password" interface and turning on the "safe in password" switch during the process of joining the trust ring will be described.
Fig. 15 is a schematic diagram illustrating an interface from a my device application to a safe sync application in device B. As can be seen by comparing fig. 6, there is a trusted device glowing V40, device a, on the my device interface of device B during the joining of the trust ring. This illustrates that a trust ring already exists under account 1.
Fig. 16A is a schematic diagram illustrating a process of entering the "safe with lock code" interface and turning on the "safe sync" switch with device B having set the lock code. Referring to fig. 16A, in the case where the user of the device B has set the lock code of the device B, when the user clicks on the "password safe synchronization" application in the "device information" interface (refer to fig. 16A (a)), the device B pops up the "enter lock code" interface (refer to fig. 16A (B)). If the user inputs the screen lock code in the "enter screen lock code" interface and the screen lock code is correct, the screen of device B enters the "code safe" interface (see fig. 16A (c)). At this time, both the "password safe synchronization" switch and the "synchronize to glowing account" switch on the "password safe" interface are in the off state. Unlike device a in creating a trust ring, device B, in joining a trust ring, when the user clicks the "safe sync" switch on the "safe sync" interface shown in fig. 16A (c), the screen of device B switches directly to the interface shown in fig. 16A (d), i.e., the "safe sync" switch is on, while the "sync to glowing account" interface is unopened.
Fig. 16B is a schematic diagram illustrating a process of entering the "safe with lock code" interface and turning on the "safe sync" switch when device B is not set. Referring to fig. 16B, the process of entering the "code safe" interface and opening the "code safe synchronization" switch when the device B does not set the screen locking code is different from the process of entering the "code safe" interface and opening the "code safe synchronization" switch when the device B has set the screen locking code shown in fig. 16A in that the device B needs to set the screen locking code (see fig. 16B) and confirm the screen locking code (see fig. 16B) when the device B does not set the screen locking code, and the rest of the processes are the same as those when the screen locking code has been set, and will not be repeated here.
S4: the trust ring service module in device B detects the registration status of device B.
For the description of this step, please refer to the previous description of step S4 of fig. 10, and the description is omitted here.
S5: and when detecting that the registration state of the equipment B is unregistered, sending a registration state comparison request.
For the description of this step, please refer to the previous description of step S5 of fig. 10, and the description is omitted here.
S6: and returning a second registration state confirmation message.
Wherein the second registration status confirmation message is used to indicate that the trust ring 1 exists under the account number 1, but the device B is not on the trust ring 1.
After receiving the registration state comparison request of the equipment B, the trust ring cloud compares whether a trust ring exists under the account number 1. At this time, since the trust ring has created the trust ring 1 of the account number 1 at the time of device a registration, it is confirmed that the trust ring exists under the account number 1. Then, the trust ring cloud confirms that the device B is not in the trust ring according to the trust ring data of the account number 1 shown in table 1, and at this time, the trust ring cloud generates a second registration state confirmation message and sends the second registration state confirmation message to the device B.
Based on a second registration state confirmation message returned by the trust ring cloud, the equipment B determines that the registration execution joins the trust ring flow.
S7: the trust ring service module in device B receives the lockscreen code pw21 of device B entered by the user.
Fig. 17 is a schematic diagram illustrating a process of turning on a "synchronize to glory account" switch in a scenario in which device B joins a trust ring. Referring to fig. 17, when the user clicks the "synchronize to glowing account" switch on the "password safe" interface where the "password safe synchronization" switch is turned on (see fig. 17 (a)), the "enter screen password" interface pops up on the device B screen (see fig. 17 (B)). If the user inputs the screen locking code of the device B on the screen locking code input interface, the trust ring service module in the device B receives the screen locking code of the device B input by the user.
S8: the trust ring service module of device B verifies the lockscreen code pw21 of device B and derives PWAUTH21 based on the lockscreen code pw21 of device B.
The process of the screen locking code pw21 of the verification device B refers to the process of the screen locking code pw11 of the verification device a, which is not described herein.
S9: the trust ring service module of device B obtains a list of devices in trust ring 1.
The trust ring service module of the device B may send a request for obtaining the device list in the trust ring 1 to the trust ring cloud, and after receiving the request, the trust ring cloud returns the device list in the trust ring 1 to the trust ring service module of the device B.
S10: the trust ring cloud returns the list of devices in the trust ring 1 to the trust ring service module of device B.
Included in the list of devices in the trust ring 1 are all devices that have currently joined in the trust ring 1. In the embodiment of the present application, since the device a is a device that creates the trust ring 1, and the device B is a device that joins the trust ring 1 for the first time, in the process that the device B joins the trust ring 1, the device list in the trust ring 1 returned by the trust ring cloud includes only one device a.
S11: the trust ring service module of the equipment B displays a screen locking code input interface of the equipment A, receives a screen locking code pw12 of the equipment A input by a user, and generates a parameter PAKE12 based on the screen locking code pw 12.
