Decryption credential management method and electronic device

By evaluating the decryption credentials of the target electronic device and decrypting data only when the requirements are met, the problem of key loss caused by poor device security performance is solved, thereby improving the security and data reliability of the distributed key management system.

CN122241674APending Publication Date: 2026-06-19HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2024-12-17
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In a distributed key management system, poor device security can lead to key fragment loss, affecting the security of the entire system.

Method used

By assessing the target electronic device's ability to protect decryption credentials, data decryption is performed only when the decryption requirements are met, and a combination of strong and weak devices is used for decryption to ensure data security.

Benefits of technology

This reduces the impact of devices with insufficient protection capabilities for decryption credentials on the security of the entire distributed key management system, thereby improving data security and reliability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241674A_ABST
    Figure CN122241674A_ABST
Patent Text Reader

Abstract

This application provides a decryption credential management method and electronic device, relating to the field of terminal technology. This application enhances data security by ensuring that data decryption is only performed when the electronic device providing the decryption credential has sufficient protection capabilities to fulfill the requirements. The method includes: a first electronic device determining a plurality of second electronic devices capable of decrypting data within the first electronic device, the plurality of second electronic devices storing decryption credentials for the data, the multiple second electronic devices having different capabilities in protecting the decryption credentials; the first electronic device acquiring a decryption credential sent by a target electronic device among the plurality of second electronic devices, wherein the number of target electronic devices is one or more; and, if the target electronic device's ability to protect the decryption credential meets the requirements for data decryption, the first electronic device decrypts the data using the decryption credential sent by the target electronic device.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of terminal technology, and in particular to a method for managing decryption credentials and an electronic device. Background Technology

[0002] Data security in electronic devices is typically ensured through key encryption. These devices are equipped with a Trusted Execution Environment (TEE) to manage the key lifecycle, including key generation, usage, updates, and deletion. However, managing keys on a single device makes attacks more targeted, increases the risk of key loss, and ultimately compromises data security.

[0003] To address this, electronic devices can also store the original key as key fragments across multiple devices in the distributed communication system after generation. When decryption is required, the electronic device only needs to acquire the required number of key fragments to reconstruct the original key and decrypt the data. This distributed key management mitigates key management risks and improves the security and reliability of key management.

[0004] However, if a device with poor security performance in the distributed key management system is attacked, resulting in the loss of key fragments, the security of the entire distributed key management system will be affected. Summary of the Invention

[0005] To address the aforementioned technical problems, this application provides a decryption credential management method and an electronic device. The technical solution provided by this application ensures that data decryption is only performed when the electronic device providing the decryption credential meets the required protection capabilities, thereby improving data security.

[0006] Firstly, a decryption credential management method is provided, applied to a first electronic device. The method includes: identifying multiple second electronic devices capable of decrypting data in the first electronic device; these multiple second electronic devices storing decryption credentials for the data; and the capabilities of the multiple second electronic devices in protecting their decryption credentials differing. Next, a decryption credential sent by a target electronic device is obtained from one or more of the multiple second electronic devices. If the capability of the target electronic device in protecting its decryption credential meets the requirements for decrypting the data, the data is decrypted using the decryption credential sent by the target electronic device.

[0007] Thus, by assessing the ability of target electronic devices to protect decryption credentials, the impact of electronic devices with insufficient decryption credential protection capabilities on the security of the entire distributed key management system can be reduced, thereby improving data security.

[0008] According to the first aspect, before determining a plurality of second electronic devices capable of decrypting data in the first electronic device, the method further includes: in response to a user instruction to encrypt data, acquiring a plurality of second electronic devices, wherein the plurality of second electronic devices are trusted devices of the first electronic device; and sending corresponding credential information to each of the plurality of second electronic devices, the credential information being used to obtain decryption credentials.

[0009] In some examples, the first electronic device sends credential information, such as key fragments or verification parameters, to the second electronic device. The second electronic device can then receive this credential information, thus obtaining the decryption credential.

[0010] In other examples, the first electronic device sends credential information to the second electronic device, which processes the credential information according to a preset algorithm, obtains the corresponding decryption credential, and saves it.

[0011] In this way, the first electronic device identifies the second electronic device that will subsequently participate in data decryption and distributes credential information to these second electronic devices to facilitate their subsequent participation in data decryption.

[0012] According to the first aspect, or any implementation of the first aspect above, the target electronic device includes a third electronic device, and the capability of the third electronic device to protect the decryption certificate is a first-level capability; obtaining the decryption certificate sent by the target electronic device among multiple second electronic devices includes: obtaining the decryption certificate sent by the third electronic device. When the capability of the target electronic device to protect the decryption certificate meets the requirements for decrypting data, decrypting the data using the decryption certificate sent by the target electronic device includes: when it is determined that the capability of the third electronic device to protect the decryption certificate meets the requirements for decrypting data, decrypting the data using the decryption certificate sent by the third electronic device.

[0013] Thus, when the target electronic device involved in decryption includes a powerful device, the first electronic device can determine that the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, and then decrypt the data using the decryption certificate sent by the target electronic device. In this way, the data security is ensured through the powerful device's protection capability of the decryption certificate.

[0014] According to the first aspect, or any implementation of the first aspect above, the target electronic device further includes at least one fourth electronic device, wherein the capability of the at least one fourth electronic device to protect the decryption credential is at or below Level 1. Obtaining the decryption credential sent by the target electronic device among the plurality of second electronic devices includes: obtaining the decryption credential sent by the third electronic device and at least one fourth electronic device. When the capability of the target electronic device to protect the decryption credential meets the requirements for data decryption, decrypting the data using the decryption credential sent by the target electronic device includes: when it is determined that the capability of the third electronic device and at least one fourth electronic device to protect the decryption credential meets the requirements for data decryption, decrypting the data using the decryption credential sent by the third electronic device and at least one fourth electronic device.

[0015] Thus, when the target electronic device involved in decryption includes a strong device and at least one weak device, the first electronic device can determine that the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, and then decrypt the data using the decryption certificate sent by the target electronic device. In this way, the strong device's ability to protect the decryption certificate, along with the assistance of the weak device, enhances data security.

[0016] According to the first aspect, or any implementation of the first aspect above, the target electronic device includes at least one fifth electronic device, the capability of the at least one fifth electronic device to protect the decryption credential is weaker than the first-level capability, and the first-level capability is the highest capability among the multiple second electronic devices in terms of protecting the decryption credential; obtaining the decryption credential sent by the target electronic device among the multiple second electronic devices includes: obtaining the decryption credential sent by at least one fifth electronic device. The method further includes: if it is determined that the capability of the at least one fifth electronic device to protect the decryption credential does not meet the requirement for decrypting data, then decryption of the data is not permitted.

[0017] Therefore, when the target electronic device only includes weak devices, data decryption is not allowed regardless of the number of weak devices participating in decryption. This contrasts with existing technologies where decryption is allowed as long as the number of participating devices meets the requirements. The decryption credential management method provided in this application can determine whether data decryption is allowed by assessing the target electronic device's ability to protect decryption credentials. Thus, even if weak devices are attacked, the security of the entire distributed key management system remains unaffected.

[0018] According to the first aspect, or any implementation thereof, in response to a user instruction to encrypt data, acquiring a plurality of second electronic devices includes: in response to a user instruction to encrypt data via a nearby device, acquiring a plurality of nearby second electronic devices. The plurality of second electronic devices are then used as devices for decrypting the data.

[0019] Thus, the first electronic device searches for nearby devices and uses those devices as a second electronic device to store the decryption credentials.

[0020] According to the first aspect, or any implementation of the first aspect above, in response to a user's instruction to encrypt data, acquiring multiple second electronic devices includes: in response to a user's instruction to encrypt data, acquiring multiple nearby devices; displaying a device selection interface; and acquiring multiple second electronic devices selected by the user from among the multiple devices based on the user's operation on the device selection interface.

[0021] In this way, the first electronic device can be flexibly configured to participate in the decryption process, according to the user's selection.

[0022] According to the first aspect, or any implementation thereof, in response to a user's instruction to encrypt data, acquiring a plurality of second electronic devices includes: in response to a user's instruction to encrypt data, displaying a first interface, the first interface being used to receive user-input information related to the second electronic devices; acquiring the user-input information on the first interface to determine the plurality of second electronic devices.

[0023] In this way, the first electronic device can also acquire the second electronic device by directly receiving user input information, without searching for nearby devices.

[0024] According to the first aspect, or any implementation of the first aspect above, the ability of the second electronic device to protect decryption credentials is related to any of the following information of the second electronic device: device type, device security capabilities, device security status, and user account information in the device.

[0025] According to the first aspect, or any implementation thereof, when the target electronic device's ability to protect the decryption credential meets the requirements for decrypting data, the data is decrypted using the decryption credential sent by the target electronic device. This includes: at a first moment, when the target electronic device is in a normal security state, the data is decrypted using the decryption credential sent by the target electronic device. The method further includes: at a second moment, when the target electronic device includes devices with abnormal security states, decryption of data using the decryption credential sent by the target electronic device is not permitted.

[0026] According to the first aspect, or any implementation of the first aspect above, the security status is abnormal, including: the device is in an unlocked state or in an attacked state.

[0027] Thus, even if the device's ability to protect decryption credentials meets the requirements, the first electronic device can determine whether to allow data decryption based on the device's security status, thereby improving data security. This avoids data security being compromised due to the target electronic device including devices with abnormal security status.

[0028] According to the first aspect, or any implementation of the first aspect above, the ability of the second electronic device to protect decryption credentials is related to the user account information in the second electronic device. When the ability of the target electronic device to protect decryption credentials meets the requirements for data decryption, the data is decrypted using the decryption credentials sent by the target electronic device, including: decrypting the data using the decryption credentials sent by the third electronic device based on the user account information in the third electronic device.

[0029] In this way, the first electronic device, combined with the user account information in the target electronic device, can achieve more flexible data decryption in different decryption scenarios.

[0030] According to the first aspect, or any implementation of the first aspect above, the target electronic device includes a sixth electronic device, the account in the third electronic device is a first account, and the account in the sixth electronic device is a second account. When the target electronic device's ability to protect the decryption certificate meets the requirements for the ability to decrypt data, the data is decrypted through the decryption certificate sent by the target electronic device, including: the first account and the second account are a preset account combination, and the data is decrypted through the decryption certificate sent by the target electronic device.

[0031] Optionally, during the data encryption process, the first electronic device may prompt the user for a preset combination of accounts required to decrypt the data. This way, during subsequent data decryption, the user will know which electronic devices they need to bring to participate in the decryption process.

[0032] In this way, the first electronic device can achieve flexible data decryption through the combination of accounts in multiple target electronic devices.

[0033] According to the first aspect, or any implementation of the first aspect above, the method further includes: displaying a prompt message when the target electronic device's ability to protect decryption credentials does not meet the requirements for decrypting data, the prompt message being used to inform the user that data decryption has failed.

[0034] Optionally, this prompt can also help users understand which devices participated in decryption and which did not. This helps users confirm whether the data decryption failure was due to certain devices not participating in the decryption, increasing the probability of successful data decryption next time.

[0035] In this way, the displayed message helps users understand why data decryption failed. Optionally, it can also help users trigger the next decryption process.

[0036] Secondly, a first electronic device is provided. The first electronic device includes a processor and a memory. The memory is coupled to the processor and stores computer program code, including computer instructions. When the processor reads the computer instructions from the memory, the first electronic device executes the following: determining a plurality of second electronic devices capable of decrypting data in the first electronic device; the plurality of second electronic devices storing decryption credentials for the data, and the capabilities of the plurality of second electronic devices in protecting the decryption credentials differ; acquiring a decryption credential sent by a target electronic device among the plurality of second electronic devices, wherein the number of target electronic devices is one or more; and decrypting the data using the decryption credential sent by the target electronic device if the capability of the target electronic device in protecting the decryption credential meets the requirements for decrypting the data.

[0037] According to the second aspect, when the processor reads computer instructions from memory, it also causes the first electronic device to: in response to a user-instructed operation to encrypt data, acquire a plurality of second electronic devices, which are trusted devices of the first electronic device; and send corresponding credential information to each of the plurality of second electronic devices, the credential information being used to obtain decryption credentials.

