CN117807605A

CN117807605A - Data protection method and electronic equipment

Info

Publication number: CN117807605A
Application number: CN202211165829.8A
Authority: CN
Inventors: 李昂; 郑亮
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2022-09-23
Filing date: 2022-09-23
Publication date: 2024-04-02
Also published as: WO2024061326A1

Abstract

The application provides a data protection method and electronic equipment. The electronic equipment acquires second user data, a certificate of a first counter and a first check value of the first user data from the non-secure chip; the electronic device obtains a certificate of the first counter from the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic equipment acquires a first value of the first counter through the secure chip; the electronic equipment obtains a second check value of the second user data based on the second user data and the first value of the first counter through the security chip; the electronic device may use the second user data only if the first check value and the second check value are the same. In this way, a multi-level authentication mechanism is implemented within the secure chip. Only if the authentication passes, the electronic device can use the second user data, so that the security of the user data stored on the electronic device is ensured, and the user data is prevented from being forged by an attacker.

Description

Data protection method and electronic equipment

Technical Field

The present disclosure relates to the field of data security technologies, and in particular, to a data protection method and an electronic device.

Background

The security chip is used as a high-security and credible environment of a hardware level, has security strength for preventing physical attack, and is widely applied to mobile equipment, internet of things (internet of things, IOT) equipment and other equipment with high security requirements.

Currently, a security chip in the device may be used to store a check value that checks the user data. When the electronic device uses the user data, the correctness of the check value needs to be checked, and the electronic device can only use the user data under the condition that the check value passes the check. How to improve the security of the verification value of the user data stored in the security chip is to be further studied.

Disclosure of Invention

The application provides a data protection method and electronic equipment, which realize a multi-stage authentication mechanism in a security chip. Only if the authentication passes, the electronic device can use the second user data, so that the security of the user data stored on the electronic device is ensured, and the user data is prevented from being forged by an attacker.

In a first aspect, the present application provides a data protection method, including:

the electronic equipment acquires second user data, a certificate of a first counter and a first check value of the first user data from the non-secure chip; the certificate of the first counter in the non-secure chip is used for acquiring a first value of the first counter, and the first check value and the first value of the first counter are used for checking whether the second user data are identical to the first user data or not; the electronic device obtains a certificate of the first counter from the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic equipment acquires a first value of the first counter through the secure chip; the electronic equipment obtains a second check value of the second user data based on the second user data and the first value of the first counter through the security chip; the electronic device uses the second user data in case the first check value and the second check value are the same.

The non-secure chip may be a flash chip, a server, or a storage device such as a hard disk, which is not limited in the embodiment of the present application.

The first user data is user data stored in the electronic equipment before. The second user data is the first user data stored before the electronic device reads. The storage location of the first user data is a first storage location. The second user data may be read from the first storage location.

In case the first and second check values are different, it is indicated that the attacker may modify the first user data, e.g. to modify the first user data to the second user data, when the first user data is different from the second user data. The storage locations of the first user data and the second user may be the same.

And under the condition that the first check value and the second check value are the same, the second user data is the same as the first user data, and the electronic equipment uses the second user data, namely the electronic equipment uses the first user data.

In this way, a multi-level authentication mechanism is implemented within the secure chip. Only if the authentication passes, the electronic device can use the second user data, so that the security of the user data stored on the electronic device is ensured, and the user data is prevented from being forged by an attacker.

With reference to the first aspect, in one possible implementation manner, the method further includes: in the case where the credentials of the first counter in the non-secure chip and the credentials of the first counter in the secure chip are different, the electronic device cannot obtain the first value of the first counter from the secure chip. Thus, under the condition that the attacker does not know the certificate of the first counter, the certificate of the first counter cannot pass authentication, the attacker cannot acquire the first value of the first counter, and the security of the first value of the first counter stored in the security chip is ensured.

With reference to the first aspect, in one possible implementation manner, the method further includes: in case the first check value and the second check value are different, the electronic device cannot use the second user data.

Optionally, the security chip may also calculate the verification value of the user data based on other factors, including but not limited to one or more of a hardware unique key and a device unique ID. Other factors may be other values, which are not limited in this embodiment.

Thus, even if an attacker falsifies the user data, for example, modifies the first user data into the second user data, the second check value calculated by the security chip based on the second user data and the first value of the first counter is different from the first check value, that is, the check value of the user data is not checked, and at this time, the electronic device cannot use the falsified second user data.

With reference to the first aspect, in one possible implementation manner, before the electronic device obtains the second user data, the credential of the first counter, and the first check value of the first user data from the non-secure chip, the method further includes: the electronic device stores the first user data, the first check value of the first user data, and the credentials of the first counter within the non-secure chip. The electronic device stores the first value of the first counter and the credentials of the first counter within the secure chip.

In this way, the electronic device stores the first value of the first counter in the security chip, so that the security of the first value of the first counter is ensured, and the first value of the first counter is prevented from being acquired by an attacker.

The electronic equipment stores the certificate of the first counter in the security chip, so that when the electronic equipment uses the stored user data, authentication is performed based on the certificate of the first counter, and the electronic equipment can use the stored user data only when the authentication is passed, thereby ensuring the security of the stored user data on the electronic equipment.

With reference to the first aspect, in one possible implementation manner, the electronic device stores the credential of the first counter in the security chip, specifically includes: the electronic equipment generates a certificate of a first counter through a security chip; the electronic device stores the credentials of the first counter within the secure chip. At this time, the secure chip needs to store the credentials of the first counter in the non-secure chip or on the server, so that when the electronic device uses the user data, authentication can be performed based on the credentials of the first counter stored in the non-secure chip or on the server.

Or,

the electronic equipment acquires a certificate of a first counter outside the security chip; the electronic device stores the credentials of the first counter within the secure chip.

With reference to the first aspect, in one possible implementation manner, the first value of the first counter is obtained based on an initial value of the first counter and a first preset value, wherein the initial value of the counter is randomly generated. Therefore, the initial value of the first counter is randomly generated, so that the situation that an attacker acquires the first value of the first counter in a manner of violent enumeration, so that the first value of the first counter stored in the security chip leaks is avoided, and the security of the first value of the first counter stored in the security chip is improved.

With reference to the first aspect, in one possible implementation manner, before the electronic device stores the first value of the first counter in the security chip, the method further includes: the electronic device generates an initial value of the first counter through the security chip. In this way, the initial value of the first counter is generated in the security chip, and the security of the value of the counter stored in the security chip is improved.

With reference to the first aspect, in one possible implementation manner, before the electronic device obtains the second user data, the credential of the first counter, and the first check value of the first user data from the non-secure chip, the method further includes: the electronic equipment acquires first user data, an identifier of a first counter and a certificate of the first counter stored in the non-secure chip from the non-secure chip; the electronic equipment determines a certificate of a first counter stored in the security chip based on the identification of the first counter through the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic equipment acquires a first value of the first counter; the electronic equipment obtains a first check value of the first user data based on the first value of the first counter and the first user data through the security chip; the electronic device stores a first check value of the first user data within the non-secure chip. Thus, when the electronic device stores the first user data, a first check value is generated within the secure chip based on the first user data and the first value of the first counter. After generating the first check value, the electronic device stores the first check value in an unsecure chip, such as a flash chip or on a server. In this way, even if an attacker will falsify the user data, for example, replace the first user data with the second user data, when authenticating, the second check value generated in the security chip based on the first value obtained from the second user data and the first counter is different from the first check value, resulting in that the check is not passed, and the situation that the attacker falsifies the user data is avoided.

With reference to the first aspect, in one possible implementation manner, after the electronic device uses the second user data, the method further includes: the electronic equipment acquires third user data, wherein the third user data is changed second user data; the electronic equipment sends the third user data, the certificate of the first counter in the non-secure chip and the identification of the first counter to the secure chip; the electronic equipment obtains a certificate of a first counter based on the identification of the first counter through the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic equipment acquires a first value of the first counter through the secure chip, and acquires a second value of the first counter based on the first value of the first counter and a second preset value; the electronic equipment obtains a third check value of the third user data based on the third user data and the second value of the first counter through the security chip; the electronic device stores a third verification value of the third user data in the non-secure chip.

That is, after the second user data passes the authentication, the electronic device uses the second user data, resulting in a change of the second user data to obtain third user data, and the electronic device needs to store the third user data. When the third user data is stored, the electronic device needs to generate a check value of the third user data, namely a third check value, in the security chip. So that the subsequent electronic device can check whether the third user data is falsified based on the check value when using the third user data.

In a second aspect, the present application provides an electronic device, including: one or more processors, one or more memories, a display screen; the one or more memories, the display screen, and the one or more processors are coupled, the one or more memories are for storing computer program code, the computer program code includes computer instructions, the one or more processors call the computer instructions to cause the electronic device to perform: acquiring second user data, a certificate of a first counter and a first check value of the first user data from the non-secure chip; the certificate of the first counter in the non-secure chip is used for acquiring a first value of the first counter, and the first check value and the first value of the first counter are used for checking whether the second user data are identical to the first user data or not; acquiring a certificate of a first counter from the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, acquiring a first value of the first counter through the secure chip; obtaining a second check value of the second user data based on the second user data and the first value of the first counter by the security chip; in case the first check value and the second check value are the same, the second user data is used.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: in the case where the credentials of the first counter in the non-secure chip and the credentials of the first counter in the secure chip are different, the first value of the first counter cannot be obtained from the secure chip. Thus, under the condition that the attacker does not know the certificate of the first counter, the certificate of the first counter cannot pass authentication, the attacker cannot acquire the first value of the first counter, and the security of the first value of the first counter stored in the security chip is ensured.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: in the case where the first check value and the second check value are different, the second user data cannot be used.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: the first user data, the first check value of the first user data, and the credentials of the first counter are stored within the non-secure chip. The first value of the first counter and the credentials of the first counter are stored within the secure chip.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: generating a credential of the first counter by the security chip; the credentials of the first counter are stored within the secure chip. At this time, the secure chip needs to store the credentials of the first counter in the non-secure chip or on the server, so that when the electronic device uses the user data, authentication can be performed based on the credentials of the first counter stored in the non-secure chip or on the server.

Or,

acquiring a certificate of a first counter outside a security chip; the credentials of the first counter are stored within the secure chip.