With continued reference to fig. 17, if the screen lock password of the device B input by the user on the interface shown in fig. 17 (B) is correct, the screen of the device B pops up the "input other glory device screen lock password" interface (see fig. 17 (c)), and the "other glory device" in fig. 17 (c) is glory V40, i.e., device a. The user inputs the screen locking code pw12 of the device a on the interface of "input other glowing device screen locking codes", if the screen locking code pw12 of the device a input by the user is correct, the device B enters the "safe synchronization" switch and the "safe synchronization to glowing account number" switch which are both in the on state after the execution of the trust ring joining process (see (d) diagram of fig. 17). The "synchronization of the password safe" switch can synchronize the service data in the password safe to the cloud after being turned on, and the "synchronization to the glowing account" switch can synchronize the service data in the password safe to each device under the trust ring 1, such as device a after being turned on. In actual implementation, the "password safe synchronization" switch and the "synchronize to glowing account" switch may be combined into one switch.
Note that, the user clicks the "synchronize to glowing account" switch on the interface shown in fig. 17 (a) (see fig. 17 (a)) to trigger the device a to execute step S3 in fig. 18 and the join trust loop procedure step after step S3.
The screen locking code of the device B belongs to the secret of the user of the device B, and is unknown to the cloud side.
The generation principle of the parameter PAKE12 is the same as that of the parameter PAKE11, and will not be described herein.
S12: the trust ring service module of device B sends the parameter PAKE12 to the trust ring cloud.
During the joining process of the device B to the trust ring 1, the trust ring cloud needs to verify the identity of the device already in the trust ring 1, and when the verification is passed, the joining process to the trust ring 1 is allowed, otherwise, the trust ring cloud prohibits the joining process of the device B to the trust ring 1.
S13: after the trust ring cloud passes the authentication of the device a based on the parameter PAKE12, the trust ring cloud returns the EMK11 of the device a to the trust ring service module of the device B.
S14, the trust ring service module of the equipment B sends EMK11 and PWAUTH21 to the trust ring module of the equipment B.
The trust ring module is located in a trusted execution environment of the device B, where the device B needs to decrypt the EMK11 to retrieve MK, and encrypt MK based on PWAUTH21 in the trusted execution environment to obtain EMK21.
S15, the trust ring module of the equipment B decrypts the EMK11 to obtain MK, and encrypts the MK based on PWAUTH21 to obtain EMK21.
S16: the trust ring module of device B sends EMK21 to the trust ring service module of device B.
S17: device B generates a parameter PAKE21 based on PWAUTH 21.
In this process, please refer to a description of the generation of the parameter PAKE11 by the trust ring service module in the device a based on the PWAUTH11 in the first trust ring creation process, which is not described herein.
S18: the trust ring service module of the device B sends a ring adding request carrying the EMK21 and the parameter PAKE21 to the trust ring cloud.
S19: the trust ring cloud joins device B in trust ring 1 in response to the add ring request.
After the device B joins the trust ring 1, the trust ring 1 data managed in the trust ring cloud is shown in table 2:
TABLE 2
UID UDID Parameter PAKE Master key ciphertext
Account number 1 Device A PAKE11 EMK11
Account number 1 Device B PAKE21 EMK21
S20: the trust ring cloud returns a loop adding success message to the trust ring service module of the device B.
After the trust ring cloud adds the device B to the trust ring 1, a loop adding success message is returned to the device B, and after the device B receives the loop adding success message, a switch for synchronizing to the glowing account number in the password safe interface is turned on, as shown in a (d) diagram of fig. 17. After the switch of synchronizing to the glowing account number is turned on, the user can perceive that the device B has successfully joined the trust ring, and the service data in the password safe can be synchronized to the account management server, so that other devices in the trust ring 1 under the account number 1 can share the service data.
To this end, the process of joining the trust ring 1 by the device B is completed, and the device B completes registration.
After the device B completes registration, the trust ring service module of the device B modifies the registration state of the device B to registered.
As can be seen through the trust ring joining process, in the embodiment of the present application, the cloud side sends the managed master key ciphertext of the registered device to the ring adding device, and the ring adding device decrypts the master key ciphertext of the registered device based on the user secret of the registered device to obtain the master key MK.
It should be noted that the above process should be understood as a schematic example of the process of adding a trust ring in the present application, and is not intended to limit the present application.
Fig. 19 is a schematic diagram illustrating synchronization of service data ciphertext from an account management server after a device B joins a trust ring. Fig. 20 is a schematic diagram illustrating an interface for synchronizing a service data ciphertext from an account management server. Referring to fig. 19, 12 and 20, in the case that the trust ring 1 of the account number 1 has been created, the device a has been added to the trust ring 1, and the device a has uploaded the service data ciphertext Edata to the account management server, the device B may synchronize the service data ciphertext Edata from the account management server to the device B, and decrypt with MK locally at the device B, to obtain the service data plaintext data.