[0038] According to the second aspect, or any implementation of the second aspect above, the target electronic device includes a third electronic device, and the capability of the third electronic device to protect the decryption certificate is a first-level capability; obtaining the decryption certificate sent by the target electronic device among multiple second electronic devices includes: obtaining the decryption certificate sent by the third electronic device. When the capability of the target electronic device to protect the decryption certificate meets the requirements for decrypting data, decrypting the data using the decryption certificate sent by the target electronic device includes: when it is determined that the capability of the third electronic device to protect the decryption certificate meets the requirements for decrypting data, decrypting the data using the decryption certificate sent by the third electronic device.

[0039] According to the second aspect, or any implementation of the second aspect above, the target electronic device further includes at least one fourth electronic device, wherein the capability of the at least one fourth electronic device to protect the decryption credential is at or below Level 1. Obtaining the decryption credential sent by the target electronic device among the plurality of second electronic devices includes: obtaining the decryption credential sent by the third electronic device and at least one fourth electronic device. If the capability of the target electronic device to protect the decryption credential meets the requirements for data decryption, decrypting the data using the decryption credential sent by the target electronic device includes: if it is determined that the capability of the third electronic device and at least one fourth electronic device to protect the decryption credential meets the requirements for data decryption, decrypting the data using the decryption credential sent by the third electronic device and at least one fourth electronic device.

[0040] According to the second aspect, or any implementation of the second aspect above, the target electronic device includes at least one fifth electronic device, the capability of which at least one fifth electronic device protects the decryption credential is weaker than the first-level capability, and the first-level capability is the highest capability among the multiple second electronic devices in terms of protecting the decryption credential; obtaining the decryption credential sent by the target electronic device among the multiple second electronic devices includes: obtaining the decryption credential sent by at least one fifth electronic device. When the processor reads computer instructions from memory, it also causes the first electronic device to execute: if it is determined that the capability of which at least one fifth electronic device protects the decryption credential does not meet the capability requirements for decrypting data, then decryption of data is not permitted.

[0041] According to the second aspect, or any implementation thereof, in response to a user's instruction to encrypt data, acquiring multiple second electronic devices includes: in response to a user's instruction to encrypt data via a nearby device, acquiring multiple nearby second electronic devices. These multiple second electronic devices are then used as devices for decrypting the data.

[0042] According to the second aspect, or any implementation thereof, in response to a user's instruction to encrypt data, acquiring multiple second electronic devices includes: acquiring multiple nearby devices in response to the user's instruction to encrypt data; displaying a device selection interface; and acquiring multiple second electronic devices selected by the user from among the multiple devices based on the user's operation on the device selection interface.

[0043] According to the second aspect, or any implementation thereof, in response to a user's instruction to encrypt data, acquiring multiple second electronic devices includes: in response to a user's instruction to encrypt data, displaying a first interface, the first interface being used to receive user-inputted information related to the second electronic devices; acquiring the user-inputted information on the first interface to determine the multiple second electronic devices.

[0044] According to the second aspect, or any implementation of the second aspect above, the ability of the second electronic device to protect decryption credentials is related to any of the following information of the second electronic device: device type, device security capabilities, device security status, and user account information in the device.

[0045] According to the second aspect, or any implementation thereof, when the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting data, the data is decrypted using the decryption certificate sent by the target electronic device. This includes: at a first moment, when the target electronic device is in a normal security state, the data is decrypted using the decryption certificate sent by the target electronic device. When the processor reads computer instructions from memory, it also causes the first electronic device to execute: at a second moment, when the target electronic device includes devices with abnormal security states, decryption of data using the decryption certificate sent by the target electronic device is not permitted.

[0046] According to the second aspect, or any implementation of the second aspect above, the security status is abnormal, including: the device is in an unlocked state or in an attacked state.

[0047] According to the second aspect, or any implementation thereof, the ability of the second electronic device to protect decryption credentials is related to the user account information in the second electronic device. When the ability of the target electronic device to protect decryption credentials meets the requirements for data decryption, the data is decrypted using the decryption credentials sent by the target electronic device, including: decrypting the data using the decryption credentials sent by the third electronic device based on the user account information in the third electronic device.

[0048] According to the second aspect, or any implementation of the second aspect above, the target electronic device includes a sixth electronic device, the account in the third electronic device is a first account, and the account in the sixth electronic device is a second account. When the target electronic device's ability to protect the decryption certificate meets the requirements for the ability to decrypt data, the data is decrypted through the decryption certificate sent by the target electronic device, including: the first account and the second account are a preset account combination, and the data is decrypted through the decryption certificate sent by the target electronic device.

[0049] According to the second aspect, or any implementation of the second aspect above, when the processor reads computer instructions from memory, it also causes the first electronic device to execute: if the target electronic device's ability to protect decryption credentials does not meet the requirements for decrypting data, displaying a prompt message to inform the user that data decryption has failed.

[0050] Thirdly, an electronic device is provided, which has the function of implementing the decryption credential management method as described in the first aspect and any of its possible implementations. This function can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-described function.

[0051] Fourthly, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program (also referred to as instructions or code) that, when executed by an electronic device, causes the electronic device to perform the method of the first aspect or any embodiment of the first aspect.

[0052] Fifthly, a computer program product is provided that, when run on an electronic device, causes the electronic device to perform the method of the first aspect or any one of the embodiments of the first aspect.

[0053] In a sixth aspect, a circuit system is provided, the circuit system including processing circuitry configured to perform the method of the first aspect or any embodiment of the first aspect.

[0054] In a seventh aspect, a chip system is provided, including at least one processor and at least one interface circuit, wherein the at least one interface circuit is used to perform transceiver functions and send instructions to the at least one processor, and when the at least one processor executes the instructions, the at least one processor performs the method of the first aspect or any embodiment of the first aspect.

[0055] The technical effects of the aforementioned aspects can be referenced from each other, and will not be elaborated further here. Attached Figure Description

[0056] Figure 1 This application provides a schematic diagram of a distributed key usage scenario. Figure 1 ;

[0057] Figure 2 A schematic diagram of the communication system used in the decryption credential management method provided in the embodiments of this application;

[0058] Figure 3A A schematic diagram of the hardware structure of the first electronic device provided in an embodiment of this application;

[0059] Figure 3B A schematic diagram of the software architecture of the electronic device provided in the embodiments of this application;

[0060] Figure 4 A schematic diagram of the distributed key storage stage provided in this application embodiment. Figure 1 ;

[0061] Figure 5This is a schematic diagram of module interaction provided in an embodiment of this application;

[0062] Figure 6 A schematic diagram illustrating a scenario for selecting a second electronic device, provided as an embodiment of this application;

[0063] Figure 7 A schematic diagram of the distributed key storage stage provided in this application embodiment. Figure 2 ;

[0064] Figure 8 Schematic diagram three of the interface for the distributed key storage stage provided in this application embodiment;

[0065] Figure 9 A schematic diagram of the distributed key usage phase provided in this application embodiment. Figure 1 ;

[0066] Figure 10 This application provides a schematic diagram of a distributed key usage scenario. Figure 2 ;

[0067] Figure 11 A schematic diagram of the distributed key usage phase provided in this application embodiment. Figure 2 ;

[0068] Figure 12 Schematic diagram three of the interfaces for the distributed key usage phase provided in this application embodiment;

[0069] Figure 13 A schematic diagram of the distributed key storage stage provided in this application embodiment. Figure 4 ;

[0070] Figure 14 Schematic diagram three illustrating the use case of distributed keys provided in this application embodiment;

[0071] Figure 15 A schematic diagram of the distributed key storage stage provided in this application embodiment. Figure 5 ;

[0072] Figure 16 A schematic diagram of the distributed key usage phase provided in this application embodiment. Figure 4 ;

[0073] Figure 17 A schematic diagram of the distributed key usage phase provided in this application embodiment. Figure 5 ;

[0074] Figure 18 This is a schematic diagram of the decryption credential management method provided in the embodiments of this application;

[0075] Figure 19A schematic diagram of the structure of the first electronic device provided in an embodiment of this application. Detailed Implementation

[0076] The technical solutions of the embodiments of this application are described below with reference to the accompanying drawings. In the description of the embodiments of this application, the terminology used in the following embodiments is for the purpose of describing specific embodiments only and is not intended to be a limitation of this application. As used in the specification and appended claims of this application, the singular expressions “a,” “an,” “the,” “the,” “the,” and “this” are intended to include expressions such as “one or more,” unless the context clearly indicates otherwise. It should also be understood that in the following embodiments of this application, “at least one” and “one or more” refer to one or more (including two).

[0077] References to "one embodiment" or "some embodiments" in this specification mean that one or more embodiments of this application include a specific feature, structure, or characteristic described in connection with that embodiment. Therefore, the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in still other embodiments," etc., appearing in different parts of this specification do not necessarily refer to the same embodiment, but rather mean "one or more, but not all, embodiments," unless otherwise specifically emphasized. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless otherwise specifically emphasized. The term "connection" includes direct connections and indirect connections, unless otherwise stated. "First" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated.

[0078] In the embodiments of this application, the words "exemplarily" or "for example" are used to indicate examples, illustrations, or explanations. Any embodiment or design described as "exemplarily" or "for example" in the embodiments of this application should not be construed as being more preferred or advantageous than other embodiments or design solutions. Specifically, the use of the words "exemplarily" or "for example" is intended to present the relevant concepts in a specific manner.

[0079] In some embodiments, in response to a user's instruction to encrypt data, an electronic device can generate a key and encrypt the data using that key. The electronic device can then divide this key into multiple key fragments using a key fragmentation algorithm and store them across multiple devices in a distributed communication system. These devices in the distributed communication system are trusted by each other, and storing the key fragments across multiple devices mitigates the risk of attack if a single device stores the key. Subsequently, based on a predetermined number of key fragments from the multiple key fragments, the electronic device can recover the key and decrypt the data.

[0080] Optionally, key fragmentation algorithms include, for example, threshold secret sharing. Threshold secret sharing is a key segmentation technique based on a threshold value. In this algorithm, the original key is divided into several parts (n fragments), and the condition for recovering the original key is that "at least t fragments are needed to reconstruct the original key, t≤n". This method allows flexible control over the minimum number of fragments required to recover the key, i.e., the threshold value.

[0081] For example, such as Figure 1 As shown in (a), the mobile phone generates a key and identifies trusted devices in the distributed communication system, including a personal computer (PC), a smartwatch, and a smart bracelet. The mobile phone can then generate four key fragments corresponding to the key using a key fragmentation algorithm, such as key fragment A, key fragment B, key fragment C, and key fragment D. The mobile phone can then send key fragments B, C, and D to the PC, smartwatch, and smart bracelet respectively for storage. Based on the key fragmentation algorithm, the mobile phone can recover the original key by obtaining at least two of the four key fragments. For example, as shown... Figure 1 As shown in (b), the four key fragments have the same weight. The mobile phone can obtain the key fragments provided by any two devices, recover the original key, and decrypt the data.

[0082] Smartwatches and smart bracelets, in particular, have relatively weak security and are vulnerable to attacks, leading to key fragment leaks. An attacker's device, using obtained key fragment C from a smartwatch and key fragment D from a smart bracelet, can reconstruct the original key and unlock encrypted data on the phone, compromising data security.

[0083] In other words, if a device with poor security performance in the distributed key management system is attacked, resulting in the loss of key fragments, the security of the entire distributed key management system will be affected.

[0084] Therefore, this application provides a decryption credential management method that enables data decryption only when the electronic device providing the decryption credential has sufficient capability to protect the decryption credential, thereby reducing the impact of electronic devices with insufficient decryption credential protection capabilities on the security of the entire distributed key management system and improving data security.

[0085] Figure 2 This is a schematic diagram of the communication system used in the decryption credential management method provided in the embodiments of this application. Figure 2 As shown, the communication system includes a first electronic device 100 and a second electronic device 200.

[0086] Optionally, the first electronic device 100 or the second electronic device 200 may be, for example, a mobile phone, tablet computer, smart screen, personal computer (PC), wearable device (such as smartwatch, smart bracelet, etc.), in-vehicle system, ultra-mobile personal computer (UMPC), netbook, personal digital assistant (PDA), artificial intelligence (AI) device, or other terminal device. The operating system installed on the first electronic device 100 or the second electronic device 200 may include, but is not limited to, the following: Alternatively, other operating systems may be used. This application does not limit the specific type of the second electronic device 200 or the operating system installed on it.

[0087] In some embodiments, a wireless communication connection is established between the first electronic device 100 and the second electronic device 200. The wireless communication technology used to establish this connection includes, but is not limited to, at least one of the following: Bluetooth (BT) (e.g., classic Bluetooth or Bluetooth Low Energy (BLE)), SparkLink Low Energy (SLE), wireless local area networks (WLAN) (such as Wi-Fi), near-field communication (NFC), Zigbee, frequency modulation (FM), infrared (IR), etc.