With reference to the second aspect, in one possible implementation manner, the first value of the first counter is obtained based on an initial value of the first counter and a first preset value, wherein the initial value of the counter is randomly generated. Therefore, the initial value of the first counter is randomly generated, so that the situation that an attacker acquires the first value of the first counter in a manner of violent enumeration, so that the first value of the first counter stored in the security chip leaks is avoided, and the security of the first value of the first counter stored in the security chip is improved.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: an initial value of the first counter is generated by the security chip. In this way, the initial value of the first counter is generated in the security chip, and the security of the value of the counter stored in the security chip is improved.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: acquiring first user data, an identification of a first counter and a certificate of the first counter stored in the non-secure chip from the non-secure chip; determining a certificate of a first counter stored in the security chip based on the identification of the first counter through the security chip; acquiring a first value of a first counter under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip; obtaining a first check value of the first user data based on the first value of the first counter and the first user data through the security chip; a first check value of the first user data is stored within the non-secure chip. Thus, when the electronic device stores the first user data, a first check value is generated within the secure chip based on the first user data and the first value of the first counter. After generating the first check value, the electronic device stores the first check value in an unsecure chip, such as a flash chip or on a server. In this way, even if an attacker will falsify the user data, for example, replace the first user data with the second user data, when authenticating, the second check value generated in the security chip based on the first value obtained from the second user data and the first counter is different from the first check value, resulting in that the check is not passed, and the situation that the attacker falsifies the user data is avoided.

With reference to the second aspect, in one possible implementation manner, the one or more processors call computer instructions to cause the electronic device to perform: after the electronic equipment uses the second user data, acquiring third user data, wherein the third user data is changed second user data; transmitting the third user data, the credentials of the first counter in the non-secure chip and the identification of the first counter to the secure chip; acquiring a certificate of a first counter based on the identification of the first counter through a security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, acquiring a first value of the first counter through the secure chip, and acquiring a second value of the first counter based on the first value of the first counter and a second preset value; obtaining a third check value of the third user data based on the third user data and the second value of the first counter through the security chip; and storing a third check value of the third user data in the non-secure chip.

In a third aspect, the present application provides a computer readable storage medium for storing computer instructions that, when run on an electronic device, cause the electronic device to perform a data protection method provided in any one of the possible implementations of the first aspect.

In a fourth aspect, the present application provides a computer program product for, when run on an electronic device, causing the electronic device to perform a data protection method as provided in any one of the possible implementations of the first aspect.

For the beneficial effects of the second aspect to the fourth aspect, reference may be made to the description of the beneficial effects of the first aspect, and embodiments of the present application are not described herein.

Drawings

Fig. 1-3 are schematic views of several types of security chips according to embodiments of the present application;

fig. 4 is a schematic diagram of an electronic device storing a check value of user data according to an embodiment of the present application;

fig. 5 is a schematic diagram of an electronic device verifying a verification value of user data according to an embodiment of the present application;

fig. 6 is a schematic diagram of another electronic device according to an embodiment of the present application storing a check value of user data;

fig. 7 is a schematic diagram of another electronic device for verifying a verification value of user data according to an embodiment of the present application;

Fig. 8 is a schematic hardware structure of an electronic device 100 according to an embodiment of the present application;

fig. 9 is a schematic software structure of an electronic device 100 according to an embodiment of the present application;

FIG. 10 is a flowchart of a method for generating a counter credential according to an embodiment of the present application;

FIG. 11 is a flowchart of another method for generating a counter credential according to an embodiment of the present application;

FIG. 12 is a schematic diagram of protecting user data and generating a check value of the user data according to an embodiment of the present application;

fig. 13 is a schematic diagram of a method for verifying correctness of a check value of first user data in a security chip before the electronic device uses the first user data according to an embodiment of the present application;

fig. 14 is a schematic diagram of a method for storing changed second user data according to an embodiment of the present application;

fig. 15 is a flow chart of a data protection method according to an embodiment of the present application;

fig. 16 is a schematic flow chart of a data protection device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and thoroughly described below with reference to the accompanying drawings. Wherein, in the description of the embodiments of the present application, "/" means or is meant unless otherwise indicated, for example, a/B may represent a or B; the text "and/or" is merely an association relation describing the associated object, and indicates that three relations may exist, for example, a and/or B may indicate: the three cases where a exists alone, a and B exist together, and B exists alone, and in addition, in the description of the embodiments of the present application, "plural" means two or more than two.

The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" is two or more.

The term "User Interface (UI)" in the following embodiments of the present application is a media interface for interaction and information exchange between an application program or an operating system and a user, which enables conversion between an internal form of information and an acceptable form of the user. A commonly used presentation form of the user interface is a graphical user interface (graphic user interface, GUI), which refers to a user interface related to computer operations that is displayed in a graphical manner. It may be a visual interface element of text, icons, buttons, menus, tabs, text boxes, dialog boxes, status bars, navigation bars, widgets, etc., displayed in a display of the electronic device.

Technical terms related to the embodiments of the present application will be explained first.

1. Verification value of user data

The check value of the user data is used to protect the security of the user data on the electronic device. Before the electronic device stores the user data, a check value of the user data is generated and stored in the non-secure chip. When the electronic equipment uses the user data, the electronic equipment can check the correctness of the check value of the user data in the security chip, and the electronic equipment can acquire and use the user data only under the condition that the check is passed. In the case that the verification value of the user data does not pass, the electronic device cannot acquire the user data.

The check value of the user data may be generated based on the user data or may be generated based on other parameters, which is not limited in the embodiment of the present application.

When the electronic device stores the user data, a check value of the user data is additionally stored, so that the electronic device can check the correctness of the check value of the user data. Specifically, before the electronic device uses the user data, the electronic device acquires the check value of the user data stored in addition, acquires the check value of the user data from the security chip, and when the check value of the user data obtained by calculation in the security chip is consistent with the check value of the user data, the check value of the user data passes, and at the moment, the electronic device can acquire and use the user data. Otherwise, the electronic device cannot acquire and use the user data.

2. Security chip

In order to ensure the safety of the check value of the user data stored in the electronic equipment, an attacker is prevented from acquiring the check value of the user data, and the identity authentication information is generally stored in a security chip in the electronic equipment, so that the identity authentication information stored in the electronic equipment is prevented from being revealed.

The security chip has the following forms in the electronic device:

form one: as shown in fig. 1, the security chip is located in a built-in security core in a main chip (SOC chip) within the electronic device. It may be that a part of the area is divided inside the main chip as the security chip, or the security chip is integrated inside the main chip.

Morphology II: as shown in fig. 2, the secure chip is located in a Secure Element (SE) of the external SOC chip, and the SE is an electronic element for preventing physical attack, and includes a microprocessor, a storage, encryption and decryption hardware, and the like, and can be used independently.

Morphology III: as shown in fig. 3, the safety chip is composed of an SOC chip and an SE of an external SOC chip together, so that some high safety services are completed, and high safety of the equipment is ensured.

The present invention is not limited to the above three modes, and the security chip may be other modes, and the embodiment of the present invention is not limited thereto.

Fig. 4 shows a schematic diagram of an electronic device storing a check value of user data.

The check value of the user data may be an adder value, for example.

Before the electronic device stores the user data, the value of the counter is +1, and the updated value of the counter is stored in the security chip. When the electronic device uses the user data to change the user data, and stores the changed user data, the value of the counter is changed, for example +1, and the updated value of the counter is stored in the security chip. That is, the content of the user data and the value of the counter are in a one-to-one binding relationship, and when the user data changes, the value of the counter correspondingly changes.

S401, the electronic equipment acquires user data.

When the electronic device is running, the generated data may be referred to as user data.

By way of example, the user data may be internet surfing data balance, rechargeable card balance, bus card balance, etc.

S402, the electronic device acquires a counter value of one.

The electronic device may obtain a counter value of one before the electronic device stores the user data.

S403, the electronic device stores the user data and the counter value I in the non-secure chip, and stores the counter value I in the secure chip.

For example, the electronic device may store user data and counter value one within an unsecure chip, which may be a flash chip.

Alternatively, the electronic device may store the user data and counter value in the unsecure chip after encryption.

Alternatively, the user data and the counter value may be stored in the same area in the non-secure chip, or may be stored in a different area in the non-secure chip, which is not limited in the embodiment of the present application.

Meanwhile, the electronic device also needs to store the first counter value into the security chip.

Fig. 5 shows a schematic diagram of an electronic device verifying a check value of user data.

Based on the method of storing the check value of the user data shown in fig. 4, fig. 5 shows a flow of a method of checking the check value of the user data.

S501, the electronic device acquires a counter value of two from the non-secure chip.

When the electronic equipment needs to use the user data, the electronic equipment needs to verify the check value of the user data a priori.

First, the electronic device obtains a counter value of two from within the non-secure chip. For example, the electronic device may obtain the counter value two from within the flash chip.

Since an attacker may modify the counter value stored in the unsecure chip, the counter value two obtained by the electronic device from the unsecure chip may be different from the counter value one stored previously.

S502, the electronic device acquires a counter value three from the security chip.

Secondly, the electronic device also needs to acquire a counter value three from the security chip.

Since an attacker may modify the counter value stored in the secure chip, the counter value three obtained by the electronic device from the secure chip may be different from the counter value one stored previously.

S503, whether the counter value II and the counter value III are the same.

If the counter value two and the counter value three are the same, S504 is executed. If the counter value two and the counter value three are different, S505 is executed.

S504, when the counter value two and the counter value three are the same, the electronic device uses the user data.

Under the condition that the counter value II and the counter value III are the same, the attacker does not modify the counter value I stored in the security chip, and the attacker does not modify the counter value I stored in the non-security chip, so that the electronic equipment can acquire and use the user data.

S505, the electronic device cannot use the user data.

Under the condition that the counter value II and the counter value III are different, the attacker can modify the counter value I stored in the security chip, and the attacker can also modify the counter value I stored in the non-security chip, so that the verification value of the user data cannot be checked, and the electronic equipment cannot use the user data at the moment in order to protect the security of the user data.

However, as can be seen from the embodiments shown in fig. 4 and fig. 5, if an attacker modifies the value of the counter stored in the secure chip, the value of the counter stored in the secure chip is inconsistent with the value of the counter stored in the non-secure chip, so that the verification is not passed, and the electronic device cannot use the user data.

Secondly, if the attacker obtains the stored counter value from the secure chip, the attacker also obtains the counter value from the non-secure chip, and the attacker checks the counter value. Then the attacker may forge the user data and use the forged user data before using the user data.

Fig. 6 shows another schematic diagram of storing a check value of user data.

For example, the check value of the user data may be calculated based on the user data.

Before the electronic device stores the user data, a check value is calculated based on the user data, and the check value is stored in the security chip. When the electronic device uses the user data to cause the user data to change, and stores the changed user data, a check value is obtained again based on the changed user data, and then the updated check value is stored in the security chip. That is, the content of the user data and the check value are in a one-to-one binding relationship, and when the user data changes, the check value of the user data correspondingly changes.