The process of synchronizing the service data ciphertext from the account management server by the equipment B after the trust ring is added is as follows:
referring to fig. 12, the service data synchronization service module in the device B obtains the service data ciphertext Edata from the account management server through the account management server synchronization framework of the application layer. Then, the service data synchronization service module in the device B sends the service data ciphertext Edata to the service data storage service module in the device B, and the service data storage service module sends the service data ciphertext Edata to the key management module in the trusted execution environment in the device B. The trust ring module derives a service key dkey according to the master key, and the key management module reads the service key dkey from the trust ring module and decrypts the service data ciphertext Edata by using the dkey to obtain the service data plaintext data. And then, the key management module returns the service data plaintext data to the service data storage service module, and the service data storage service module stores the service data plaintext data. For example, referring to fig. 20, when a user uses service 1 on device B, the user needs to input an account number and a password of service 1. In the input interface of the account number and the password of the service 1, as shown in fig. 20 (a), the device B pops up information indicating whether to use the account number and the password of the service 1 synchronized by the password safe. If the user agrees, the device B automatically fills the account number and the password of the service 1 synchronized with the password safe to the interface shown in fig. 20 (a), and after filling, the account number and the password are shown in fig. 20 (B). Therefore, the user does not need to independently record the passwords for each service, and the user experience is improved.
It should be noted that, after the device B joins the trust ring 1, the service data in the device B may be encrypted by the master key MK and then synchronized to the account management server, and the synchronization process please refer to the foregoing description of synchronizing the service data with the account management server by the device a, which is not repeated herein.
Second method for creating trust ring
In the practical implementation process, for the scene of requesting to create the trust ring under some high security services, the user does not need to input the screen locking code of the device after requesting to register the trust ring, so that the operation times of the user can be reduced, and the use experience of the user is improved. The high security service may be pre-stored in the device in the form of a white list, and the high security service included in the white list may be flexibly set by those skilled in the art, which is not particularly limited herein.
A second method of creating a trust ring is described below with reference to fig. 21 and 22, taking the high security service as an example of the password safe service.
Fig. 21 is a schematic diagram illustrating an interface in a process of creating a trust ring by a device a under a password safe service, where after a user turns on a "password safe synchronization" switch, the user manually turns on a "synchronize to glory account" switch, the device a receives an operation of turning on the "synchronize to glory account" switch by the user, executes a process of creating a trust ring in the background, and displays an interface as shown in a graph (b) of fig. 21 after the trust ring is created, and turns on the "synchronize to glory account" switch.
The interface interaction schematic diagram of the user and the device for starting the synchronization function of the password safe is just referring to the related interfaces of fig. 5A to 8, in the process of requesting to enter the password safe, the user needs to input the screen locking code of the device a, and the device a verifies the screen locking code of the user and then enters the password safe. Because the user has input the screen locking code of the equipment A for security verification in the process of entering the password safe, when the user starts the switch synchronous to the glowing account number to trigger the equipment A to register the trust ring 1 under the password safe service, the screen locking code of the equipment A is not required to be input again by the user, and the equipment A directly invokes the stored screen locking code of the equipment A in the process of registering the trust ring.
Fig. 22 is a schematic diagram illustrating an exemplary process of creating a trust ring, and a second process of creating a trust ring illustrated in fig. 22 is described below with reference to fig. 10. The second process of creating a trust ring comprises the following steps:
s1: when the account management module of the equipment A modifies the screen locking code, a hash value is generated based on the new screen locking code pw 11.
S2: the account management module of device a sends the hash value to the trust ring service module.
S3: the trust ring service module of device a generates PWAUTH11 based on the hash value.
S4: the trust ring service module of device a sends a PWAUTH11 store instruction to the trust ring module.
S5: the trust ring module of device a stores PWAUTH11.
S1 to S5 included in the flow of creating a trust ring shown in fig. 22 are newly added steps as compared to the flow of creating a trust ring shown in fig. 10. This part is the process of device a storing the native lock screen code.
The device a triggers the device a to execute S1 to S5 when adding and deleting the screen locking code, and the specific algorithm for generating PWAUTH11 based on the screen locking code pw11 refers to the related description in the first trust ring creation process, which is not described herein.
The trust ring module of the equipment A stores PWAUTH11, when the trust ring module needs to encrypt MK based on the PWAUTH11, the PWAUTH11 is directly extracted, and the screen locking code of the equipment A is not required to be input by a user, so that the PWAUTH11 is generated based on the screen locking code of the equipment A.
S6: the account management module of device a logs in to account 1.
S7: and the account management server returns a verification passing message to the account management module of the equipment A.
S8: the account management module of the device A sends a registration opening notification to the trust ring service module.
S9: the trust ring service module of device a detects the registration status of device a.
S10: and when the registration state of the equipment A is detected to be unregistered, the trust ring service module of the equipment A sends a registration state comparison request to the trust ring cloud.
S11: the trust ring cloud returns a first registration state confirmation message to the trust ring service module of the device a.
The first registration status confirmation message is used for indicating that no trust ring exists under the account number 1.
S6 to S10 are referred to the detailed description of the relevant steps in the trust ring creation flow shown in fig. 10, and will not be described herein.
S12: the trust ring service module of the equipment A judges whether the current service is a preset service in a white list.
The preset service in the white list can be flexibly set by a person skilled in the art, and the preset service is not specifically limited in this application, for example: can be a high security service such as a password safe.
The preset service in the white list has commonality that in the process of entering the preset service, the equipment A performs security verification on the user, and the screen locking code of the equipment A is not required to be input for security verification when other requests are executed under the scene of the preset service.