[0088] Optionally, the first electronic device 100 and the second electronic device 200 can also establish a communication connection through a third-party device in the local area network, such as a router, gateway, smart device controller, server, etc.

[0089] In some embodiments, the communication system described above is, for example, a distributed communication system. The first electronic device 100 and the second electronic device 200 may constitute a distributed key management system.

[0090] Optionally, the first electronic device 100 and the second electronic device 200 in this application embodiment can be implemented by different devices. Different devices can have the same, similar, or somewhat different hardware structures, for example... Figure 3A The hardware structure shown.

[0091] For example, as Figure 3A Taking the hardware structure of the first electronic device 100 shown as an example, the hardware structures of the first electronic device 100 and the second electronic device 200 will be explained.

[0092] Optionally, the first electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a universal serial bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, and a subscriber identification module (SIM) card interface 195, etc.

[0093] It is understood that the structures illustrated in the embodiments of this application do not constitute a specific limitation on the first electronic device 100. In other embodiments of this application, the first electronic device 100 may include more or fewer components than illustrated, or combine some components, or split some components, or have different component arrangements. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

[0094] Processor 110 may include one or more processing units, such as application processors (APs), modem processors, graphics processing units (GPUs), image signal processors (ISPs), controllers, video codecs, digital signal processors (DSPs), baseband processors, and / or neural network processing units (NPUs). These different processing units may be independent devices or integrated into one or more processors.

[0095] The controller can generate operation control signals based on the instruction opcode and timing signals to complete the control of instruction fetching and execution.

[0096] The processor 110 may also include a memory for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. This memory can store instructions or data that the processor 110 has just used or that are used repeatedly. If the processor 110 needs to use the instruction or data again, it can retrieve it directly from the memory. This avoids repeated accesses, reduces the waiting time of the processor 110, and thus improves the efficiency of the system.

[0097] In some embodiments, the processor 110 may include one or more interfaces. Interfaces may include an inter-integrated circuit (I2C) interface, an inter-integrated circuit sound (I2S) interface, a pulse code modulation (PCM) interface, a universal asynchronous receiver / transmitter (UART) interface, a mobile industry processor interface (MIPI), a general-purpose input / output (GPIO) interface, a subscriber identity module (SIM) interface, and / or a universal serial bus (USB) interface, etc.

[0098] The I2C interface is a bidirectional synchronous serial bus, including a serial data line (SDA) and a serial clock line (SCL). In some embodiments, the processor 110 may include multiple I2C buses. The processor 110 can couple to the touch sensor 180K, charger, flash, camera 193, etc., through different I2C bus interfaces. For example, the processor 110 can couple to the touch sensor 180K through the I2C interface, enabling the processor 110 and the touch sensor 180K to communicate through the I2C bus interface, thereby realizing the touch function of the first electronic device 100.

[0099] The MIPI interface can be used to connect the processor 110 to peripheral devices such as the display screen 194 and the camera 193. The MIPI interface includes a camera serial interface (CSI) and a display serial interface (DSI). In some embodiments, the processor 110 and the camera 193 communicate via the CSI interface to enable the shooting function of the first electronic device 100. The processor 110 and the display screen 194 communicate via the DSI interface to enable the display function of the first electronic device 100.

[0100] It is understood that the interface connection relationships between the modules illustrated in the embodiments of this application are merely illustrative and do not constitute a structural limitation on the first electronic device 100. In other embodiments of this application, the first electronic device 100 may also adopt different interface connection methods or a combination of multiple interface connection methods as described in the above embodiments.

[0101] The wireless communication function of the first electronic device 100 can be implemented through antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, modem processor, and baseband processor.

[0102] Display screen 194 is used to display images, videos, etc. Display screen 194 includes a display panel. The display panel can be manufactured using a liquid crystal display (LCD), such as an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED), a flexible light-emitting diode (FLED), a mini-LED, a micro-LED, a micro-OLED, a quantum dot light-emitting diode (QLED), etc. In some embodiments, the first electronic device 100 may include one or N displays 194, where N is a positive integer greater than 1.

[0103] Sensor module 180 may include touch sensors, etc. A touch sensor is also called a "touch device." The touch sensor may be disposed on display screen 194, and the touch sensor and display screen 194 together form a touchscreen, also called a "touchscreen." The touch sensor is used to detect touch operations applied to or near it. The touch sensor can transmit the detected touch operation to the application processor to determine the type of touch event. Visual output related to the touch operation can be provided through display screen 194. In other embodiments, the touch sensor may also be disposed on the surface of the first electronic device 100, in a different location than the display screen 194.

[0104] Internal memory 121 can be used to store computer executable program code, which includes instructions. Internal memory 121 may include a program storage area and a data storage area. The program storage area may store the operating system, at least one application program required for a function (such as sound playback, image playback, etc.), etc. The data storage area may store data created during the use of the first electronic device 100 (such as audio data, phonebook, etc.). Furthermore, internal memory 121 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, flash memory device, universal flash storage (UFS), etc. Processor 110 executes various functional applications and data processing of the first electronic device 100 by running instructions stored in internal memory 121 and / or instructions stored in memory disposed in the processor.

[0105] In some embodiments, after detecting a user's instruction to encrypt data, the first electronic device 100 generates a key via the processor 110 and uses this key to encrypt the data. Then, the first electronic device 100 uses a key fragmentation algorithm, with the processor 110 dividing the key into multiple key fragments, which are then stored by multiple devices in a distributed communication system.

[0106] Optionally, the first electronic device 100 displays a device selection interface on the display screen 194 and determines the trusted device selected by the user based on the user's operation on the device selection interface. Then, the first electronic device 100 can divide the key into slices according to the number of trusted devices via the processor 110.

[0107] Optionally, after generating key fragments, the first electronic device 100 stores one of the multiple key fragments in its internal memory 121, and sends the other key fragments to a trusted device selected by the user, such as the second electronic device 200, through the wireless communication module 160 or the mobile communication module 150.

[0108] In some embodiments, in response to a user instruction to decrypt data, the first electronic device 100 receives key fragments sent by the second electronic device 200 via the wireless communication module 160 or the mobile communication module 150. Then, the first electronic device 100, through the processor 110, performs key recovery based on the multiple key fragments. Afterwards, the first electronic device 100 can decrypt the data using the recovered key.

[0109] The software architecture of the first electronic device 100 or the second electronic device 200 provided in the embodiments of this application is described below.

[0110] The electronic device provided in this application embodiment can run an operating system (OS). This operating system can be various operating systems used in the industry, such as an operating system based on OpenHarmony, like HarmonyOS; or other operating systems such as Android. TM An operating system can refer to the iOS mobile operating system; it can also refer to various open-source operating systems or their derivatives, such as Linux OS and other embedded operating systems; or it can refer to future new operating systems, such as AI operating systems based on artificial intelligence. An operating system is a set of interconnected system software programs that manage and control the operation of electronic devices, utilize and run hardware and software resources, and provide public services to organize user interactions. In electronic devices, the operating system connects downwards to the physical devices at the hardware layer and upwards to provide a runtime environment for application software.

[0111] An operating system typically includes a kernel layer, a middleware layer, and an application layer. The application layer includes applications, which can include system applications and third-party applications. The middleware layer includes a suite of software providing various services to application developers, or frameworks providing services such as databases, multimedia, and graphics, or capabilities such as distributed scheduling and system scaling. For example, the middleware layer may include a framework layer and / or a system service layer. The framework layer provides application programming interfaces (APIs) and programming frameworks for applications in the application layer. The system service layer includes the system's core capabilities, providing services to applications through the framework layer. The kernel layer is the layer between hardware and software. The kernel layer may include hardware drivers and the operating system kernel. In addition to providing hardware drivers, the kernel layer also supports functions such as memory management and system process management.

[0112] The electronic devices we use in our daily lives come in various types and forms, and are applied in a wide range of scenarios. Therefore, based on the different forms and functions of electronic devices, different application scenarios, and different user needs, the operating systems used in these devices may also differ. The basic functions implemented by the electronic device provided in this application can be implemented using a general-purpose operating system or a dedicated operating system. To more clearly illustrate the implementation of the embodiments of this application under a specific operating system, such as... Figure 3B The diagram illustrates the architecture of HarmonyOS. Those skilled in the art can deduce implementations of the embodiments of this application under other specific operating systems, such as Android. TM Implementation under operating systems, etc.

[0113] Optionally, such as Figure 3B As shown, the software architecture of an electronic device can be divided into several layers. In some embodiments, from bottom to top, these layers are: kernel layer, system service layer, framework layer, and application layer. Layers communicate with each other through software interfaces. System functions can be tailored, added, or combined at the subsystem granularity in different device deployment scenarios, and each subsystem can also be tailored, added, or combined at the functional granularity.

[0114] The kernel layer includes the kernel abstract layer (KAL), kernel subsystems, driver subsystems, etc.

[0115] The system service layer comprises the core capabilities of the system, providing services to applications through the framework layer. This layer includes, but is not limited to, the following subsystems:

[0116] The system's basic capability subsystem set provides fundamental capabilities for the operation, scheduling, and migration of distributed applications across multiple devices. This set may include distributed soft bus, distributed data management, distributed task scheduling, and distributed key service; it may also include multi-modal input subsystem, graphics subsystem, security subsystem, and AI subsystem.

[0117] Basic software service subsystem set: provides public and general software services; the basic software service subsystem set may include event notification subsystem, telephone service subsystem, multimedia subsystem, etc.

[0118] Enhanced software service subsystem suite: Provides differentiated enhanced software services for different devices; the enhanced software service subsystem suite may include smart screen proprietary business subsystem, wearable proprietary business subsystem, IoT proprietary business subsystem, etc.

[0119] Hardware service subsystem set: Provides hardware services; the hardware service subsystem set may include location service subsystem, user IAM (Identity and Access Management) subsystem, wearable proprietary hardware service subsystem, biometric identification, IoT proprietary hardware service subsystem, etc.

[0120] The distributed soft bus provides communication-related capabilities for seamless interconnection between multiple devices, including: WLAN service capabilities, Bluetooth service capabilities, soft bus, inter-process communication RPC (Remote Procedure Call), and StarFlash communication capabilities.

[0121] For example, the first electronic device 100 and the second electronic device 200 can establish a communication connection based on a distributed soft bus, and the first electronic device 100 and the second electronic device 200 connected based on the distributed soft bus are trusted devices to each other.

[0122] Distributed key service: The first electronic device 100 or the second electronic device 200, based on the distributed key service, realizes collaborative management of distributed keys with other electronic devices in the distributed communication system.

[0123] The framework layer provides application programming interfaces (APIs) and programming frameworks for applications in the application layer. The framework layer includes: the ArkUI framework (which provides a complete infrastructure for UI development of system applications, including UI functions such as components, layouts, animations, and interactive events, as well as a real-time interface preview tool), the user application framework, and the Ability framework (an Ability is a lightweight application; the Ability framework schedules and manages the operation and lifecycle of Abilities). Different devices may have different operating systems, and the APIs they support may also differ.

[0124] The HarmonyOS API is a series of open capabilities provided to support HarmonyOS application development. The HarmonyOS API can be set at the framework layer or independently of the framework layer. The HarmonyOS API includes the Audio API (audio service), Push API (push service), and Account API (account service), among others.

[0125] The application layer is used to run various applications on electronic devices. These applications can include system applications and extended / third-party applications. System applications can include the desktop, control bar, settings, file vault, phone, camera, etc., while extended / third-party applications can include social applications, travel applications, etc.

[0126] The following section provides a detailed description of the decryption credential management method provided in the embodiments of this application.

[0127] In some embodiments, the first electronic device 100 detects a user's instruction to encrypt data and determines that the data needs to be encrypted. Optionally, the first electronic device 100 can determine the encryption method based on the user's operation. The encryption method may include, for example, distributed collaborative encryption and centralized encryption. Distributed collaborative encryption refers to multiple devices working together to decrypt data. Centralized encryption refers to a single device decrypting data. Optionally, the first electronic device 100 may also select a default data encryption method.

[0128] For example, such as Figure 4 As shown in (a), the first electronic device 100 detects the user's operation on the encryption control 41 and determines that the user has instructed the current file to be encrypted. Afterwards, the first electronic device 100 may display as shown in (a). Figure 4 The encryption method selection interface is shown in (b). The first electronic device 100 detects the user's operation of selecting card 42 and can determine that the user indicates the selection of distributed collaborative encryption.