S601, the electronic equipment acquires user data.

S602, the electronic device obtains a check value of the user data based on the user data.

For example, the electronic device may calculate a hash value of the user data, and use the hash value as the check value one.

The electronic device may also obtain the check value of the user data based on the user data in other manners, which is not limited in the embodiment of the present application.

S603, the electronic device stores a check value one of the user data in the security chip.

When the electronic device stores the user data, the check value one of the user data is stored in the security chip. So that the check value of the user data can be checked when the user data is used later. In case the verification passes, the user data is allowed to be used by the electronic device.

Fig. 7 shows a schematic diagram of another electronic device verifying a check value of user data.

Based on the method of storing the check value of the user data shown in fig. 6, fig. 7 shows another flow of the method of checking the check value of the user data.

S701, the electronic device acquires a check value II of the user data from the security chip.

When the electronic equipment needs to use the user data, the electronic equipment needs to verify the check value of the user data a priori. First, the electronic device obtains a second check value of the user data from the security chip.

Since an attacker may modify the check value of the user data stored in the security chip, the second check value of the user data obtained by the electronic device from the security chip may be different from the first check value of the user data stored previously.

S702, the electronic equipment obtains a third check value of the user data based on the user data.

Secondly, the electronic device also acquires a third check value of the user data. For example, the electronic device may calculate a third check value of the user data based on the user data stored in the non-secure chip.

Because an attacker may modify the user data stored in the non-secure chip, the electronic device may calculate a third check value of the user data based on the user data stored in the non-secure chip, which may be different from the first check value of the user data calculated based on the user data stored in the non-secure chip.

S703, checking value three and checking value two are the same.

If the check value three and the check value two are the same, S704 is executed. If the check value three and the check value two are different, S705 is executed.

S704, when the check value three and the check value two are the same, the electronic device uses the user data.

Under the condition that the check value three and the check value two are the same, the fact that an attacker does not modify the check value of the user data stored in the secure chip and does not modify the user data stored in the non-secure chip is indicated, and then the electronic equipment can acquire and use the user data.

S705, the electronic device cannot use the user data.

Under the condition that the third check value and the second check value are different, it is stated that an attacker may modify the check value of the user data stored in the secure chip, and the attacker may modify the user data stored in the non-secure chip, so that the check value of the user data cannot be checked, and in order to protect the security of the user data, the electronic device cannot use the user data at this time.

However, as can be seen from the embodiments of fig. 6 and fig. 7, if an attacker modifies the check value of the user data stored in the secure chip, the check value of the user data stored in the secure chip is inconsistent with the check value calculated based on the user data stored in the non-secure chip, so that the verification is not passed, and the electronic device cannot use the user data.

Based on this, the embodiment of the application provides a data protection method, which comprises two parts of applying for a counter, protecting user data and using the user data.

Wherein, the application counter comprises the following steps:

step one: the electronic device obtains first user data.

Step two: the electronic device obtains the credentials of the first counter and sets the value of the first counter to a first value.

Optionally, the electronic device may set the value of the first counter to the first value in the security chip, because the security coefficient of the security chip is higher, so that the situation that the value of the first counter leaks is avoided.

Step three: the electronic device stores the certificate of the first counter in the secure chip, and stores the certificate of the first counter in the non-secure chip or the cloud.

Protecting user data comprises the steps of:

step one: the electronic device sends the first user data and the credentials of the first counter to the secure chip.

Step two: and under the condition that the certificate of the first counter sent by the electronic equipment is the same as the certificate of the first counter stored in the security chip, the electronic equipment calculates a first check value based on the first user data and the first value of the first counter.

Step three: the electronic device stores the first check value in the non-secure chip or the cloud.

Using the user data comprises the steps of:

step one: the electronic device sends the second user data, the credentials of the first counter and the first check value to the secure chip.

Step two: and under the condition that the certificate of the first counter sent by the electronic equipment is the same as the certificate of the first counter stored in the security chip, the electronic equipment calculates a second check value based on the second user data and the first value of the first counter.

Step three: and under the condition that the first check value and the second check value are the same, the verification is successful, which means that the first user data and the second user data are the same, namely the user data are not changed, and the electronic equipment can use the first user data. Under the condition that the first check value and the second check value are different, verification is not passed, and it is indicated that the first user data and the second user data are different, and an attacker may change the first user data, and the electronic device cannot use the first user data.

By the method, the user data can be used only after authentication in the security chip passes through a multi-stage authentication mechanism before the user data is used by the electronic equipment, so that the situation that the user data is changed by an attacker is avoided, and the security of the user data is protected.

Fig. 8 shows a schematic structural diagram of the electronic device 100.

The electronic device 100 may be a cell phone, tablet, desktop, laptop, handheld, notebook, ultra-mobile personal computer (ultra-mobile personal computer, UMPC), netbook, as well as a cellular telephone, personal digital assistant (personal digital assistant, PDA), augmented reality (augmented reality, AR) device, virtual Reality (VR) device, artificial intelligence (artificial intelligence, AI) device, wearable device, vehicle-mounted device, smart home device, and/or smart city device, with the specific types of such electronic devices not being particularly limited in the embodiments of the present application.

The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (universal serial bus, USB) interface 130, a charge management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, keys 190, a motor 191, an indicator 192, a camera 193, a display 194, and a subscriber identity module (subscriber identification module, SIM) card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It should be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation on the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units, such as: the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.

The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.

A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that the processor 110 has just used or recycled. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby improving the efficiency of the system.

In some embodiments, the processor 110 may include one or more interfaces. The interfaces may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose input/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.

The I2C interface is a bi-directional synchronous serial bus comprising a serial data line (SDA) and a serial clock line (derail clock line, SCL). In some embodiments, the processor 110 may contain multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, charger, flash, camera 193, etc., respectively, through different I2C bus interfaces. For example: the processor 110 may be coupled to the touch sensor 180K through an I2C interface, such that the processor 110 communicates with the touch sensor 180K through an I2C bus interface to implement a touch function of the electronic device 100.

The I2S interface may be used for audio communication. In some embodiments, the processor 110 may contain multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 via an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through the I2S interface, to implement a function of answering a call through the bluetooth headset.

PCM interfaces may also be used for audio communication to sample, quantize and encode analog signals. In some embodiments, the audio module 170 and the wireless communication module 160 may be coupled through a PCM bus interface. In some embodiments, the audio module 170 may also transmit audio signals to the wireless communication module 160 through the PCM interface to implement a function of answering a call through the bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.

The UART interface is a universal serial data bus for asynchronous communications. The bus may be a bi-directional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is typically used to connect the processor 110 with the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit an audio signal to the wireless communication module 160 through a UART interface, to implement a function of playing music through a bluetooth headset.

The MIPI interface may be used to connect the processor 110 to peripheral devices such as a display 194, a camera 193, and the like. The MIPI interfaces include camera serial interfaces (camera serial interface, CSI), display serial interfaces (display serial interface, DSI), and the like. In some embodiments, processor 110 and camera 193 communicate through a CSI interface to implement the photographing functions of electronic device 100. The processor 110 and the display 194 communicate via a DSI interface to implement the display functionality of the electronic device 100.

The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal or as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, an I2S interface, a UART interface, an MIPI interface, etc.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 100, and may also be used to transfer data between the electronic device 100 and a peripheral device. And can also be used for connecting with a headset, and playing audio through the headset. The interface may also be used to connect other electronic devices, such as AR devices, etc.

It should be understood that the interfacing relationship between the modules illustrated in the embodiments of the present invention is only illustrative, and is not meant to limit the structure of the electronic device 100. In other embodiments of the present application, the electronic device 100 may also use different interfacing manners, or a combination of multiple interfacing manners in the foregoing embodiments.

The charge management module 140 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charge management module 140 may receive a charging input of a wired charger through the USB interface 130. In some wireless charging embodiments, the charge management module 140 may receive wireless charging input through a wireless charging coil of the electronic device 100. The charging management module 140 may also supply power to the electronic device through the power management module 141 while charging the battery 142.

The power management module 141 is used for connecting the battery 142, and the charge management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 to power the processor 110, the internal memory 121, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be configured to monitor battery capacity, battery cycle number, battery health (leakage, impedance) and other parameters. In other embodiments, the power management module 141 may also be provided in the processor 110. In other embodiments, the power management module 141 and the charge management module 140 may be disposed in the same device.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution for wireless communication including 2G/3G/4G/5G, etc., applied to the electronic device 100. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 150 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation. The mobile communication module 150 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be provided in the same device as at least some of the modules of the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating the low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs sound signals through an audio device (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional module, independent of the processor 110.

The wireless communication module 160 may provide solutions for wireless communication including wireless local area network (wireless local area networks, WLAN) (e.g., wireless fidelity (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc., as applied to the electronic device 100. The wireless communication module 160 may be one or more devices that integrate at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.

In some embodiments, antenna 1 and mobile communication module 150 of electronic device 100 are coupled, and antenna 2 and wireless communication module 160 are coupled, such that electronic device 100 may communicate with a network and other devices through wireless communication techniques. The wireless communication techniques may include the Global System for Mobile communications (global system for mobile communications, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), time division code division multiple access (time-division code division multiple access, TD-SCDMA), long term evolution (long term evolution, LTE), BT, GNSS, WLAN, NFC, FM, and/or IR techniques, among others. The GNSS may include a global satellite positioning system (global positioning system, GPS), a global navigation satellite system (global navigation satellite system, GLONASS), a beidou satellite navigation system (beidou navigation satellite system, BDS), a quasi zenith satellite system (quasi-zenith satellite system, QZSS) and/or a satellite based augmentation system (satellite based augmentation systems, SBAS).

The electronic device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or change display information.

The display screen 194 is used to display images, videos, and the like. The display 194 includes a display panel. The display panel may employ a liquid crystal display (liquid crystal display, LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED) or an active-matrix organic light-emitting diode (matrix organic light emitting diode), a flexible light-emitting diode (flex), a mini, a Micro led, a Micro-OLED, a quantum dot light-emitting diode (quantum dot light emitting diodes, QLED), or the like. In some embodiments, the electronic device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.

The electronic device 100 may implement photographing functions through an ISP, a camera 193, a video codec, a GPU, a display screen 194, an application processor, and the like.