S13: if yes, the trust ring service module of the device A sends a PWAITH 11 extraction instruction to the trust ring module.
S12-S13 replace S7-S9 in FIG. 10, and the screen locking code of the equipment A is not required to be manually input by a user, so that the operation times of the user can be reduced, and the user experience is improved.
S14: the trust ring module of device a extracts PWAUTH11 and generates MK.
And after receiving the PWAUTH11 extraction instruction of the trust ring service module, the trust ring module of the equipment A extracts the stored PWAUTH11.
S15: the trust ring module of device a encrypts MK based on PWAUTH11, generating EMK11.
S16: the trust ring module of device a sends EMK11 to the trust ring service module.
S17: the trust ring service module of device a generates a parameter PAKE11 based on PWAUTH11.
S18: the trust ring service module of the equipment A sends a ring creation request carrying EMK11 and parameter PAKE11 to the trust ring cloud.
S19: the trust ring cloud creates a trust ring 1 for account number 1 in response to the ring creation request and adds device a to the trust ring 1.
S20: the trust ring cloud returns a ring creation success message to the trust ring service module of the device A.
S15 to S20 are only required to refer to the detailed description of the related steps S11 to S17 in the trust ring creation flow shown in fig. 10, and are not described herein.
The method for creating the trust ring has the same purpose and effect as the method for creating the trust ring, and the relevant points are referred to the related description and are not repeated here. In addition, the method for creating the trust ring does not need to manually input the local screen locking code by a user, and is convenient for the user to operate.
Second method for joining trust ring
In the practical implementation process, for the scene of requesting to join the trust ring under some high security services, the user does not need to input the screen locking code of the device after requesting to register the trust ring, so that the operation times of the user can be reduced, and the use experience of the user is improved.
The following describes the method of joining the trust ring with reference to fig. 23 and fig. 24, taking the high security service as the password safe service as an example.
Fig. 23 is an interface schematic diagram illustrating a process of adding the device B to the trust ring under the service of the password safe box, as shown in fig. 23 (a), after the user turns on the "password safe synchronization" switch, the "synchronize to glory account" switch is manually turned on, the device B receives the operation of turning on the "synchronize to glory account" switch by the user, pops up the "input other glory device screen locking passwords" interface on the screen of the device B (please refer to fig. 23 (B)), the user inputs the screen locking code of the device a, performs the process of adding the trust ring in the background, and displays the interface as shown in fig. 23 (c) after adding the trust ring, and the "synchronize to glory account" switch is turned on.
The interface interaction diagram of the user and the device for starting the password safe synchronization function is just referring to the relevant interface in fig. 16. The difference between fig. 23 and fig. 17 is that there is less interface for inputting the screen locking code of the local machine, because the screen locking code of the device B has been input by the user for security verification in the process of entering the password safe, when the user initiates the "synchronize to glowing account" switch to trigger the device B to register the trust ring 1 under the password safe service, the screen locking code of the device B does not need to be input again by the user, so that the stored screen locking code of the device B is directly invoked in the process of registering the trust ring by the image device B.
Fig. 24 is a schematic diagram illustrating a flow of joining a trust ring, and the flow of joining a trust ring illustrated in fig. 24 is described below with reference to fig. 18. The process of joining the trust ring comprises the following steps:
s1: when the account management module of the equipment B modifies the screen locking code, a hash value is generated based on the new screen locking code pw 21.
S2: the account management module of device B sends the hash value to the trust ring service module.
S3: the trust ring service module of device B generates PWAUTH21 based on the hash value.
S4: the trust ring service module of device B sends a PWAUTH21 store instruction to the trust ring module.
S5: the trust ring module of device B stores PWAUTH21.
In comparison with the flow of joining a trust ring shown in fig. 18, S1 to S5 included in the flow of joining a trust ring shown in fig. 24 are newly added steps. This part is the process of device B storing the native lock screen code.
The device B may trigger the device B to execute S1 to S5 when adding or deleting the screen locking code, and the specific algorithm for generating the PWAUTH21 based on the screen locking code may refer to the foregoing related description, which is not described herein.
The trust ring module of the equipment B stores PWAUTH21, when the trust ring module needs to encrypt MK based on the PWAUTH21, the PWAUTH21 is directly extracted, the screen locking code of the equipment A is not required to be input by a user, and the screen locking code based on the equipment A is regenerated.
S6: the account management module of device B logs in to account 1.
S7: and the account management server returns a verification passing message to the account management module of the equipment B.
S8: and the account management module of the equipment B sends a registration opening notification to the trust ring service module.
S9: the trust ring service module of device B detects the registration status of device a.
S10: and when the registration state of the equipment B is detected to be unregistered, the trust ring service module of the equipment B sends a registration state comparison request to the trust ring cloud.
S11: the trust ring cloud returns a second registration state confirmation message to the trust ring service module of the device B.
The second registration status confirmation message is used to indicate that the trust ring 1 exists under the account number 1, but the device B is not in the trust ring 1.
S6 to S11 are only required to refer to the detailed description of the related steps S1 to S6 in the first trust ring joining process shown in fig. 18, and are not repeated here.
S12: the trust ring service module of the equipment B judges whether the current service is a preset service in the white list.