[0129] Optionally, distributed collaborative encryption may include, for example, distributed collaborative encryption based on key fragmentation or distributed collaborative encryption based on verification parameters, involving multiple devices in the encryption / decryption process. Optionally, after the first electronic device 100 encrypts data using the original key, the decryption credentials used to decrypt the encrypted data include key fragments or verification parameters. For example, the first electronic device 100 may generate key fragments based on the original key, and multiple devices may store the key fragments separately. Subsequently, during the decryption process, the first electronic device 100 may reconstruct the original key based on the obtained key fragments to decrypt the data. As another example, the first electronic device 100 may generate verification parameters for verifying access control attributes and distribute the verification parameters to at least one device. Subsequently, during the decryption process, the first electronic device 100 verifies the obtained verification parameters; if the verification is successful, the data can be decrypted.

[0130] Optionally, during the distributed collaborative encryption process, the first electronic device 100 may automatically generate the original key. Alternatively, the first electronic device 100 may also receive the original key input by the user.

[0131] Thus, the first electronic device 100 can flexibly select data encryption methods.

[0132] The following section details the implementation process of distributed collaborative management based on key fragmentation, where the decryption credential is a key fragment, and the implementation process of distributed collaborative management based on verification parameters can be found in this section.

[0133] In some embodiments, the distributed key management process based on key fragmentation includes a distributed key storage phase and a distributed key usage phase. The distributed key storage phase is used to generate key fragments based on the original key of the encrypted data and instruct multiple devices to store the key fragments. The distributed key usage phase is used to receive the key fragments sent by these devices, reconstruct the original key based on the key fragments, and decrypt the data. Optionally, the device used to store the key fragments is, for example, a trusted device verified by the first electronic device 100.

[0134] The following section provides a detailed introduction to the distributed key storage phase.

[0135] In some embodiments, the first electronic device 100 is equipped with a file vault application for protecting user privacy and sensitive data. This file vault application uses encryption, access control, and other technologies to ensure that files, photos, videos, and other data stored therein are not accessed by unauthorized users. The file vault application can be a built-in system function (such as a private photo album function) or a third-party application.

[0136] For example, such as Figure 5As shown in (a), the application layer of the first electronic device 100 is configured with a file security vault application. When the first electronic device 100 detects a user instruction to perform a data encryption operation, it can generate an original key for encrypting the data through the file security vault application and encrypt the data using the original key.

[0137] In some embodiments, after generating the original key, the first electronic device 100 determines the encryption method. When the encryption method is distributed collaborative encryption, trusted devices can be acquired to facilitate subsequent fragmentation of the original key based on the number of trusted devices. Optionally, the first electronic device 100 can acquire trusted devices based on nearby devices, user selection operations, user input operations, and other conditions.

[0138] For example, such as Figure 5 As shown in (a), the system service layer of the first electronic device 100 includes a distributed key service. After generating the original key, the file vault application or other applications can request key fragments from the distributed key service (as in step ①). Optionally, based on the application request, the distributed key service can determine a trusted device, such as the second electronic device 200, for storing the key fragments through a device selection module.

[0139] Optionally, the first electronic device 100 acquires nearby trusted devices via near-field communication. Then, based on user input, the first electronic device 100 uses some or all of the trusted devices as the second electronic device 200 to distribute key fragments. Optionally, trusted devices include, for example, devices near the first electronic device 100 that can be discovered by the first electronic device 100. For example, trusted devices are devices that have established a communication connection with the first electronic device 100 via short-range communication technologies such as WiFi, Bluetooth, NFC, etc. Another example is a trusted device belonging to the same communication network as the first electronic device 100. For instance, trusted devices include devices belonging to the same household as the first electronic device 100 and controlled by the same central control device. Optionally, trusted devices may also include devices that have been authenticated by logging into the same account as the first electronic device 100, or by peer-to-peer QR code binding.

[0140] For example, such as Figure 6 As shown in (a), the first electronic device 100, for example, is a PC. In response to multi-device collaborative unlocking, the PC searches for nearby devices and obtains multiple trusted devices, such as mobile phone A, mobile phone B, smartwatch, and smart bracelet. Then, as... Figure 7As shown in (a), the PC can display a configuration interface for unlocking devices, which can show the searched trusted devices for the user to select. For example, based on the user's selection, the PC determines that the second electronic device 200 includes a mobile phone A, a smartwatch, and a smart bracelet. Optionally, the PC is the primary device and is a mandatory device that must participate in the storage of key fragments. Alternatively, the PC is an optional device, and the PC can determine whether to select the PC based on the user's operation.

[0141] Or, such as Figure 6 As shown in (b), the first electronic device 100 searches for nearby trusted devices, including mobile phone A, smartwatch, and smart bracelet. Then, the first electronic device 100 can use all the searched trusted devices as the second electronic device 200 to participate in unlocking.

[0142] Subsequently, based on the number of the second electronic devices 200, the PC can determine that the original key needs to be fragmented, obtaining 4 key fragments, which can then be distributed to the local machine, mobile phone A, smartwatch, and smart bracelet for storage.

[0143] Optionally, the first electronic device 100 may also display a first interface when it needs to access the second electronic device 200, so as to receive information related to the second electronic device 200 input by the user through the first interface, thereby accessing the second electronic device 200. Optionally, the information related to the second electronic device 200 may include, for example, the account of the selected second electronic device 200, or the account information of the input second electronic device 200, etc.

[0144] For example, the first electronic device 100 obtains accounts within itself, such as accounts logged into the operating system or smart living applications. Then, based on historical data or interaction with the server, the first electronic device 100 can obtain other electronic devices logged into that account and display them through a first interface. Subsequently, based on user input, the first electronic device 100 can use some or all of the other electronic devices selected by the user as the second electronic device 200 for collaborative decryption.

[0145] As another example, the first electronic device 100 may also display a first interface and receive relevant information about the second electronic device 200 input by the user through the first interface to identify the second electronic device 200. The relevant information about the second electronic device 200 may include, for example, account information or the device name of the second electronic device 200.

[0146] In this way, the first electronic device 100 can also obtain the second electronic device 200 by directly receiving user input information instead of searching for nearby devices.

[0147] In some embodiments, different electronic devices have different capabilities in protecting the key. Devices with strong key protection capabilities are described as strong devices, and devices with weak key protection capabilities are described as weak devices. Optionally, weak devices are easily attacked, leading to key loss; strong devices are not easily attacked and can better protect the key. Optionally, during the decryption process, the first electronic device 100 may receive key fragments sent by a target electronic device in the second electronic device 200. The target electronic device can be some or all of the devices in the second electronic device 200, and there can be one or more of them. Then, the first electronic device 100 can determine whether to decrypt the data using the key fragments sent by the target electronic device based on whether the target electronic device's ability to protect the key fragments meets the requirements for data decryption. In this way, even if a weak device is attacked, resulting in the loss of key fragments, the weak device's ability to protect the key fragments is insufficient to meet the requirements for data decryption, and therefore the original key cannot be recovered, thereby improving data security.

[0148] In some embodiments, the ability of the second electronic device 200 to protect key fragments is related to any of the following information of the second electronic device 200: device type, device security capabilities, device security status, and user account information in the device.

[0149] For example, PCs and mobile phones have a greater ability to protect key fragmentation than smart bracelets.

[0150] For example, a device's security capability can be measured by its security level, which can be determined through different classification methods. For instance, security levels (SL) include SL1-SL4. SL1-SL4 represent the device's security from lowest to highest, respectively. For example, SL1 indicates the device has no hardware security protection, only software protection, suitable for low-risk scenarios. SL2 indicates the device has basic hardware protection, suitable for low-to-medium risk scenarios. SL3 indicates the device has strong physical and logical protection, suitable for scenarios with higher security requirements. SL4 indicates the device has the highest level of security protection, suitable for high-risk and high-security scenarios. Optionally, the first electronic device 100 can classify devices with a security level of SL3 or higher as strong devices and devices with a security level below SL3 as weak devices. Optionally, strong devices have a higher capability for protecting key fragmentation than weak devices. For example, the first electronic device 100 determines that strong devices with a security level of SL3 or higher have a stronger capability for protecting key fragmentation.

[0151] Optionally, each of the second electronic devices 200 is configured with a device security level, which the first electronic device 100 can obtain. It should be understood that the above security level classification method is merely illustrative and is not limited to the single security level classification method described above. For example, different accounts have different permissions to access data. Therefore, the first electronic device 100 can determine the ability of the second electronic device 200 to protect key fragmentation based on the user account information in the second electronic device 200. For instance, in an example scenario, public access devices in a company (such as the first electronic device 100) store data, and different data corresponds to different users. For example, the data in the first electronic device 100 includes data from employee A, data from employee B, etc. Employees do not have individual data access permissions, while personnel at the manager level or above have access to all data. Therefore, the first electronic device 100 can determine whether the account in the second electronic device 200 is a manager account or an ordinary employee account based on the account information obtained from the second electronic device 200, thereby determining the ability of the second electronic device 200 to protect key fragmentation.

[0152] In this way, the device's ability to protect key fragmentation can be flexibly evaluated through a variety of different methods.

[0153] In some embodiments, after assessing the device's ability to protect key fragments, the first electronic device 100 may assign corresponding capability permissions to the corresponding key fragments to be allocated. For example, by weighting, a key fragment with a higher weight is assigned to the second electronic device 200, which has a stronger ability to protect key fragments, and a key fragment with a lower weight is assigned to the second electronic device 200, which has a weaker ability to protect key fragments.

[0154] The following text uses weights to represent the ability of different second electronic devices 200 to protect key fragmentation.

[0155] For example, the first electronic device 100 can assign weights to the key fragments of different second electronic devices 200 based on their respective key protection capabilities. Key fragments from stronger devices have higher weights, while those from weaker devices have lower weights. Subsequently, during decryption, the original key is only allowed to be recovered if the sum of the obtained key fragment weights is greater than or equal to a preset weight and threshold. This way, even if a weaker device is attacked, resulting in the loss of key fragments, the original key cannot be recovered due to the lower weight of the weaker device, thus improving data protection security.

[0156] In some examples, the first electronic device 100 is configured with judgment conditions, and the first electronic device 100 divides the key fragments into weights according to the judgment conditions. Optionally, the judgment conditions may include, for example, determining the key fragment weights of the second electronic device 200 based on the information described above regarding the ability of the second electronic device 200 to protect key fragments. For example, as described above... Figure 7 In the scenario of example (a), the first electronic device 100 (e.g., PC) divides the four types of devices—PC, mobile phone A, smartwatch, and smart bracelet—in a weight ratio of 5:4:3:2. Alternatively, the first electronic device 100 determines the weight based on whether the second electronic device 200 is equipped with a security chip and a TEE security environment. For example, a device with a TEE security environment has a weight of 4, while a device without a TEE security environment has a weight of 1.

[0157] In some examples, during the weighting process, the sum of the weights of multiple weak devices is less than a preset weight and threshold. Optionally, the conditions for subsequent decryption can be adjusted based on the weighting distribution. For example, the participation of strong devices may be required to recover the original key during subsequent decryption. Alternatively, the participation of strong devices other than the local machine may be required to recover the original key.

[0158] In some examples, the first electronic device 100 generates key fragments based on the number of second electronic devices 200 using a key fragmentation algorithm and configures the weight of each key fragment. Optionally, the key fragmentation algorithm includes, for example, a threshold secret sharing algorithm and an XOR secret sharing algorithm. The threshold secret sharing algorithm divides the original key into n fragments, and the condition for recovering the original key is that at least t fragments are needed to reconstruct it. The XOR secret sharing algorithm is a simple key segmentation method based on the XOR operation. In the XOR secret sharing algorithm, the original key is divided into multiple fragments, and the XOR operation ensures that only a portion of the fragments can be used to recover the original key. For example, given an original key, after dividing it into multiple fragments, new fragments are generated by XORing these fragments with a set of random values. When recovering the key, at least a certain number of fragments need to be XORed to reconstruct the original key.

[0159] In other examples, the first electronic device 100 sets key access control attributes, uses access control verification parameters as items to be distributed, and determines the number of verification parameters based on the number of second electronic devices 200. Optionally, the first electronic device 100 also determines the weight of each verification parameter based on judgment conditions.

