Display data trusted screen projection method and system based on fingerprint encryption channel
By generating a comprehensive trust state and dynamic encryption key, combined with environmental state information, the problem of the lack of persistence in the authentication mechanism and the inability to differentiate encryption strategies in screen projection technology is solved. This achieves high credibility of screen projection operation and deep coupling of security strategy, thereby improving screen projection security and resource utilization.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHENZHEN TIANJINGSHA TECHNOLOGY CO LTD
- Filing Date
- 2026-04-07
- Publication Date
- 2026-07-10
AI Technical Summary
Existing screen mirroring technologies suffer from security vulnerabilities such as a lack of continuous verification in authentication mechanisms, an inability to differentiate encryption strategies for content protection, and a separation between security mechanisms and content. These issues result in low resource utilization and insufficient protection of critical information.
By acquiring device hardware characteristics and user biometrics, a comprehensive trust status is generated, the sensitivity of screen display content is identified, an encryption key is constructed by combining environmental status information, a trusted projection data packet is dynamically generated, and corresponding secure display policies are executed at the receiving end.
It achieves dynamic device-person-intent authentication, improves the credibility of screen projection operations, realizes deep coupling between security policies and content, enhances the protection of high-value data, reduces system resource consumption, and effectively resists complex security threats.
Smart Images

Figure CN122365610A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of computer communication technology, and specifically to a method and system for trusted projection of display data based on a fingerprint-encrypted channel. Background Technology
[0002] Screen mirroring, also known as wireless display or screen mirroring technology, is a technology that allows users to wirelessly transmit the screen content of a smartphone, tablet, or computer to another display device (such as a TV or projector) in real time. This technology plays an increasingly important role in modern office, education, and home entertainment scenarios. It relies on a local area network to establish a data communication link between the sending and receiving ends, transmitting screen image data in the form of streaming media.
[0003] Currently, mainstream screen mirroring technologies primarily focus their security mechanisms on device authentication during the connection establishment phase and encryption of the transmission channel. Typically, devices communicate via... The system verifies the other party's identity using a code, password, or certificate-based authentication method. After the connection is established, it will use methods such as... Access protection protocols or transport layer security protocols encrypt the entire data transmission channel to prevent data from being eavesdropped on during transmission.
[0004] However, existing technical solutions have room for improvement in security protection. First, their authentication mechanisms are usually one-time applications. After the screen-sharing session is established, there is a lack of continuous verification of the operator's identity and device environment, making it unable to cope with the risk of user changes or devices being moved to insecure environments. Second, their encryption strategies are uniform and static, applying the same level of protection to all screen-sharing content indiscriminately. This fails to provide differentiated and refined security control based on the sensitivity of the content itself, resulting in lower resource utilization or insufficient protection of critical information. Finally, their security mechanisms are separate from the screen-sharing content itself, only protecting the transmission "pipeline" without ensuring that the content flowing through the "pipeline" is not illegally intercepted or misused at the display end. Summary of the Invention
[0005] In view of this, in order to solve the problems mentioned in the background technology, a reliable projection method and system for display data based on fingerprint encryption channel is proposed.
[0006] The objective of this invention can be achieved through the following technical solution: The first aspect of this invention provides a trusted projection method for display data based on a fingerprint encryption channel, comprising: S1, acquiring local device hardware features and user biometric features at the sending end, fusing them to generate a first comprehensive trust state, and calculating a digest value of the first comprehensive trust state.
[0007] S2. Identify the screen display content to be projected and generate a content sensitivity label based on the user permission information contained in the first comprehensive trust state.
[0008] S3. Obtain the current environment status information of the sending end, and combine the digest value of the first comprehensive trust state with the content sensitivity label to construct the environment-bound security payload.
[0009] S4. Based on the digest value and content sensitivity tag of the first comprehensive trust state, dynamically generate the encryption key for the current session.
[0010] S5. Use the encryption key to encrypt and encapsulate the screen display content and environmental status information, and use the encryption key to sign the environment-bound security payload to obtain a trusted screen projection data packet.
[0011] S6. Send the trusted projection data packet to the projection receiver so that the projection receiver can execute the security display policy corresponding to the content sensitivity label based on the trusted projection data packet.
[0012] The second aspect of the present invention provides a trusted projection system for display data based on a fingerprint encryption channel, comprising: a comprehensive trust state fusion module, which acquires the device hardware features and user biometric features local to the sending end, fuses them to generate a first comprehensive trust state, and calculates a digest value of the first comprehensive trust state.
[0013] The content sensitivity tag generation module identifies the screen display content to be projected and generates content sensitivity tags based on the user permission information contained in the first comprehensive trust state.
[0014] The environmental security payload construction module obtains the current environmental status information of the sending end, and combines the digest value of the first comprehensive trust state with the content sensitivity tag to construct the environmental binding security payload.
[0015] The encryption key generation module dynamically generates the encryption key for the current session based on the digest value of the first comprehensive trust state and the content sensitivity tag.
[0016] The trusted projection data packet acquisition module uses an encryption key to encrypt and encapsulate the screen display content and environmental status information, and uses the encryption key to sign the environment-bound security payload to obtain a trusted projection data packet.
[0017] The secure display policy execution module sends trusted projection data packets to the projection receiving end, so that the projection receiving end executes the secure display policy corresponding to the content sensitivity label based on the trusted projection data packets.
[0018] Compared with the prior art, the embodiments of the present invention have at least the following advantages or beneficial effects: (1) By constructing a multidimensional root of trust, the present invention upgrades static device authentication to dynamic “device-person-intent” three-in-one context authentication, thereby improving the credibility of legitimate devices under specific users and intents from the source. Compared with traditional single-point authentication, it enhances the credibility of the screen projection initiator’s identity and the legitimacy of the operation.