The preset service in the white list can be flexibly set by a person skilled in the art, and the preset service is not specifically limited in this application, for example: can be a high security service such as a password safe.
The preset service in the white list has commonality that in the process of entering the preset service, the equipment A performs security verification on the user, and the screen locking code of the equipment A is not required to be input for security verification when other requests are executed under the scene of the preset service.
S13: if yes, the trust ring service module of the device B sends a PWAITH 21 extraction instruction to the trust ring module.
S12-S13 replace S7-S9 in FIG. 18, and the screen locking code of the equipment A is not needed to be manually input by a user, so that the operation times of the user can be reduced, and the user experience is improved.
S14: the trust ring service module of device B obtains a list of ring devices in trust ring 1.
S15: the trust ring cloud returns a device list to the trust ring service module of device B.
S16: the trust ring service module of the equipment B displays a screen locking code input interface of the equipment A, receives a screen locking code pw12 of the equipment A input by a user, and generates a parameter PAKE12 based on the screen locking code pw 12.
S17: the trust ring service module of device B sends the parameter PAKE12 to the trust ring cloud.
S18: after the authentication of the equipment A by the trust ring cloud based on the parameter PAKE12 is passed, returning the EMK11 of the equipment A to the trust ring service module of the equipment B.
S19: the trust ring service module of device B sends EMK11 to the trust ring module.
S20: the trust ring module of the device B decrypts the EMK11 to obtain MK, and encrypts the MK based on PWAUTH21 to obtain EMK21.
S21: the trust ring module of device B sends EMK21 to the trust ring service module.
S22: the trust ring service module of device B generates a parameter PAKE21 based on PWAUTH 21.
S23: the trust ring service module of the device B sends a ring adding request carrying the EMK21 and the parameter PAKE21 to the trust ring cloud.
S24: the trust ring cloud joins device B in trust ring 1 in response to the add ring request.
S25: the trust ring cloud returns a loop adding success message to the trust ring service module of the device B.
S14 to S25 are only required to refer to the detailed description of the relevant steps S9 to S20 in the joining trust ring flow shown in fig. 18, and are not described herein.
The second method for joining the trust ring has the same purpose and effect as the first method for joining the trust ring, and the relevant points are referred to the above description and are not repeated here. In addition, when the second method for joining the trust ring requests to join the trust ring in the preset service, the user does not need to manually input a local screen locking code, and the user operation is facilitated.
The electronic device, the computer storage medium, the computer program product, or the chip provided in this embodiment are used to execute the corresponding methods provided above, so that the beneficial effects thereof can be referred to the beneficial effects in the corresponding methods provided above, and will not be described herein.
It will be appreciated by those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
Any of the various embodiments of the application, as well as any of the same embodiments, may be freely combined. Any combination of the above is within the scope of the present application.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those of ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are also within the protection of the present application.

Claims (22)

1. A data protection method, applied to a first electronic device, comprising:
in response to a first operation input by a user, displaying a first interface, the first interface comprising: the first prompt message is used for prompting a user to input a first screen locking code of the first electronic device on the first interface, wherein the first electronic device is logged in a first account, the first operation is used for triggering the starting of a password safe service, and the password safe service is a preset service in a white list;
responding to the operation of inputting the first screen locking code on the first interface by a user, and displaying a second interface; the second interface includes: a synchronization control of the password safe box service;
responding to a first triggering operation of a user on a synchronization control of the password safe service, displaying second prompt information on the second interface, wherein the second prompt information is used for indicating that the first electronic equipment has created a first trust ring corresponding to the first account and added into the first trust ring under the condition that the first electronic equipment starts a synchronization function of the password safe service corresponding to the first account;
The first electronic device displays an interface of a first service, where the interface of the first service includes: the system comprises a first input box and a second input box, wherein the first input box is used for inputting an account number of a first service, and the second input box is used for inputting a password of a second service;
responding to the input of the account number of the first service by the user at the first input box and the input of the password of the first service at the second input box, displaying synchronous prompt information on an interface of the first service, wherein the synchronous prompt information is used for prompting whether the user allows the account number of the first service and the password of the first service to be synchronized to a second server or not;
and responding to the permission operation input by the user, synchronizing the account number of the first service and the password of the first service to the second server, and storing the account number of the first service and the password of the first service by the second server, wherein the electronic equipment which has joined the first trust ring acquires the account number of the first service and the password of the first service from the second server in response to the permission operation input by the user.
2. The method of claim 1, wherein displaying a second hint information at the second interface in response to a first triggering operation of a synchronization control of the cryptographic safe service by a user, comprises:
Extracting a first derivative key stored in a trusted execution environment of the first electronic device, wherein the first derivative key is generated according to the first screen locking code;
generating a master key in a trusted execution environment of the first electronic device;
encrypting the master key based on the first derivative key to generate a first master key ciphertext for the first electronic device;
generating a first authentication parameter based on the first derivative key;
and sending a ring creation request to a first server so that the first server creates a first trust ring corresponding to the first account, and adding the first master key ciphertext and a first authentication parameter to trust ring data of the first trust ring, wherein the ring creation request carries the first master key ciphertext and the first authentication parameter.