[0160] For example, such as Figure 5As shown in (a), the distributed key service includes a device selection module, a weight configuration module, and a weighted sharding module. In response to a key sharding request sent by an application, the device selection module can acquire a second electronic device 200 and send its information to the weight configuration module and the weighted sharding module. Then, the weight configuration module can assign weights to each second electronic device 200 based on the information and judgment conditions. The key sharding request may carry the original key. The weighted sharding module can divide the original key into a corresponding number of key shards based on the information of the second electronic devices 200. The distributed key service can configure the weights of each key shard based on the key sharding results, completing the selection of collaborative devices and weighted key sharding (as in step ②).

[0161] In some embodiments, after generating weighted key fragments, the first electronic device 100 may send the corresponding weighted key fragments to each of the second electronic devices 200. Correspondingly, after receiving a key fragment, the second electronic device 200 may save the key fragment. Optionally, the weighted key fragment may include, for example, a key fragment carrying weights.

[0162] Optionally, as described above, the first electronic device 100 generates weighted verification parameters. Then, the first electronic device 100 can also send the weighted verification parameters to the corresponding second electronic device 200. Accordingly, the second electronic device 200 stores the weighted verification parameters. Optionally, the weighted verification parameters may include, for example, verification parameters carrying weights.

[0163] Optionally, the same second electronic device 200 can serve as a collaborative device for multiple devices to store key fragments (or verification parameters). In this case, the second electronic device 200 stores the key fragments and the device identifier of the first electronic device 100, facilitating subsequent identification of the device to which the key fragment belongs.

[0164] Optionally, the first electronic device 100 may also save the device identifier of the second electronic device 200 during the key fragmentation (or verification parameter) configuration and distribution process. In this way, during the subsequent decryption process, the first electronic device 100 can determine which devices it needs to request key fragments (or verification parameters) from based on the saved device identifier.

[0165] For example, such as Figure 5 As shown in (a), after generating weighted key fragments, the distributed key service can send the weighted key fragments to the corresponding second electronic device 200 via near-field communication (as in step ③). Correspondingly, the second electronic device 200 receives the key fragments sent by the first electronic device 100 via near-field communication. Afterwards, the distributed key service in the second electronic device 200 can save the received key fragments through a fragment storage module (as in step ④).

[0166] In some examples, during the key fragmentation configuration and distribution process, the first electronic device 100 can display corresponding animations to help users understand the progress and increase the interactivity. Furthermore, users can identify which second electronic devices 200 are currently participating in storing key fragments (or verifying parameters) based on the interface display, thus determining which second electronic devices 200 are needed for data decryption. Optionally, the first electronic device 100 can also display information on the interface indicating to the user which second electronic devices 200 are required to participate in the decryption process for data decryption to be successful. For example, the first electronic device 100 can indicate to the user that at least one strong device is required to participate in the decryption process for data decryption to be successful.

[0167] For example, such as Figure 7 As shown in (a), in response to the user's operation on the configuration key control 71, the PC performs key fragmentation configuration and distribution. During this process, the PC displays as shown in (a). Figure 7 The interface shown in (b) displays the configuration and distribution status of key fragments for each of the second electronic devices 200 on the PC. After all key fragments have been distributed, the PC can display the following: Figure 8 The interface shown in (a) indicates to the user that the current collaborative data encryption process has been completed. Alternatively, in the event that any key fragment distribution fails, the PC may display the following: Figure 8 The encryption failure interface shown in (b) indicates to the user that the current collaborative data encryption process has failed. Optionally, the PC may also display the reason for the failure on the encryption failure interface, making it easier for the user to re-trigger the collaborative data encryption process. For example, it may prompt the user to confirm whether the second electronic device 200 being decrypted is online or near the PC. Optionally, the user can re-trigger the distributed key storage process through the encryption failure interface.

[0168] In this way, the first electronic device 100 divides the key fragments into weights according to the different key protection capabilities of the second electronic devices 200, so that the stronger devices can occupy higher weights, thereby utilizing the stronger devices to better protect the key fragments and improve the security of the original key.

[0169] The above section introduced the distributed key storage phase; the following section will provide a detailed introduction to the distributed key usage phase.

[0170] In some embodiments, the first electronic device 100 detects a user instruction to decrypt data and determines that the encryption method of the data to be decrypted is distributed collaborative encryption. Then, the first electronic device 100 can search for a nearby second electronic device 200 used to store key fragments or verification parameters to obtain the key fragments or verification parameters and perform data decryption.

[0171] In some embodiments, the first electronic device 100 acquires some or all of the key fragments or verification parameters stored by the second electronic device 200 (such as the target electronic device). If the target electronic device's ability to protect the key fragments or verification parameters meets the requirements for decrypting the data, the data is decrypted using the key fragments or verification parameters sent by the target electronic device.

[0172] In some examples, the first electronic device 100 may determine whether the target electronic device meets the data decryption capability requirements based on the information that affects the second electronic device 100's ability to protect key fragmentation.

[0173] For example, the first electronic device 100 determines whether the target electronic device's ability to protect key fragments meets the requirements for data decryption based on the target electronic device's device security capabilities.

[0174] For example, the first electronic device 100 determines that the target electronic device is a strong device of SL3 or above. Then, the first electronic device 100 can determine that the target electronic device's protection key fragmentation capability meets the data decryption capability requirement, allowing data decryption based on the key fragmentation provided by the target electronic device.

[0175] For example, the first electronic device 100 determines that the target electronic device includes a strong device of SL3 or above and at least one weak device of SL3 or below. Then, the first electronic device 100 can determine that the target electronic device's ability to protect key fragments meets the requirements for data decryption, allowing data decryption based on the key fragments provided by the target electronic device.

[0176] For example, the first electronic device 100 determines that the target electronic device only includes weak devices below SL3. Therefore, regardless of the number of weak devices, the first electronic device 100 can determine that the target electronic device's ability to protect key fragments does not meet the requirements for data decryption, and thus does not allow data decryption based on the key fragments provided by the target electronic device.

[0177] For example, the security status of a device can be determined by whether the device is unlocked or under attack. For instance, based on information sent by the target electronic device, the first electronic device 100 determines that the target electronic device includes devices with abnormal security statuses, such as one or more devices being unlocked or under attack. Therefore, the first electronic device 100 can determine that the target electronic device's ability to protect key fragments does not meet the requirements for data decryption and does not allow data decryption based on the key fragments provided by the target electronic device.

[0178] For another example, different accounts have different access permissions to data. The first electronic device 100 can then determine, based on the user account information in the target electronic device, whether the target electronic device's ability to protect the key fragments meets the requirements for data decryption. For instance, in a typical scenario, a company's public access device (such as the first electronic device 100) stores data, with different users corresponding to different data. For example, the data in the first electronic device 100 includes data from employee A, data from employee B, etc. Employees do not have individual data access permissions, while managers and above have access to all data. Therefore, the first electronic device 100 can determine, based on the account information in the target electronic device from which the key fragments have been obtained, whether or not it has the permission to access the corresponding data, thereby determining whether to perform data decryption. For example, if the user account information in the device indicates that the account is an administrator account, such as a manager account, then the first electronic device 100 can determine that the device's ability to protect the key fragments meets the requirements for data decryption. Alternatively, if the user account information in the device indicates that the account is a regular employee account, such as employee A's account, then the first electronic device 100 can determine that the device's ability to protect the key fragments does not meet the requirements for data decryption.

[0179] In this way, the ability to flexibly evaluate the device's protection key fragmentation capability can be achieved through a variety of different methods.

[0180] In other examples, the first electronic device 100 obtains some or all of the key fragments or verification parameters stored by the second electronic device 200, and triggers the data decryption process if the weight of the obtained key fragments or verification parameters is greater than or equal to a preset weight and threshold.

[0181] For example, such as Figure 5As shown in (b), the distributed key service also includes a key recovery module. In response to a key recovery request sent by an application (such as a file vault application) (as in step ①), the distributed key service sends a key fragment retrieval request to the second electronic device 200. Optionally, the key recovery request carries the device identifier of the second electronic device 200 to facilitate identification of the second electronic device 200 storing the key fragments. Correspondingly, after receiving the key fragment retrieval request sent by the first electronic device 100, the second electronic device 200 can return the stored key fragments to the first electronic device 100 (as in step ③). Optionally, the second electronic device 200 can obtain the key fragments corresponding to the first electronic device 100 based on information such as the device identifier of the first electronic device 100, complete the key fragment verification process, and avoid returning incorrect key fragments (as in step ②). Afterwards, the key recovery module can determine whether the weight sum is greater than or equal to a preset weight sum threshold based on the weights of the obtained key fragments. If the weight sum is greater than or equal to a preset weight sum threshold, the key recovery module can restore the original key based on the obtained key fragments (as in step ④) and send the restored original key back to the application so that the application can decrypt the data. Optionally, if the original key restoration fails, a failure response can be sent back to the application so that the application can notify the user that the data decryption has failed.

[0182] It should be understood that the decryption process based on verification parameters can refer to the decryption process based on key fragmentation. For example, after receiving the verification parameters sent by the second electronic device 200, the first electronic device 100 can determine whether decryption was successful based on the weighted sum of the verification parameters and the verification result of the verification parameters. If the weighted sum is less than a preset weighted sum threshold or if any verification parameter fails to be verified, the data decryption fails.

[0183] Thus, during the data decryption process, a weighted decision is made to determine whether the original key should be recovered. Compared to existing technologies that recover the original key solely based on the number of key fragments, the decryption credential management method provided in this application effectively improves the security and reliability of original key protection.

[0184] Among them, a strong device with a high weight can better protect the key fragment from attacks. Thus, a key fragment based on a strong device can ensure that the device providing the key fragment is a trusted device (i.e., the device is the corresponding strong device, not an imposter), increasing the credibility of the decryption process.

[0185] The following is based on Figure 7 The scenario shown illustrates the distributed key storage phase, and introduces the practical application scenarios of the distributed key usage phase.

[0186] For example, such as Figure 9As shown in (a), in response to the user's operation on the collaborative decryption control 91, the PC determines that the user has instructed the decryption of data. The PC can then determine the electronic device containing the key fragment required to decrypt that data, such as its own device (e.g., PC), mobile phone A, smartwatch, and smart bracelet. Then, as... Figure 9 As shown in (b), the PC can use near-field communication (NFC) to search for the presence of mobile phone A, smartwatch, and smart bracelet in the vicinity. If the desired device is found, the PC can request a key fragment from these devices. Correspondingly, the nearby device responds to the PC's request, confirms the PC's identity, obtains the corresponding key fragment, and sends it back to the PC. The key fragment sent back by the nearby device carries its corresponding weight, i.e., a weighted key fragment. The PC can then reconstruct the original key based on the obtained key fragment.

[0187] Optionally, such as Figure 10 As shown, in the distributed key storage stage, the PC determines the weight of the key fragments of the local machine (e.g., PC), mobile phone A, smartwatch, and smart bracelet according to the judgment conditions. For example, the weight of the local machine key fragment is 33%, the weight of the mobile phone A key fragment is 33%, the weight of the smartwatch key fragment is 17%, and the weight of the smart bracelet key fragment is 17%.

[0188] Optionally, the PC is configured with preset weights and thresholds, such as 60%.

[0189] So, if Figure 10 As shown, during the PC's search for the presence of a desired device (such as a second electronic device 200) in the vicinity, if it can obtain key fragments sent by mobile phone A, smartwatch, and smart bracelet, and the weight sum of these key fragments is 100%, which is greater than a preset weight sum threshold, then the PC can reconstruct the original key based on the three obtained key fragments and its own key fragment, thereby enabling data decryption using the original key.

[0190] Or, such as Figure 10 As shown, during the PC's search for nearby devices, if it can obtain the key fragment sent by mobile phone A, and combine it with the local key fragment weights, the sum of the weights of these key fragments is 33% + 33% = 66%, which is greater than a preset weight threshold. Therefore, the PC can reconstruct the original key based on the obtained key fragment and its own key fragment, thereby decrypting the data using the original key. Optionally, the PC can also display... Figure 11The decryption success screen shown in (a) indicates to the user that the data has been successfully decrypted. Furthermore, this screen also helps the user see which devices participated in the decryption process and which did not. It can be seen that the current decryption process only requires the participation of one strong device to achieve data decryption, no longer limited to the requirement of a fixed number of participating devices.

[0191] Or, such as Figure 10 As shown, during the PC's search for nearby devices, if it can obtain key fragments sent by smartwatches and smart bands, and combine them with the local key fragment weights, the sum of the weights of these key fragments is 33% + 17% + 17% = 67%, which is greater than a preset weight threshold. Therefore, the PC can reconstruct the original key based on the two obtained key fragments and its own key fragment, thereby decrypting the data using the original key. Optionally, the PC can also display... Figure 11 The decryption success screen shown in (b) indicates to the user that the current data has been successfully decrypted.

[0192] Or, such as Figure 10 As shown, during the PC's search for nearby devices, if it fails to obtain key fragments from other devices, then, based on its own key fragment weight of 33%, the PC determines that the sum of the key fragment weights is less than a preset weight and threshold, making it impossible to recover the original key, and data decryption fails. Optionally, the PC can also display... Figure 12 The decryption failure interface shown in (a) indicates to the user that the current data decryption has failed. Furthermore, this interface helps the user understand which devices participated in the decryption process and which did not.

[0193] Or, such as Figure 10 As shown, during the PC's search for nearby devices, if only key fragments sent by the smartwatch (or smart band) are obtained, combined with the local key fragment weights, the sum of the weights of these key fragments is 33% + 17% = 50%. This sum of weights is less than the preset weight threshold, making it impossible to recover the original key, and data decryption fails. Optionally, the PC can also display... Figure 12 The decryption failure interface shown in (b) indicates to the user that the current data decryption has failed. This ensures that even if some weak devices are attacked and key fragments are lost, the security of the original key remains unaffected, thus achieving better data protection.

[0194] Optionally, if the PC fails to successfully recover the original key after a preset time threshold is exceeded during the distributed key usage phase, it can be determined that the data decryption has failed.

[0195] Optionally, during the distributed key usage phase, the first electronic device 100 combines the number and weight of the data to determine whether data decryption is possible. For example, as described above... Figure 10 In an example scenario, four devices each store key fragments. The first electronic device 100 can obtain a preset threshold of 2, meaning at least one second electronic device 200 will participate in decryption. The first electronic device 100 can also obtain preset weights and thresholds to determine the reliability of the key fragments obtained from the second electronic device 200.

[0196] It should be understood that the above Figure 10 In the example scenario, taking the recovery of the original key based on key fragmentation as an example, the distributed key usage phase is introduced. Based on the introduction of verification parameters in the distributed key storage phase above, in the distributed key usage phase, the first electronic device 100 (such as a PC) can also determine whether to pass the verification parameters and whether to decrypt the data based on the obtained verification parameter weights and conditions. For example, if the PC receives verification parameters sent by mobile phone A and determines that the sum of its own weight and the weight of mobile phone A is greater than the preset weight and threshold, and the verification parameters of mobile phone A pass the verification, then the PC can decrypt the data. As another example, if the PC receives verification parameters sent by a smartwatch and determines that the sum of its own weight and the weight of the smartwatch is less than the preset weight and threshold, then the PC can determine that decryption has failed.

[0197] Thus, in the above example scenario, the first electronic device 100 can restore the original key or verify the verification parameters based on the weight sum of multiple devices in the distributed key management system, no longer relying solely on the number of devices, effectively improving the security and stability of the distributed key management system for key management.

[0198] In this case, relying solely on weak devices is insufficient due to the limitations of preset weights and thresholds; that is, the data decryption process requires the participation of strong devices. Furthermore, while strong devices are less likely to be successfully attacked, even if weak devices are attacked, data decryption cannot be successfully achieved solely using weak devices, thus failing to effectively improve data protection security.

[0199] The preceding text uses an example of a distributed key management system including both strong and weak devices to introduce the decryption credential management method provided in this application. It should be understood that a distributed key management system necessarily includes strong devices, but not necessarily weak devices. The following text describes scenarios where a distributed key management system does not include weak devices.

[0200] For example, such as Figure 4 As shown in (a), in response to a user's operation on the encryption control 41, the first electronic device 100 (e.g., a PC) searches for nearby trusted devices, triggering a distributed key storage process. Figure 13As shown in (a), the PC searches for nearby devices and, based on either trusted devices or user selection, determines that the second electronic device 200 to be added to the distributed key management system includes mobile phone A and mobile phone B. Then, the PC generates the original key for encrypting the data and segments the original key according to the judgment conditions and key segmentation algorithm. Since both mobile phone A and mobile phone B are strong devices, the PC can assign them equal weights. For example, the PC assigns key segments to itself, mobile phone A, and mobile phone B, with each key segment having a weight of 1 / 3. Then, as... Figure 13 As shown in (b), the PC sends weighted key fragments to both mobile phone A and mobile phone B to complete the key fragment configuration process. For example, as... Figure 14 As shown, the PC's distributed key service can divide the original key into key fragment 1, key fragment 2, and key fragment 3 through a weighted sharding module. Then, the PC itself stores key fragment 1 and instructs mobile phone A to store key fragment 2, and instructs mobile phone B to store key fragment 3. Then, as... Figure 15 As shown in (a), after all three devices have completed the configuration and saving of key fragmentation, a collaborative encryption completion interface can be displayed to indicate to the user that collaborative encryption was successful. Alternatively, as shown in [example missing] Figure 15 As shown in (b), if any of the three devices fails to complete the configuration and saving of key fragmentation, a collaborative encryption failure interface can be displayed to prompt the user that collaborative encryption has failed.

[0201] After that, as Figure 16 As shown in (a), the PC detects the user's operation on the collaborative decryption control 161 and can determine that the user instructed to decrypt the data via collaborative decryption. Therefore, the PC can determine the device containing the key fragment required to decrypt the data. Then, as... Figure 16 As shown in (b), the PC searches for nearby devices and requests a key fragment from the device where the confirmed key fragment is located. Then, as... Figure 17 As shown in (a), based on the key fragments obtained from mobile phone A and / or mobile phone B, the PC can determine that the sum of the weights of its own key fragment and the obtained key fragment is greater than a preset weight and threshold, thus enabling the restoration of the original key. After successfully decrypting the data using the original key, a decryption success interface can be displayed. Alternatively, as shown in (a), the PC can restore the original key. Figure 17 As shown in (b), the PC failed to obtain the key fragments stored by either mobile phone A or mobile phone B, and could not restore the original key, resulting in the inability to decrypt the data and displaying a decryption failure interface.

[0202] Optionally, if the first electronic device 100 determines that all the second electronic devices 200 that are to be distributed key fragments (or verification parameters) are strong devices, it may not be necessary to configure the weight of each key fragment (or verification parameter).

[0203] Thus, the first electronic device 100 assigns weighted proportions to key fragments of each device based on their respective key protection capabilities within the distributed key management system. Then, during decryption, based on the sum of the weights of the acquired key fragments, it determines whether the decryption conditions are met and decides whether to restore the original key for decryption. This weighted configuration increases the reliability of key protection.

[0204] Figure 18 This is a flowchart illustrating a decryption credential management method provided in an embodiment of this application. It should be noted that this method does not rely on... Figure 18 The specific order described below is a limitation. It should be understood that in other embodiments, the order of some steps in the method can be interchanged according to actual needs, or some steps can be omitted or deleted. The method includes the following steps:

[0205] S1801, The first electronic device determines multiple second electronic devices capable of decrypting data in the first electronic device. The multiple second electronic devices are used to store decryption credentials for the data, and the multiple second electronic devices have different capabilities in protecting the decryption credentials.

[0206] The decryption credentials include key fragments or verification parameters.

[0207] The ability of the second electronic device to protect decryption credentials is related to any of the following information about the second electronic device: device type, device security capabilities, device security status, and user account information in the device.

[0208] In some embodiments, in response to a user's instruction to encrypt data, a first electronic device acquires a plurality of second electronic devices. The plurality of second electronic devices are trusted devices of the first electronic device. The first electronic device sends corresponding credential information to each of the plurality of second electronic devices; the credential information is used to obtain decryption credentials.

[0209] In some examples, the first electronic device sends credential information, such as key fragments or verification parameters, to the second electronic device. The second electronic device can then receive this credential information, thus obtaining the decryption credential.

[0210] In other examples, the first electronic device sends credential information to the second electronic device, which processes the credential information according to a preset algorithm, obtains the corresponding decryption credential, and saves it.

[0211] For example, after the first electronic device saves data using the original key, it generates credential information based on the original key. For instance, the first electronic device generates a corresponding number of key fragments based on a key fragmentation algorithm and the number of second electronic devices. Then, the first electronic device sends the key fragments to each of the second electronic devices. For example, as... Figure 7 As shown in (a), the PC can display a configuration interface for unlocking the device and identify that the second electronic device includes mobile phone A, smartwatch, and smart bracelet. The PC can then send key fragments to mobile phone A, smartwatch, and smart bracelet respectively.

[0212] In this way, the first electronic device identifies the second electronic device that will subsequently participate in data decryption and distributes credential information to these second electronic devices to facilitate their subsequent participation in data decryption.

[0213] In some embodiments, in response to a user instruction to encrypt data, a first electronic device acquires a plurality of second electronic devices, including: in response to a user instruction to encrypt data via a nearby device, the first electronic device acquires a plurality of nearby second electronic devices. The first electronic device uses the plurality of second electronic devices as devices for decrypting data.

[0214] For example, such as Figure 6 As shown in (a), the first electronic device, such as a PC, responds to a user's instruction to encrypt data. The PC searches for nearby devices and obtains multiple trusted devices, such as mobile phone A, mobile phone B, a smartwatch, and a smart bracelet. The PC can then determine that the second electronic device includes mobile phone A, the smartwatch, and the smart bracelet.

[0215] Thus, the first electronic device searches for nearby devices and uses those devices as a second electronic device to store the decryption credentials.

[0216] Optionally, the first electronic device may display a prompt message to remind the user to place the devices that need to participate in the decryption nearby, so that these devices can be added as the second electronic device.

[0217] In other embodiments, in response to a user's instruction to encrypt data, the first electronic device acquires a plurality of second electronic devices, including: in response to the user's instruction to encrypt data, the first electronic device acquires a plurality of nearby devices. The first electronic device displays a device selection interface. Based on the user's actions on the device selection interface, the first electronic device acquires a plurality of second electronic devices selected by the user from a plurality of devices.

[0218] For example, such as Figure 6 As shown in (a), the first electronic device is, for example, a PC. In response to multi-device collaborative unlocking, the PC searches for nearby devices and obtains multiple trusted devices, such as mobile phone A, mobile phone B, a smartwatch, and a smart bracelet. Then, as... Figure 7 As shown in (a), the PC can display a configuration interface for unlocking devices, which can show a list of trusted devices for the user to select. For example, based on the user's selection, the PC determines that the second electronic device includes mobile phone A, smartwatch, and smart bracelet.

[0219] In this way, the first electronic device can be flexibly configured to participate in the decryption process, according to the user's selection.

[0220] In some other embodiments, in response to a user's instruction to encrypt data, a first electronic device acquires a plurality of second electronic devices, including: in response to the user's instruction to encrypt data, the first electronic device displays a first interface for receiving user-inputted information related to the second electronic devices. The first electronic device acquires the user-inputted information on the first interface to determine the plurality of second electronic devices.

[0221] For example, the first electronic device obtains an account from within itself, such as an operating system login account or a smart living application login account. Then, based on historical data or interaction with the server, the first electronic device can obtain other electronic devices logged into that account and display them through a first interface. Subsequently, based on user input, the first electronic device can use some or all of the other electronic devices selected by the user as the second electronic device for collaborative decryption.

[0222] As another example, the first electronic device may also display a first interface and receive relevant information about the second electronic device input by the user through the first interface to identify the second electronic device. This relevant information may include, for example, account information within the second electronic device, the device name of the second electronic device, etc.

[0223] In this way, the first electronic device can also acquire the second electronic device by directly receiving user input information, without searching for nearby devices.

[0224] In some embodiments, during the distribution of credential information, the first electronic device has already identified multiple second electronic devices to which the information has been distributed. Then, after identifying multiple second electronic devices capable of decrypting the data within the first electronic device, the first electronic device can trigger a data decryption process.

[0225] Optionally, the first electronic device automatically triggers the data decryption process, or the first electronic device triggers the data decryption process based on user operation.

[0226] For example, a first electronic device enters a room and identifies at least some of the target electronic devices among a plurality of second electronic devices present in the room. The first electronic device can then trigger a data decryption process. In this way, the first electronic device can provide the user with a seamless data decryption experience.

[0227] Furthermore, exemplarily, exemplarily, such as Figure 9 As shown in (a), in response to the user's operation on the collaborative decryption control 91, the PC determines that the user has instructed the decryption of data. The PC can then determine the second electronic device containing the key fragment required to decrypt the data, such as the local device (e.g., PC), mobile phone A, smartwatch, and smart bracelet. Thus, the first electronic device decrypts the data according to the user's operation, satisfying the user's data decryption needs.

[0228] S1802, The first electronic device obtains the decryption certificate sent by the target electronic device among a plurality of second electronic devices, wherein the number of target electronic devices is one or more.

[0229] In some embodiments, when the first electronic device needs to decrypt data, the second electronic device storing the key credentials may not be entirely located near the first electronic device. Therefore, the target electronic device participating in the current decryption process may be some or all of the devices within the second electronic device.

[0230] Optionally, the first electronic device needs to obtain at least one decryption credential sent by the target electronic device in order to carry out the subsequent data decryption process.

[0231] In some embodiments, the first electronic device requests a decryption credential from the second electronic device. The second electronic device may display a prompt message asking the user whether the current device needs to participate in data decryption. In response to the user's confirmation, the second electronic device sends the decryption credential to the first electronic device.

[0232] S1803. If the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting data, the first electronic device decrypts the data using the decryption certificate sent by the target electronic device.

[0233] In some embodiments, after receiving a decryption credential from a target electronic device, the first electronic device may determine whether the target electronic device's ability to protect the decryption credential meets the requirements for decrypting the data. If the target electronic device's ability to protect the decryption credential meets the requirements for decrypting the data, the first electronic device decrypts the data using the decryption credential sent by the target electronic device. Otherwise, the first electronic device does not allow decryption of the data using the decryption credential sent by the target electronic device.

[0234] In some examples, the first electronic device assesses the target electronic device's ability to protect key credentials by using information related to the ability to protect decryption credentials, such as device type, device security capabilities, device security status, and user account information in the device, thereby determining whether the target electronic device's ability to protect decryption credentials meets the requirements for decrypting data.

[0235] In other examples, the first electronic device determines whether the target electronic device's ability to protect the decryption credentials meets the requirements for decrypting the data by using the weight of the received decryption credentials.

[0236] For example, if a first electronic device receives decryption credentials from multiple target electronic devices, and the sum of the weights of these credentials is greater than or equal to a preset weight and threshold, then the first electronic device can determine that the target electronic devices' ability to protect their decryption credentials meets the requirements for data decryption and allows data decryption.

[0237] For example, if a first electronic device receives decryption credentials from multiple target electronic devices, and the sum of the weights of these credentials is less than a preset weight and threshold, then the first electronic device can determine that the target electronic devices' ability to protect their decryption credentials does not meet the requirements for data decryption and therefore data decryption is not permitted.

[0238] Thus, by assessing the ability of target electronic devices to protect decryption credentials, the impact of electronic devices with insufficient decryption credential protection capabilities on the security of the entire distributed key management system can be reduced, thereby improving data security.

[0239] In some embodiments, during the distribution of decryption credentials, the first electronic device has evaluated the ability of each second electronic device to protect the decryption credentials and can determine the combination of devices capable of data decryption. For example, the second electronic device includes three strong devices, and the first electronic device determines that at least one of the strong devices is involved to achieve data decryption. As another example, the second electronic device includes one strong device and three weak devices. The first electronic device determines that one of the strong devices is involved to achieve data decryption. Alternatively, the first electronic device determines that one strong device and at least two weak devices are involved to achieve data decryption.

[0240] Thus, based on the predetermined device combination method, after obtaining the decryption certificate sent by the target electronic device, the first electronic device can determine whether the target electronic device meets the device combination method requirements. If the device combination method requirements are met, the first electronic device can determine that the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting data. Subsequently, the first electronic device can decrypt the data using the decryption certificate sent by the target electronic device.

[0241] In other embodiments, after receiving the decryption credential from the target electronic device, the first electronic device may further evaluate the target electronic device's ability to protect the decryption credential to determine whether this ability meets the requirements for data decryption. Then, if the target electronic device's ability to protect the decryption credential meets the requirements for data decryption, the first electronic device decrypts the data using the decryption credential sent by the target electronic device.

[0242] In this way, the first electronic device can achieve more flexible data decryption.

[0243] The following examples illustrate the decryption process using several target electronic devices.

[0244] In some embodiments, the target electronic device includes a third electronic device, the third electronic device having a first-level capability to protect decryption credentials. The first electronic device acquires decryption credentials sent by the target electronic device among a plurality of second electronic devices, including: acquiring decryption credentials sent by the third electronic device. If the target electronic device's capability to protect decryption credentials meets the requirements for data decryption, the first electronic device decrypts the data using the decryption credentials sent by the target electronic device, including: if it is determined that the third electronic device's capability to protect decryption credentials meets the requirements for data decryption, the first electronic device decrypts the data using the decryption credentials sent by the third electronic device.

[0245] Optionally, Level 1 capabilities may be used to indicate that the third electronic device is a strong device, such as having the strongest ability to protect decryption credentials. For example, the device type of the third electronic device indicates that it has a strong ability to protect key credentials. Another example is that the device security capability level of the third electronic device is SL3 or higher, indicating a strong ability to protect key credentials. Yet another example is that the third electronic device is locked and has not been attacked. Still another example is that the user account information in the third electronic device indicates that the account in the third electronic device is an administrator account.

[0246] Thus, when the target electronic device involved in decryption includes a powerful device, the first electronic device can determine that the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, and then decrypt the data using the decryption certificate sent by the target electronic device. In this way, the data security is ensured through the powerful device's protection capability of the decryption certificate.

[0247] In some embodiments, the target electronic device includes a third electronic device and at least one fourth electronic device, wherein the capability of the at least one fourth electronic device to protect the decryption credential is at or below Level 1. In some embodiments, obtaining the decryption credential sent by the target electronic device among a plurality of second electronic devices includes: in some embodiments, obtaining the decryption credential sent by the third electronic device and at least one fourth electronic device. Where the capability of the target electronic device to protect the decryption credential meets the requirements for data decryption, in some embodiments, decrypting the data using the decryption credential sent by the target electronic device includes: where it is determined that the capability of the third electronic device and at least one fourth electronic device to protect the decryption credential meets the requirements for data decryption, in some embodiments, decrypting the data using the decryption credential sent by the third electronic device and at least one fourth electronic device.

[0248] Thus, when the target electronic device involved in decryption includes a strong device and at least one weak device, the first electronic device can determine that the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, and then decrypt the data using the decryption certificate sent by the target electronic device. In this way, the strong device's ability to protect the decryption certificate, along with the assistance of the weak device, enhances data security.

[0249] In some embodiments, the target electronic device includes at least one fifth electronic device whose ability to protect decryption credentials is weaker than a first-level capability, where the first-level capability is the highest among the plurality of second electronic devices in terms of decryption credential protection capabilities. The first electronic device acquires the decryption credential sent by the target electronic device among the plurality of second electronic devices, including: the first electronic device acquiring the decryption credential sent by at least one fifth electronic device. Therefore, if it is determined that the ability of at least one fifth electronic device to protect the decryption credential does not meet the requirements for data decryption, data decryption is not permitted.

[0250] Therefore, when the target electronic device only includes weak devices, data decryption is not allowed regardless of the number of weak devices participating in decryption. This contrasts with existing technologies where decryption is allowed as long as the number of participating devices meets the requirements. The decryption credential management method provided in this application can determine whether data decryption is allowed by assessing the target electronic device's ability to protect decryption credentials. Thus, even if weak devices are attacked, the security of the entire distributed key management system remains unaffected.

[0251] In some embodiments, when the target electronic device's ability to protect the decryption credential meets the requirements for decrypting data, the first electronic device decrypts the data using the decryption credential sent by the target electronic device. This includes: at a first moment, when the target electronic device is in a normal security state, decrypting the data using the decryption credential sent by the target electronic device. Subsequently, at a second moment, when the target electronic device includes a device with an abnormal security state, the first electronic device does not allow decryption of the data using the decryption credential sent by the target electronic device.

[0252] Optionally, an abnormal security status includes: the device being unlocked or under attack.

[0253] Optionally, the target electronic device may include one or more devices with abnormal security status.

[0254] Exemplary, exemplary, such as Figure 9 As shown in (a), in response to the user's operation on the collaborative decryption control 91, the PC determines that the user has instructed the decryption of data. The PC can then determine the electronic device containing the key fragment required to decrypt that data, such as its own device (e.g., PC), mobile phone A, smartwatch, and smart bracelet. Then, as... Figure 9 As shown in (b), the PC can use near-field communication (NFC) to search for the presence of mobile phone A, smartwatch, and smart bracelet in the vicinity. If the desired device is found, the PC can request a key fragment from these devices. Correspondingly, the nearby devices respond to the PC's request, verify the PC's identity, obtain the corresponding key fragment, and send it back to the PC. For example, the PC determines that it has obtained the key fragments sent by mobile phone A, smartwatch, and smart bracelet, respectively. The PC determines that a strong device, such as mobile phone A, is among the devices that sent the key fragments. Therefore, the PC can determine that data access is permitted.

[0255] Subsequently, the PC exits data viewing based on user input. Then, the PC detects a user instruction to decrypt the data. This process is repeated to obtain key fragments sent by phone A, smartwatch, and smart bracelet. This time, the PC determines that phone A (or smartwatch, smart bracelet) has an abnormal security status. Therefore, the PC can decide not to decrypt the data to ensure data security.

[0256] Thus, even if the device's ability to protect decryption credentials meets the requirements, the first electronic device can determine whether to allow data decryption based on the device's security status, thereby improving data security. This avoids data security being compromised due to the target electronic device including devices with abnormal security status.

[0257] In some embodiments, the ability of the second electronic device to protect decryption credentials is related to the user account information in the second electronic device. When the ability of the target electronic device to protect decryption credentials meets the requirements for data decryption, the first electronic device decrypts the data using the decryption credentials sent by the target electronic device, including: the first electronic device decrypts the data using the decryption credentials sent by the third electronic device based on the user account information in the third electronic device.

[0258] For example, the first electronic device is a public device within a company, and the data on the first electronic device is accessible only to managerial accounts. Then, the first electronic device receives a decryption credential from a third electronic device and can determine the account information on the third electronic device. For instance, the first electronic device determines that the account on the third electronic device is a managerial account. Therefore, the first electronic device allows the data to be decrypted using the decryption credential sent by the third electronic device.

[0259] Optionally, the ability of a manager-level account to protect decryption credentials on third-party electronic devices is a Level 1 capability.

[0260] In this way, the first electronic device, combined with the user account information in the target electronic device, can achieve more flexible data decryption in different decryption scenarios.

[0261] In some examples, the target electronic device includes a sixth electronic device, the account in the third electronic device is the first account, and the account in the sixth electronic device is the second account. When the target electronic device's ability to protect decryption credentials meets the requirements for data decryption, the first electronic device decrypts the data using the decryption credentials sent by the target electronic device, including: the first account and the second account being a preset account combination, and decrypting the data using the decryption credentials sent by the target electronic device.

[0262] For example, the first electronic device is a public device within the company, and the data on the first electronic device can be accessed individually by a manager-level account. Furthermore, the first electronic device stores data of different employees, allowing the corresponding employee and manager to access the data together when both are present. For instance, the first electronic device stores employee A's data, and the preset account combination for confidentialing this data is a manager's account (e.g., the first account) and employee A's account (e.g., the second account). Then, in response to a user's instruction to decrypt the data, the first electronic device obtains a decryption credential sent by the target electronic device and acquires the user account information from the target electronic device. Based on the user account information, the first electronic device determines that the target electronic device includes both a device logged into the manager's account and a device logged into employee A's account. Therefore, the first electronic device can decrypt the data using the decryption credential sent by the target electronic device.

[0263] Optionally, during the data encryption process, the first electronic device may prompt the user for a preset combination of accounts required to decrypt the data. This way, during subsequent data decryption, the user will know which electronic devices they need to bring to participate in the decryption process.

[0264] In this way, the first electronic device can achieve flexible data decryption through the combination of accounts in multiple target electronic devices.

[0265] In some embodiments, if the target electronic device's ability to protect decryption credentials does not meet the requirements for decrypting data, the first electronic device displays a prompt message to inform the user that data decryption has failed.

[0266] Optionally, data decryption failure may also include situations where the acquired key fragments fail to be restored to the original key; or the acquired verification parameters fail to pass verification; or the sum of the weights of the key fragments acquired by the first electronic device is less than a preset weight and threshold.

[0267] For example, such as Figure 12 As shown in (b), if the target electronic device's ability to protect decryption credentials does not meet the requirements for data decryption, the PC can display a decryption failure interface. This interface displays a prompt message to inform the user that the current data decryption has failed. Optionally, this interface can also help the user understand which devices participated in the decryption and which did not. This helps the user confirm whether the data decryption failure was due to the absence of certain devices, increasing the probability of successful decryption on subsequent attempts.

[0268] In this way, the displayed message helps users understand why data decryption failed. Optionally, it can also help users trigger the next decryption process.

[0269] Optionally, the first electronic device may also execute the steps performed by the first electronic device 100 in the above embodiments to implement the decryption credential management method provided in the embodiments of this application.

[0270] In some solutions, multiple embodiments of this application can be combined, and the combined solution can be implemented. Optionally, some operations in the processes of each method embodiment may be combined, and / or the order of some operations may be changed. Furthermore, the execution order between the steps of each process is merely exemplary and does not constitute a limitation on the execution order between steps; other execution orders are also possible. It is not intended to indicate that the execution order is the only possible order in which these operations can be performed. Those skilled in the art will conceive of various ways to reorder the operations described herein. In addition, it should be noted that the process details involved in one embodiment of this document are similarly applicable to other embodiments, or different embodiments may be combined.

[0271] Furthermore, some steps in the method embodiments can be equivalently replaced with other possible steps. Alternatively, some steps in the method embodiments may be optional and can be deleted in certain use cases. Or, other possible steps may be added to the method embodiments.

[0272] Furthermore, the various method embodiments can be implemented individually or in combination.

[0273] The above combination Figures 4-18 This application provides a detailed description of the decryption credential management method provided in its embodiments. The following, in conjunction with... Figure 19 The first electronic device provided in the embodiments of this application is described in detail.

[0274] In one possible design, Figure 19 This is a schematic diagram of the structure of a first electronic device provided in an embodiment of this application. Figure 19 As shown, the first electronic device 1900 may include a processing unit 1901 and a transceiver unit 1902. The first electronic device 1900 can be used to implement the functions of the first electronic device 100 involved in the above method embodiments.

[0275] Optionally, the processing unit 1901 is used to support the first electronic device 1900 in performing operations. Figure 18 S1801 and S1803 in the example.

[0276] Optionally, the transceiver unit 1902 is used to support the first electronic device 1900 in performing [operations]. Figure 18 S1802 in the middle.

[0277] The transceiver unit may include a receiving unit and a transmitting unit, and may be implemented by a transceiver or transceiver-related circuit components, and may be a transceiver or transceiver module. The operation and / or function of each unit in the first electronic device 1900 are respectively to implement the corresponding process of the decryption credential management method described in the above method embodiments. All relevant content of each step involved in the above method embodiments can be referred to the functional description of the corresponding functional unit, and will not be repeated here for the sake of brevity.

[0278] Optionally, Figure 19 The first electronic device 1900 shown may also include a storage unit ( Figure 19 (not shown in the image), this storage unit stores a program or instruction. When the processing unit 1901 and the transceiver unit 1902 execute the program or instruction, it causes... Figure 19 The first electronic device 1900 shown can execute the decryption credential management method described in the above method embodiments.

[0279] Figure 19 The technical effects of the first electronic device 1900 shown can be referred to the technical effects of the decryption credential management method described in the above method embodiments, and will not be repeated here.

[0280] In addition to being in the form of a first electronic device 1900, the technical solutions provided in this application may also be functional units or chips in the first electronic device, or devices used in conjunction with the first electronic device.

[0281] This application also provides a chip system, including: a processor coupled to a memory, the memory being used to store programs or instructions, which, when executed by the processor, cause the chip system to implement the methods in any of the above method embodiments.

[0282] Optionally, the chip system may include one or more processors. These processors can be implemented in hardware or software. When implemented in hardware, the processor can be a logic circuit, an integrated circuit, etc. When implemented in software, the processor can be a general-purpose processor, implemented by reading software code stored in memory.

[0283] Optionally, the chip system may contain one or more memories. The memory may be integrated with the processor or disposed separately from it; this application embodiment does not limit this. For example, the memory may be a non-transient processor, such as a read-only memory (ROM), which may be integrated with the processor on the same chip or disposed separately on different chips. This application embodiment does not specifically limit the type of memory or the arrangement of the memory and processor.

[0284] For example, the chip system may be a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a system on chip (SoC), a central processor unit (CPU), a network processor (NP), a digital signal processor (DSP), a micro controller unit (MCU), a programmable logic device (PLD), or other integrated chips.

[0285] It should be understood that each step in the above method embodiments can be completed by integrated logic circuits in the processor hardware or by instructions in software form. The method steps disclosed in the embodiments of this application can be directly manifested as being executed by a hardware processor, or being executed by a combination of hardware and software modules in the processor.

[0286] This application also provides a computer-readable storage medium storing a computer program. When the computer program is run on a computer, it causes the computer to perform the aforementioned steps to implement the decryption credential management method described in the above embodiments.

[0287] This application also provides a computer program product that, when run on a computer, causes the computer to perform the aforementioned steps to implement the decryption credential management method described in the above embodiments.

[0288] In addition, this application also provides an apparatus. Specifically, the apparatus may be a component or module, and may include one or more processors and a memory connected together. The memory is used to store a computer program. When the computer program is executed by one or more processors, the apparatus performs the decryption credential management method in the above-described method embodiments.

[0289] The apparatus, computer-readable storage medium, computer program product, or chip provided in the embodiments of this application are all used to execute the corresponding methods provided above. Therefore, the beneficial effects they can achieve can be referred to the beneficial effects of the corresponding methods provided above, and will not be repeated here.

[0290] The steps of the methods or algorithms described in conjunction with the embodiments of this application can be implemented in hardware or by a processor executing software instructions. The software instructions can consist of corresponding software modules, which can be stored in random access memory (RAM), flash memory, read-only memory (ROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), registers, hard disks, portable hard disks, CD-ROMs, or any other form of storage medium well known in the art. An exemplary storage medium is coupled to a processor, enabling the processor to read information from and write information to the storage medium. Of course, the storage medium can also be a component of the processor. The processor and the storage medium can reside in an application-specific integrated circuit (ASIC).

[0291] Through the above description of the embodiments, those skilled in the art will clearly understand that, for the sake of convenience and brevity, the division of the above functional modules is only used as an example. In practical applications, the above functions can be assigned to different functional modules as needed; that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above. The specific working process of the system, device, and unit described above can be referred to the corresponding process in the foregoing method embodiments, and will not be repeated here.

[0292] In the several embodiments provided in this application, it should be understood that the disclosed methods can be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of modules or units is only a logical functional division, and there may be other division methods in actual implementation; for example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of modules or units may be electrical, mechanical or other forms.

[0293] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0294] Computer-readable storage media include, but are not limited to, any of the following: USB flash drive, portable hard drive, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk, and other media capable of storing program code.

[0295] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any changes or substitutions within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A method for managing decryption credentials, characterized in that, Applied to a first electronic device, the method includes: A plurality of second electronic devices capable of decrypting data in the first electronic device are identified. The plurality of second electronic devices are used to store decryption credentials for the data, and the plurality of second electronic devices have different capabilities in protecting the decryption credentials. Obtain the decryption credential sent by a target electronic device among a plurality of second electronic devices, wherein the number of target electronic devices is one or more; If the target electronic device's ability to protect the decryption credential meets the requirements for decrypting the data, the data is decrypted using the decryption credential sent by the target electronic device.

2. The method according to claim 1, characterized in that, Before determining a plurality of second electronic devices capable of decrypting data in the first electronic device, the method further includes: In response to a user instruction to encrypt the data, the plurality of second electronic devices are obtained, wherein the plurality of second electronic devices are trusted devices of the first electronic device; The corresponding credential information is sent to each of the plurality of second electronic devices, and the credential information is used to obtain the decryption credential.

3. The method according to claim 1 or 2, characterized in that, The target electronic device includes a third electronic device, and the third electronic device has a first-level capability to protect the decryption credential; obtaining the decryption credential sent by the target electronic device among multiple second electronic devices includes: Obtain the decryption certificate sent by the third electronic device; When the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, the data is decrypted using the decryption certificate sent by the target electronic device, including: If the capability of the third electronic device to protect the decryption certificate meets the requirements for decrypting the data, the data is decrypted using the decryption certificate sent by the third electronic device.

4. The method according to claim 3, characterized in that, The target electronic device further includes at least one fourth electronic device, the at least one fourth electronic device having the capability to protect the decryption credential as the first level capability or weaker than the first level capability; The step of obtaining the decryption certificate sent by the target electronic device among multiple second electronic devices includes: Obtain the decryption credentials sent by the third electronic device and the at least one fourth electronic device; When the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, the data is decrypted using the decryption certificate sent by the target electronic device, including: If it is determined that the ability of the third electronic device and the at least one fourth electronic device to protect the decryption credentials meets the requirements for decrypting the data, the data is decrypted using the decryption credentials sent by the third electronic device and the at least one fourth electronic device.

5. The method according to claim 1 or 2, characterized in that, The target electronic device includes at least one fifth electronic device, the capability of which to protect the decryption credential is weaker than the first-level capability, where the first-level capability is the highest among the plurality of second electronic devices in terms of the capability to protect the decryption credential; obtaining the decryption credential sent by the target electronic device among the plurality of second electronic devices includes: Obtain the decryption certificate sent by the at least one fifth electronic device; The method further includes: If it is determined that the ability of the at least one fifth electronic device to protect the decryption credential does not meet the requirements for decrypting the data, then the data decryption is not permitted.

6. The method according to claim 2, characterized in that, The operation of encrypting the data in response to a user instruction to acquire the plurality of second electronic devices includes: In response to a user instruction to encrypt the data via a nearby device, the plurality of nearby second electronic devices are retrieved; The plurality of second electronic devices are used as devices for decrypting the data.

7. The method according to claim 2, characterized in that, The operation of encrypting the data in response to a user instruction to acquire the plurality of second electronic devices includes: In response to a user instruction to encrypt the data, acquire multiple nearby devices; Display device selection interface; Based on the user's operation on the device selection interface, the multiple second electronic devices selected by the user from the multiple devices are obtained.

8. The method according to claim 2, characterized in that, The operation of encrypting the data in response to a user instruction to acquire the plurality of second electronic devices includes: In response to a user instruction to encrypt the data, a first interface is displayed, the first interface being used to receive information input by the user related to the second electronic device; The information input by the user is obtained on the first interface to determine the plurality of second electronic devices.

9. The method according to any one of claims 1-8, characterized in that, The ability of the second electronic device to protect decryption credentials is related to any of the following information about the second electronic device: device type, device security capabilities, device security status, and user account information in the device.

10. The method according to claim 9, characterized in that, When the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, the data is decrypted using the decryption certificate sent by the target electronic device, including: At the first moment, the target electronic device is in a normal security state, and the data is decrypted using the decryption certificate sent by the target electronic device; The method further includes: At the second moment, the target electronic device includes devices with abnormal security status, which do not allow the data to be decrypted using decryption credentials sent by the target electronic device.

11. The method according to claim 10, characterized in that, The security anomaly includes: the device being unlocked or under attack.

12. The method according to claim 3, characterized in that, The ability of the second electronic device to protect decryption credentials is related to the user account information within the second electronic device; When the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, the data is decrypted using the decryption certificate sent by the target electronic device, including: The data is decrypted using the user account information in the third electronic device and the decryption credentials sent by the third electronic device.

13. The method according to claim 12, characterized in that, The target electronic device includes a sixth electronic device, the account in the third electronic device is the first account, and the account in the sixth electronic device is the second account. The step of decrypting the data using the decryption certificate sent by the target electronic device, provided that the target electronic device's ability to protect the decryption certificate meets the requirements for decrypting the data, includes: The first account and the second account are a preset account combination, and the data is decrypted using the decryption credentials sent by the target electronic device.

14. The method according to any one of claims 1-13, characterized in that, The method further includes: If the target electronic device's ability to protect decryption credentials does not meet the requirements for decrypting the data, a prompt message is displayed to inform the user that the data decryption has failed.

15. An electronic device, characterized in that, include: A processor and a memory, the memory being coupled to the processor, the memory being used to store computer program code, the computer program code including computer instructions, which, when the processor reads the computer instructions from the memory, cause the electronic device to perform the method as described in any one of claims 1-14.

16. A computer-readable storage medium, characterized in that, The computer-readable storage medium includes a computer program that, when run on an electronic device, causes the electronic device to perform the method as described in any one of claims 1-14.

17. A computer program product, characterized in that, When the computer program product is run on a computer, it causes the computer to perform the method as described in any one of claims 1-14.