The ISP is used to process data fed back by the camera 193. For example, when photographing, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electric signal, and the camera photosensitive element transmits the electric signal to the ISP for processing and is converted into an image visible to naked eyes. ISP can also optimize the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in the camera 193.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (charge coupled device, CCD) or a Complementary Metal Oxide Semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, which is then transferred to the ISP to be converted into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into an image signal in a standard RGB, YUV, or the like format. In some embodiments, electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

The digital signal processor is used for processing digital signals, and can process other digital signals besides digital image signals. For example, when the electronic device 100 selects a frequency bin, the digital signal processor is used to fourier transform the frequency bin energy, or the like.

Video codecs are used to compress or decompress digital video. The electronic device 100 may support one or more video codecs. In this way, the electronic device 100 may play or record video in a variety of encoding formats, such as: dynamic picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4, etc.

The NPU is a neural-network (NN) computing processor, and can rapidly process input information by referencing a biological neural network structure, for example, referencing a transmission mode between human brain neurons, and can also continuously perform self-learning. Applications such as intelligent awareness of the electronic device 100 may be implemented through the NPU, for example: image recognition, face recognition, speech recognition, text understanding, etc.

The internal memory 121 may include one or more random access memories (random access memory, RAM) and one or more non-volatile memories (NVM).

The random access memory may include a static random-access memory (SRAM), a dynamic random-access memory (dynamic random access memory, DRAM), a synchronous dynamic random-access memory (synchronous dynamic random access memory, SDRAM), a double data rate synchronous dynamic random-access memory (double data rate synchronous dynamic random access memory, DDR SDRAM, such as fifth generation DDR SDRAM is commonly referred to as DDR5 SDRAM), etc.;

the nonvolatile memory may include a disk storage device, a flash memory (flash memory).

The FLASH memory may include NOR FLASH, NAND FLASH, 3D NAND FLASH, etc. divided according to an operation principle, may include single-level memory cells (SLC), multi-level memory cells (MLC), triple-level memory cells (TLC), quad-level memory cells (QLC), etc. divided according to a storage specification, may include universal FLASH memory (english: universal FLASH storage, UFS), embedded multimedia memory cards (embedded multi media Card, eMMC), etc. divided according to a storage specification.

The random access memory may be read directly from and written to by the processor 110, may be used to store executable programs (e.g., machine instructions) for an operating system or other on-the-fly programs, may also be used to store data for users and applications, and the like.

The nonvolatile memory may store executable programs, store data of users and applications, and the like, and may be loaded into the random access memory in advance for the processor 110 to directly read and write.

The external memory interface 120 may be used to connect external non-volatile memory to enable expansion of the memory capabilities of the electronic device 100. The external nonvolatile memory communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as music and video are stored in an external nonvolatile memory.

The electronic device 100 may implement audio functions through an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, an application processor, and the like. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or a portion of the functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also referred to as a "horn," is used to convert audio electrical signals into sound signals. The electronic device 100 may listen to music, or to hands-free conversations, through the speaker 170A.

A receiver 170B, also referred to as a "earpiece", is used to convert the audio electrical signal into a sound signal. When electronic device 100 is answering a telephone call or voice message, voice may be received by placing receiver 170B in close proximity to the human ear.

Microphone 170C, also referred to as a "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can sound near the microphone 170C through the mouth, inputting a sound signal to the microphone 170C. The electronic device 100 may be provided with at least one microphone 170C. In other embodiments, the electronic device 100 may be provided with two microphones 170C, and may implement a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device 100 may also be provided with three, four, or more microphones 170C to enable collection of sound signals, noise reduction, identification of sound sources, directional recording functions, etc.

The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be a USB interface 130 or a 3.5mm open mobile electronic device platform (open mobile terminal platform, OMTP) standard interface, a american cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

The pressure sensor 180A is used to sense a pressure signal, and may convert the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A is of various types, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a capacitive pressure sensor comprising at least two parallel plates with conductive material. The capacitance between the electrodes changes when a force is applied to the pressure sensor 180A. The electronic device 100 determines the strength of the pressure from the change in capacitance. When a touch operation is applied to the display screen 194, the electronic apparatus 100 detects the touch operation intensity according to the pressure sensor 180A. The electronic device 100 may also calculate the location of the touch based on the detection signal of the pressure sensor 180A. In some embodiments, touch operations that act on the same touch location, but at different touch operation strengths, may correspond to different operation instructions. For example: and executing an instruction for checking the short message when the touch operation with the touch operation intensity smaller than the first pressure threshold acts on the short message application icon. And executing an instruction for newly creating the short message when the touch operation with the touch operation intensity being greater than or equal to the first pressure threshold acts on the short message application icon.

The gyro sensor 180B may be used to determine a motion gesture of the electronic device 100. In some embodiments, the angular velocity of electronic device 100 about three axes (i.e., x, y, and z axes) may be determined by gyro sensor 180B. The gyro sensor 180B may be used for photographing anti-shake. For example, when the shutter is pressed, the gyro sensor 180B detects the shake angle of the electronic device 100, calculates the distance to be compensated by the lens module according to the angle, and makes the lens counteract the shake of the electronic device 100 through the reverse motion, so as to realize anti-shake. The gyro sensor 180B may also be used for navigating, somatosensory game scenes.

The air pressure sensor 180C is used to measure air pressure. In some embodiments, electronic device 100 calculates altitude from barometric pressure values measured by barometric pressure sensor 180C, aiding in positioning and navigation.

The magnetic sensor 180D includes a hall sensor. The electronic device 100 may detect the opening and closing of the flip cover using the magnetic sensor 180D. In some embodiments, when the electronic device 100 is a flip machine, the electronic device 100 may detect the opening and closing of the flip according to the magnetic sensor 180D. And then according to the detected opening and closing state of the leather sheath or the opening and closing state of the flip, the characteristics of automatic unlocking of the flip and the like are set.

The acceleration sensor 180E may detect the magnitude of acceleration of the electronic device 100 in various directions (typically three axes). The magnitude and direction of gravity may be detected when the electronic device 100 is stationary. The electronic equipment gesture recognition method can also be used for recognizing the gesture of the electronic equipment, and is applied to horizontal and vertical screen switching, pedometers and other applications.

A distance sensor 180F for measuring a distance. The electronic device 100 may measure the distance by infrared or laser. In some embodiments, the electronic device 100 may range using the distance sensor 180F to achieve quick focus.

The proximity light sensor 180G may include, for example, a Light Emitting Diode (LED) and a light detector, such as a photodiode. The light emitting diode may be an infrared light emitting diode. The electronic device 100 emits infrared light outward through the light emitting diode. The electronic device 100 detects infrared reflected light from nearby objects using a photodiode. When sufficient reflected light is detected, it may be determined that there is an object in the vicinity of the electronic device 100. When insufficient reflected light is detected, the electronic device 100 may determine that there is no object in the vicinity of the electronic device 100. The electronic device 100 can detect that the user holds the electronic device 100 close to the ear by using the proximity light sensor 180G, so as to automatically extinguish the screen for the purpose of saving power. The proximity light sensor 180G may also be used in holster mode, pocket mode to automatically unlock and lock the screen.

The ambient light sensor 180L is used to sense ambient light level. The electronic device 100 may adaptively adjust the brightness of the display 194 based on the perceived ambient light level. The ambient light sensor 180L may also be used to automatically adjust white balance when taking a photograph. Ambient light sensor 180L may also cooperate with proximity light sensor 180G to detect whether electronic device 100 is in a pocket to prevent false touches.

The fingerprint sensor 180H is used to collect a fingerprint. The electronic device 100 may utilize the collected fingerprint feature to unlock the fingerprint, access the application lock, photograph the fingerprint, answer the incoming call, etc.

The temperature sensor 180J is for detecting temperature. In some embodiments, the electronic device 100 performs a temperature processing strategy using the temperature detected by the temperature sensor 180J. For example, when the temperature reported by temperature sensor 180J exceeds a threshold, electronic device 100 performs a reduction in the performance of a processor located in the vicinity of temperature sensor 180J in order to reduce power consumption to implement thermal protection. In other embodiments, when the temperature is below another threshold, the electronic device 100 heats the battery 142 to avoid the low temperature causing the electronic device 100 to be abnormally shut down. In other embodiments, when the temperature is below a further threshold, the electronic device 100 performs boosting of the output voltage of the battery 142 to avoid abnormal shutdown caused by low temperatures.

The touch sensor 180K, also referred to as a "touch device". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is for detecting a touch operation acting thereon or thereabout. The touch sensor may communicate the detected touch operation to the application processor to determine the touch event type. Visual output related to touch operations may be provided through the display 194. In other embodiments, the touch sensor 180K may also be disposed on the surface of the electronic device 100 at a different location than the display 194.

The bone conduction sensor 180M may acquire a vibration signal. In some embodiments, bone conduction sensor 180M may acquire a vibration signal of a human vocal tract vibrating bone pieces. The bone conduction sensor 180M may also contact the pulse of the human body to receive the blood pressure pulsation signal. In some embodiments, bone conduction sensor 180M may also be provided in a headset, in combination with an osteoinductive headset. The audio module 170 may analyze the voice signal based on the vibration signal of the sound portion vibration bone block obtained by the bone conduction sensor 180M, so as to implement a voice function. The application processor may analyze the heart rate information based on the blood pressure beat signal acquired by the bone conduction sensor 180M, so as to implement a heart rate detection function.

The keys 190 include a power-on key, a volume key, etc. The keys 190 may be mechanical keys. Or may be a touch key. The electronic device 100 may receive key inputs, generating key signal inputs related to user settings and function controls of the electronic device 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration alerting as well as for touch vibration feedback. For example, touch operations acting on different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also correspond to different vibration feedback effects by touching different areas of the display screen 194. Different application scenarios (such as time reminding, receiving information, alarm clock, game, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.

The indicator 192 may be an indicator light, may be used to indicate a state of charge, a change in charge, a message indicating a missed call, a notification, etc.

The SIM card interface 195 is used to connect a SIM card. The SIM card may be inserted into the SIM card interface 195, or removed from the SIM card interface 195 to enable contact and separation with the electronic device 100. The electronic device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 195 may support Nano SIM cards, micro SIM cards, and the like. The same SIM card interface 195 may be used to insert multiple cards simultaneously. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The electronic device 100 interacts with the network through the SIM card to realize functions such as communication and data communication. In some embodiments, the electronic device 100 employs esims, i.e.: an embedded SIM card. The eSIM card can be embedded in the electronic device 100 and cannot be separated from the electronic device 100.

The software system of the electronic device 100 may employ a layered architecture, an event driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. In the embodiment of the invention, taking an Android system with a layered architecture as an example, a software structure of the electronic device 100 is illustrated. The system of the electronic device 100 may also be an IOS system, a hong system, etc., which is not limited in this embodiment of the present application. The types of the electronic device 100 are different, and the systems of the electronic device 100 may also be different, and in this embodiment of the present application, the system of the electronic device 100 is illustrated as an Android system.

The layered architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun row (Android run) and system libraries, and a kernel layer, respectively. The embodiment of the application does not limit the layering of the software structure of the electronic equipment. Referring to fig. 9, an Zhuoyun rows and system libraries, as well as the kernel layer, may be considered a layer, referred to as the system layer, in embodiments of the present application. It should be understood that fig. 9 further adds a hardware layer in the electronic device based on the Android system.

It should be understood that the modules included in the respective layers shown in fig. 9 are modules involved in the embodiments of the present application, and the modules included in the respective layers below do not constitute limitations on the structure of the electronic device and the hierarchy (illustration) of the module arrangement. For example, the authentication information registration module may be deployed at an application layer or an application framework layer. In one embodiment, the modules shown in FIG. 9 may be deployed alone, or several modules may be deployed together, with the division of modules in FIG. 9 being an example. In one embodiment, the names of the modules shown in FIG. 9 are exemplary.

The application layer may include a series of application packages.

As shown in fig. 9, the application package may include applications such as camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, short message, etc.

The application framework layer provides an application programming interface (application programming interface, API) and programming framework for application programs of the application layer. The application framework layer includes a number of predefined functions.

As shown in fig. 9, the application framework layer may include a window manager, a content provider, a telephony manager, a resource manager, an anti-rollback service module, and the like.

The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen identity authentication information verification module and the like.

The content provider is used to store and retrieve data and make such data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc.

The telephony manager is used to provide the communication functions of the electronic device 100. Such as the management of call status (including on, hung-up, etc.).

The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.

The anti-rollback service module mainly provides a medium for transferring messages between an application and a security chip. Specifically, before the application saves the user data, when the application applies for the counter, the anti-rollback service module allocates an idle counter to the application, acquires the identification of the counter, and sends the identification of the counter to the security chip.

Before the application stores the user data, the anti-rollback service module sends the identification of the counter to the security chip so that the security chip can modify and store the value of the counter. When the electronic device needs to use the user data, the verification value of the user data can be obtained based on the numerical value of the counter, and the electronic device can use the user data only under the condition that verification is passed.

Optionally, after the user data is changed, the value of the corresponding counter is also changed, and then the verification value of the changed user data is also changed.

Before the electronic equipment uses the user data, the anti-rollback service module sends the check value of the user data to the security chip, the security chip calculates the value based on the user data sent by the anti-rollback service module and the counter to obtain another check value, and under the condition that the check value is the same as the previously stored check value, the verification is passed, the user data sent by the anti-rollback service module to the security chip is the same as the previously stored user data, and the electronic equipment can use the application data. If the verification value is different from the previously stored verification value, the verification is not passed, the user data sent to the security chip by the anti-rollback service module is different from the previously stored user data, and an attacker may modify the user data, so that the electronic device cannot use the application data.

Because An Zhuoyun row and system libraries, and the kernel layer are considered a layer in the embodiments of the present application, android runtime and system libraries, and functional modules in the kernel layer, may be included in the system layer.

The system layer may include security chips, the number of which may be one or more.

The security chip only stores the value of the counter, the check value of the user data, the certificate of the counter and the like, and performs multi-stage authentication based on the value of the counter, the check value of the user data, the certificate of the counter and the like, thereby ensuring the security of the user data.

For an introduction of the fallback service module function and the security chip function, reference may be made to the description of the subsequent embodiments.

Fig. 10 is a flowchart of a method for generating a counter credential according to an embodiment of the present application.

Before the security chip obtains the specific value of the counter, verifying whether the certificate of the counter stored in the security chip is identical to the received certificate of the counter, and under the identical condition, obtaining the specific value of the counter by the security chip.

Alternatively, the security chip encrypts the value of the counter based on the credentials of the counter to obtain an encrypted counter value. The security chip receives the credentials of the counter before the security chip obtains the specific value of the counter. If the security chip is able to decrypt the encrypted counter value based on the received credentials of the counter, the security chip may obtain a specific value for the counter.

S1001, a first application acquires a certificate of a counter.

The first application obtains credentials for the counter before the first application saves the user data. The number of the counter credentials can be one or a plurality of.

The counter credentials of different counters may be different, or multiple counters may share one counter credential, which is not limited by the embodiments of the present application.

Alternatively, the first application may store the credentials of the counter in a non-secure chip, such as a flash chip. The first application may also store the credentials of the counter in the server. The embodiments of the present application are not limited in this regard.

The first application may obtain the credentials of the counter in any of the following ways.

Mode one: the first application obtains the credentials of the counter from the server.

Mode two: the first application obtains the credentials of the counter from the local location of the electronic device.

Mode three: before the first application needs to obtain the credentials of the counter, the electronic device may prompt the user to input the credentials, which may be used as the credentials of the counter.

The first application may also obtain the credentials of the counter in other manners, which is not limited in this embodiment of the present application.

S1002, the first application sends the certificate of the counter to the anti-rollback service module.

S1003, the anti-rollback service module allocates a first counter for the first application and acquires the identification of the first counter.

Optionally, a plurality of different counters are preset in the electronic device, and after the anti-rollback service module receives the credentials of the counter sent by the first application, the anti-rollback service module may randomly allocate one counter from the plurality of idle counters as the first counter.

Optionally, the anti-rollback service module may also allocate multiple counters for the first application at the same time. For example, the anti-rollback service module may determine to assign a number of counters to the first application based on the number of credentials of the counter. For example, if there is one counter credential, the anti-rollback service module may assign one counter to the first application, and if there are three counter credentials, the anti-rollback service module may assign three different counters to the first application.

Optionally, the first application may send the number of counters to be allocated while sending the credentials of the counters to the anti-rollback service module. The anti-rollback service module may determine to allocate a number of counters for the first application based on a number of counters to be allocated sent by the first application. For example, if the number of counters to be allocated that the first application sends to the anti-rollback service module is one, the anti-rollback service module may allocate one counter for the first application. If the number of the counters to be allocated, which are sent to the anti-rollback service module by the first application, is three, the anti-rollback service module may allocate three counters to the first application. In one possible implementation, the number of credentials that the first application sends the counter to the anti-rollback service module is the same as the number of counters that need to be allocated. For example, if the number of counters to be allocated that the first application sends to the anti-rollback service module is one, then the number of credentials of the counter that the first application sends to the anti-rollback service module is also one. If the number of counters to be allocated, which the first application sends to the anti-rollback service module, is three, then the number of credentials of the counters, which the first application sends to the anti-rollback service module, is also three. In other possible implementations, the number of credentials that the first application sends a counter to the anti-rollback service module and the number of counters that need to be allocated may be different. For example, if the number of counters to be allocated that the first application sends to the anti-rollback service module is one, the number of credentials of the counter that the first application sends to the anti-rollback service module may be one. If the number of counters to be allocated, which are sent to the anti-rollback service module by the first application, is three, and the number of certificates of the counters, which are sent to the anti-rollback service module by the first application, is also two, one counter uses the certificate of one counter, and the two counters share the certificate of the other counter.

The anti-rollback service module also records the corresponding relation between the first application and the first counter. Because the anti-rollback service module can allocate counters for a plurality of different applications, the anti-rollback service module needs to record the corresponding relation between each application and each counter.

TABLE 1

Identification of applications	Identification of a counter
		First application	First counter
Second application	Second counter, third counter
		Third application	Fourth counter

Table 1 shows the betting and win relation of various different applications and counters recorded by the anti-rollback service module. For example, the counter corresponding to the first application is a first counter, the counter corresponding to the second application is a second counter and a third counter, and the counter corresponding to the third application is a fourth counter.

It should be noted that, the anti-rollback service module may also record more or fewer corresponding relations between applications and the counter, which is not limited in the embodiment of the present application.

Alternatively, if the counter is not used by the application for more than a certain period of time (e.g., a month), the anti-rollback service module may clear the binding of the application to the counter so that the counter may be used by other applications.

Optionally, after the application is uninstalled, the anti-rollback service module may then clear the binding of the application to the counter so that the counter may be used by other applications.

S1004, the anti-rollback service module sends the identification of the first counter and the certificate of the counter to the security chip.

After the anti-rollback service module assigns the first counter to the first application, an identification and credentials of the first counter are sent to the security chip.

S1005, the security chip sets the initial value of the first counter to a first threshold value.

The initial value of the counter is used for generating a count value of different user data when the different user data is saved.

Alternatively, the first threshold may be randomly generated, i.e. the initial values for the different counters are different.

Alternatively, the first threshold may be preset, and the initial values of the different counters are the same.

S1006, the security chip stores the initial value of the first counter and the certificate of the counter, and takes the certificate of the counter as the certificate of the first counter.

The security chip stores the initial value of the first counter and the credentials of the counter so that when user data is stored later, a count value of the user data is generated based on the initial value of the first counter and a check value of the user data is generated based on the count value. The certificate of the counter is used for verifying whether the certificate of the counter is consistent with the received certificate of the counter before the security chip obtains the verification value of the user data before using the user data, if so, the security chip is allowed to obtain the verification value of the user data, otherwise, the security chip cannot obtain the verification value of the user data.

TABLE 2

Table 2 shows the initial values of the counter and the credentials of the counter for different applications stored in a secure chip. For example, the first application corresponds to a first counter, an initial value of the first counter is a first threshold, and a credential of the first counter is a first token. The second application corresponds to a second counter and a third counter, the initial value of the second counter is a second threshold value, the initial value of the third counter is a third threshold value, the certificate of the second counter is a second token, and the certificate of the third counter is a third token. The third application corresponds to a fourth counter, the initial value of the fourth counter is a fourth threshold value, and the certificate of the fourth counter is a fourth token.

Optionally, the first threshold, the second threshold, the third threshold, and the fourth threshold are randomly generated, so that the first threshold, the second threshold, the third threshold, and the fourth threshold may be different from each other, may be partially the same, or may be all the same, which is not limited in the embodiment of the present application.

Alternatively, the second token and the third token may be different or the same, which is not limited in this embodiment of the present application.

Alternatively, the first token, the second token, the third token, and the fourth token may be different from each other, may be partially the same, or may be all the same, which is not limited in this embodiment of the present application.

TABLE 3 Table 3

Identification of a counter	Initial value of counter	Certificate of counter
			First counter	First threshold value	First token
Second counter	Second threshold value	Second token
			Third counter	Third threshold value	Third token
Fourth counter	Fourth threshold value	Fourth token

Table 3 shows the initial value of the counter and the credentials of the counter stored in another secure chip. Because the anti-rollback service module stores the identifiers of the counters corresponding to different applications, the security chip can not store the identifiers of the counters corresponding to different applications, and the security chip can only store the initial values of the counters corresponding to different counters and the certificates of the counters. For example, the initial value of the first counter is a first threshold, and the credential of the first counter is a first token. The initial value of the second counter is a second threshold value, and the certificate of the second counter is a second token. The initial value of the third counter is a third threshold value, and the certificate of the third counter is a third token. The initial value of the fourth counter is a fourth threshold value, and the certificate of the fourth counter is a fourth token.

S1007, the security chip sends the information that the counter is set to the anti-rollback service module.

S1008, the anti-rollback service module sends a message that the counter is set to the first application.

FIG. 11 shows a flow diagram of another method of generating a credential for a counter.

Fig. 11 is a flowchart of a method for generating a counter credential by a security chip, and fig. 10 is a flowchart of a method for generating a counter credential by a first application. The security coefficient of the security chip is higher, so the security of the credentials that generate the counter within the security chip is higher.

S1101, the first application sends a request for applying a counter to the anti-rollback service module.

Alternatively, the first application may start sending a request for applying the counter to the anti-rollback service module after downloading and before saving the user data.

S1102, the anti-rollback service module allocates a first counter for the first application and acquires the identification of the first counter.

For the description of S1102, reference may be made to the description of S1003 in the embodiment of fig. 11, and this embodiment of the application is not repeated here.

S1103, the anti-rollback service module sends the identification of the first counter to the security chip.

S1104, the security chip acquires the certificate of the first counter.

The security chip may obtain the credentials of the first counter in any of the following ways.

Mode one: the security chip obtains the credentials of the first counter from the server.

Mode two: the security chip obtains credentials for the first counter from locally the electronic device.

Mode three: before the security chip needs to obtain the credentials of the first counter, the electronic device may prompt the user to input the credentials, which may be used as the credentials of the first counter.

The security chip may also obtain the credentials of the first counter in other manners, which is not limited in this embodiment of the present application.

S1105, the security chip sets the initial value of the first counter to a first threshold value.

Alternatively, S1105 may be performed before S1104, and S1105 and S1104 may be performed simultaneously, which is not limited in the embodiment of the present application.

S1106, the security chip stores the initial value of the first counter and the certificate of the first counter.

For the description of S1106, reference may be made to the description of S1006 in the embodiment of fig. 11, which is not repeated herein.

S1107, the security chip sends the certificate of the first counter to the anti-rollback service module.

S1108, the anti-rollback service module sends the certificate of the first counter to the first application.

TABLE 4 Table 4

Table 4 shows one or more counter credentials corresponding to one or more applications stored in an unsecure chip or server of an electronic device. Illustratively, the first application corresponds to a first counter, and the certificate of the first counter is a first token. The second application is correspondingly provided with a second counter and a third counter, the certificate of the second counter is a second token, and the certificate of the third counter is a third token. The third application is correspondingly provided with a fourth counter, and the certificate of the fourth counter is a fourth token.

In this way, the first application may obtain the credentials of the first counter, so that before the electronic device uses the user data in the first application, the credentials of the first counter may be sent to the security chip, and the electronic device may use the user data in the first application only if the credentials of the first counter stored in the security chip are the same as the credentials of the first counter sent by the first application.

Alternatively, the first application may store the credentials of the first counter in a non-secure chip, such as a flash chip. The first application may also store the credentials of the first counter in the server. The embodiments of the present application are not limited in this regard.

Fig. 12 is a schematic diagram of protecting user data and generating a check value of the user data according to an embodiment of the present application.

When the electronic device stores the changed user data after the user data is changed, the value of the counter in the SE is changed accordingly. The verification value of the changed user data will also change.

S1201, the first application acquires first user data.

By way of example, the first user data may be a remaining amount of internet traffic, for example, 30G.

S1202, the first application sends the first user data and the credentials of the first counter to the anti-rollback service module.

That is, the first application may select one or more counters from the previously applied counters before saving the first user data, and generate the credentials of the first user data. For example, the first application may select the first counter from the counters of the previous application.

The electronic device's unsecure chip or server stores one or more counter credentials applied before the first application, and the first application may select the first counter credentials from the one or more counter credentials, so that a check value of the first user data may be generated.

After acquiring the credentials of the first counter, the first application sends the first user data and the credentials of the first counter to the anti-rollback service module.

S1203, the anti-rollback service module obtains the identifier of the first counter.

The anti-rollback service module acquires the identification of the first counter after receiving the first user data and the certificate of the first counter sent by the first application.

And S1204, the anti-rollback service module sends the identification of the first counter, the first user data and the certificate of the first counter to the security chip.

S1205, the security chip determines the certificate of the first counter stored in the security chip based on the identification of the first counter.

As can be seen from tables 2 and 3, the security chip stores the certificates of the counter corresponding to the plurality of counters.

After the security chip receives the identification of the first counter, the first user data and the credentials of the first counter sent by the anti-rollback service module, the security chip may acquire the credentials of the first counter from the security chip based on the identification of the first counter.

S1206, under the condition that the security chip determines that the certificate of the first counter sent by the anti-rollback service module is the same as the certificate of the first counter stored in the security chip, the security chip acquires the initial value of the first counter.

The security chip can acquire the initial value of the first counter under the condition that the certificate of the first counter of the security chip is the same as the certificate of the first counter sent by the anti-rollback service module. In this way, the attacker cannot obtain the initial value of the first counter without knowing the credentials of the first counter.

S1207, adding a first preset value on the basis of the initial value of the first counter, and obtaining the first value of the first counter by the security chip.

The first preset value may be a fixed value or a random number, which is not limited in the embodiment of the present application.

S1208, the security chip calculates a first check value based on the first value of the first counter and the first user data.

In one possible implementation, the security chip may calculate the first value of the first counter and the HMAC value of the first user data, taking the HMAC value as the first check value.

Optionally, the security chip may further calculate the first check value based on other factors, the first value of the first counter, and the first user data. Other factors include, but are not limited to, one or more of a hardware unique key, a device unique ID.

Thus, the first check value is calculated based on the value of the first counter and the first user data. The first verification value is verified before the electronic device is required to use the first user data. If any one of the first counter value and the first user data changes, the first check value will not pass the verification, and the electronic device cannot use the first user data. Therefore, the situation that an attacker falsifies the first user data can be avoided, and the safety of using the first user data by the electronic equipment is improved.

Alternatively, S1207 and S1208 may be replaced with S1207B as follows.

S1207B, the security chip calculates a first check value based on the initial value of the first counter and the first user data.

Optionally, the security chip may further calculate the first check value based on other factors, an initial value of the first counter, and the first user data. Other factors include, but are not limited to, one or more of a hardware unique key, a device unique ID.

S1209, the security chip sends the first check value to the anti-rollback service module.

S1210, the anti-rollback service module sends the first check value to the first application.

Alternatively, the first application may save the first check value in an unsecured chip, such as a flash chip. The first application may also store the first check value in the server. The embodiments of the present application are not limited in this regard.

TABLE 5

Table 5 exemplarily shows check values corresponding to different user data. For example, the first application has first user data and third user data. The check value of the first user data is a first check value, and the check value of the third user data is a third check value. Wherein the first user data and the third user data are different.

Alternatively, the first check value, the second check value, and the third check value may be completely different, may be partially the same, or may be all the same, which is not limited in this embodiment of the present application.

Optionally, in some embodiments, after the first user data changes, the check value corresponding to the first user data also changes.

Optionally, before the electronic device uses the first user data, the correctness of the check value of the first user data needs to be verified in the security chip. After the check value of the first user data passes, the electronic device can use the first user data. Preventing an attacker from forging the user data.

Fig. 13 shows a schematic diagram of a method of verifying the correctness of the check value of the first user data in the security chip before the electronic device uses the first user data.

S1301, the first application sends the second user data, the credentials of the first counter, and the first check value to the anti-rollback service module.

Before the first application needs to use the first user data stored before, the correctness of the check value of the first user data needs to be checked.

In some embodiments, the attacker may modify the first user data previously saved. By way of example, the first user data may be a remaining amount of internet traffic, for example, 30G. To increase the network traffic residual, the attacker may modify the network traffic residual to 100G, and the network traffic residual 100G may be referred to as second user data.

Optionally, the credentials and the first check value of the first counter may be obtained by the first application from a local location or may be obtained from a server, which is not limited in the embodiment of the present application.

S1302, the anti-rollback service module obtains the identification of the first counter.

The anti-rollback service module acquires the identification of the first counter after receiving the second user data, the certificate of the first counter and the first check value sent by the first application.

S1303, the anti-rollback service module sends the identification of the first counter, the second user data, the certificate of the first counter and the first check value to the security chip.

S1304, the security chip determines the credentials of the first counter stored in the security chip based on the identification of the first counter.

S1305, when it is determined that the credentials of the first counter are the same as the credentials of the first counter stored in the secure chip, the secure chip obtains the first value of the first counter.

The security chip may obtain the first value of the first counter only if the credentials of the first counter of the security chip are the same as the credentials of the first counter sent by the anti-rollback service module. Thus, under the condition that the attacker does not know the credentials of the first counter, the attacker cannot acquire the first value of the first counter, and the attacker cannot tamper with the value of the first counter, so that the accuracy of the value of the counter stored in the security chip is ensured

S1306, the security chip calculates a second check value based on the first value of the first counter and the second user data.

In one possible implementation, the security chip may calculate a first value of a counter and an HMAC value of the second user data, the HMAC value being used as the first check value.

Optionally, the security chip may calculate the second check value based on other factors, the first value of the first counter, and the second user data. Other factors include, but are not limited to, one or more of a hardware unique key, a device unique ID.

The algorithm and the parameter type for calculating the first check value and the second check value are the same.

S1307, if the first check value and the second check value are the same, the security chip may confirm that the second user data is the same as the first user data.

In case the first check value and the second check value are the same, it is indicated that the second user data is the same as the first user data, i.e. that no attacker has changed the first user data stored in the non-secure chip.

If the attacker modifies the first user data to obtain second user data, wherein the first user data is different from the second user data, the second check value calculated by the security chip based on the second user data and the first value of the first counter is different from the first check value stored in the security chip before.

For example, the first check value may be a first HMAC value derived based on the first value of the first counter and the first user data. The second check value may be a second HMAC value derived based on the first value of the first counter and the second user data. In the case where the first HMAC value and the second HMAC value are the same, the security chip may confirm that the second user data is the same as the first user data.

If the attacker modifies the first user data to obtain second user data, wherein the first user data is different from the second user data, the HMAC value calculated by the security chip based on the second user data and the first value of the first counter is different from the first HMAC value stored in the security chip before.

In case the secure chip can confirm that the second user data is identical to the first user data, it is indicated that the attacker does not alter the first user data stored in the non-secure chip. The first application uses the second user data.

S1308, the security chip sends a check passing message to the anti-rollback service module.

S1309, the anti-rollback service module sends a verification passing message to the first application.

S1310, the first application uses the second user data in response to the check passing message.

And under the condition that the second user data is confirmed to be the same as the first user data, the security chip sends a verification passing message to the first application. The first application may use the second user data in response to verifying the pass message.

And under the condition that the second user data is confirmed to be different from the first user data, the security chip does not send a verification passing message to the first application. The first application cannot use the second user data in case the first application does not receive the check pass message.

Optionally, in some embodiments, after the electronic device uses the second user data, the second user data is changed, and the electronic device needs to store the changed second user data. The counter value corresponding to the changed second user data stored in the security chip is changed while the changed second user data is stored. The security chip calculates a third check value based on the changed second user data and the counter value corresponding to the changed second user data, and stores the third check value in the security chip, and meanwhile, the third check value is required to be stored in the non-security chip or on the server.

As can be seen from the embodiment of fig. 13, the first application can only use the second user data if the second user data is the same as the first user data, and the second user data is the first user data.

By way of example, the first user data and the second user data may be a remaining amount of internet traffic, for example, 30G. After the user uses the second user data, the second user data is changed, for example, the changed second user data is 10G. The electronic device needs to save the changed second user data.

Fig. 14 is a schematic diagram of a method for storing changed second user data according to an embodiment of the present application.

S1401, acquiring changed second user data.

In some embodiments, the changed second user data may also be referred to as third user data.

S1402, the first application sends the changed second user data and the certificate of the first counter to the anti-rollback service module.

The first application uses the credentials of the first counter when saving the first user data, and then the credentials of the first counter may also be used when saving the changed second user data. In other embodiments, when the changed second user data is stored, the credentials of other counters may also be used, which is not limited in this embodiment of the present application. In the embodiment of the application, when the changed second user data is stored, the credential of continuing to use the first counter is taken as an example for explanation.

S1403, the anti-rollback service module acquires the identification of the first counter.

The anti-rollback service module acquires the identification of the first counter after receiving the changed second user data and the certificate of the first counter.

S1404, the anti-rollback service module sends the identification of the first counter, the changed second user data and the certificate of the first counter to the security chip.

S1405, the security chip determines the certificate of the first counter stored in the security chip based on the identification of the first counter.

After the security chip receives the identification of the first counter, the changed second user data and the certificate of the first counter sent by the anti-rollback service module, the security chip can acquire the certificate of the first counter from the security chip based on the identification of the first counter.

S1406, the security chip determines that the certificate of the first counter is the same as the certificate of the first counter stored in the security chip, and obtains the first value of the first counter.

The security chip may obtain the first value of the first counter only if the credentials of the first counter of the security chip are the same as the credentials of the first counter sent by the anti-rollback service module. Thus, the attacker cannot acquire the first value of the first counter without knowing the credentials of the first counter, and cannot modify the value of the first counter. The accuracy of the value of the counter stored in the security chip is ensured.

S1407, adding a second preset value on the basis of the first value of the first counter, and obtaining the second value of the first counter by the security chip.

The second preset value may be a fixed value or a random number, which is not limited in the embodiment of the present application.

The second preset value may be the same as the first preset value, and the second preset value may also be different from the first preset value.

S1408, the security chip calculates a third check value based on the second value of the first counter and the changed second user data.

In one possible implementation, the security chip may calculate a second value of a counter and an HMAC value of the changed second user data, taking the HMAC value as the third check value.

Optionally, the security chip may further calculate a third check value based on the combined action of other factors, the second value of the first counter, and the changed second user data. Other factors include, but are not limited to, one or more of a hardware unique key, a device unique ID.

S1409, the security chip sends a third check value to the anti-rollback service module.

S1410, the anti-rollback service module sends a third check value to the first application.

Alternatively, the first application may save the third check value in a non-secure chip, such as a flash chip. The first application may also store the third check value in the server. The embodiments of the present application are not limited in this regard.

Fig. 15 is a flow chart of a data protection method according to an embodiment of the present application.

S1501, the electronic device acquires second user data, a credential of a first counter and a first check value of the first user data from the non-secure chip.

S1502, the electronic device acquires the certificate of the first counter from the security chip.

In one possible implementation, the electronic device stores the credentials of the first counter in a secure chip, specifically including: the electronic equipment generates a certificate of a first counter through a security chip; the electronic device stores the credentials of the first counter within the secure chip. At this time, the secure chip needs to store the credentials of the first counter in the non-secure chip or on the server, so that when the electronic device uses the user data, authentication can be performed based on the credentials of the first counter stored in the non-secure chip or on the server.

Or,

S1503, under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic device acquires the first value of the first counter through the secure chip.

In one possible implementation, the method further includes: in the case where the credentials of the first counter in the non-secure chip and the credentials of the first counter in the secure chip are different, the electronic device cannot obtain the first value of the first counter from the secure chip. Thus, under the condition that the attacker does not know the certificate of the first counter, the certificate of the first counter cannot pass authentication, the attacker cannot acquire the first value of the first counter, and the security of the first value of the first counter stored in the security chip is ensured.

In one possible implementation, the first value of the first counter is derived based on an initial value of the first counter and a first preset value, wherein the initial value of the counter is randomly generated. Therefore, the initial value of the first counter is randomly generated, so that the situation that an attacker acquires the first value of the first counter in a manner of violent enumeration, so that the first value of the first counter stored in the security chip leaks is avoided, and the security of the first value of the first counter stored in the security chip is improved.

In one possible implementation, before the electronic device stores the first value of the first counter within the secure chip, the method further comprises: the electronic device generates an initial value of the first counter through the security chip. In this way, the initial value of the first counter is generated in the security chip, and the security of the value of the counter stored in the security chip is improved.

S1504, the electronic device obtains a second check value of the second user data based on the second user data and the first value of the first counter through the security chip; the electronic device uses the second user data in case the first check value and the second check value are the same.

The secure chip and the non-secure chip can realize data interaction through I2C or SPI bus communication.

In one possible implementation, before the electronic device obtains the second user data, the credentials of the first counter, and the first check value of the first user data from within the non-secure chip, the method further includes: the electronic device stores the first user data, the first check value of the first user data, and the credentials of the first counter within the non-secure chip. The electronic device stores the first value of the first counter and the credentials of the first counter within the secure chip.

In one possible implementation, before the electronic device obtains the second user data, the credentials of the first counter, and the first check value of the first user data from within the non-secure chip, the method further includes: the electronic equipment acquires first user data, an identifier of a first counter and a certificate of the first counter stored in the non-secure chip from the non-secure chip; the electronic equipment determines a certificate of a first counter stored in the security chip based on the identification of the first counter through the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic equipment acquires a first value of the first counter; the electronic equipment obtains a first check value of the first user data based on the first value of the first counter and the first user data through the security chip; the electronic device stores a first check value of the first user data within the non-secure chip. Thus, when the electronic device stores the first user data, a first check value is generated within the secure chip based on the first user data and the first value of the first counter. After generating the first check value, the electronic device stores the first check value in an unsecure chip, such as a flash chip or on a server. In this way, even if an attacker will falsify the user data, for example, replace the first user data with the second user data, when authenticating, the second check value generated in the security chip based on the first value obtained from the second user data and the first counter is different from the first check value, resulting in that the check is not passed, and the situation that the attacker falsifies the user data is avoided.

In one possible implementation, after the electronic device uses the second user data, the method further includes: the electronic equipment acquires third user data, wherein the third user data is changed second user data; the electronic equipment sends the third user data, the certificate of the first counter in the non-secure chip and the identification of the first counter to the secure chip; the electronic equipment obtains a certificate of a first counter based on the identification of the first counter through the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, the electronic equipment acquires a first value of the first counter through the secure chip, and acquires a second value of the first counter based on the first value of the first counter and a second preset value; the electronic equipment obtains a third check value of the third user data based on the third user data and the second value of the first counter through the security chip; the electronic device stores a third verification value of the third user data in the non-secure chip.

The application also provides an electronic device, the electronic device comprising: one or more processors, one or more memories, a display screen; the one or more memories, the display screen, and the one or more processors are coupled, the one or more memories are for storing computer program code, the computer program code includes computer instructions, the one or more processors call the computer instructions to cause the electronic device to perform: acquiring second user data, a certificate of a first counter and a first check value of the first user data from the non-secure chip; the certificate of the first counter in the non-secure chip is used for acquiring a first value of the first counter, and the first check value and the first value of the first counter are used for checking whether the second user data are identical to the first user data or not; acquiring a certificate of a first counter from the security chip; under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip, acquiring a first value of the first counter through the secure chip; obtaining a second check value of the second user data based on the second user data and the first value of the first counter by the security chip; in case the first check value and the second check value are the same, the second user data is used.

In one possible implementation, one or more processors invoke computer instructions to cause an electronic device to perform: in the case where the credentials of the first counter in the non-secure chip and the credentials of the first counter in the secure chip are different, the first value of the first counter cannot be obtained from the secure chip. Thus, under the condition that the attacker does not know the certificate of the first counter, the certificate of the first counter cannot pass authentication, the attacker cannot acquire the first value of the first counter, and the security of the first value of the first counter stored in the security chip is ensured.

In one possible implementation, one or more processors invoke computer instructions to cause an electronic device to perform: in the case where the first check value and the second check value are different, the second user data cannot be used.

In one possible implementation, one or more processors invoke computer instructions to cause an electronic device to perform: the first user data, the first check value of the first user data, and the credentials of the first counter are stored within the non-secure chip. The first value of the first counter and the credentials of the first counter are stored within the secure chip.

In one possible implementation, one or more processors invoke computer instructions to cause an electronic device to perform: generating a credential of the first counter by the security chip; the credentials of the first counter are stored within the secure chip. At this time, the secure chip needs to store the credentials of the first counter in the non-secure chip or on the server, so that when the electronic device uses the user data, authentication can be performed based on the credentials of the first counter stored in the non-secure chip or on the server.

Or,

In one possible implementation, one or more processors invoke computer instructions to cause an electronic device to perform: an initial value of the first counter is generated by the security chip. In this way, the initial value of the first counter is generated in the security chip, and the security of the value of the counter stored in the security chip is improved.

In one possible implementation, one or more processors invoke computer instructions to cause an electronic device to perform: acquiring first user data, an identification of a first counter and a certificate of the first counter stored in the non-secure chip from the non-secure chip; determining a certificate of a first counter stored in the security chip based on the identification of the first counter through the security chip; acquiring a first value of a first counter under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip; obtaining a first check value of the first user data based on the first value of the first counter and the first user data through the security chip; a first check value of the first user data is stored within the non-secure chip. Thus, when the electronic device stores the first user data, a first check value is generated within the secure chip based on the first user data and the first value of the first counter. After generating the first check value, the electronic device stores the first check value in an unsecure chip, such as a flash chip or on a server. In this way, even if an attacker will falsify the user data, for example, replace the first user data with the second user data, when authenticating, the second check value generated in the security chip based on the first value obtained from the second user data and the first counter is different from the first check value, resulting in that the check is not passed, and the situation that the attacker falsifies the user data is avoided.

In a possible implementation, the apparatus 1600 may include an acquisition unit 1601, a processing unit 1602, and a storage unit 1603. The apparatus 1600 may be used to perform a data protection method as shown in the embodiment of fig. 15.

Wherein, the acquiring unit 1601 is configured to acquire, from the non-secure chip, the second user data, the credential of the first counter, and the first check value of the first user data; the certificate of the first counter in the non-secure chip is used for acquiring a first value of the first counter, and the first check value and the first value of the first counter are used for checking whether the second user data are identical to the first user data.

The acquiring unit 1601 is further configured to acquire a credential of the first counter from within the secure chip.

The acquiring unit 1601 is further configured to acquire, by the secure chip, a first value of the first counter if the credential of the first counter in the non-secure chip is the same as the credential of the first counter in the secure chip;

the processing unit 1602 is configured to obtain, by the security chip, a second check value of the second user data based on the second user data and the first value of the first counter.

The processing unit 1602 is further configured to use the second user data if the first check value and the second check value are the same.

In a possible implementation, the obtaining unit 1601 is further configured to disable obtaining the first value of the first counter from within the secure chip if the credentials of the first counter within the non-secure chip and the credentials of the first counter within the secure chip are different. Thus, under the condition that the attacker does not know the certificate of the first counter, the certificate of the first counter cannot pass authentication, the attacker cannot acquire the first value of the first counter, and the security of the first value of the first counter stored in the security chip is ensured.

In a possible implementation, the obtaining unit 1601 is further configured to disable the second user data in case the first check value and the second check value are different.

In one possible implementation, before the acquiring unit 1601 acquires the second user data, the first counter credential, and the first check value of the first user data from the non-secure chip, the storing unit 1603 is configured to store the first user data, the first check value of the first user data, and the first counter credential in the non-secure chip, and store the first counter first value and the first counter credential in the secure chip.

In one possible implementation, the storage unit 1603 is specifically configured to generate, by the security chip, a credential of the first counter; the credentials of the first counter are stored within the secure chip. At this time, the secure chip needs to store the credentials of the first counter in the non-secure chip or on the server, so that when the electronic device uses the user data, authentication can be performed based on the credentials of the first counter stored in the non-secure chip or on the server.

Alternatively, the storage unit 1603 is specifically configured to obtain the credentials of the first counter outside the security chip; the credentials of the first counter are stored within the secure chip.

In one possible implementation, the processing unit 1602 is further configured to generate the initial value of the first counter by the secure chip before the storage unit 1603 stores the first value of the first counter within the secure chip. In this way, the initial value of the first counter is generated in the security chip, and the security of the value of the counter stored in the security chip is improved.

In one possible implementation, before the acquiring unit 1601 acquires the second user data, the credentials of the first counter, and the first check value of the first user data from the non-secure chip, the acquiring unit 1601 is further configured to acquire the first user data, the identification of the first counter, and the credentials of the first counter stored in the non-secure chip from the non-secure chip; the processing unit 1602 is further configured to determine, by the secure chip, credentials of the first counter stored in the secure chip based on the identification of the first counter; an obtaining unit 1601, configured to obtain a first value of the first counter if the credentials of the first counter in the non-secure chip and the secure chip are the same; the processing unit 1602 is further configured to obtain, by the security chip, a first check value of the first user data based on the first value of the first counter and the first user data; the storage unit 1603 is further configured to store the first check value of the first user data in the non-secure chip. Thus, when the electronic device stores the first user data, a first check value is generated within the secure chip based on the first user data and the first value of the first counter. After generating the first check value, the electronic device stores the first check value in an unsecure chip, such as a flash chip or on a server. In this way, even if an attacker will falsify the user data, for example, replace the first user data with the second user data, when authenticating, the second check value generated in the security chip based on the first value obtained from the second user data and the first counter is different from the first check value, resulting in that the check is not passed, and the situation that the attacker falsifies the user data is avoided.

In a possible implementation manner, after the processing unit 1602 uses the second user data, the obtaining unit 1601 is further configured to obtain third user data, where the third user data is changed second user data; the processing unit 1602 is further configured to send the third user data, the credentials of the first counter in the non-secure chip, and the identification of the first counter to the secure chip; the processing unit 1602 is further configured to obtain, by the security chip, a credential of the first counter based on the identification of the first counter; the acquiring unit 1601 is further configured to acquire, by the secure chip, a first value of the first counter if the credential of the first counter in the non-secure chip is the same as the credential of the first counter in the secure chip; the processing unit 1602 is further configured to obtain a second value of the first counter based on the first value of the first counter and a second preset value; the processing unit 1602 is further configured to obtain, by the security chip, a third check value of the third user data based on the third user data and the second value of the first counter; the storage unit 1603 is further configured to store a third check value of the third user data in the non-secure chip.

The present application provides a computer readable storage medium for storing computer instructions that, when executed on an electronic device, cause the electronic device to perform a data protection method as shown in fig. 15.

The present application provides a computer program product for causing an electronic device to perform a data protection method as shown in fig. 15 when the computer program product is run on an electronic device.

The embodiments of the present application may be arbitrarily combined to achieve different technical effects.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.

Those of ordinary skill in the art will appreciate that implementing all or part of the above-described method embodiments may be accomplished by a computer program to instruct related hardware, the program may be stored in a computer readable storage medium, and the program may include the above-described method embodiments when executed. And the aforementioned storage medium includes: ROM or random access memory RAM, magnetic or optical disk, etc.

In summary, the foregoing description is only exemplary embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made according to the disclosure of the present invention should be included in the protection scope of the present invention.

Claims

1. A method of data protection, the method comprising:

the electronic equipment acquires second user data, a certificate of a first counter and a first check value of the first user data from the non-secure chip; the certificate of the first counter in the non-secure chip is used for acquiring a first value of the first counter, and the first check value and the first value of the first counter are used for checking whether the second user data are identical to the first user data or not;

The electronic equipment acquires a certificate of a first counter from the security chip;

the electronic equipment acquires a first value of a first counter through the secure chip under the condition that the certificate of the first counter in the non-secure chip is the same as the certificate of the first counter in the secure chip;

the electronic device obtains a second check value of the second user data based on the second user data and the first value of the first counter through the security chip;

and the electronic equipment uses the second user data under the condition that the first check value and the second check value are the same.

2. The method according to claim 1, wherein the method further comprises:

in the case where the credentials of the first counter in the non-secure chip and the credentials of the first counter in the secure chip are different, the electronic device cannot obtain the first value of the first counter from within the secure chip.

3. The method according to claim 1 or 2, characterized in that the method further comprises:

and if the first check value and the second check value are different, the electronic equipment cannot use the second user data.

4. A method according to any of claims 1-3, wherein before the electronic device obtains the second user data, the credentials of the first counter and the first check value of the first user data from within the non-secure chip, the method further comprises:

the electronic device storing the first user data, the first check value of the first user data, and credentials of the first counter within the non-secure chip;

the electronic device stores a first value of the first counter and a credential of the first counter within the secure chip.

5. The method according to claim 4, wherein the electronic device stores the credentials of the first counter within the secure chip, in particular comprising:

the electronic device generates a certificate of the first counter through the security chip;

the electronic device storing credentials of the first counter within the secure chip;

or,

the electronic equipment acquires a certificate of the first counter outside the security chip;

the electronic device stores credentials of the first counter within the secure chip.

6. The method of any of claims 1-5, wherein the first value of the first counter is derived based on an initial value of the first counter and a first preset value, wherein the initial value of the counter is randomly generated.

7. The method of claim 6, wherein before the electronic device stores the first value of the first counter within the secure chip, the method further comprises:

the electronic device generates an initial value of the first counter through the security chip.

8. The method of any of claims 4-6, wherein before the electronic device obtains the second user data, the credentials of the first counter, and the first check value of the first user data from within the non-secure chip, the method further comprises:

the electronic device obtains the first user data, the identification of the first counter and the certificate of the first counter stored in the non-secure chip from the non-secure chip;

the electronic equipment determines a certificate of a first counter stored in the security chip through the security chip based on the identification of the first counter;

The electronic device obtains a first value of a first counter in the non-secure chip under the condition that the credentials of the first counter are the same as the credentials of the first counter in the secure chip;

the electronic equipment obtains the first check value of the first user data based on the first value of the first counter and the first user data through the security chip;

the electronic device stores the first check value of the first user data within the non-secure chip.

9. The method of any of claims 1-8, wherein after the electronic device uses the second user data, the method further comprises:

the electronic equipment acquires third user data, wherein the third user data is the changed second user data;

the electronic device sends the third user data, the certificate of the first counter in the non-secure chip and the identification of the first counter to the secure chip;

the electronic equipment obtains a certificate of a first counter based on the identification of the first counter through the security chip;

under the condition that the credentials of a first counter in the non-secure chip and the credentials of the first counter in the secure chip are the same, the electronic equipment obtains a first value of the first counter through the secure chip, and obtains a second value of the first counter based on the first value of the first counter and a second preset value;

The electronic equipment obtains a third check value of the third user data based on the third user data and the second value of the first counter through the security chip;

and the electronic equipment stores a third check value of the third user data in the non-secure chip.

10. An electronic device, the electronic device comprising: one or more processors, one or more memories, a display screen; the one or more memories, the display screen being coupled to the one or more processors, the one or more memories being for storing computer program code comprising computer instructions that the one or more processors invoke to cause the electronic device to perform the method of any of the above claims 1-9.

11. A computer readable storage medium storing computer instructions which, when run on an electronic device, cause the electronic device to perform the method of any one of claims 1-9.

12. A computer program product, characterized in that the computer program product, when run on an electronic device, causes the electronic device to perform the method of any of the preceding claims 1-9.