3. The method of claim 2, wherein encrypting the master key based on the first derivative key to generate a first master key ciphertext for the first electronic device comprises:
generating a second derivative key according to the first derivative key;
and encrypting the master key according to the second derivative key to obtain a first master key ciphertext of the first electronic device.
4. The method of claim 2, wherein generating a first authentication parameter based on the first derivative key comprises:
generating a first shared value according to the first derivative key;
and encrypting the first shared value according to the HSM public key generated by the first server side to obtain the first authentication parameter.
5. The method according to claim 2, wherein the method further comprises:
responding to the operation of modifying the screen locking code of the first electronic equipment, and generating a hash value based on the modified new screen locking code;
generating a first derivative key based on the hash value;
and saving the first derivative key to a trusted execution environment of the first electronic device.
6. The method according to claim 2, wherein the method further comprises:
detecting a registration state of the first electronic device under the condition that a registration request is received;
under the condition that the first electronic equipment is not registered, a registration state comparison request is sent to a first server, wherein the registration state comparison request carries an equipment identifier of the first electronic equipment and an account identifier of the first account;
and receiving a first registration state confirmation message returned by the first server, wherein the first registration state confirmation message is used for indicating that a trust ring does not exist under the first account.
7. The method according to claim 2, characterized in that:
the ring creation request carries the equipment identifier of the first electronic equipment and the account identifier of the first account;
after the first electronic device is added to the first trust ring, the trust ring data of the first trust ring includes: and the account number identification of the first account number, the equipment identification of the first electronic equipment, the first authentication parameter and the corresponding relation between the first master key ciphertext.
8. The method according to claim 2, wherein the method further comprises:
deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext;
and sending the first service data ciphertext to a second server so that the second server can store the first service data ciphertext.
9. The method according to claim 2, wherein the method further comprises:
acquiring a second service data ciphertext from a second server;
deriving a first service key based on the master key;
and decrypting the second service data ciphertext by using the first service key to obtain second service data.
10. A method of data protection, applied to a second electronic device, the method comprising:
responding to a second operation input by a user, displaying a third interface, wherein the third interface comprises third prompt information, the third prompt information is used for prompting the user to input a second screen locking code of the second electronic device on the third interface, the second electronic device is logged in a first account, the second operation is used for starting a password safe service, and the password safe service is a preset service in a white list;
responding to the operation of inputting the second screen locking code on the third interface by a user, and displaying a fourth interface; the fourth interface includes: a synchronization control of the password safe box service;
responding to a second triggering operation of a user on a synchronization control of the password safe service, displaying fourth prompt information on the fourth interface, wherein the fourth prompt information is used for prompting the user to input a first screen locking code of first electronic equipment under the condition that a synchronization function of the password safe service corresponding to the first account number is started, and the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to the first account number, which is acquired from a first server;
Responding to the operation of inputting the first screen locking code by a user, and displaying fifth prompt information on the fourth interface, wherein the fifth prompt information is used for indicating that the second electronic equipment successfully joins the first trust ring;
the second electronic device displays an interface of a first service, where the interface of the first service includes: the system comprises a third prompt message, a fourth input box and a fourth prompt message, wherein the third prompt message is used for prompting whether a user allows to use the account number of the first service synchronized by the password safe service and the password information of the first service, and the synchronized account number of the first service and the password of the first service are stored by a second server;
and in response to the operation of allowing use input by a user, filling the synchronized account number of the first service in the third input box, and filling the synchronized first service password in the fourth input box.
11. The method of claim 10, wherein displaying fifth prompt information on the fourth interface in response to a user entering the first lock screen code comprises:
extracting a third derivative key stored in a trusted execution environment of the second electronic device, wherein the third derivative key is generated according to a second screen locking code of the second electronic device;
Receiving a first screen locking code of first electronic equipment input by a user;
when the identity verification of the first electronic device based on the first screen locking code is passed, receiving a first master key ciphertext of the first electronic device, which is sent by the first server;
decrypting the first master key ciphertext based on the first screen locking code to obtain a master key;
encrypting the master key based on the third derivative key, generating a second master key ciphertext for the second electronic device, and generating a second authentication parameter based on the third derivative key;
and sending a ring adding request to a first server so that the second master key ciphertext and a second authentication parameter of the first server are added to the trust ring data of the first trust ring.
12. The method of claim 11, wherein after extracting the third derivative key stored in the trusted execution environment of the second electronic device, further comprising:
transmitting an on-loop equipment information acquisition request to the first server, wherein the on-loop equipment information acquisition request carries an account identifier of the first account;
receiving ring equipment information of a first trust ring corresponding to the first account returned by the first server, wherein the ring equipment comprises first electronic equipment;
And displaying the screen locking code input interface of the first electronic equipment.
13. The method of claim 11, wherein after extracting the third derivative key stored in the trusted execution environment of the second electronic device, further comprising:
transmitting an on-loop equipment information acquisition request to the first server, wherein the on-loop equipment information acquisition request carries an account identifier of the first account;
receiving ring equipment information of a first trust ring corresponding to the first account returned by the first server, wherein the ring equipment comprises first electronic equipment and third electronic equipment;
and responding to the selected operation of the third electronic equipment in the ring equipment information, and displaying a screen locking code input interface of the third electronic equipment.