[0019] This invention achieves deep coupling and adaptive adjustment between security policies and business content. By sensing the sensitivity level of the projected content in real time and dynamically adjusting the strength of the encryption key and the display strategy at the receiving end accordingly, it achieves key protection for high-value data and lightweight processing for ordinary data, which helps reduce system resource consumption and improves the smoothness and response speed of high-definition projection.
[0020] This invention constructs a spatiotemporal trusted chain that spans the entire lifecycle of screen projection by binding real-time environmental information to each frame of data, extending security protection capabilities from the traditional transmission channel to the physical environment level. This enables the system to effectively resist complex security threats such as session hijacking, replay attacks, and environment switching, forming an intrinsic security system with defense-in-depth capabilities that can proactively perceive and respond to dynamic risks. Attached Figure Description
[0021] To more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0022] Figure 1 This is a schematic diagram of the method steps of the present invention.
[0023] Figure 2 This is a schematic diagram of the system structure connection of the present invention. Detailed Implementation
[0024] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0025] Please see Figure 1 The first aspect of the present invention provides a method for trusted projection of display data based on a fingerprint encryption channel, comprising: S1, acquiring local device hardware features and user biometric features at the sending end, fusing them to generate a first comprehensive trust state, and calculating a digest value of the first comprehensive trust state.
[0026] In a specific embodiment of the present invention, the process of acquiring local device hardware features and user biometric features at the sending end, fusing them to generate a first comprehensive trust state, and calculating a digest value of the first comprehensive trust state includes: collecting unique identification data of the sending end hardware components to form device hardware features.
[0027] Acquire user biometrics in real time via biosensors at the sending end.
[0028] The device hardware characteristics, user biometric characteristics, and content metadata of this screen projection task are cryptographically fused and calculated to generate the first comprehensive trust state.
[0029] Specifically, the engineering objective is to construct multi-dimensional, dynamic trust credentials strongly bound to the current operational context for subsequent security decisions and key generation. This process ensures the uniqueness and non-repudiation of the trust state by irreversibly encrypting and fusing information from three dimensions: physical device, operator, and task intent.
[0030] First, the system generates a device fingerprint, the engineering purpose of which is to establish a stable and difficult-to-forge unique identifier for the screen-projection sending hardware. This step collects a set of pre-defined unique identification data for hardware components by calling the underlying hardware abstraction layer interface. This data typically includes the CPU serial number, the motherboard asset tag, the public key portion of the endorsement key certificate generated by the trusted platform module, and the media access control address of the physical network interface. The system serializes and concatenates the collected identification data to form the original hardware information string, and then applies a deterministic cryptographic hash algorithm, such as a secure hash algorithm. The string is then processed. The result is a hash value of fixed length (e.g., 256 bits), which is defined as the device fingerprint feature of this operation.
[0031] Next, the system acquires the user's biometrics. Its engineering purpose is to verify the legitimate identity of the current physical device operator in real time, preventing unauthorized use of the device. Triggered by a user's screen mirroring request, the system activates a designated biometric sensor, such as a fingerprint reader or facial recognition camera integrated into the device. The sensor collects raw biometric data, such as fingerprint or facial images. Subsequently, the system's internal biometric engine processes the raw data, extracting key feature points or feature vectors for comparison, forming a standardized user biometric template. Compared to the raw data, the user biometric template is smaller and does not contain private information; this template is the user's biometric signature.
[0032] Finally, the system performs a fusion calculation of the trust state, the engineering goal of which is to integrate the aforementioned independent device, personnel, and task information into a single, high-information-entropy comprehensive credential. This step integrates the previously generated device fingerprint features, the acquired user biometric features, and a preset content metadata for this screen-sharing task. The content metadata is context information loaded during the initialization of the screen-sharing task, such as the name of the application initiating the screen-sharing and the target receiving device to be connected. Etc. The fused computing employs an encrypted binding method, which can be implemented using the following formula: in, This represents the final generated first overall trust state. This represents a cryptographic hash function that is consistent with the function used to generate device fingerprint features. Represents the fingerprint characteristics of a device. Represents the user's biometric characteristics. This represents the metadata for this screen sharing task. (Symbol) This indicates a data concatenation operation, which is... The data is concatenated into a longer string in a predetermined order. The engineering explanation for this formula is that by hashing the concatenated string of information from the three core trust dimensions, it ensures that even a small change in any dimension will lead to a massive, avalanche-like difference in the final generated first comprehensive trust state, thus achieving a strong binding of the three pieces of information. This first comprehensive trust state will serve as the root input for all subsequent security operations.
[0033] S2. Identify the screen display content to be projected and generate a content sensitivity label based on the user permission information contained in the first comprehensive trust state.
[0034] In a specific embodiment of the present invention, identifying the screen display content to be projected and generating a content sensitivity label based on the user permission information contained in the first comprehensive trust state includes: performing image analysis and application window information parsing on the screen display content to extract content features.
[0035] The content features are matched with a sensitive content feature library that stores the correspondence between sensitive features and levels to determine the initial sensitivity level.
[0036] Based on the user permission information contained in the first comprehensive trust state, the initial sensitivity level is adjudicated and adjusted to generate the final content sensitivity label.
[0037] Specifically, the project aims to perform real-time value assessment and classification of the visual data stream to be projected onto the screen, thereby providing a basis for decision-making regarding subsequent differentiated security strategies. This process transforms screen content from a set of undifferentiated pixels into information units with clearly defined security level attributes.
[0038] First, the system performs content feature extraction, the engineering goal of which is to parse structured information that can be understood by the machine from the raw screen image. This step is triggered once at fixed time intervals (e.g., every 100 to 500 milliseconds). The system acquires the current complete screen display content, i.e., a bitmap image frame, through the screen capture interface provided by the operating system. Subsequently, the system concurrently executes two analysis paths. The first is the image analysis path, which uses a lightweight computer vision model to perform object detection and optical character recognition on the bitmap image. In engineering terms, this can identify whether the image contains specific... Elements (such as a "password" input box), charts, or document watermarks. The second method involves parsing the application window information path by querying the operating system's window manager. This retrieves metadata about the currently active or foreground window, including the window title, process name, and application category. The analysis results from these two paths, such as identified keywords, Element identifiers, application names, etc., together form the original set of content features.
[0039] Next, the system determines the initial sensitivity level. Its engineering purpose is to map unstructured content features to predefined, quantified security levels. The system maintains a pre-defined sensitive content feature library, which is a multi-level mapping table that associates specific content features with basic sensitivity scores (e.g., 1 to 10). For example, the keyword "financial statement" might correspond to a score of 8, while detecting a "for internal use" watermark would correspond to a score of 9. The system matches the extracted set of content features against this library one by one, accumulating the basic sensitivity scores of all matches to obtain an initial sensitivity score. Then, based on a pre-defined score threshold range, the system maps this score to an initial sensitivity level, such as "public," "internal," or "confidential."
[0040] In one specific embodiment of the present invention, the preset sensitive content feature library may include, but is not limited to: a list of keywords for matching specific document types (such as "contract", "confidential", "financial"); a set of regular expression rules for identifying personal identification information (such as patterns for matching ID card numbers, mobile phone numbers, or bank card numbers); and a set of pre-calculated rules for identifying watermarks or specific information in company internal documents. The image hash value of the element.
[0041] In one specific embodiment of the present invention, to achieve a precise mapping from quantitative scoring to qualitative security levels, the quantitative range of the comprehensive content sensitivity score can be set to 0 to 10. Based on this, the system presets the following threshold ranges: when the comprehensive score is in the range [0, 2], the initial sensitivity level is determined to be "public," which typically corresponds to regular web browsing or general application interfaces that do not detect any sensitive features; when the score is in the range [3, 7], the level is determined to be "internal," which generally indicates that the content contains some routine work information, internal emails, or project discussions, with certain confidentiality requirements but not core secrets; when the score reaches or exceeds 8 points, i.e., is in the range [8, 10], the level is determined to be "confidential," indicating that the system has identified high-value keywords such as "financial statements" and "intellectual property," or matched key data patterns such as personal identification information and core source code, requiring the activation of the highest level of security protection strategy.
[0042] Finally, the system generates the final content sensitivity label. Its purpose is to refine the initially determined sensitivity level by considering the operator's permission context, thereby achieving more precise risk control. The system parses verified user permission information from the previously generated first comprehensive trust state. This permission information defines the highest sensitivity level of data the user is authorized to process. The system compares the initial sensitivity level with the user's permission level. If the initial sensitivity level is higher than the user's permission level, it indicates a risk of unauthorized operation, and the system will forcibly set the final content sensitivity label to the user's highest permission level, potentially triggering an alarm. If it is not higher, the initial sensitivity level is directly adopted as the final content sensitivity label. This final generated content sensitivity label will serve as a core input parameter for dynamically adjusting encryption strength and receiver display strategies.
[0043] In one specific embodiment of the present invention, the rule for adjudication adjustment can be set to take the lower of the initial sensitivity level and the user permission level as the final content sensitivity label.
[0044] S3. Obtain the current environment status information of the sending end, and combine the digest value of the first comprehensive trust state with the content sensitivity label to construct the environment-bound security payload.
[0045] In a specific embodiment of the present invention, the current environmental state information of the sending end is obtained, and the digest value of the first comprehensive trust state and the content sensitivity tag are combined to construct the environment-bound security payload, including: collecting the real-time geographical location information, network connection attributes and timestamp information of the sending end, and combining them to form environmental state information.
[0046] The environmental status information, the summary value of the first comprehensive trust status, and the content sensitivity tag are concatenated.
[0047] Perform a hash operation on the concatenated data to generate an environment-bound security payload.
[0048] Specifically, the project aims to create immutable digital evidence proving the spatiotemporal context of the data sent for each frame to be projected. This evidence will be transmitted along with the data content itself, enabling the receiving end to verify not only the source of the data but also the legitimate environment in which it was generated.
[0049] First, the system collects and combines environmental status information. Its engineering purpose is to capture a snapshot of the physical and logical environment at the moment of data transmission from the sending end. This step is triggered before each batch of projected data is encapsulated. The system concurrently acquires three types of data by calling the underlying service interfaces of the operating system. One is real-time geographic location information obtained through location services, which may originate from the Global Positioning System (GPS) outdoors. Coordinates, when used indoors, may originate from... The first is the triangulation result of the access point or Bluetooth beacon. The second is the network connection attributes, including the identifier of the currently connected wireless network service set. Equipment The address subnet and network type (whether it's a trusted corporate network or a public network) are important. Thirdly, high-precision timestamp information, typically derived from network time protocols, is crucial. The system clock is synchronized with the server. The system serializes these three types of information according to a predefined format to form structured environmental status information data blocks.
[0050] Next, the system performs a multi-dimensional information concatenation operation. The engineering purpose of this operation is to aggregate independent contextual information into a single data entity, preparing for subsequent encryption processing. The system obtains the previously generated environment state information and reads the digest value of the generated first comprehensive trust state from memory. Engineeringly, using the digest value instead of the complete first comprehensive trust state is to improve efficiency and avoid leaking original identity information. Simultaneously, the system obtains the content sensitivity tag corresponding to the current batch of data. Subsequently, the system concatenates these three data entities at the byte-stream level according to a fixed order: "Environment State Information - First Comprehensive Trust State Digest Value - Content Sensitivity Tag," forming a temporary concatenated data string.
[0051] Finally, the system performs a hash operation to generate the final context-bound security payload. The engineering purpose of this step is to cryptographically compress and solidify the concatenated context information, generating a fixed-length, collision-resistant, and irreversible digital fingerprint. This step is crucial for ensuring the integrity of the contextual evidence. The system employs a strong hash algorithm, such as a secure hash algorithm. The concatenated data string generated in the previous step is then processed. This process can be represented by the following formula: in, This represents the final generated environment-bound security payload. This indicates the selected strong hash function. This represents the serialized environment state information. The summary value representing the first overall trust state. This represents a content sensitivity label. (Symbol) This represents a byte stream concatenation operation. The engineering explanation of this formula is that it deeply binds the sender's environment, identity, and content intent through hash operations; any slight change in the source information will result in... The values are completely different. This environment-bound security payload will be embedded into the trusted projection data packet, serving as a key basis for the receiving end to perform environment consistency verification and risk assessment.
[0052] S4. Based on the digest value and content sensitivity label of the first comprehensive trust state, dynamically generate the encryption key for the current session.
[0053] In a specific embodiment of the present invention, the encryption key for the current session is dynamically generated based on the digest value of the first comprehensive trust state and the content sensitivity label, including: selecting a target key derivation algorithm from an algorithm set that stores multiple key derivation algorithms according to the content sensitivity label.
[0054] The first comprehensive trust state is used as a random seed to input the target key derivation algorithm.
[0055] By combining the temporary interaction parameters negotiated with the screen-projection receiving end, an encryption key is generated through the target key derivation algorithm.
[0056] Specifically, the project aims to create one-time session keys with matching strength for screen-projected content of varying sensitivity, thereby optimizing system performance overhead while ensuring security and achieving refined allocation of security resources.
[0057] First, the system selects the target key derivation algorithm. The engineering purpose of this selection is to determine the complexity and security level of the computational method used to generate the key based on the value of the data content. Before encapsulating each frame or batch of data, the system obtains the current content sensitivity tag generated by the content-aware module. Internally, the system maintains a preset key derivation algorithm strategy table, which maps each content sensitivity tag (such as "public," "internal," or "confidential") to a specific key derivation function. In engineering practice, for content at the "public" level, algorithms with lower computational overhead, such as hash-based message authentication codes, might be chosen. Extraction and expansion key derivation functions ( A simplified version of () is used; for "classified" content, a more computationally intensive and attack-resistant algorithm is chosen, such as one based on or The system uses a key derivation function. Based on the current content sensitivity tag, the system queries this policy table to determine the target key derivation algorithm used for this key generation.
[0058] Next, the system uses the first comprehensive trust state as a random seed input to the selected algorithm. Its engineering purpose is to strongly bind the key generation process to the operator's identity and device hardware, ensuring the uniqueness and unforgeability of the key. The system reads the first comprehensive trust state, generated during the session initialization phase, representing the current legitimate context, from memory. This trust state, due to its integration of device, user, and task information, inherently possesses high entropy and randomness. The system uses this as the core input—the "salt" or "master key" parameter in the key derivation function—and feeds it into the target key derivation algorithm selected in the previous step.
[0059] Finally, the system calculates and generates the final encryption key based on the interaction parameters. Its engineering purpose is to introduce session dynamism and forward security, ensuring that even if the root trust state remains unchanged, the keys generated at different points in time will be different. In this step, the system also introduces a mechanism for communication with the screen-sharing receiver during session establishment. Temporary interaction parameters negotiated through a key exchange protocol; these parameters are typically a shared key or session key. This interaction parameter serves as another input to the key derivation function, namely the "information" or "context" parameter. The target key derivation algorithm takes the first comprehensive trust state and the temporary interaction parameter as input, performs a series of internal cryptographic operations (such as hashing, obfuscation, and expansion), and finally outputs a binary string of a specified length (e.g., 128 bits or 256 bits). This binary string is the dedicated encryption key for this data encapsulation, and its generation process can be abstracted as the following formula: in, This represents the final generated encryption key. This represents the algorithm derived from the target key selected in the previous step based on the content sensitivity tag. This represents the first overall trust state, which serves as a random seed. This represents temporary interaction parameters negotiated with the receiving end. This encryption key will be immediately used in subsequent encryption and encapsulation operations of the screen display content and environment-bound secure payload.
[0060] In one specific embodiment of the present invention, temporary interaction parameters can be securely established using an asymmetric encryption method (such as a key exchange algorithm) employed during the initial pairing of devices. Alternatively, at the start of each screen-sharing session, a session key can be derived by generating a random number at the sending end and synchronizing it via an out-of-band channel (e.g., displaying a QR code for the receiving end to scan).
[0061] S5. Use the encryption key to encrypt and encapsulate the screen display content and environmental status information, and use the encryption key to sign the environment-bound security payload to obtain a trusted screen projection data packet.
[0062] In a specific embodiment of the present invention, the screen display content and environmental status information are encrypted and encapsulated using an encryption key, and the environment-bound security payload is signed using an encryption key to obtain a trusted projection data packet, including: encrypting the screen display content and environmental status information using an encryption key to obtain encrypted display data and encrypted environment data.
[0063] The message authentication code is calculated using the encryption key on the environment-bound security payload to obtain the payload signature.
[0064] Encrypted display data, encrypted environment data, payload signature, and unencrypted content sensitivity tags are packaged together to form a trusted projection data package.
[0065] Specifically, the engineering objective is to construct structured, self-contained secure data units, namely "trusted projection data packets." These data packets not only protect the confidentiality of the projection content but also provide strong verification capabilities regarding the data source, integrity, and context.
[0066] First, the system encrypts the screen display content to prevent eavesdropping and leakage of the projected data during transmission. The system obtains the current screen display content to be sent, typically represented as a single frame of raw bitmap data. Simultaneously, the system retrieves the encryption key generated in the previous process, matching the sensitivity of the current content. Subsequently, the system employs a symmetric encryption algorithm, such as the Advanced Encryption Standard (AES). It operates in a system with authentication and encryption ( In modes with characteristics such as Galois counter mode ( The encryption key is used to perform encryption operations on the original bitmap data, and the output of the operation is the encrypted display data. The engineering advantage of this model lies in its ability to generate encryption and integrity authentication tags simultaneously in a single operation, resulting in high efficiency.
[0067] Next, the system performs a digital signature on the context-bound security payload, engineered to attach non-repudiable proof of origin and integrity guarantees to the contextual evidence. The system obtains the constructed context-bound security payload, which is a hash value representing the spatiotemporal context of the transmission. The system uses the same encryption key and a hash-based message authentication code. The algorithm calculates the safety load bound to the environment. The engineering explanation of the algorithm is that it uses a key to perform a special hash operation on the data, ensuring that only the recipient holding the same key can verify its correctness. The result of this calculation is the payload signature. This process can be represented as: in, This represents the generated payload signature. This represents the selected message authentication code function. The encryption key representing the current session. This represents an environment-bound secure payload. This payload signature ensures that the environment-bound secure payload itself has not been tampered with during transmission and that it was indeed generated by the legitimate sender holding the key.
[0068] Finally, the system performs a data packaging operation, the engineering goal of which is to integrate the various processed components into a single data structure that is easy to transmit over the network. The system creates a new data packet structure and fills in the encrypted display data and payload signature generated in the previous step according to a predetermined format. In addition, in order to enable the receiving end to know how to process the data packet without decryption, the system also adds an unencrypted content sensitivity tag as a header field of the data packet. These three parts of data—encrypted display data, payload signature, and content sensitivity tag—together constitute the final trusted projection data packet. This data packet will be passed to the network sending module and sent to the projection receiving end via a wireless or wired channel.
[0069] S6. Send the trusted projection data packet to the projection receiver so that the projection receiver can execute the security display policy corresponding to the content sensitivity label based on the trusted projection data packet.
[0070] In a specific embodiment of the present invention, a trusted screen projection data packet is sent to the screen projection receiving end so that the screen projection receiving end executes a secure display strategy corresponding to the content sensitivity label based on the trusted screen projection data packet, including: periodically updating the user's biometric features and environmental status information during the duration of the screen projection session.
[0071] Based on the updated information, the steps of generating a new first integrated trust state and binding the security payload to the environment are repeated.
[0072] The new environment-bound security payload is used to encapsulate the subsequent screen display content, enabling dynamic trust renewal and security context updates during the screen projection session.
[0073] Specifically, the engineering goal is to transform session security from a one-time static authentication to a continuous, dynamic verification process in order to address the risks of identity and environment changes that may occur during long-term screen sharing sessions.
[0074] First, the system periodically updates user biometrics and environmental status information. This is engineered to periodically refresh key dynamic parameters that constitute the security context, ensuring real-time trust assessment. After the screen-sharing session begins, the sending system starts a timer with a period set within a reasonable range, such as 15 to 60 seconds. Specifically, it re-requests biometric verification from the user, for example, through a brief, silent camera facial snapshot comparison or fingerprint sensor touch, to obtain the latest user biometrics. Simultaneously, it re-calls the system interface to obtain the latest environmental status information, including geographical location and network connection attributes.
[0075] Next, the system repeatedly generates new trust states and security payloads based on the updated information. Its engineering purpose is to solidify the latest identity and environment snapshots into new security credentials. The system uses fixed device fingerprint features, the latest user biometrics, and the content metadata of the current task to generate a new first comprehensive trust state through hash operations. Simultaneously, the system concatenates and hashes the latest environment state information, the digest value of the newly generated first comprehensive trust state, and the content sensitivity tags of the current content screen to construct a new environment-bound security payload.
[0076] Finally, the system encapsulates subsequent screen display content with a new security payload. The engineering goal is to seamlessly apply the updated trust state to subsequent data transmission, achieving a smooth transition of the trust chain. Starting from the next data encapsulation cycle, the system will no longer use the old environment-bound security payload when performing encryption encapsulation; instead, it will switch to the newly generated environment-bound security payload from the previous step. This means that subsequently sent trusted projection data packets will carry digital evidence reflecting the latest context. The receiving end will also naturally begin using this new security baseline for comparison during decoding and verification. This process is continuously looped, ensuring that the sender's identity legitimacy and environmental security are continuously monitored and verified throughout the projection session. Any anomalies, such as user departure or device being moved to an insecure network, will be detected in the next update cycle and trigger the receiving end's security response strategy.
[0077] In a specific embodiment of the present invention, the method further includes: after receiving a trusted projection data packet, the projection receiving end decrypts and obtains the environment-bound security payload and the screen display content.
[0078] The environmental state information contained in the environment-bound security payload is extracted and compared with the environmental state perceived locally by the receiver to obtain an environmental deviation score.
[0079] If the environmental deviation score exceeds the tolerance threshold determined by the content sensitivity label, a dynamic display control instruction is generated.
[0080] The screen content is rendered safely according to the dynamic display control instructions before being displayed.
[0081] In one specific embodiment of the present invention, the environmental deviation score can be calculated using the following non-limiting formula: in, , , These are preset weighting coefficients, and their sum is 1; The Euclidean distance between the geographical locations of the sending and receiving ends; It is a normalization function, when The value is 0 when the distance is less than a preset threshold (e.g., 10 meters), otherwise it is zero. It increases and approaches 1; and For Boolean functions, when or The formula returns 0 if the subnet matches and 1 if it doesn't. This formula quantifies environmental changes across different dimensions into a unified risk score.
[0082] In one specific embodiment of the present invention, the normalization function Specifically, it is a piecewise exponential saturation function. Its core function is to account for geographical distance deviations in the physical world. This is converted into a standardized, dimensionless risk score ranging between [0,1]. The function is designed as a two-stage function: the first stage considers the distance between devices... When the distance is less than a preset safety threshold (e.g., 10 meters), the function value remains constant at 0, indicating that the system tolerates normal movement within a trusted physical range and does not consider it a risk. In the second stage, once the distance d exceeds this threshold, the function value begins to increase non-linearly, typically in the form of... As the distance d increases further, the function value rises rapidly and approaches the saturation value of 1. This design precisely transforms the safety strategy—"small-scale movement is risk-free, while long-distance deviations increase risk dramatically until the maximum"—into a computable mathematical model.
[0083] Boolean functions and In essence, they are binary environment matching detection functions. Their core function is to perform a simple "yes / no" judgment: matching the current device's network environment characteristics (such as...) The function compares the network name (SSID and IP subnet) with a pre-defined trusted benchmark. If the current environment matches the benchmark perfectly, the function returns 0, representing "no deviation, trusted environment"; if it does not match, it returns 1 as a risk indicator that the environment has deviated. These two functions simplify complex network state information into a 0 or 1 digital signal that can be directly used for weighted calculations to represent the presence or absence of risk. In one specific embodiment of the present invention, network connectivity attribute weights are... Set it to 0.5 to adjust the subnet weight of the network address. Set it to 0.3, and set the geographic location weight. Set to 0.2. This assignment strategy aims to prioritize the stability and reliability of the logical network environment, because the wireless network service set identifier ( This is used to distinguish between trusted networks (such as a company intranet) and untrusted networks (such as public networks). The most direct basis is that any change to it should be considered a high-priority security event. Subnets, as a further confirmation of network topology, are of secondary importance. While geographic location information can effectively prevent devices from being physically moved to unsafe areas, it is given relatively low weight and is used as an auxiliary security verification dimension due to potential accuracy deviations in indoor positioning.
[0084] In one specific embodiment of the present invention, the tolerance threshold for "public" level content can be set to a relatively high value, such as 0.8. This means that the system will only intervene when there are drastic, multi-dimensional changes in the environment, thereby maximizing the convenience of user operation while ensuring basic connection security.
[0085] For content at the "internal" level, the tolerance threshold should be set to a moderate value, such as 0.4. This threshold setting takes into account a key scenario: when the projection device switches from a trusted corporate intranet to an unknown network, only... The bias score contributed by the weight (set to 0.5) is sufficient to exceed this threshold, thereby immediately triggering security controls and effectively preventing internal data from being exposed in an insecure network.
[0086] For "Confidential" content, the tolerance threshold must be set to an extremely low value, such as 0.1. This near-zero tolerance strategy ensures that any perceptible deviation from the environmental state, even a slight movement of the least important geographical location, will immediately trigger the highest level of display control commands, providing the most stringent scene protection for core sensitive data.
[0087] Specifically, the project aims to dynamically and context-awarely assess and adaptively render the projected content based on the received multi-dimensional trust information, extending security protection from the transmission link to the final display stage.
[0088] First, the receiving end performs data decryption and information extraction. The engineering goal is to securely recover the original content and additional contextual evidence from the received data stream. When the receiving end's network interface receives a trusted screen-sharing data packet, the data processing module first uses the encryption key negotiated during the session establishment phase to decrypt the data packet. After successful decryption, the system separates two core data components: the environment-bound security payload and the original screen display content before encryption.
[0089] Next, the system performs an environmental state comparison and evaluation. Its engineering purpose is to verify the consistency between the claimed environment of the sender and the actual environment perceived by the receiver, in order to detect potential environmental spoofing or session hijacking attacks. The receiver collects its own local environmental state in parallel, using the same method as the sender in generating the environmental state information. Subsequently, the system extracts the environmental state information contained in the decrypted environment-bound security payload and compares it with the locally perceived environmental state in multiple dimensions. The comparison includes, but is not limited to, whether the network subnet is consistent and whether the Euclidean distance of the geographical location is within a safe radius (e.g., less than 100 meters). The system calculates the difference values for each dimension and performs a weighted sum according to preset weights to obtain a comprehensive environmental deviation score.
[0090] Then, the system generates dynamic display control instructions. Its engineering purpose is to transform the quantified environmental risk assessment results into specific, executable display control actions. The system compares the environmental deviation score calculated in the previous step with a preset tolerance threshold. If the score is below the tolerance threshold, the environment is considered trustworthy, and no additional control instructions are generated. If the score exceeds the tolerance threshold, it indicates a significant environmental anomaly. At this point, the system queries a preset security policy library. The security policy library is a rule engine that defines the display strategies to be executed under different deviation score ranges and different combinations of content sensitivity tags. For example, the rule might be defined as follows: when the deviation score is in the medium-risk range and the content is "confidential," the generated dynamic display control instruction is "overlay a digital watermark with 70% transparency"; when the deviation score is in the high-risk range, the instruction is "completely blur the display" or "interrupt the projection." "Conversation".
[0091] Finally, the system performs secure rendering, an engineering goal aimed at materializing abstract control commands into visual effects visible to the end user. The display rendering engine receives the decrypted screen content and any dynamically generated display control commands. Based on these commands, the rendering engine performs appropriate graphics processing on the screen content before drawing it to the display buffer, such as calling watermark generation functions or applying Gaussian blur filters. After processing, the final, securely adjusted image is sent to the display for presentation. If no control commands are received, the original screen content is rendered directly.
[0092] The screen content is rendered safely according to the dynamic display control instructions before being displayed.
[0093] In a specific embodiment of the present invention, the screen display content is displayed after being securely rendered according to the dynamic display control command, including: the screen projection receiver decrypts the encrypted display data using the same encryption key as the sender, and verifies the payload signature.
[0094] After successful verification, a strategy library that defines the display effect is queried based on the content sensitivity tag to obtain the visual safety identifier parameters.
[0095] The screen display content is then overlaid with the corresponding visual security identifier according to the visual security identifier parameters before being output and displayed.
[0096] Specifically, the engineering objective is to verify the credibility of received trusted projection data packets and, based on their inherent security attributes, present the content to the user in a way that both conveys information and complies with security policies.
[0097] First, the receiving end performs decryption and signature verification to confirm the confidentiality, integrity, and authenticity of the data packet. Upon receiving a trusted projection data packet, the receiving end's network processing module first parses out three components: encrypted display data, payload signature, and content sensitivity tag. Then, the system uses the encryption key negotiated and synchronized with the sender during session establishment to decrypt the encrypted display data, restoring the original screen display content. Simultaneously, the system uses the same encryption key and environment-bound security payload (obtained during data packet decryption) to recalculate the local... The signature value is then calculated locally and compared bit by bit with the payload signature carried in the data packet. If they match perfectly, the verification passes, indicating that the data has not been tampered with and comes from a legitimate source; if they do not match, the data packet is immediately discarded and a security alert is triggered.
[0098] Next, the system executes a query for display effect strategies. The purpose of this process is to determine an appropriate visual presentation scheme based on the sensitivity level of the data content. After successful signature verification, the system extracts the content sensitivity tags carried in plaintext within the data packet. The system internally maintains a preset display effect strategy table, which maps each content sensitivity tag to a specific set of visual security identifier parameters. In practice, these parameters may include the content of the watermark text (e.g., "Confidential Document - Internal View Only"), the font, size, color, and transparency of the watermark (e.g., ...). The value is between 0.1 and 0.3), and the repetition density on the screen. For example, the "internal" level might correspond to a semi-transparent company. Watermarks, while the "Top Secret" level may correspond to a full-screen image containing the user's information. Diagonal grid watermark with timestamp.
[0099] Finally, the system executes the output display of the overlaid visual security identifier. The engineering purpose of this process is to materialize the abstract display strategy into concrete pixel-level operations, adding a perceptible security context to the final displayed content. The receiving end's graphics rendering engine obtains the decrypted screen display content and the visual security identifier parameters retrieved in the previous step. Before drawing the screen content onto the final display frame buffer, the rendering engine calls graphics library functions to dynamically generate the corresponding watermark layer based on the parameters, and overlays it onto the screen display content with specified transparency and layout. After the overlay operation is complete, this composite image containing the visual security identifier is sent to the display controller and finally displayed on the physical screen. This process ensures that even if a user leaks screen content through methods such as taking a photo, the leaked image will contain source and sensitivity information, thus serving as a deterrent and tracing mechanism.
[0100] Please see Figure 2 The second aspect of the present invention provides a trusted projection system for display data based on a fingerprint encryption channel, comprising: a comprehensive trust state fusion module, a content sensitivity tag generation module, an environmental security payload construction module, an encryption key generation module, a trusted projection data packet acquisition module, and a secure display strategy execution module.
[0101] The integrated trust state fusion module is connected to the content sensitivity label generation module. Both the integrated trust state fusion module and the content sensitivity label generation module are connected to the environmental security payload construction module. Both the integrated trust state fusion module and the content sensitivity label generation module are connected to the encryption key generation module. Both the encryption key generation module and the environmental security payload construction module are connected to the trusted projection data packet acquisition module. Both the trusted projection data packet acquisition module and the content sensitivity label generation module are connected to the secure display policy execution module.
[0102] The integrated trust state fusion module acquires the device hardware features and user biometric features of the sending end, fuses them to generate a first integrated trust state, and calculates the summary value of the first integrated trust state.
[0103] The content sensitivity tag generation module identifies the screen display content to be projected and generates content sensitivity tags based on the user permission information contained in the first comprehensive trust state.
[0104] The environmental security payload construction module obtains the current environmental status information of the sending end, and combines the digest value of the first comprehensive trust state with the content sensitivity tag to construct the environmental binding security payload.
[0105] The encryption key generation module dynamically generates the encryption key for the current session based on the digest value of the first comprehensive trust state and the content sensitivity tag.
[0106] The trusted projection data packet acquisition module uses an encryption key to encrypt and encapsulate the screen display content and environmental status information, and uses the encryption key to sign the environment-bound security payload to obtain a trusted projection data packet.
[0107] The secure display policy execution module sends trusted projection data packets to the projection receiving end, so that the projection receiving end executes the secure display policy corresponding to the content sensitivity label based on the trusted projection data packets.
[0108] The above content is merely an example and illustration of the concept of the present invention. Those skilled in the art can make various modifications or additions to the specific embodiments described, or use similar methods to replace them, as long as they do not deviate from the concept of the invention or exceed the scope defined by the present invention, and all such modifications and additions should fall within the protection scope of the present invention.
Claims
1. A reliable screen projection method for display data based on a fingerprint-encrypted channel, characterized in that, include: S1. Obtain the device hardware features and user biometric features of the sending end, fuse them to generate a first comprehensive trust state, and calculate the digest value of the first comprehensive trust state. S2. Identify the screen display content to be projected and generate content sensitivity tags based on the user permission information contained in the first comprehensive trust state; S3. Obtain the current environmental status information of the sending end, and combine it with the digest value of the first comprehensive trust state and the content sensitivity tag to construct the environment-bound security payload; S4. Based on the digest value and content sensitivity tag of the first comprehensive trust state, dynamically generate the encryption key for the current session; S5. Use the encryption key to encrypt and encapsulate the screen display content and environmental status information, and use the encryption key to sign the environment-bound security payload to obtain a trusted screen projection data packet. S6. Send the trusted projection data packet to the projection receiver so that the projection receiver can execute the security display policy corresponding to the content sensitivity label based on the trusted projection data packet.
2. The method for trusted projection of display data based on a fingerprint encryption channel according to claim 1, characterized in that, The process of acquiring the device hardware features and user biometric features locally at the sending end, fusing them to generate a first comprehensive trust state, and calculating the digest value of the first comprehensive trust state includes: Collect unique identification data of the hardware components at the transmitting end to form the device hardware characteristics; Acquire user biometrics in real time via biosensors at the transmitting end; The device hardware characteristics, user biometric characteristics, and content metadata of this screen projection task are cryptographically fused and calculated to generate the first comprehensive trust state.
3. The method for trusted projection of display data based on a fingerprint encrypted channel according to claim 1, characterized in that, The step of identifying the current screen display content to be projected and generating a content sensitivity tag based on the user permission information contained in the first comprehensive trust state includes: Perform image analysis and application window information parsing on the screen display content to extract content features; The content features are matched with a sensitive content feature library that stores the correspondence between sensitive features and levels to determine the initial sensitivity level. Based on the user permission information contained in the first comprehensive trust state, the initial sensitivity level is adjudicated and adjusted to generate the final content sensitivity label.
4. The method for trusted projection of display data based on a fingerprint encryption channel according to claim 1, characterized in that, The step of obtaining the current environmental state information of the sending end, combining the digest value of the first comprehensive trust state with the content sensitivity tag, and constructing the environment-bound security payload includes: The real-time geographic location information, network connection attributes, and timestamp information of the collecting and sending end are combined to form environmental status information; The environmental status information, the summary value of the first comprehensive trust status, and the content sensitivity tag are concatenated; Perform a hash operation on the concatenated data to generate an environment-bound security payload.
5. The method for trusted projection of display data based on a fingerprint encryption channel according to claim 1, characterized in that, The encryption key for the current session is dynamically generated based on the digest value and content sensitivity tag of the first comprehensive trust state, including: Based on the content sensitivity tag, select the target key derivation algorithm from an algorithm set that stores multiple key derivation algorithms; The first comprehensive trust state is used as a random seed input to the target key derivation algorithm; By combining the temporary interaction parameters negotiated with the screen-projection receiving end, an encryption key is generated through the target key derivation algorithm.
6. The method for trusted projection of display data based on a fingerprint encryption channel according to claim 1, characterized in that, The process involves encrypting and encapsulating the screen display content and environmental status information using an encryption key, and then using the encryption key to sign the environment-bound security payload to obtain a trusted projection data packet, including: The screen display content and environmental status information are encrypted using an encryption key to obtain encrypted display data and encrypted environment data. The message authentication code is calculated using the encryption key on the environment-bound security payload to obtain the payload signature; Encrypted display data, encrypted environment data, payload signature, and unencrypted content sensitivity tags are packaged together to form a trusted projection data package.
7. The method for trusted projection of display data based on a fingerprint encryption channel according to claim 1, characterized in that, The step of sending trusted projection data packets to the projection receiving end, so that the projection receiving end executes a secure display policy corresponding to the content sensitivity tag based on the trusted projection data packets, includes: During the screen mirroring session, the user's biometrics and environmental status information are periodically updated; Based on the updated information, the steps of generating a new first integrated trust state and binding the environment security payload are repeated; The new environment-bound security payload is used to encapsulate the subsequent screen display content, enabling dynamic trust renewal and security context updates during the screen projection session.
8. The method for trusted screen projection and reception of display data based on a fingerprint encrypted channel according to claim 7, characterized in that, Also includes: After receiving the trusted projection data packet, the projection receiver decrypts and obtains the environment-bound security payload and the screen display content. The environmental state information contained in the environment-bound security payload is extracted and compared with the environmental state perceived locally by the receiver to obtain the environmental deviation score. If the environmental deviation score exceeds the tolerance threshold determined by the content sensitivity label, a dynamic display control instruction is generated; The screen content is rendered safely according to the dynamic display control instructions before being displayed.
9. The method for trusted screen projection and reception of display data based on a fingerprint encrypted channel according to claim 8, characterized in that, The step of displaying the screen content after performing secure rendering processing according to dynamic display control instructions includes: The receiving end of the screen projection uses the same encryption key as the sending end to decrypt the encrypted display data and verify the payload signature; After successful verification, a strategy library that defines the display effect is queried based on the content sensitivity tag to obtain the visual safety identifier parameters; The screen display content is then overlaid with the corresponding visual security identifier according to the visual security identifier parameters before being output and displayed.
10. A trusted screen projection system for display data based on a fingerprint-encrypted channel, characterized in that, include: The integrated trust state fusion module acquires the device hardware features and user biometric features of the sending end, fuses them to generate a first integrated trust state, and calculates the summary value of the first integrated trust state. The content sensitivity tag generation module identifies the screen display content to be projected and generates content sensitivity tags based on the user permission information contained in the first comprehensive trust state. The environmental security payload construction module obtains the current environmental status information of the sending end, and constructs the environmental binding security payload by combining the digest value of the first comprehensive trust state with the content sensitivity tag. The encryption key generation module dynamically generates the encryption key for the current session based on the digest value of the first comprehensive trust state and the content sensitivity tag. The trusted projection data packet acquisition module uses an encryption key to encrypt and encapsulate the screen display content and environmental status information, and uses the encryption key to sign the environment-bound security payload to obtain a trusted projection data packet. The secure display policy execution module sends trusted projection data packets to the projection receiving end, so that the projection receiving end executes the secure display policy corresponding to the content sensitivity label based on the trusted projection data packets.