14. The method of claim 11, wherein prior to receiving the first master key ciphertext for the first electronic device sent by the first server when authentication of the first electronic device based on the first lockscreen code passes, further comprising:
generating a first authentication parameter based on the first screen locking code;
and sending the first authentication parameter to the first server so that the first server can conduct identity verification on the first electronic equipment according to the first authentication parameter.
15. The method of claim 11, wherein encrypting the master key based on the third derivative key to generate a second master key ciphertext for the second electronic device comprises:
generating a fourth derivative key according to the third derivative key;
and encrypting the master key according to the fourth derivative key to obtain a second master key ciphertext of the second electronic device.
16. The method of claim 11, wherein generating a second authentication parameter based on the third derivative key comprises:
generating a second shared value according to the third derivative key;
and encrypting the second shared value according to the HSM public key generated by the first server side to obtain the second authentication parameter.
17. The method as recited in claim 11, further comprising:
detecting a registration state of the second electronic device under the condition that a registration request is received;
under the condition that the second electronic equipment is not registered, a registration state comparison request is sent to a first server, wherein the registration state comparison request carries an equipment identifier of the second electronic equipment and an account identifier of the first account;
And receiving a second registration state confirmation message returned by the first server, wherein the second registration state confirmation message is used for indicating that a first trust ring exists under the first account, but the second electronic equipment is not on the first trust ring.
18. The method as recited in claim 11, further comprising:
deriving a first service key based on the master key, and encrypting the first service data by using the first service key to obtain a first service data ciphertext;
and sending the first service data ciphertext to a second server so that the second server can store the first service data ciphertext.
19. The method of claim 11, wherein the method further comprises:
acquiring a second service data ciphertext from a second server;
generating a first service key based on the master key group;
and decrypting the second service data ciphertext by using the first service key to obtain second service data.
20. An electronic device, characterized by comprising, as a first electronic device:
a memory and a processor;
the processor is coupled with the memory;
the memory stores program instructions that, when executed by the processor, cause the first electronic device to perform the steps of:
In response to a first operation input by a user, displaying a first interface, the first interface comprising: the first prompt message is used for prompting a user to input a first screen locking code of the first electronic device on the first interface, wherein the first electronic device is logged in a first account, the first operation is used for triggering the starting of a password safe service, and the password safe service is a preset service in a white list;
responding to the operation of inputting the first screen locking code on the first interface by a user, and displaying a second interface; the second interface includes: a synchronization control of the password safe box service;
responding to a first triggering operation of a user on a synchronization control of the password safe service, displaying second prompt information on the second interface, wherein the second prompt information is used for indicating that the first electronic equipment has created a first trust ring corresponding to the first account and added into the first trust ring under the condition that the first electronic equipment starts a synchronization function of the password safe service corresponding to the first account;
the first electronic device displays an interface of a first service, where the interface of the first service includes: the system comprises a first input box and a second input box, wherein the first input box is used for inputting an account number of a first service, and the second input box is used for inputting a password of a second service;
Responding to the input of the account number of the first service by the user at the first input box and the input of the password of the first service at the second input box, displaying synchronous prompt information on an interface of the first service, wherein the synchronous prompt information is used for prompting whether the user allows the account number of the first service and the password of the first service to be synchronized to a second server or not;
and responding to the permission operation input by the user, synchronizing the account number of the first service and the password of the first service to the second server, and storing the account number of the first service and the password of the first service by the second server, wherein the electronic equipment which has joined the first trust ring acquires the account number of the first service and the password of the first service from the second server in response to the permission operation input by the user.
21. An electronic device, characterized by comprising, as a second electronic device:
a memory and a processor;
the processor is coupled with the memory;
the memory stores program instructions that, when executed by the processor, cause the second electronic device to perform the steps of:
Responding to a second operation input by a user, displaying a third interface, wherein the third interface comprises third prompt information, the third prompt information is used for prompting the user to input a second screen locking code of the second electronic device on the third interface, the second electronic device is logged in a first account, the second operation is used for starting a password safe service, and the password safe service is a preset service in a white list;
responding to the operation of inputting the second screen locking code on the third interface by a user, and displaying a fourth interface; the fourth interface includes: a synchronization control of the password safe box service;
responding to a second triggering operation of a user on a synchronization control of the password safe service, displaying fourth prompt information on the fourth interface, wherein the fourth prompt information is used for prompting the user to input a first screen locking code of first electronic equipment under the condition that a synchronization function of the password safe service corresponding to the first account number is started, and the first electronic equipment is equipment in ring equipment information of a first trust ring corresponding to the first account number, which is acquired from a first server;
responding to the operation of inputting the first screen locking code by a user, and displaying fifth prompt information on the fourth interface, wherein the fifth prompt information is used for indicating that the second electronic equipment successfully joins the first trust ring;
The second electronic device displays an interface of a first service, where the interface of the first service includes: the system comprises a third prompt message, a fourth input box and a fourth prompt message, wherein the third prompt message is used for prompting whether a user allows to use the account number of the first service synchronized by the password safe service and the password information of the first service, and the synchronized account number of the first service and the password of the first service are stored by a second server;
and in response to the operation of allowing use input by a user, filling the synchronized account number of the first service in the third input box, and filling the synchronized first service password in the fourth input box.
22. A computer readable storage medium comprising a computer program, characterized in that the computer program, when run on an electronic device, causes the electronic device to perform the data protection method according to any one of claims 1-19.
CN202310382895.9A 2021-11-19 2021-11-19 Data protection method and electronic equipment Pending CN116527246A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310382895.9A CN116527246A (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111400200.2A CN115037451B (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment
CN202310382895.9A CN116527246A (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202111400200.2A Division CN115037451B (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment

Publications (1)

Publication Number Publication Date
CN116527246A true CN116527246A (en) 2023-08-01

Family

ID=83118169

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202111400200.2A Active CN115037451B (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment
CN202310382895.9A Pending CN116527246A (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202111400200.2A Active CN115037451B (en) 2021-11-19 2021-11-19 Data protection method and electronic equipment

Country Status (1)

Country Link
CN (2) CN115037451B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117195276A (en) * 2023-11-08 2023-12-08 荣耀终端有限公司 Data protection method and electronic equipment

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201221433D0 (en) * 2012-11-28 2013-01-09 Hoverkey Ltd A method and system of providing authentication of user access to a computer resource on a mobile device
CN104767730A (en) * 2015-03-10 2015-07-08 四川省宁潮科技有限公司 Method for changing intelligent device into credible intelligent device
CN106326763B (en) * 2015-06-15 2020-01-14 阿里巴巴集团控股有限公司 Method and device for acquiring electronic file
CN106789833A (en) * 2015-11-20 2017-05-31 北京奇虎科技有限公司 The account logon method and device of the unblock based on mobile terminal
CN107612940A (en) * 2017-10-31 2018-01-19 飞天诚信科技股份有限公司 A kind of identity identifying method and authentication device
US10848304B2 (en) * 2018-07-17 2020-11-24 Visa International Service Association Public-private key pair protected password manager
CN109981677B (en) * 2019-04-08 2021-02-12 北京深思数盾科技股份有限公司 Credit granting management method and device
CN114840843B (en) * 2019-05-24 2022-11-11 华为技术有限公司 Login method of intelligent terminal and electronic equipment
CN111193695B (en) * 2019-07-26 2021-07-06 腾讯科技(深圳)有限公司 Encryption method and device for third party account login and storage medium
CN115174043B (en) * 2019-12-31 2024-07-05 华为技术有限公司 Method for sharing equipment and electronic equipment
GB202005237D0 (en) * 2020-04-08 2020-05-20 Pqshield Ltd Methods and systems for compressed encryption
CN111475832B (en) * 2020-06-24 2021-01-12 腾讯科技(深圳)有限公司 Data management method and related device
CN113609498B (en) * 2021-07-15 2022-09-30 荣耀终端有限公司 Data protection method and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117195276A (en) * 2023-11-08 2023-12-08 荣耀终端有限公司 Data protection method and electronic equipment
CN117195276B (en) * 2023-11-08 2024-04-16 荣耀终端有限公司 Data protection method and electronic equipment

Also Published As

Publication number Publication date
CN115037451A (en) 2022-09-09
CN115037451B (en) 2023-04-14

Similar Documents

Publication Publication Date Title
US9992176B2 (en) Systems and methods for encrypted communication in a secure network
CN107251035B (en) Account recovery protocol
US20170373850A1 (en) Data encryption method, decryption method, apparatus, and system
CN110784322A (en) Method, system, equipment and medium for connecting gateway equipment and cloud platform
US20230239294A1 (en) Access processing method and device for remotely controlling terminal and storage medium
TW201638822A (en) Method and device for identity authentication of process
CN114760112B (en) Wireless local area network-oriented intelligent home equipment networking method, system, equipment and storage medium
CN115021894B (en) Data protection method, system and electronic equipment
CN116346339B (en) Data protection method, system and electronic equipment
CN115037451B (en) Data protection method and electronic equipment
CN112425116B (en) Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment
CN111818466B (en) Information sending and receiving method and device, electronic equipment and readable storage medium
CN116743850B (en) Equipment discovery method and device based on Internet of things platform, computer equipment and storage medium
CN115037456B (en) Data protection method, system and electronic equipment
CN115037452B (en) Data protection method, system and electronic equipment
CN114389802B (en) Information decryption method and device, electronic equipment and readable storage medium
CN113904830B (en) SPA authentication method, SPA authentication device, electronic equipment and readable storage medium
CN117118598A (en) Data sharing method, electronic equipment and computer cluster
CN115037455B (en) Data protection method and system and electronic equipment
CN115021895B (en) Data protection method and system and electronic equipment
CN115037450B (en) Data protection method and electronic equipment
CN114679287B (en) Data processing method, system, electronic device and storage medium
CN115037454B (en) Data protection method and electronic equipment
CN114430343B (en) Data synchronization method and device, electronic equipment and readable storage medium
CN117879819B (en) Key management method, device, storage medium, equipment and computing power service system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination