[go: up one dir, main page]

CN114510178A - Shared data distribution method and electronic equipment - Google Patents

Shared data distribution method and electronic equipment Download PDF

Info

Publication number
CN114510178A
CN114510178A CN202011183202.6A CN202011183202A CN114510178A CN 114510178 A CN114510178 A CN 114510178A CN 202011183202 A CN202011183202 A CN 202011183202A CN 114510178 A CN114510178 A CN 114510178A
Authority
CN
China
Prior art keywords
shared data
service
data
policy information
usage policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011183202.6A
Other languages
Chinese (zh)
Other versions
CN114510178B (en
Inventor
潘适然
董子昂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202011183202.6A priority Critical patent/CN114510178B/en
Priority to PCT/CN2021/127493 priority patent/WO2022089599A1/en
Publication of CN114510178A publication Critical patent/CN114510178A/en
Application granted granted Critical
Publication of CN114510178B publication Critical patent/CN114510178B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0482Interaction with lists of selectable items, e.g. menus
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0488Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/14Digital output to display device ; Cooperation and interconnection of the display device with other functional units
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/14Digital output to display device ; Cooperation and interconnection of the display device with other functional units
    • G06F3/1423Digital output to display device ; Cooperation and interconnection of the display device with other functional units controlling a plurality of local displays, e.g. CRT and flat panel display

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a shared data distribution method and electronic equipment, wherein the method comprises the following steps: the method comprises the steps that a first device determines shared data and determines authorization service of the shared data, wherein the authorization service is service which can be executed by other devices by using the shared data; the first device sends the shared data and the use strategy information to a second device, wherein the use strategy information is used for indicating the authorization service. By the method, the locally stored shared data can be distributed to other devices, and the other devices receiving the shared data can use the authorization service according to the indication of the use policy information by using the policy information. Therefore, when the device distributes the locally stored shared data to other devices, the device can use the strategy information to standardize the service scene of the shared data use, and the shared data is prevented from being abused.

Description

Shared data distribution method and electronic equipment
Technical Field
The present application relates to the field of electronic devices, and in particular, to a shared data distribution method and an electronic device.
Background
In a distributed scenario, there may be a demand that multiple devices cooperatively perform some kind of service using the same data, which may be referred to as shared data. Illustratively, such shared data may include: confidential business data, biometric data, and the like. For example: the multiple devices may cooperatively complete service requirements such as authentication and payment based on the biometric data of the same user, and in order to support the service scenario, it is sometimes necessary to record and store the biometric data of the same user in the multiple devices, or to distribute and distributively store the biometric data of a specific user so as to cooperate with the service together.
Because some shared data have certain sensitivity, how to ensure the security of the shared data when the shared data are distributed to a plurality of devices is a problem to be solved in the field.
Disclosure of Invention
The application provides a shared data distribution method and electronic equipment, which are used for distributing shared data to other equipment and enabling other equipment receiving the shared data to follow an authorization service indicated by using policy information by using the policy information.
In a first aspect, the present application provides a shared data distribution method, including: the method comprises the steps that a first device determines shared data and determines authorization service of the shared data, wherein the authorization service is service which can be executed by other devices by using the shared data; the first device sends the shared data and the use strategy information to a second device, wherein the use strategy information is used for indicating the authorization service. Through the technical scheme, the first device can distribute the locally stored shared data to the second device, and the second device receiving the shared data can use the authorization service according to the indication of the use policy information according to the use policy information. Therefore, when the first device distributes the locally stored shared data to the second device, the shared data can be prevented from being abused by using the service scene of the shared data specified by the use strategy information. And meanwhile, the shared data on the second equipment still follows the authorization service indicated by the first equipment use strategy information, so that the first equipment can well perform unified management and control on the shared data.
In one possible embodiment, the determining, by the first device, shared data includes:
the first equipment responds to a first operation, displays a shared data list, and the first operation is used for triggering the display of the shared data list;
the first device determines the shared data, which may include the following implementation manners:
the first mode is as follows: the first device receives the shared data selected by the user in the displayed shared data list.
The second mode is as follows: and the first equipment selects the shared data in the displayed shared data list according to the indication of other equipment.
The third mode is as follows: and the first equipment selects the shared data in the displayed shared data list according to a set shared data selection rule. Through the three modes, the user can autonomously select the shared data, or can determine the shared data by receiving the instruction of other equipment, or can determine the shared data after the data is updated through a set shared data selection rule, or determine the shared data at a set time, or periodically determine the shared data.
In one possible embodiment, determining the authorization service for the shared data includes:
the first equipment responds to a second operation to display an authorized service list, and the second operation is used for triggering and displaying the authorized service list;
the determining, by the first device, the authorization service may include the following several implementation manners:
the first mode is as follows: and the first equipment receives the authorized service selected by the user in the displayed authorized service list.
The second mode is as follows: and the first equipment selects the authorized service in the displayed authorized service list according to the indication of other equipment.
The third mode is as follows: and the first equipment selects the authorization service in the displayed authorization service list according to a set authorization service selection rule. Through the three modes, the user can independently select the authorization service and can select the authorization service through the set authorization service selection rule.
In another possible implementation, determining an authorized service of the shared data includes: the first equipment responds to a third operation to display the first service set and/or the second service set, and the third operation is used for triggering the display of the first service set and/or the second service set; the first equipment determines the authorization service according to the first service set or the second service set; wherein the first set of services includes services that the first device is capable of performing using the shared data; the second service set is a service that the second device can execute using the shared data, and the authorization service is included in the first service set and/or the second service set. By the method, the determined authorization service can meet the service executable by the first equipment and the service executable by the second equipment.
In one possible implementation, before the first device sends the shared data and the usage policy information to the second device, the method further includes: the first equipment responds to a fourth operation to display the equipment list, and the fourth operation is used for triggering the display equipment list; the list of devices includes at least one of: a device type, a shared data type, and a transmission signal strength with the first device;
the first device determining the second device may include the following implementation manners:
the first mode is as follows: the first device determines a device selected by the user in the displayed device list as the second device.
The second mode is as follows: and the first equipment selects the second equipment in the displayed second equipment list according to the indication of other equipment.
The third mode is as follows: and the first equipment selects the second equipment in the displayed second equipment list according to a set second equipment selection rule. Through the mode, the user can independently select the equipment for receiving the shared data, determine the second equipment to which the shared data is distributed according to the type of the shared data, and ensure that the first equipment and the second equipment have good transmission effect and good user experience during transmission.
In one possible implementation, before the first device sends the shared data and the usage policy information to the second device, the method further includes: and the first equipment carries out security verification on the second equipment and determines that the verification is passed. By the method, whether the distributed second equipment is safe or not is detected, and the safety of shared data is guaranteed.
In a possible implementation, the performing, by the first device, a security check on the second device includes: the first device verifying whether the second device is in a secure environment; or the first equipment checks whether the security level of the second equipment is higher than a set security level; or the first equipment checks whether the second equipment is the safety equipment. Through the above manner, it may be determined whether the first device and the second device are in the same security environment, or it may be determined whether the security level of the second device is lower than that of the first device, or it may be determined whether the second device is a security device, so that the subsequent security of the shared data transmission can be ensured.
In one possible implementation, the sending, by the first device, the shared data and the usage policy information to the second device includes: the first device encrypts the shared data and the usage policy information using an encryption key; and the first equipment sends the encrypted shared data and the encrypted use strategy information to the second equipment. By the above method, after the shared data and the usage policy information are encrypted, it can be ensured that only the second device can decrypt the shared data and the usage policy information, and it is ensured that the first device sends the shared data and the usage policy information to the second device.
In one possible implementation, the sending, by the first device, the shared data to the second device includes: the first device carries out fragmentation processing on the shared data to generate a plurality of pieces of data; the plurality of sliced data form the shared data; and the first equipment encrypts the plurality of fragment data by using different encryption levels respectively and sends the encrypted plurality of fragment data to the second equipment. By the mode, the shared data is distributed in a fragmentation mode, so that the safety of transmitting the shared data is improved.
In one possible embodiment, the method further comprises: and displaying a first interface in the process of sending the shared data and the use strategy information to the second equipment by the first equipment, wherein the first interface comprises the transmission progress of the shared data and the use strategy information. Through the mode, the transmission progress of the shared data and the use strategy information can be displayed on the first equipment, so that a user can know the transmission condition of the shared data and the use strategy information, and the user experience is improved.
In a second aspect, the present application provides a method for distributing shared data, the method comprising: the second equipment receives the shared data and the first use strategy information sent by the first equipment; wherein the first usage policy information is used to indicate an authorized service that the second device can perform using the shared data; the second equipment determines a first authorization service capable of using the shared data according to the first usage strategy information; and the second equipment executes the first authorization service according to the shared data.
In a possible implementation manner, before the second device receives the shared data and the first usage policy sent by the first device, the method further includes: the second equipment carries out identity authentication on the first equipment and determines that the identity authentication is passed; the second device saves the shared data and the usage policy information. The method further comprises the following steps: the second device saves the received shared data and the first usage policy information. By the method, the security of the second device for storing the shared data can be ensured after the shared data and the use strategy information are received.
In a possible implementation manner, the second device executes the first authorization service according to the shared data, including: when the first authorization service contains a distribution permission indication, the second device determines a second authorization service of the shared data, wherein the second authorization service is a service which can be executed by other devices by using the shared data; and the second equipment sends the shared data and second use strategy information to third equipment, wherein the second use strategy information is used for indicating the second authorization service.
Through the above manner, when the authorization service contains the distribution permission indication, the shared data and the second usage policy information can be distributed to the third device again, so that the distribution flexibility of the shared data and the second usage policy information is increased, and the user experience is improved.
In one possible implementation, before the second device sends the shared data and the second usage policy information to the third device, the method further includes: the first equipment responds to a fifth operation and displays an equipment list, and the fifth operation is used for triggering the display equipment list; the list of devices includes at least one of: a device type, a shared data type, and a transmission signal strength with the second device; the second device determines the third device, which may include the following implementation manners:
the first mode is as follows: and the second device determines the device selected by the user in the displayed device list as the third device.
The second mode is as follows: and the second equipment selects the third equipment in the displayed third equipment list according to the indication of other equipment.
The third mode is as follows: and the second equipment selects third equipment in the displayed third equipment list according to a set third equipment selection rule.
Through the mode, the user can autonomously select the equipment for receiving the shared data, determine the third equipment to which the shared data is distributed according to the type of the shared data, and ensure that the shared data is not distributed to other sent equipment when the shared data is distributed.
In a possible implementation manner, the executing, by the second device, the first authorization service according to the shared data includes: when the first authorization service comprises a verification service, the second equipment acquires data to be verified input by a user; the second equipment compares the shared data with the data to be verified; and when the second equipment determines that the shared data is matched with the data to be verified, the second equipment determines that the service verification is successful. By the method, when the user uses the service needing to be verified, the data to be verified input by the user can be compared with the stored shared data, and the verification service can be executed only after the comparison is consistent, so that the specificity of the user sharing the data is determined.
In one possible embodiment, the method further comprises: and the second equipment displays a second interface in the process of receiving the shared data and the first use strategy information sent by the first equipment, wherein the second interface comprises the transmission progress of the shared data and the first use strategy information. Through the mode, the transmission progress of the shared data and the use strategy information can be displayed on the second equipment, so that a user can know the transmission condition of the shared data and the use strategy information, and the user experience is improved.
In a third aspect, an embodiment of the present application further provides a shared data distribution system, where the system includes: a first device and a second device;
the first device is to: determining shared data, and determining authorization service of the shared data, wherein the authorization service is a service which can be executed by other equipment by using the shared data; sending the shared data and usage policy information to a second device, wherein the usage policy information is used for indicating the authorized service;
the second device is to: receiving the shared data and the use strategy information sent by first equipment; and executing the authorization service by using the shared data according to the use strategy information.
In a fourth aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes: one or more processors, memory, and one or more programs; wherein the one or more programs are stored in the memory, the one or more programs including instructions that, when executed by the electronic device, cause the electronic device to perform the technical solution of the first aspect of the embodiments of the present application and any one of its possible designs.
In a fifth aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes: one or more processors, memory, and one or more programs; wherein the one or more programs are stored in the memory, the one or more programs including instructions which, when executed by the electronic device, cause the electronic device to perform the solution of any of the second aspect of the embodiments of the present application and its possible design.
In a sixth aspect, an embodiment of the present application further provides a chip, where the chip is coupled with a memory in an electronic device, and implements the technical solution of the first aspect of the present application and any possible design of the first aspect of the present application.
In a seventh aspect, an embodiment of the present application further provides a chip, where the chip is coupled with a memory in an electronic device, and implements a technical solution of any one of the second aspect and its possible design of the second aspect of the embodiment of the present application.
In an eighth aspect, an embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium includes a computer program, and when the computer program runs on an electronic device, the electronic device is enabled to execute a technical solution of any one of the first aspect of the embodiment of the present application and the first aspect of the present application.
In a ninth aspect, an embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium includes a computer program, and when the computer program runs on an electronic device, the electronic device is enabled to execute a technical solution of any one of the second aspect and the possible designs of the second aspect of the embodiment of the present application.
In a tenth aspect, an embodiment of the present application further provides a computer program product, which, when running on an electronic device, enables the electronic device to execute the technical solution of the first aspect of the embodiment of the present application and any one of possible designs of the first aspect of the embodiment of the present application.
In an eleventh aspect, an embodiment of the present application further provides a computer program product, which, when running on an electronic device, causes the electronic device to execute any one of the technical solutions designed in the second aspect of the present application and the second aspect of the present application.
For each of the third to eleventh aspects and possible technical effects of each aspect, please refer to the description of the possible technical effects for each of the possible solutions in the first and second aspects, and no repeated description is given here.
Drawings
FIG. 1a is a block diagram of a communication system;
FIG. 1b is a schematic diagram of an electronic device;
FIG. 2 is a flow chart of a method of shared data distribution;
FIG. 3a is a schematic diagram of a user selecting shared data for distribution on an interactive interface of a first device;
FIG. 3b is a diagram illustrating a second device sending a request to a first device to share data;
FIG. 3c is a schematic diagram of a user setting a timing for distributing shared data on a first device;
fig. 4a is a schematic diagram of an authorization service for selecting shared data after a user enters the shared data;
FIG. 4b is a diagram illustrating the user selecting an authorization service for shared data after selecting shared data;
fig. 4c is a schematic diagram of authorized traffic determined by the first device exceeding the first set of traffic;
FIG. 5a is a diagram illustrating a first device determining a second device according to a type of the second device and a type of shared data;
fig. 5b is a schematic diagram of a first device determining a second device among devices transmitting coverage;
FIG. 5c is a schematic diagram of a first device prompting proximity to a second device when selecting the second device outside of a transmission range;
FIG. 5d is a diagram illustrating various transmission schemes;
FIG. 6a is a schematic diagram of a security check between a first device and a second device;
fig. 6b is a schematic diagram of the first device determining an authorized service of shared data according to the security check result of the second device;
FIG. 7 is a diagram illustrating a state of a first device transmitting shared data;
FIG. 8 is a schematic view of the spatial distribution of the apparatus;
FIG. 9a is a schematic illustration of an update of locally stored shared data;
FIG. 9b is a schematic illustration of another method of updating locally stored shared data;
FIG. 9c is a schematic illustration of another method of updating locally stored shared data;
fig. 10 is a schematic diagram illustrating a user requesting the smart speaker to complete a payment service;
FIG. 11 is a diagram illustrating a multi-device collaboration performing a service based on shared data;
fig. 12A is a schematic diagram of an architecture for distributing face data from the mobile phone 12A to the tablet 12B;
fig. 12B is a schematic flow chart of a procedure of distributing face data to the tablet 12B by the mobile phone 12A;
FIG. 13 is a block diagram of an architecture including multiple devices;
FIG. 14 is a schematic diagram of a shared data distribution system;
FIG. 15 is a block diagram of a second device in a shared data distribution system;
fig. 16 is a schematic diagram of an electronic device.
Detailed Description
The application provides a shared data distribution method and electronic equipment, which are used for solving the problem of distribution safety of shared data in a communication system. The method and the device are based on the same technical conception, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.
In the solution provided by the present application, a first device in a communication system may send shared data and usage policy information to a second device in the communication system, where the usage policy information is used to indicate an authorization service, and the authorization service is a service that can be executed by other devices using the shared data. For example, the usage policy information may be an identification of the authorization service or indication information of the authorization service. In this way, the second device can only use the shared data when executing the authorized service, so as to avoid the problems that the shared data is abused and the security cannot be guaranteed, etc. caused by the fact that the second device also uses the shared data when executing other services.
Hereinafter, some terms in the present application are explained to facilitate understanding by those skilled in the art.
1) Distributed storage systems (distributed storage systems) store data in a distributed manner on a plurality of independent devices. The traditional network storage system adopts a centralized storage server to store all data, the storage server becomes the bottleneck of the system performance, is also the focus of reliability and safety, and cannot meet the requirement of large-scale storage application. The distributed network storage system adopts an expandable system structure, utilizes a plurality of storage servers to share the storage load, and utilizes the position server to position the storage information, thereby not only improving the reliability, the availability and the access efficiency of the system, but also being easy to expand.
2) The shared data is data that can be commonly used by a plurality of devices in a communication system including the plurality of devices. The shared data may include: confidential business data, biometric data, and the like. For example, the biometric data may be: the biological characteristics of the living body (generally specifically, a human) itself may include voice print data of voice, face data, fingerprint data (palm print data), text signature data, and behavior characteristic data (keyboard stroke frequency data). The device can distinguish the biological individuals by using the shared data, and the identity of the individuals is confirmed.
3) A service, a transaction that is a process performed to implement its function or service for a device. Illustratively, the service may be an unlocking service, a payment service, an AI calculation service, various application services, a distribution service, and the like.
4) Plural means two or more.
5) "and/or" describe the association relationship of the associated objects, indicating that there may be three relationships, e.g., a and/or B, which may indicate: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Fig. 1a is a schematic architecture diagram of a communication system to which the embodiments of the present application can be applied. Referring to fig. 1a, the communication system includes a plurality of devices (a first device 101, a second device 102, and a third device 103).
Any one of the first device 101, the second device 102, and the third device 103 in the embodiment of the present application may be a mobile phone, a tablet computer, a wearable device (e.g., a watch, a bracelet, a helmet, an earphone, etc.), an in-vehicle device, an Augmented Reality (AR)/Virtual Reality (VR) device, a notebook computer, a super-mobile personal computer (UMPC), a netbook, a Personal Digital Assistant (PDA), a smart home device (e.g., a smart television, a smart speaker, a smart camera, etc.), any available medium that can be accessed, or an electronic device such as a server integrated with one or more available media. It is understood that the embodiment of the present application does not set any limit to the specific type of the electronic device.
Communication is enabled between two devices in the system. For example, the first device 101 and the second device 102 may access the same local area network, or may access different local area networks for communication.
When the first device 101 and the second device 102 access the same local area network, the first device 101 and the second device 102 establish a wireless connection with the same wireless access point. For example, the first device 101 and the second device 102 access the same wireless fidelity (WI-FI) hotspot. For another example, the first device 101 and the second device 102 may also access the same bluetooth beacon through a bluetooth protocol. For another example, the first device 101 and the second device 102 may also trigger a communication connection through an NFC authentication tag, and transmit encrypted information through a bluetooth module to perform identity authentication; after the authentication is successful, the shared data is transmitted in a point-to-point (P2P) manner.
Specifically, the first device 101 sends the shared data and the usage policy information to the second device 102, so that the second device 102 can determine, according to the usage policy information, an authorization service that can be executed using the shared data received this time. In addition, if the carried usage policy information includes a distribution permission indication that permits secondary distribution, the second device 102 may further send the shared data and the usage policy information to the third device 103, so that the third device 103 determines, according to the usage policy information, an authorization service that can be executed by the shared data.
It should be noted that fig. 1a does not limit the communication system to which the method provided in the present application is applicable, and the method provided in the present application can be applied to various communication systems, for example: distributed storage systems, V2X (vehicle to electronics, wireless communication technology) systems, V2V (vehicle to vehicle data transmission technology) systems, D2D (device to device communication) systems, and so on.
In the following, the present embodiment will describe the structure of any electronic device included in the communication system shown in fig. 1a, taking the electronic device shown in fig. 1b as an example. It will be understood by those skilled in the art that the electronic device 100 shown in fig. 1b is merely an example and is not intended to be limiting, and that an electronic device may have more or fewer components than those shown, may combine two or more components, or may have a different configuration of components. The various components shown in FIG. 1b may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
Fig. 1B is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, and a Subscriber Identity Module (SIM) card interface 195. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
The following describes each component of the electronic device 100 in detail with reference to fig. 1 b:
the processor 110 may include one or more processing units, for example, the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), among others. Wherein, the different processing units may be independent devices or may be integrated in one or more processors. The controller may be, among other things, a neural center and a command center of the electronic device 100. The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.
In some embodiments, processor 110 may include one or more interfaces. For example, the interface may include a Mobile Industry Processor Interface (MIPI), a general-purpose input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface.
The USB interface 130 is an interface conforming to the USB standard specification, and may be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to transfer data between the electronic device 100 and peripheral devices. In some embodiments, the USB interface 130 may be used to receive shared data transmitted by other electronic devices.
A Mobile Industry Processor Interface (MIPI) interface may be used to connect the processor 110 with peripheral devices such as the display screen 194 and the camera 193. The MIPI interface includes a Camera Serial Interface (CSI), a Display Serial Interface (DSI), and the like. In some embodiments, the processor 110 and the camera 193 communicate through a CSI interface to implement a shared data (face image) acquisition function of the electronic device 100.
The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like. The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the electronic device 100. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The mobile communication module 150 may receive the electromagnetic wave from the antenna 1, filter, amplify, etc. the received electromagnetic wave, and transmit the electromagnetic wave to the modem processor for demodulation. The mobile communication module 150 may also amplify the signal modulated by the modem processor, and convert the signal into electromagnetic wave through the antenna 1 to radiate the electromagnetic wave. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110.
The wireless communication module 160 may provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), Global Navigation Satellite System (GNSS), Frequency Modulation (FM), Near Field Communication (NFC), Infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering processing on electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, perform frequency modulation and amplification on the signal, and convert the signal into electromagnetic waves through the antenna 2 to radiate the electromagnetic waves. In some embodiments, the wireless communication module 160 receives electromagnetic waves distributed by other electronic devices through the antenna 2, and converts electromagnetic wave signals into shared data to be stored in the internal memory 121. The wireless communication module 160 may also convert the shared data in the internal memory 121 into an electrical signal, perform frequency modulation amplification on the electrical signal, convert the electrical signal into electromagnetic waves through the antenna 2, and radiate the electromagnetic waves to other devices.
In some embodiments, antenna 1 of electronic device 100 is coupled to mobile communication module 150 and antenna 2 is coupled to wireless communication module 160 so that electronic device 100 can communicate with networks and other devices through wireless communication techniques. The wireless communication technology may include global system for mobile communications (GSM), General Packet Radio Service (GPRS), code division multiple access (code division multiple access, CDMA), Wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division code division multiple access, TD-SCDMA), Long Term Evolution (LTE), LTE, BT, GNSS, WLAN, NFC, FM, and/or IR technologies, etc. The GNSS may include a Global Positioning System (GPS), a global navigation satellite system (GLONASS), a beidou navigation satellite system (BDS), a quasi-zenith satellite system (QZSS), and/or a Satellite Based Augmentation System (SBAS).
It should be understood that the interface connection relationship between the modules illustrated in the embodiments of the present application is only an illustration, and does not limit the structure of the electronic device 100. In other embodiments of the present application, the electronic device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.
The electronic device 100 implements display functions via the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor.
The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel.
The electronic device 100 may implement a shooting function or an image capturing function through the ISP, the camera 193, the video codec, the GPU, the display screen 194, the application processor, and the like.
The ISP is used to process the data fed back by the camera 193. For example, when a human face is collected as shared data, the camera 193 opens a shutter, light is transmitted to a camera photosensitive element through the lens, an optical signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing.
The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing element converts the optical signal into an electrical signal, which is then passed to the ISP where it is converted into a digital image signal. In some embodiments, the electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.
Video codecs are used to compress or decompress digital video. The electronic device 100 may support one or more video codecs. In some embodiments, the video codec may also be a shared data, and the other electronic device transmits the video codec to the device as the shared data, so that the electronic device 100 can play or record a video corresponding to the video codec encoding format.
The NPU is a neural-network (NN) computing processor, and by using a biological neural network structure for reference, the NPU can implement applications such as intelligent cognition of the electronic device 100. In some embodiments, after the electronic device 100 acquires the image file through the camera 193, the NPU may be used to perform face recognition on the image file, or after the electronic device 100 acquires the audio file through the microphone 170C, the NPU may be used to perform voice recognition on the audio file, and the like.
The internal memory 121 may be used to store computer-executable program code, which includes instructions. The internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like. The storage data area may store data created during the use of the electronic device 100, shared data transmitted by other electronic devices, and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory, such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (UFS), and the like. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121 and/or instructions stored in a memory provided in the processor. In some embodiments, processor 110 distributes shared data stored in electronic device 100 to other devices by executing instructions stored in internal memory 121.
The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to extend the memory capability of the electronic device. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as pictures, videos, and the like are saved in an external memory card.
The electronic device 100 may implement audio functions via the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone interface 170D, and the application processor. Such as audio recording, voiceprint unlocking, etc.
The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.
The pressure sensor 180A is used for sensing a pressure signal, and converting the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. When the user performs different gesture operations on the display screen 194, the electronic device 100 detects the touch operation intensity and the touch duration according to the pressure sensor 180A. The electronic apparatus 100 may also calculate the touched position from the detection signal of the pressure sensor 180A. Optionally, different touch positions are used to indicate different distribution modes of the shared data.
The acceleration sensor 180E may detect the magnitude of acceleration of the electronic device 100 in various directions (typically three axes). The magnitude and direction of gravity can be detected when the electronic device 100 is stationary. And may also be used to recognize the pose of the electronic device 100, and in some embodiments, the user performs different manners of shared data distribution through different poses performed by the handheld electronic device 100.
The fingerprint sensor 180H is used to collect a fingerprint. The electronic device 100 can utilize the collected fingerprint characteristics to unlock the fingerprint, access the application lock, photograph the fingerprint, answer an incoming call with the fingerprint, and so on. In some embodiments, the fingerprint sensor may process the captured fingerprint (e.g., whether the fingerprint is verified) and send the processed fingerprint to the processor 110, and the processor 110 determines whether to store the captured fingerprint as shared data in the internal memory 121 according to the processing result of the fingerprint. In other embodiments, the fingerprint sensor may further send the collected fingerprint to the processor 110, so that the processor 110 compares the collected fingerprint with the shared data stored in the internal memory 121 to complete fingerprint verification and the like.
The touch sensor 180K is also referred to as a "touch panel". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 constitute a touch screen. The touch sensor 180K is configured to detect a touch operation applied thereto or nearby, and transmit the detected touch operation to the processor 110, so that the processor 110 performs a process corresponding to the touch operation, and provides a visual output or an operation feedback related to the touch operation through the display screen 194. In some embodiments, the touch sensor 180K may also be disposed on the surface of the electronic device 100, and the position of the display screen 194 is different from that of the touch sensor, and the specific location is not limited.
The keys 190 include a power-on key, a volume key, and the like. The keys 190 may be mechanical keys. Or may be touch keys. The electronic apparatus 100 may receive a key input, and generate a key signal input related to a user setting and a function control of the electronic apparatus 100. In some embodiments, different key signal inputs correspond to different sharing data distribution manners, and the electronic device 100 determines the different sharing data distribution manners according to receiving the different key signals.
The technical solutions in the following embodiments may be implemented on an electronic device having the above hardware architecture.
In order to solve the problem that when the device in the communication system distributes the shared data, the shared data is abused or has expanded use, the application provides a shared data distribution method, which can be applied to the communication system shown in fig. 1 a. In the following embodiments, for convenience of distinction, a distribution device that shares data is referred to as a first device, a reception device that shares data is referred to as a second device, and a device that receives shared data distributed by the second device is referred to as a third device.
The following describes in detail the shared data distribution method provided in the embodiment of the present application with reference to a flowchart shown in fig. 2.
S201: the first device determines shared data.
The first equipment responds to a first operation, displays a shared data list, and the first operation is used for triggering the display of the shared data list;
optionally, the first device may determine the shared data in the shared data list by, but not limited to:
in a first mode, the first device receives the shared data selected by the user in the displayed shared data list. In some embodiments, the first device may detect a gesture operation by the user on the display screen, and as such, the first device may select the shared data in accordance with the detected gesture operation. For example, when the first device detects a gesture operation of selecting shared data by a user, a shared data selection instruction is generated, and the shared data is determined according to the shared data selection instruction.
Illustratively, fig. 3a is a schematic diagram of a user selecting shared data for distribution on an interactive interface of a first device. Entering a setting interface after the user clicks the setting icon, entering a password, privacy and security interface after the user clicks the password, privacy and security option, when the first device enters a fingerprint selection interface after the user clicks and selects a 'fingerprint unlocking' option, wherein each fingerprint option represents a stored fingerprint in the first device, the user can determine one or more fingerprint options as shared data by pressing, dragging, lifting, clicking, double clicking, and the like, in this example, when the first device drags the "left thumb" option to the left by the user, a selection window pops up, whether to send the fingerprint data corresponding to the fingerprint to the other device is displayed in the selection window, "yes" and "no", and when the user clicks "yes", the first device determines that the "left thumb" fingerprint data is determined to be shared data.
And secondly, the first equipment selects the shared data in the displayed shared data list according to the indication of other equipment and determines the shared data. In some embodiments, after receiving a shared data request sent by a second device, a first device determines shared data according to shared data information carried in the shared data request. For example, in a communication system, the second device may be a newly deployed device, and therefore, shared data does not exist in the second device, at this time, if a user needs to execute a specific service by using the shared data on the second device, the user needs to re-enter the shared data on the second device, which is a cumbersome process. Thus, the second device may request the shared data from the first device.
Fig. 3b is a schematic diagram illustrating that when a user uses a second device to perform a service, the second device sends a request for sharing data to the first device. When the second device detects that a user needs to start a fingerprint unlocking service on the second device, and fingerprint data does not exist on the second device and the fingerprint unlocking service can be executed, a first window pops up, and a display of' whether fingerprint unlocking needs to be started? "yes" and "no", when the user clicks "yes", the second device then pops up a second window in which "please select the way to enter the fingerprint? "" receive "" now enter "from other devices; when the second equipment clicks 'enter now' at the user, the second equipment enters a link of entering the fingerprint; when the second device clicks 'receive from other devices', the second device triggers a request for acquiring fingerprint data to be sent to the first device, the first device triggers a fingerprint acquisition of a user after receiving the request sent by the second device, a third window can be displayed after the fingerprint of the user is acquired, whether fingerprint information of the device needs to be shared to the request device is displayed in the third window, yes 'and no' are displayed in the third window, and when the first device clicks 'yes', the acquired fingerprint data of the user is determined to be shared data and can be sent to the second device to serve as a fingerprint for starting fingerprint unlocking.
In other embodiments, after receiving a sharing instruction sent by a control device in a communication system, a first device determines shared data according to shared data information and second device information carried in the sharing instruction, and determines a second device (a transmission object/a shared object of the shared data). For example, in an intelligent home system, a mobile phone can be used as a control device, when a user needs to unlock an intelligent door lock based on a face, the mobile phone can generate a sharing instruction and send the sharing instruction to an intelligent photo album, and the sharing instruction instructs to send images in the intelligent photo album to the intelligent door lock, so that the intelligent photo album sends stored images to the intelligent door lock, and the intelligent door lock is used for unlocking the face.
And thirdly, the first equipment selects the shared data in the displayed shared data list according to a set shared data selection rule. In some embodiments, in the case that some data stored in the first device is continuously updated, the first device may determine that the data is shared data after the data is updated, or determine that the data is shared data at a set time, or periodically determine that the data is shared data. For example, in daily use, the first device needs to collect user voice in real time to optimize the voiceprint data, so as to obtain more accurate voiceprint data to achieve a better voice authentication effect. Therefore, the first device can determine the collected user voiceprint data as the shared data in a timing mode.
Illustratively, fig. 3c is a schematic diagram of the user setting the timing to distribute the shared data on the first device. After the first device enters a password, privacy and safety interface, when the first device clicks and selects a voice unlocking option, the first device enters a voice unlocking management interface, an updating management option and a collection frequency setting are displayed on the voice unlocking management interface, and when the first device clicks the collection frequency setting option, the user can set the frequency for collecting voiceprint data on the first device, for example, voiceprint data of the user is collected once in 1 minute; and when the first device clicks the "update management" option on the user, the first device pops up a first window, and the first window displays "whether your voiceprint data needs to be distributed to other devices at regular time? "yes" and "no", when the first device clicks "yes", the first device may then pop up a second window, and the second window displays "set distribution time" and "set distribution frequency", and the user may input a time for timed distribution, such as 8:00 per day, after the "set distribution time" of the second window, and a frequency for timed distribution, such as once per day, after the "set distribution frequency". In this way, the first device can periodically determine the voiceprint data as shared data to be distributed to other devices at a preset frequency.
S202: the first device determines an authorized service for sharing the data.
The first equipment responds to a second operation to display an authorized service list, and the second operation is used for triggering and displaying the authorized service list; illustratively, the authorization service may include, but is not limited to, at least one or any combination of the following: and unlocking the service, paying the service, and reading and writing the service into a certain type of private file and a private gallery. In addition, the authorization service may further include: a distribution permission indication, which may be: whether or not the second device receiving the shared data is allowed to perform the secondary distribution, or in what manner the second device receiving the shared data is selected to perform the secondary distribution. For example, if the security level of the second device is low, the first device sets, in the distribution permission indication, that only the second device is permitted to distribute the shared data to the outside by way of physical connection (e.g., cable connection, data line connection).
In order to trace the source of the device and identify the capability of the device, the device often presets a public key infrastructure certificate (PKI) and identifies the security capability or security level when it leaves the factory. For example, the standard for evaluating the security level of the device may include a Rich Execution Environment (REE), a Trusted Execution Environment (TEE), and a Secure Element (SE), and the above standard is a level specified in "technical specification of trusted environment paid by mobile terminal".
For example, different services may be authorized to devices with different security levels, and the authorization relationship may be defined by the first device, or may be a device-to-service standard in the industry, which should be known to those skilled in the art and will not be described herein. For example, the security level corresponding to the unlocking service is defined as a low security level by the first device, that is, the first device may grant the unlocking service to the second device with the low security level when distributing the shared data; the first device defines that the payment service corresponds to a medium security level, namely the first device can give authorization to the payment service to the second device with the medium security level when distributing the shared data; the distribution permission indicates that the corresponding distribution service corresponds to a high security level, i.e. the first device may give the second device of the high security level the distribution service when distributing the shared data. In addition, the second device can also determine whether to confirm the authorization service of the shared data according to the security level of the first device.
In this embodiment, the first device may determine the authorized service for sharing data in the display authorized service list by, but not limited to:
in a first mode, the first device receives the authorization service selected by the user in the displayed authorization service list. In some embodiments, the user determines the authorized traffic of the shared data each time after entering the shared data. Fig. 4a is a schematic diagram of an authorization service for selecting shared data after a user enters the shared data. When the first equipment clicks a 'input new fingerprint' icon by a user, the fingerprint of the user is collected by a fingerprint sensor, an authorization service interface is popped up after the fingerprint is input, an 'unlocking service', 'payment service', 'distribution service' is displayed in the authorization service interface, and when the first equipment determines that a selection switch of the 'unlocking service' and the 'distribution service' is opened by the user, the authorization service used by the newly input fingerprint is determined to be the unlocking service and the distribution service. As shown in fig. 4b, a left thumb, a left index finger, a right thumb, and a right index finger are displayed in the fingerprint management interface, when the user clicks the right index finger, a first window pops up, an "unlock service", a "payment service", and a "distribution service" are displayed in the first window, and the user can set the authorization service for the right index finger fingerprint by clicking the "unlock service" switch.
And secondly, the first equipment selects the authorization service in the displayed authorization service list according to a set authorization service selection rule. In some embodiments, after acquiring the shared data, the first device automatically determines an authorized service of the shared data. For example, when the first device collects the frequency of keyboard strokes as the shared data, the first device automatically determines the authorized service of the shared data according to the security level of the first device. If the security level of the first device is lower, the first device determines that the authorization service of the shared data is an unlocking service; or, if the first device is capable of executing the specific service, the first device determines that the authorized service for sharing data is the specific service that can be executed by the device. Specifically, if the first device is an intelligent door lock, since the intelligent door lock can execute an unlocking service, after the intelligent door lock collects the shared data, the authorized service of the shared data is automatically determined as the unlocking service.
In addition, when the first device determines the authorized service for sharing data, the service execution capability of the first device and the service execution capability of the second device need to be considered. The first equipment responds to a third operation to display the first service set and/or the second service set, and the third operation is used for triggering the display of the first service set or the second service set; the first equipment determines the authorization service according to the first service set and/or the second service set; in some embodiments, when the first device determines an authorized service for sharing data, the first device may set an application service set (hereinafter, referred to as a first service set) for the sharing data, where the authorized service set is a service that can be executed by the first device, and after determining the sharing data, the first device may determine the authorized service in the authorized service set for sharing data; or the first device may further determine whether the authorization service is a subset of the first service set after determining the authorization service for sharing the data, and when determining that the authorization service is the subset of the first service set, determine that the authorization service for sharing the data by the first device is correct, otherwise, the first device needs to re-determine the authorization service for sharing the data. Fig. 4c is a diagram illustrating the authorized service determined by the first device exceeding the first set of services. For example, the first service set of the first device only includes an unlocking service, and when the user clicks the index finger of the right hand and clicks the switch of the distribution service in the first window, a second window pops up to remind the user that the target service set this time exceeds the service executable by the device, the reset is recommended! ". And the first equipment prompts a user to re-determine the authorization service of the shared data for ensuring the safe use of the shared data because the authorization service exceeds the range of the first service set, and can also select the authorization service in the displayed authorization service list according to the indication of other equipment.
In some embodiments, a first device obtains a second service set, where the second service set includes services that can be executed by the second device; after determining the shared data, the first device may determine the authorized service in the second service set; or after the first device determines the authorization service for sharing data, it needs to determine whether the authorization service is a subset of the second service set, and when the authorization service is determined to be the subset of the second service set, it determines that the authorization service for sharing data by the first device is correct, otherwise, the first device needs to re-determine the authorization service for sharing data.
In some embodiments, the first device may determine, in combination with the first service set and the second service set, the authorization service from the first service set and the second service set, or, after determining the authorization service for sharing data, the first device determines whether the authorization service is a subset of the first service set and the second service set at the same time, and when determining that the authorization service is a subset of the first service set and the second service set, determines that the authorization service for sharing data by the first device is correct, otherwise, the first device needs to re-determine the authorization service for sharing data.
In addition, when the first device determines the shared data in the second manner, the other devices may also carry authorization service information in the shared data request/shared indication, so that the first device may determine the authorization service of the shared data according to the authorization service information carried in the shared data request/shared indication.
S203: the first device performs security verification on the second device.
It should be noted that step S203 is an optional step, and in some embodiments, the first device may directly perform step S204 without performing a security check on the second device. In addition, the time for the first device to execute S203 is not limited, and the step may be executed after the second device is determined, or before the shared data is transmitted.
After the security check of the second device by the first device is passed, the first device may send the shared data and the usage policy information to the second device. Optionally, the first device may perform, but is not limited to, security check on the second device through any one or any combination of the following:
the method comprises the steps that first equipment checks whether second equipment is in a safe environment;
the first equipment checks whether the security level of the second equipment is higher than a set security level;
and thirdly, the first equipment checks whether the second equipment is the safety equipment or not.
The specific steps of the first device performing the security check on the second device are described in the following and shown in fig. 6a, which are not described herein again.
S204: the first device sends the shared data and the usage policy information to the second device. Wherein the usage policy information is used to indicate the authorization service.
In some embodiments, when the first device sends the shared data and the usage policy information to the second device, the shared data and the usage policy information may be encrypted by using an encryption key, so that the second device decrypts the encrypted shared data and the usage policy information after receiving them.
In some embodiments, the first device sends a shared file to the second device, where the shared file includes: shared data and usage policy information. The first device encrypts the shared file by using the encryption key, so that the second device decrypts the encrypted shared file by using the encryption key after receiving the encrypted shared file, and obtains the shared data and the use strategy information.
S205: the second device stores the shared data and the usage policy information.
Optionally, the second device may receive, but is not limited to, the shared data and the usage policy information sent by the first device by:
in the first mode, after the second device performs identity verification on the first device, the shared data and the use policy information sent by the first device are received. In some embodiments, after receiving the shared data and the usage policy information sent by the first device, the second device may check the identity of the first device to determine whether the identity of the first device is legal. The device that passes the identity check may be considered as a authentic first device by the second device. The second device may receive the shared data and the usage policy information transmitted by the first device.
And in the second mode, the second equipment receives the shared data and the use strategy information sent by the pre-authorized first equipment. In some embodiments, the second device may pre-authorize a portion of the devices in advance, and the second device may implement pre-authorization by storing a list or set of pre-authorized device IDs. After receiving the shared data and the use policy information sent by the first device, determining whether the first device is in a pre-authorized device list or a pre-authorized device ID, if so, the first device is considered as a reliable device by the second device, and then receiving the shared data and the use policy information sent by the first device.
In other embodiments, the second device may pre-authorize a portion of the manufacturers. For example, the second device may implement pre-authorization by storing information (e.g., name or trademark of the manufacturer) of the manufacturer, and then after determining that the first device is a device of the pre-authorized manufacturer, the second device may receive the shared data and the usage policy information sent by the first device after the first device is considered as a reliable device by the second device.
After receiving the shared data and the usage policy information sent by the first device, the second device may store the shared data and the usage policy information. Optionally, the second device may store the shared data and the usage policy information by, but not limited to:
the first mode and the second mode respectively store the shared data and the use strategy information in different storage units according to the type of the shared data. In some embodiments, the shared data may include, but is not limited to, one or more of fingerprint data, audio data, images (e.g., face data), or cryptographic data. And the second equipment respectively establishes storage units with different data types according to different types of the shared data, binds the shared data and the use strategy information, and respectively stores the bound shared data with different types into the storage units with corresponding types. For example, all fingerprint data is stored in the fingerprint storage unit.
And the second device stores the shared data and the use strategy information in different storage units according to the type of the authorized service in the use strategy information. In some embodiments, the usage policy information corresponding to the shared data includes multiple authorized services, such as: unlocking a service, paying a service, reading a service written in a certain type of private file and a private gallery, distributing an allowance indication and the like. And the second equipment respectively establishes storage units with different authorization service types aiming at the authorization services in the use strategy information, binds the shared data with the use strategy information, and respectively stores the bound shared data of different authorization services into the storage units corresponding to the authorization services. For example, the shared data containing the unlocking service is stored in the unlocking service storage unit.
S206: and the second equipment determines the authorization service of the shared data according to the use strategy information. Wherein the usage policy information is used to indicate the authorization service.
The second device determines an authorization service for using the shared data according to the authorization service indicated in the usage policy information sent together with the shared data.
In some embodiments, after receiving the shared data and the usage policy information, the second device may bind the shared data and the authorized service indicated in the usage policy information, so that the second device determines the authorized service that can be executed by the shared data when using the shared data.
S207: the second device performs an authorization service based on the shared data.
Optionally, the second device may perform the authorization service according to the shared data by, but not limited to:
in the first mode, the second device executes the authorization service according to the shared data. In some embodiments, after determining the authorization service of the shared data, the second device may perform some services by itself using the shared data, and determine whether the performed service is an authorization service, and when it is determined that the performed service is an authorization service, the second device performs the authorization service according to the shared data.
And in the second mode, the second equipment executes authorization service according to the shared data according to the indication of other equipment. In some embodiments, after receiving a service execution request sent by another device, the second device determines, according to service information to be executed carried in the service execution request, a service that needs to be executed by shared data, determines, by the second device, whether the executed service is an authorized service, and when it is determined that the executed service is an authorized service, the second device executes the authorized service according to the shared data.
And the second equipment executes the authorization service according to the shared data according to the user selection. In some embodiments, the second device may detect a gesture operation by the user on the display screen, the second device determining to perform the authorization service in accordance with the detected gesture operation. For example, when the second device detects a gesture operation of selecting shared data by a user, the executed service is determined, and when the executed service is determined to be an authorized service, the second device executes the authorized service according to the shared data.
S2071: and the second equipment sends the shared data and the use strategy information to the third equipment according to the authorization service.
In some embodiments, when the usage policy information sent by the first device to the second device includes a distribution permission indication, the second device may distribute the shared data and the usage policy information to the third device again, and the shared data distribution step performed between the second device and the third device is based on the same concept as the steps performed in steps S201 to S204, and is not described herein again.
In some embodiments, the first device may perform fragmentation processing on the shared data to generate a plurality of pieces of data; the plurality of sliced data form the shared data; the first device encrypts the plurality of fragment data respectively by using different encryption levels, and sends the encrypted plurality of fragment data to the second device. For example, the face feature data in the shared data may be composed of multiple pieces of fragment data, and the number of fragment data sent by the first device is related to an authorized service of the shared data. If the authorized service in the usage policy information is an unlocking service, the first device may send part of the face feature data pieces to the second device, or send part of the face feature data pieces to the second device after being encrypted at a higher encryption level, so that the second device can only use the remaining data pieces encrypted at a lower level to complete the unlocking service. If the authorization service in the usage policy information is a payment service, the second device may use the face feature data of all the slices to complete a payment service with a higher security level after the first device needs to send the face feature data of all the slices to the second device.
In some embodiments, before determining the shared data, the first device in step S201 may further determine a second device to receive the shared data.
The first equipment responds to a fourth operation to display the equipment list, and the fourth operation is used for triggering the display equipment list; the list of devices includes at least one of: a device type, a shared data type, and a transmission signal strength with the first device; the first device determines the device selected by the user in the displayed device list as the second device by, but not limited to:
and in the first mode, the user determines the second equipment according to the type of the equipment displayed in the displayed equipment list and the type of the shared data. For example, the first device may determine the second device to receive the shared data according to the shared data type. As shown in fig. 5a, in the interface of "password, privacy, and security", when the user clicks the "voice unlock" option, the first device enters the voice unlock management interface, and the "update management", "acquisition frequency setting", and "distribution device selection" are displayed in the voice unlock management interface, when the user clicks the "distribution device selection" option, the first device enters the distribution device list interface, and after the user clicks the selection switch after "smart speaker a, mobile phone a, and mobile phone B.", the first window is popped up, and "whether to select the above device", "yes", and "no" is displayed on the first window, and when the user clicks "yes", the device that receives voiceprint data is determined to be smart speaker B, mobile phone a, and mobile phone B.
And secondly, determining the second equipment by the user according to the transmission signal strength between the first equipment and the user, which is displayed in the displayed equipment list. In some embodiments, the first device determines the second device to receive the shared data according to the transmission coverage of the first device. For example, when determining the second device to receive the shared data, the first device determines the second device to receive the shared data among the devices transmitting the coverage. As shown in fig. 5b, devices within the transmission coverage range and devices outside the transmission coverage range are displayed in the distribution device list interface, a transmission mode or an identifier of "out of range" is displayed after different devices are displayed, and when the first device clicks the selection switches after the "smart speaker a" and the "tablet a" by the user, the "smart speaker a" and the "tablet a" are selected as the second device for receiving the shared data.
Or, if the first device selects to distribute the shared data to the second device outside the transmission range, the first device may prompt that the second device is not in the transmission coverage range and needs to approach the second device. Fig. 5c is a schematic diagram of the first device prompting to approach the second device when the second device outside the transmission range is selected on the first device. In the distribution equipment list interface, when the first equipment clicks the mobile phone C outside the transmission coverage range by a user, a first window pops up, and the first window displays prompt information of 'the equipment is not in the transmission range of the equipment and please try to approach the equipment'.
Or, when the first device determines the second device outside the transmission range, the first device may first determine another device that receives the shared data, where the another device is in the transmission range of the first device and the second device, and the first device first sends the shared data to the another device, and then sends the shared data to the second device through the another device.
In other embodiments, the first device determines, according to the transmission mode of the device, a second device that receives the shared data. For example, the first device may send the shared data through multiple transmission modes such as Wi-Fi, bluetooth, infrared technology, frequency modulation, and the like, and determine the second device in different transmission modes according to the transmission modes. As shown in fig. 5d, in the transmission mode interface, multiple transmission modes of "WiFi transmission", "bluetooth transmission", "infrared transmission", and "network transmission" are displayed, when the first device clicks "WiFi transmission" by the user, the user enters the WiFi transmission interface, the user determines the selected device according to the strength of the WiFi signal, and when the first device clicks "bluetooth transmission" by the user, the "mobile phone B" and the "tablet a" within the bluetooth transmission range are selected as the second device for receiving the shared data.
In addition, the first device can also select a second device in the displayed device list according to the indication of other devices; or selecting the second equipment in the displayed equipment list according to a set second equipment selection rule.
In the above step S203 of this embodiment, the first device may perform security verification on the second device by using the method shown in fig. 6 a. The security check process is described in detail below with reference to the flow chart of fig. 6 a.
S601: the first device sends the verification request information to the second device.
Wherein, the check request information includes any one or any combination of the following items: challenge value, registration information value. When the first device performs security check on the second device, it may first check whether the first device and the second device are in the same security environment, or the first device determines whether the security level of the second device is higher than a set security level, or the first device determines whether the second device is a security device. In the following embodiment, the verification request information carries a challenge value, and the second device returns a security certificate corresponding to the challenge value as an example.
S602: the second device receives the verification request information sent by the first device, and generates a security certificate which can prove the security environment of the second device, or prove the security level of the second device, or prove that the second device is a security device according to the challenge value carried in the request information sent by the first device. The challenge value may be information such as a random number, or may be encrypted information of other content.
Optionally, the second device may generate the security credential according to the challenge value, but not limited to, by:
in the first mode, the second device encrypts the challenge value sent by the first device according to the key value in the current security environment (wherein different security environments correspond to different key values), and the obtained encrypted challenge value is a security certificate.
And in the second mode, the second device generates a digital signature by combining the key and the challenge value according to the key corresponding to the current security environment, and the generated digital signature is a security certificate.
And thirdly, encrypting the challenge value according to a secret key in the equipment certificate of the second equipment to obtain a security certificate. The device certificate includes any one or any combination of an identity number (ID) of the second device, manufacturer information (for example, a name or a trademark of a manufacturer), factory time information, version information, or model information, and may further include other parameter information of the second device.
S603: the second device sends the security credentials to the first device, which receives the security credentials from the second device.
S604: the first device verifies the security certificate after receiving the security certificate.
Optionally, the first device determines whether the second device is in the same secure environment as the first device; or the first device determines whether the security level corresponding to the security environment where the second device is located is higher than a set security level, where the security level may be higher than or lower than the security environment where the first device is located; alternatively, the first device determines whether the second device is a security device.
For example, the first device may decrypt the security certificate with a key of the security environment in which the second device is located to obtain a challenge value, and the first device compares the challenge value with a challenge value carried in request information sent to the second device to determine whether the challenge value and the challenge value are consistent. If the first device and the second device are consistent, the first device determines that the first device and the second device are in the same safe environment; and if the two are not consistent, the first device determines that the first device and the second device are in different security environments, or the first device further determines a key corresponding to the security level of the second device according to a challenge value carried by the request information, determines the security level of the second device by using the key corresponding to the security level, and further determines whether the security level of the second device is higher than the set security level.
Or, the first device may also encrypt the challenge value in the request information sent to the second device by using a key of a security environment in which the first device is located, and compare the encrypted challenge value with the security certificate sent by the second device to determine whether the challenge value and the security certificate are consistent. If the first device and the second device are consistent, the first device determines that the first device and the second device are in the same safe environment; and if the two are not in agreement, the first device determines that the first device and the second device are in different secure environments. The first device may also encrypt the challenge value in the request message sent to the second device by using keys of different security environments, and compare the challenge value with the security certificate sent by the second device to determine the security environment in which the second device is located.
In addition, when the second device sends the security certificate to the first device, the device certificate of the second device may also be sent to the first device at the same time. For example, to ensure security, identity information may be written to the device after the device has been produced. For example, to ensure security, a manufacturer may test a device, and after the test is passed, the manufacturer of the device or an Original Equipment Manufacturer (OEM) may write identity information of the device to the device. In this embodiment, the challenge value may be encrypted by using a private key in the device certificate, the obtained encrypted challenge value is a security certificate, and the security certificate is sent to the first device.
In addition, when the first device determines the authorization service of the shared data, the first device may also determine the authorization service of the shared data according to a security check result of the second device. For example, if the first device and the second device are in the same security environment, or the security level of the second device is not lower than that of the first device, or the second device is determined to be a security device, the subsequent shared data transmission may be continued, and the first service set of the first device may be used as an authorization service.
If the security level of the second device is lower than that of the first device, the first device needs to determine the authorization service of the shared data according to the security level of the second device. For example, the security level of the second device is lower than that of the first device, but the security level of the second device can meet the security requirement of a part of services in the first service set, and if the second device is unlocked, the authorized service sharing the data is determined to be an unlocked service; and if the security level of the second equipment is lower than that of the first equipment and the security level of the second equipment cannot meet the first service set, not sending the shared data to the second equipment.
As shown in fig. 6b, in the distribution device list interface, after the user clicks the option of "smart speaker a security level (low)", the user enters into the service setting interface, and when the user clicks the selection switch of "pay service recommendation security level (medium)", the first device pops up a first window, and the first window displays "the security environment of the device does not satisfy the setting of the service, and continues to set the existence of danger |! Is it still necessary to continue setting? If yes or no, the first device sends the shared data with the payment service set to the intelligent sound box A after the user clicks yes.
In the above embodiment, the first device may encrypt the shared data and the usage policy information in the following encryption manners:
the first method is as follows: and the first equipment and the second equipment establish an encryption transmission channel, and the shared data and the use strategy information are transmitted by using an encryption key in the encryption transmission channel. In the first mode, after the first device passes the verification of the second device, in order to establish the encrypted transmission channel, when the second device sends the security certificate to the first device, the second device also sends a device certificate to the first device. The device certificate includes a first public key and a first private key of the second device, and because the first device has received the device certificate, at this time, the first device knows the first public key and the first private key of the second device, and the first device is based on the following key relationship: the first public key and the second public key are determined, the first equipment sends the second public key to the second equipment as a communication key, the second equipment can obtain an encryption key according to the product of the second public key and the first private key, and the encryption key is used for encrypting and decrypting shared data between the first equipment and the second equipment.
The second method comprises the following steps: and the first equipment and the second equipment encrypt the shared data and the use strategy information by using a symmetric encryption mode. In the second embodiment, the same key is used for both encryption and decryption, and for the first device, the first key is used for encrypting the shared data, and the second key is used for decrypting the message that whether the feedback transmission of the shared data is successful or not is received. For the second device, the second key is used for feeding back to the first device whether the transmission of the message is successful or not for encryption, and the first key is used for decryption of the received shared data. This involves only one key per device, which simplifies the authentication process.
The third method comprises the following steps: and the first equipment and the second equipment encrypt the shared data and the use strategy information by using an asymmetric encryption mode. In the third embodiment, a private key may be used for encryption, and a public key may be used for decryption. Then for the first device the shared data is encrypted, using the private key of the first device, whether the received feedback transmission was successful or not is decrypted, using the public key of the second device. The second device encrypts the message that whether the feedback transmission of the shared data is successful, and the public key of the first device can be used for decrypting the received shared data by using the private key of the second device. This involves two keys for each device, a public key and a private key, which can improve the security of the authentication process.
In this embodiment, the first device may send the encryption key periodically, or may send the encryption key each time the shared data is triggered to be distributed, or may send the encryption key when the first device or the second device is started or restarted, and the second device may obtain the encryption key sent by the first device each time, and the obtained encryption key may be different each time, that is, a new encryption key may be generated each time the shared data is distributed, which may improve the security of the authentication process. The encryption key may also be referred to as a temporary key, i.e. the key is only suitable for use after one transmission of said shared data, and the encryption key obtained during the last transmission will no longer be suitable after each transmission of said shared data by the second device. Thus, the way in which the second device stores the encryption key may be a cache storage. For example, after the first device sends the shared data, the second device may cache the encryption key obtained in the transmission process; after the second device successfully establishes communication with the first device again, the second device may obtain the new encryption key, and the second device may replace the old encryption key with the new encryption key in the cache and store the new encryption key in the cache.
If the second device receives the encryption key while performing security verification, the shared data transmission process can be performed immediately after the second device verifies the security on the first device; and if the second device does not receive the encryption key while performing the security check. For example, the first device only periodically establishes a communication connection with the second device, or the first device establishes a communication connection with the second device when the first device is started or restarted, and then the first device does not perform the encryption key distribution process immediately after establishing a communication connection with the second device, but performs the distribution process of the encryption key when the first device needs to distribute the shared data to the second device.
In addition, in the process of sending the shared data and the use strategy information to the second device, the first device displays a first interface, wherein the first interface comprises the transmission progress of the shared data and the use strategy information. Fig. 7 is a diagram illustrating a state where the first device transmits the shared data. In the distribution device list, when the first device clicks "smart speaker a" by the user, the shared data starts to be transmitted to smart speaker a, a first window pops up on the first device, a prompt of "… in transmission to smart speaker a" is displayed on the first window, the transmission progress is displayed, when the transmission is finished, a second window pops up, and the second window displays "transmission is finished to smart speaker a! ". And after the transmission of the shared data is finished, prompting the user that the transmission of the shared data is finished in an interface of a device list to be distributed. Or, if the second device interrupts transmission due to a network reason or a transmission scene change, the second device may send a prompt that "transmission is currently interrupted" to the first device, and the first device resends all unsent shared data to the second device based on the content of the last transmission, or resends all shared data that should be transmitted this time, thereby ensuring the integrity of the transmitted data.
In some embodiments, before the second device sends the shared data and the second usage policy information to the third device, the method further comprises:
the second equipment responds to a fifth operation and displays the equipment list, and the fifth operation is used for triggering the display equipment list; the list of devices includes at least one of: a device type, a shared data type, and a transmission signal strength with the second device;
the second device determines the device selected by the user in the displayed device list as the third device; or selecting the third device in the displayed device list according to the indication of other devices; or selecting the third equipment in the displayed equipment list according to a set third equipment selection rule.
Furthermore, the second device may determine the third device in the device list by:
in the first mode, the second device determines a third device for receiving the shared data and the use strategy information according to the coverage range of the device.
In some embodiments, due to limitations of the transmission capability of the device, it is difficult for the first device to distribute coverage to all devices when determining to distribute the shared data and the usage policy information, and therefore the second device is required to distribute the third device to which the first device is not covered. Fig. 8 is a schematic view of the spatial distribution of the apparatus. The user establishes an indoor map in advance, and determines the relative position of each device in a room by means of space scanning and the like. The first device distributes the shared data to other second devices firstly, the second device further expands the coverage range of the shared data distribution of the first device, and the second device distributes the shared data to a third device which cannot be covered by the first device.
And the second device determines a third device for receiving the shared data and the use strategy information according to the relationship between the devices.
In some embodiments, the hierarchical relationships of different devices are different, and shared data and usage policy information can only be distributed from a higher level device to a lower level device. For example, the mobile phone or the tablet device is a high-level device, and the high-level device can distribute the shared data to all devices at the same level and the same level; and if the equipment such as the intelligent sound box is medium-grade equipment, all the equipment of the intelligent sound box at the same grade and the same grade distribute the shared data, and the shared data is not allowed to be transmitted back to the high-grade equipment.
Optionally, the second device stores the received shared data and the first usage policy information. The device in this embodiment may, but is not limited to, use the shared data stored in the following manner after newly receiving the shared data of the same user and the same category sent by the other device.
In a first mode, after receiving the shared data sent by other devices, the device updates the locally stored shared data. As shown in FIG. 9a, when the second device displays a message window "receive a piece of fingerprint information sent by mobile phone A and click to view details", when the second device clicks the message window by the user, it enters the fingerprint management interface, and the interface displays "NEW! In the left thumb option, since the distribution time of the newly received fingerprint information of the left thumb is later than that of the locally stored fingerprint information of the left thumb, the previously stored fingerprint information of the left thumb may be replaced and updated with the newly received fingerprint information of the left thumb.
In other embodiments, the locally stored shared data is updated based on the version of the received shared data. Some shared data are locally input by a user, the input time of the shared data also exists on each shared data, the input time can be used as a version of the shared data, as shown in fig. 9b, each fingerprint option is displayed in the fingerprint management interface, the input time … is displayed after the option, and as the input time of the newly received left thumb is 8 months in 2020 and the input time stored in the device is 6 months in 2020, the fingerprint information of the old version of the left thumb is updated to the fingerprint information of the new version of the left thumb.
In other embodiments, the locally stored shared data is updated based on the security level of the device sending the shared data. As shown in fig. 9c, each fingerprint option is displayed in the fingerprint management interface, and the transmission source of the fingerprint data and the security level of the transmission source are displayed after the option, because the newly received "left thumb" is distributed from the smart door lock with low security level, and the "left thumb" stored in the device is recorded from the device with high security level, the fingerprint information of the local left thumb with high security level is not updated to the fingerprint information of the left thumb sent by the device with low security level.
And in the second mode, after receiving the shared data sent by other equipment, the equipment continues to store the newly received shared data.
In some embodiments, in order to ensure the accuracy of executing the service, the device may further receive and store all the shared data. Since the space occupied by storing the shared data is small, even if a plurality of shared data are stored, excessive storage space is not occupied, so that all the shared data can be received and stored. In addition, the user can also set the shared data which is regularly cleaned and is locally stored, and delete the shared data which is stored in the storage space earlier in time in the preset time, or delete the shared data which is verified to be lower in success rate in the preset time.
In some embodiments, the second device may perform the first authorization transaction from the shared data using, but not limited to, the following manner.
When the first authorization service comprises a verification service, the second equipment acquires data to be verified input by a user; the second equipment compares the shared data with the data to be verified; and when the second equipment determines that the shared data is matched with the data to be verified, the second equipment determines that the service verification is successful.
Specifically, when the shared data is biometric data and the first authorization service includes an authentication service, the second device may execute the authentication service according to the biometric data in the following manner:
the second equipment firstly acquires the biological characteristic data to be verified input by the user, compares the biological characteristic data with the biological characteristic data to be verified input by the user, and determines that the authentication service is successfully executed if the second equipment determines that the biological characteristic data is matched with the biological characteristic data to be verified input by the user.
For example, if the user requests to perform face unlocking, the second device first obtains face data input by the user, and the second device may complete the face unlocking request after comparing the locally stored face data with the face data input by the user, which is collected this time. Or, the user requests to perform face payment, and the authorization service indicated on the use strategy information bound by the locally stored face data is determined as follows: and unlocking the service. The second device cannot complete the payment service by using the face data passed through the comparison.
In addition, in some embodiments, if the authorized service indicated by the usage policy information does not include the service requested by the user, the user may be prompted to complete the requested service on another device. As shown in fig. 10, when the second device is a smart speaker, the user sends a voice message to the smart speaker to request to complete a payment service, and the usage policy information bound to the voiceprint data in the smart speaker does not indicate that the authorized service includes the payment service, then the smart speaker may send a voice prompt "the device does not have the right to use the shared data to execute the service, and the user is advised to complete the service on another (specified) device" to the user through the speaker. Or, the smart speaker may not store voiceprint data, and when the user completes the service through the voice request, the smart speaker may send a voice prompt to the user through the speaker, "the user does not store corresponding voiceprint data on the device yet, and recommends the user to distribute from another device, or to enter voiceprint data on the device. Or, the security level of the current smart speaker does not meet the requirement of the requested service, when the smart speaker is connected to unknown WiFi, the smart speaker may send a voice prompt to the user through the speaker, "sending a prompt that the current security level is weak and the service of the service type cannot be performed, and requiring the user to wait for the security environment of the smart speaker to meet the requirement, and then perform the voice message of the service".
In some embodiments, the second device may also cooperate with other devices to perform a service based on the shared data. The advantage of this embodiment is that even if the security level of the other device is low, this way also ensures that the service is completed in a secure environment, since the process of performing the service using the shared data is completed in the second device with a higher security level.
Alternatively, the second device and the other device may cooperate to perform the service according to the shared data, but not limited to, as follows.
And in the first mode, the second equipment and other equipment are bound in advance and cooperate to execute the service according to the shared data.
In some embodiments, if the second device can be bound to multiple devices for collecting data of a specific type, the bound devices can execute a service using the shared data in the devices with a high security level when collecting the shared data, or multiple devices for collecting data of a specific type are bound to only the device with the highest security level. For example, the above devices are all bound with a mobile phone used by a user daily to ensure the security of the execution service.
For example, the face data is sent to an intelligent sound box for storage, but since the intelligent sound box does not have the function of collecting faces, theoretically, a face unlocking service cannot be performed. But other devices for image shooting can cooperate with the intelligent sound box to complete the face unlocking service. For example, the face unlocking can be completed by the cooperation of the electronic peephole on the intelligent door lock and the intelligent sound box. As shown in fig. 11, firstly, the smart door lock and the smart speaker are bound together, so that after the face image of the user is collected by the electronic peep hole on the smart door lock, the face image is sent to the smart speaker by the electronic peep hole, the smart speaker compares the face data stored locally with the face image, and after the comparison is passed, the smart speaker can control the smart door lock to unlock. Therefore, even if the security level of the electronic peephole on the intelligent door lock is low, the face unlocking service can still be safely completed because the process of executing the service is completed in the intelligent sound box with the high security level.
And in the second mode, the second equipment is selected by other equipment, and the second equipment collaboratively executes the service according to the shared data according to the selection request of the other equipment. Because the data transmission capacities of different devices are different, the transmission capacities of some devices are poor, and it is difficult to cover all the devices in the communication system, the devices with poor transmission capacities only select the second device which is closest to the device and has the highest security level to cooperate with the second device to execute the service according to the shared data, so as to ensure the efficiency of completing the service.
Based on the embodiment shown in fig. 2, the present application further provides the following multiple examples of shared data distribution methods, which may be applied to the communication systems shown in fig. 12a and 13, and each example is specifically described below with reference to fig. 12a to 13.
Example one: the applicable scenario of this example is shown in fig. 12 a. The first device is a mobile phone 12A, and the second device is a tablet computer 12B. The method is described in more detail below with reference to the flow chart shown in fig. 12 b.
S1201: the cell phone 12A determines the face data that needs to be distributed to the tablet computer 12B.
The mobile phone 12A determines the face data based on the face data selected by the user, or the face data indicated by other devices is received, or the face data is determined by itself. The specific way of determining the face data may be provided in the embodiments shown in fig. 3a to 3c, and therefore, the way of determining the face data may refer to the above embodiments, which is not described herein again.
S1202: the mobile phone 12A determines the authorized traffic of the face data distributed to the tablet computer 12B.
The mobile phone 12A determines the authorization service of the face data distributed to the tablet computer 12B based on an authorization service selection instruction triggered by the user, or the mobile phone 12A automatically determines the authorization service of the face data distributed to the tablet computer 12B. The specific implementation of determining the authorization service of the face data distributed to the tablet pc 12B may be a manner provided in the embodiments shown in fig. 4a to 4B, so that the authorization service of the face data distributed to the tablet pc 12B is determined, and details are not described here.
In addition, the mobile phone 12A may be provided with a first service set for the face data, where the first service set includes services executable by the mobile phone 12A, and the tablet computer 12B may be provided with a second service set for the face data, where the second service set includes services executable by the tablet computer 12B. When the mobile phone 12A determines the authorization service of the face data distributed to the tablet pc 12B, the mobile phone 12A may determine whether the authorization service of the face data distributed to the tablet pc 12B is correct according to the first service set and/or the second service set.
In addition, when receiving the face data request/sharing instruction sent by another device, the mobile phone 12A may further determine the authorization service of the face data distributed to the tablet computer 12B according to authorization service information carried in the face data request/sharing instruction.
S1203: the mobile phone 12A performs security verification on the tablet computer 12B.
S12031: the mobile phone 12A sends a verification request message to the tablet computer 12B.
S12032: the tablet computer 12B receives the verification request information sent by the mobile phone 12A, and the tablet computer 12B generates a security certificate capable of proving its security environment, or proving its security level, or proving that it is a security device, according to the challenge value carried in the verification request information sent by the mobile phone 12A.
S12033: the tablet computer 12B sends the security certificate to the mobile phone 12A, and the mobile phone 12A receives the security certificate from the tablet computer 12B.
S12034: after receiving the security certificate, the mobile phone 12A verifies the security certificate. Determining whether the tablet computer 12B is in the same secure environment as the cell phone 12A; or the security level corresponding to the security environment in which the tablet computer 12B is located may be higher than the security environment in which the mobile phone 12A is located or may be lower than the security environment in which the mobile phone 12A is located; still alternatively, it is determined whether the tablet computer 12B is a security device.
The specific manner of the mobile phone 12A performing the security check on the tablet pc 12B may refer to steps S601-S604, which is not described herein again.
S1204: the mobile phone 12A distributes the face data and the usage policy information to the tablet computer 12B.
First, the mobile phone 12A generates the usage policy information according to the authorization service set in step S1202, where the usage policy information is used to indicate the authorization service.
The mobile phone 12A may distribute the encrypted face data and the usage policy information to the tablet pc 12B, or the mobile phone 12A may distribute the encrypted face data identified with the usage policy information to the tablet pc 12B. The specific implementation manner for sending the face data and the usage policy information may be a manner provided in S203, and therefore, the manner for determining to send the face data and the usage policy information may refer to the foregoing embodiment, and details are not described here.
In some embodiments, the handset 12A may encrypt the face data and the usage policy information as follows. Optionally, the mobile phone 12A and the tablet computer 12B may establish an encryption transmission channel, and transmit the face data and the usage policy information by using an encryption key in the encryption transmission channel, or the mobile phone 12A and the tablet computer 12B encrypt the face data and the usage policy information by using a symmetric encryption manner, or the mobile phone 12A and the tablet computer 12B encrypt the face data and the usage policy information by using an asymmetric encryption manner. For a specific encryption manner, reference may be made to the above embodiments, which are not described herein again.
S1205: the tablet computer 12B stores the face data and the use strategy information;
after receiving the face data and the use policy information sent by the mobile phone 12A, the tablet computer 12B may check the identity of the mobile phone 12A, or after receiving the face data and the use policy information sent by the mobile phone 12A, the tablet computer 12B determines whether the mobile phone 12A is a pre-authorized device. The specific manner of the identity check of the tablet computer 12B on the mobile phone 12A may refer to the manner provided in step S801, which is not described herein again.
After receiving the face data and the use strategy information sent by the mobile phone 12A, the tablet computer 12B stores and stores the face data and the use strategy information;
the tablet computer 12B stores the face data and the usage policy information in a preset storage space according to the type of the face data, or the tablet computer 12B stores the face data and the usage policy information in a preset storage space according to the type of the usage policy information. The specific way for storing the face data and the usage policy information by the tablet pc 12B may refer to the way provided in step S802, which is not described herein again.
S1206: the tablet computer 12B determines the authorization service of the face data according to the use strategy information;
s1207: the tablet computer 12B performs an authorization service according to the face data.
The tablet computer 12B may execute the authorization service according to the face data, or the tablet computer 12B may execute the authorization service according to the face data according to an instruction of another device, or the tablet computer 12B may execute the authorization service according to the face data according to a selection of a user.
Example two: the application also provides an example of the shared data distribution method. Fig. 13 is a schematic diagram of a communication system, and this example takes a first device as a mobile phone 13A, a second device as a tablet pc 13B and a smart speaker 13C, and a third device as a mobile phone 13D. Since the manner of sending the face data and the usage policy information from the mobile phone 13A to the tablet pc 13B and the smart sound box 13C is based on the same concept as the above steps S1201-S1204, it is not described herein again.
The following is a detailed description of a scenario in which the second device performs the distribution permission indication corresponding to the distribution service.
In the usage policy information corresponding to the face data of the tablet pc 13B, the authorization service indicated by the usage policy information includes a distribution permission indication, and the tablet pc 13B sends the face data and the usage policy information to the mobile phone 13D based on the distribution permission indication.
The tablet computer 13B may determine, based on the transmission capability of the device, a third device (the mobile phone 13D) that receives the face data, or prompt the user to approach the tablet computer 13B to the mobile phone 13D outside the transmission range when the tablet computer 13B selects transmission to the mobile phone 13D outside the transmission range, or the tablet computer 13B selects transmission of the face data and the usage policy information to the mobile phone 13D outside the transmission range through another device.
In the usage policy information corresponding to the face data of the smart sound box 13C, the authorization service indicated by the usage policy information does not include a distribution permission indication, and the smart sound box 13C cannot send the face data and the usage policy information to the mobile phone 13D, so that the face data is prevented from being distributed in multiple stages, and the usage equipment of the face data is standardized.
After receiving the face data and the use policy information sent by the tablet pc 13B, the mobile phone 13D may store the face data in the following manner: the mobile phone 13D updates the locally stored face data after receiving the face data sent by the tablet pc 13B, wherein the manner of updating the locally stored face data may be: and updating the locally stored face data according to the time for receiving the face data, or updating the locally stored face data according to the security level of the device for sending the face data.
In addition, the mobile phone 13D may further continue to store the newly received face data after receiving the face data sent by the tablet pc 13B. The specific way in which the mobile phone 13D stores the face data sent by the tablet pc 13B may be as provided in fig. 9a to 9c, and is not described herein again.
In the shared data distribution method provided by the embodiment of the application, the first device may distribute the locally stored shared data to the second device, and enable the second device receiving the shared data to use the authorization service according to the indication of the usage policy information. Therefore, when the first device distributes the locally stored shared data to the second device, the shared data can be prevented from being abused by using the service scene of the shared data specified by the use strategy information. And meanwhile, the shared data on the second equipment still follows the authorization service indicated by the first equipment use strategy information, so that the first equipment can well perform unified management and control on the shared data.
Based on the above embodiments, an embodiment of the present application further provides a shared data distribution system, and fig. 14 is a schematic diagram of the shared data distribution system. Wherein the shared data distribution system comprises: a first device 1400 and a second device 1410; the first device 1400 is configured to: determining shared data, and determining authorization service of the shared data, wherein the authorization service is a service which can be executed by other equipment by using the shared data; sending the shared data and usage policy information to a second device 1410, wherein the usage policy information is used for indicating the authorized service; the second device 1410 is to: receiving the shared data and the usage policy information sent by the first device 1400; and executing the authorization service by using the shared data according to the use strategy information. The embodiment of the present application may divide the modules of the first device 1400 and the second device 1410 according to functions, and a specific dividing manner may be shown in fig. 14.
The first device 1400 includes: the first distribution scheduling module 1401, the first right management module 1402, the first security check module 1403, the first storage module 1404, and the first communication module 1405, the functions of each module are described below:
the first distribution scheduling module 1401 is configured to determine shared data, and send an instruction for determining an authorization service of the shared data to the first right management module 1402; after the first rights management module 1402 determines an authorized service of shared data, send an instruction to the first security check module 1403 to perform security check on the second device 1410; after the first security check module 1403 checks the security of the second device 1410, the shared data is obtained from the first storage module 1404 and sent to the first communication module 1405;
the first right management module 1402 is configured to determine the authorization service of the shared data after receiving the instruction for determining the authorization service of the shared data sent by the first distribution scheduling module 1401, and determine the usage policy information based on the authorization service;
the first security check module 1403 receives the instruction for performing security check on the second device 1410, which is sent by the first distribution scheduling module 1401, and performs security check on the second device 1410;
the first storage module 1404 is configured to send the shared data to the distribution scheduling module 1401 when the first distribution scheduling module 1401 acquires the shared data;
the first communication module 1405 is configured to, after receiving the shared data sent by the first distribution scheduling module 1401, send the shared data and the usage policy information to the second device 1410.
In some embodiments, the first rights management module 1402 is further configured to: and determining the authorization service of the shared data according to the first service set of the first device 1400 and the second service set of the second device 1410.
In other embodiments, the first security check module 1403 may perform security check on the second device 1410 by any one or any combination of the following:
verifying whether the second device 1410 is in a secure environment;
checking whether the security level of the second device 1410 is higher than a set security level;
it is checked whether the second device 1410 is a security device. In some embodiments, the first distribution scheduling module 1401, after determining shared data, is further configured to determine the second device 1410 that receives shared data.
The first device 1400 includes: the second distribution scheduling module 1411, the second right management module 1412, the second security check module 1413, the second storage module 1414 and the second communication module 1415, the functions of each module are described as follows:
the second distribution scheduling module 1411 is configured to receive the shared data and the usage policy information sent by the second communication module 1415, send an instruction for identity verification of the first device 1400 to the second security verification module 1413, and send the shared data and the usage policy information to the second storage module 1414 after the verification is passed;
when a shared data execution service needs to be used, determining whether the execution service is an authorization service, if so, calling the shared data in the second storage module 1414, and executing the authorization service according to the shared data;
the second right management module 1412, configured to bind the shared data with the authorization service in the usage policy information after the verification by the second security verification module 1413 is passed;
the second security check module 1413 is configured to check the identity of the first device 1400;
the second storage module 1414 is configured to store shared data bound with an authorized service;
the second communication module 1415 receives the shared data and the usage policy information sent by the first device 1400, and sends the shared data and the usage policy information to the second distribution scheduling module 1411.
In addition, when the first device 1400 performs security check on the second device 1410, some modules in the first device 1400 and the second device 1410 are further configured to perform the following steps:
the first security check module 1403, configured to send check request information to the second device 1410 through the first communication module 1405, and receive a security certificate sent by the second communication module 1415 of the second device 1410;
wherein, the check request information includes at least one item or any combination: challenge value, registration information value, etc. When the first device 1400 performs security check on the second device 1410, it may first check whether the first device 1400 and the second device 1410 are in the same security environment, or the first device 1400 determines a security level of the second device 1410, or the first device 1400 determines whether the second device 1410 is a security device. In the following embodiment, the verification request information carries a challenge value, and the second device 1410 returns a security certificate corresponding to the challenge value as an example: after receiving the security certification, the first security check module 1403 checks the security certification to determine whether the second device 1410 is in the same security environment as the first device 1400, or determine a security level corresponding to the security environment where the second device 1410 is located, where the security level may be higher than the security environment where the first device 1400 is located, or may be lower than the security environment where the first device 1400 is located, or determine whether the second device 1410 is a security device.
The second security check module 1413 is configured to receive check request information sent by the first device 1400 through the first communication module 1405, generate a security certificate capable of proving a security environment or a security level of the device itself or proving that the device itself is a security apparatus according to a challenge value carried in the check request information sent by the first device 1400, and send the security certificate to the first device 1400;
in addition, when the authorization service includes a verification service, the second device 1410 acquires data to be verified, which is input by a user;
referring to fig. 15, the second device 1410 further includes: a verification data acquisition module 1416, and an authentication module 1417.
In this embodiment, after receiving and storing the shared data sent by the first device 1400, the second distribution scheduling module 1411 is further configured to:
when the first authorization service comprises a verification service, sending a verification data instruction input by a user to the verification data acquisition module 1416;
the verification data obtaining module 1416 is configured to obtain verification data input by a user after receiving a verification data instruction input by the user, obtain the shared data from the second storage module 1414, compare the shared data with data to be verified, and determine that user identity verification is successful when determining that the shared data matches the data to be verified;
the authentication module 1417 is configured to receive an authentication result, and execute the first authorization service according to the shared data after it is determined that the authentication is successful.
Based on the same technical concept, the embodiment of the application also provides the electronic equipment. The electronic devices may be the first device 1400 and the second device 1410 in the shared data distribution system shown in fig. 14, and may implement the shared data distribution method provided by the above embodiments and examples, and have the functions of the first device 1400 and the second device 1410 shown in fig. 14. Referring to fig. 16, the electronic device 1600 includes: the processor 1601 and memory 1602, but of course may also have the various peripheral or internal hardware shown in FIG. 1 b.
The memory 1602 and other components are interconnected with the processor 1601. Alternatively, the processor 1601 and the memory 1602 may be connected to each other through a bus; the bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 16, but this is not intended to represent only one bus or type of bus.
Specifically, the processor 1601 may collect the shared data in real time via the onboard camera 1603 of the electronic device 1600. Alternatively, the electronic device 1600 may also perform distribution of shared data with other devices via the transceiver 1604. Optionally, the transceiver 1604 may be a bluetooth module, a WiFi module, an RF circuit, etc.
In some embodiments, the electronic device 1600 may further include a display panel 1605, which, when combined with the touch sensor, can determine the shared data and the distribution manner of the shared data according to different gesture operations. Further, the electronic device 1600 may further include an audio circuit 1606 for instructing the user to perform the shared data distribution by voice.
The processor 1601 is configured to implement the shared data distribution method shown in fig. 2, which may specifically refer to the description in the foregoing embodiment, and is not described herein again.
In one embodiment, when the electronic device 1600 is a first device, the processor 1601 is configured to:
determining shared data, and determining authorization service of the shared data, wherein the authorization service is a service which can be executed by other equipment by using the shared data;
and sending the shared data and the use strategy information to a second device, wherein the use strategy information is used for indicating the authorized service.
In one embodiment, when the electronic device 1600 is a second device, the processor 1601 is configured to:
receiving shared data and first use strategy information sent by first equipment; wherein the first usage policy information is used to indicate an authorized service that the second device can perform using the shared data.
Determining a first authorization service capable of using the shared data according to the first usage policy information;
and executing the first authorization service according to the shared data.
The memory 1602 is used for storing program instructions, data, and the like. In particular, the program instructions may include program code comprising computer operational instructions. The memory 1602 may include a Random Access Memory (RAM) and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. The processor 1601 executes program instructions stored in the memory 1602, and uses data stored in the memory 1602 to implement the above functions, thereby implementing the shared data distribution method provided in the above embodiments.
It will be appreciated that the memory 1602 in FIG. 16 may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM, enhanced SDRAM, SLDRAM, Synchronous Link DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
Based on the above embodiments, embodiments of the present application further provide a computer program, which, when running on a computer, causes the computer to execute the shared data distribution method provided in the above embodiments.
Based on the above embodiments, the present application further provides a computer storage medium, where a computer program is stored, and when the computer program is executed by a computer, the computer causes the computer to execute the shared data distribution method provided by the above embodiments.
Storage media may be any available media that can be accessed by a computer. Taking this as an example but not limiting: computer-readable media can include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
Based on the above embodiments, the embodiments of the present application further provide a chip, where the chip is used to read a computer program stored in a memory, and implement the shared data distribution method provided by the above embodiments.
Based on the above embodiments, the present application provides a computer program product, which when running on an electronic device, implements the shared data distribution method provided by the above embodiments.
In summary, the embodiments of the present application provide a shared data distribution method and an electronic device, in this scheme, a device may distribute locally stored shared data to other devices, and by using policy information, enable other devices that receive the shared data to use an authorization service according to an indication of the usage policy information. Therefore, when the device distributes the locally stored shared data to other devices, the device can use the strategy information to standardize the service scene of the shared data use, and the shared data is prevented from being abused. Therefore, the method can prevent the device from being used in unreasonable or beyond-expected application scenes, the safety of distributed storage of the shared data can be better ensured, the shared data cannot be abused and expanded in use after being distributed, meanwhile, the shared data on other devices still follow the authorized service configured by the distribution device, and the device can better perform unified management and control on the shared data.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (19)

1.一种共享数据分发方法,其特征在于,所述方法包括:1. A shared data distribution method, wherein the method comprises: 第一设备确定共享数据,并确定所述共享数据的授权业务,所述授权业务为其他设备能够使用所述共享数据执行的业务;The first device determines the shared data, and determines an authorized service of the shared data, where the authorized service is a service that other devices can perform using the shared data; 所述第一设备向第二设备发送所述共享数据和使用策略信息,其中,所述使用策略信息用于指示所述授权业务。The first device sends the shared data and usage policy information to the second device, where the usage policy information is used to indicate the authorized service. 2.根据权利要求1所述的方法,其特征在于,所述第一设备确定共享数据,包括:2. The method according to claim 1, wherein the determining of the shared data by the first device comprises: 所述第一设备响应于第一操作,显示共享数据列表,所述第一操作用于触发显示共享数据列表;The first device displays a shared data list in response to a first operation, where the first operation is used to trigger display of the shared data list; 所述第一设备接收用户在显示的所述共享数据列表中选择的所述共享数据;或者按照其他设备的指示在显示的所述共享数据列表中选择所述共享数据;或者按照设定的共享数据选择规则在显示的所述共享数据列表中选择所述共享数据。The first device receives the shared data selected by the user in the displayed shared data list; or selects the shared data in the displayed shared data list according to the instructions of other devices; or according to the set sharing The data selection rule selects the shared data in the displayed shared data list. 3.根据权利要求1或2所述的方法,其特征在于,确定所述共享数据的授权业务,包括:3. The method according to claim 1 or 2, wherein determining the authorization service of the shared data comprises: 所述第一设备响应于第二操作,显示授权业务列表,所述第二操作用于触发显示授权业务列表;The first device displays an authorized service list in response to a second operation, and the second operation is used to trigger the display of the authorized service list; 所述第一设备接收用户在显示的所述授权业务列表中选择的所述授权业务;或者按照其他设备的指示在显示的所述授权业务列表中选择所述授权业务;或者按照设定的授权业务选择规则在显示的所述授权业务列表中选择所述授权业务。The first device receives the authorized service selected by the user in the displayed authorized service list; or selects the authorized service in the displayed authorized service list according to the instructions of other devices; or according to the set authorization The service selection rule selects the authorized service in the displayed authorized service list. 4.根据权利要求1或2所述的方法,其特征在于,确定所述共享数据的授权业务,包括:4. The method according to claim 1 or 2, wherein determining the authorization service of the shared data comprises: 所述第一设备响应于第三操作,显示第一业务集合和/或第二业务集合,所述第三操作用于触发显示第一业务集合和/或第二业务集合;The first device displays the first service set and/or the second service set in response to a third operation, and the third operation is used to trigger the display of the first service set and/or the second service set; 所述第一设备根据所述第一业务集合或所述第二业务集合确定所述授权业务;The first device determines the authorized service according to the first service set or the second service set; 其中,所述第一业务集合包含所述第一设备能够使用所述共享数据执行的业务;所述第二业务集合为所述第二设备能够使用所述共享数据执行的业务,所述授权业务包含在所述第一业务集合和/或所述第二业务集合中。The first service set includes services that the first device can execute using the shared data; the second service set includes services that the second device can execute using the shared data, and the authorized service Included in the first service set and/or the second service set. 5.根据权利要求1-4任一所述的方法,其特征在于,在所述第一设备向第二设备发送所述共享数据和使用策略信息之前,所述方法还包括:5. The method according to any one of claims 1-4, wherein before the first device sends the shared data and usage policy information to the second device, the method further comprises: 所述第一设备响应于第四操作,显示设备列表,所述第四操作用于触发显示设备列表;所述设备列表包括以下至少一项:设备类型、共享数据类型、与所述第一设备之间的传输信号强度;The first device displays a device list in response to a fourth operation, and the fourth operation is used to trigger the display of the device list; the device list includes at least one of the following: a device type, a shared data type, and the first device The transmission signal strength between; 所述第一设备将用户在显示的设备列表中选择的设备确定为所述第二设备;或者按照其他设备的指示在显示的所述设备列表中选择所述第二设备;或者按照设定的第二设备选择规则在显示的所述设备列表中选择所述第二设备。The first device determines the device selected by the user in the displayed device list as the second device; or selects the second device in the displayed device list according to the instructions of other devices; or according to the set The second device selection rule selects the second device in the displayed device list. 6.根据权利要求1-5任一所述的方法,其特征在于,在所述第一设备向第二设备发送所述共享数据和使用策略信息之前,所述方法还包括:6. The method according to any one of claims 1-5, wherein before the first device sends the shared data and usage policy information to the second device, the method further comprises: 所述第一设备对所述第二设备进行安全性校验,并确定校验通过。The first device performs security verification on the second device, and determines that the verification passes. 7.根据权利要求6所述的方法,其特征在于,所述第一设备对第二设备进行安全性校验,包括:7. The method according to claim 6, wherein the first device performs security verification on the second device, comprising: 所述第一设备校验所述第二设备是否处于安全环境;或者the first device verifies whether the second device is in a secure environment; or 所述第一设备校验所述第二设备的安全等级是否高于设定安全等级;或者The first device verifies whether the security level of the second device is higher than the set security level; or 所述第一设备校验第二设备的是否为安全设备。The first device verifies whether the second device is a secure device. 8.根据权利要求1-7任一项所述的方法,其特征在于,所述第一设备向第二设备发送所述共享数据和使用策略信息,包括:8. The method according to any one of claims 1-7, wherein the sending, by the first device, the shared data and usage policy information to the second device, comprises: 所述第一设备使用加密密钥对所述共享数据和所述使用策略信息进行加密;the first device encrypts the shared data and the usage policy information using an encryption key; 所述第一设备向所述第二设备发送加密后的所述共享数据和所述使用策略信息。The first device sends the encrypted shared data and the usage policy information to the second device. 9.根据权利要求1-8任一项所述的方法,其特征在于,所述第一设备向第二设备发送所述共享数据,包括:9. The method according to any one of claims 1-8, wherein the sending, by the first device to the second device, the shared data comprises: 所述第一设备将所述共享数据进行分片处理,生成多个片数据;所述多个分片数据组成所述共享数据;The first device performs fragmentation processing on the shared data to generate a plurality of fragmented data; the plurality of fragmented data forms the shared data; 所述第一设备分别使用不同的加密等级对所述多个分片数据进行加密,并向所述第二设备发送加密后的所述多个分片数据。The first device encrypts the plurality of fragmented data using different encryption levels respectively, and sends the encrypted plurality of fragmented data to the second device. 10.根据权利要求1-9任一项所述的方法,其特征在于,所述方法还包括:10. The method according to any one of claims 1-9, wherein the method further comprises: 所述第一设备向所述第二设备发送所述共享数据和所述使用策略信息的过程中,显示第一界面,所述第一界面包括所述共享数据和使用策略信息的传输进度。During the process of sending the shared data and the usage policy information to the second device by the first device, a first interface is displayed, and the first interface includes the transmission progress of the shared data and the usage policy information. 11.一种共享数据分发方法,其特征在于,所述方法包括:11. A shared data distribution method, wherein the method comprises: 第二设备接收第一设备发送的共享数据和第一使用策略信息;其中,所述第一使用策略信息用于指示所述第二设备能够使用所述共享数据执行的授权业务;The second device receives the shared data and first usage policy information sent by the first device; wherein the first usage policy information is used to indicate that the second device can perform an authorized service using the shared data; 所述第二设备根据所述第一使用策略信息,确定能够使用所述共享数据的第一授权业务;The second device determines, according to the first usage policy information, a first authorized service that can use the shared data; 所述第二设备根据所述共享数据执行所述第一授权业务。The second device executes the first authorized service according to the shared data. 12.根据权利要求11所述的方法,其特征在于,所述第二设备接收第一设备发送的共享数据和第一使用策略信息之前,还包括:12. The method according to claim 11, wherein before the second device receives the shared data and the first usage policy information sent by the first device, the method further comprises: 所述第二设备对所述第一设备进行身份验证,确定所述身份验证通过;The second device performs identity verification on the first device, and determines that the identity verification is passed; 所述方法还包括:The method also includes: 所述第二设备保存接收到的所述共享数据和所述第一使用策略信息。The second device saves the received shared data and the first usage policy information. 13.根据权利要求11或12所述的方法,其特征在于,所述第二设备根据所述共享数据执行所述第一授权业务,包括:13. The method according to claim 11 or 12, wherein the second device executing the first authorized service according to the shared data comprises: 当所述第一授权业务包含分发允许指示时,所述第二设备确定所述共享数据的第二授权业务,所述第二授权业务为其他设备能够使用所述共享数据执行的业务;When the first authorized service includes a distribution permission indication, the second device determines a second authorized service of the shared data, where the second authorized service is a service that other devices can perform using the shared data; 所述第二设备向第三设备发送所述共享数据和第二使用策略信息,所述第二使用策略信息用于指示所述第二授权业务。The second device sends the shared data and second usage policy information to the third device, where the second usage policy information is used to indicate the second authorized service. 14.根据权利要求13所述的方法,其特征在于,在所述第二设备向所述第三设备发送所述共享数据和第二使用策略信息之前,所述方法还包括:14. The method according to claim 13, wherein before the second device sends the shared data and the second usage policy information to the third device, the method further comprises: 所述第二设备响应于第五操作,显示设备列表,所述第五操作用于触发显示设备列表;所述设备列表包括以下至少一项:设备类型、共享数据类型、与第二设备之间的传输信号强度;The second device displays a device list in response to a fifth operation, and the fifth operation is used to trigger the display of the device list; the device list includes at least one of the following: a device type, a shared data type, and a relationship with the second device the transmission signal strength; 所述第二设备将用户在显示的所述设备列表选择的设备确定为所述第三设备;或者按照其他设备的指示在显示的所述设备列表中选择所述第三设备;或者按照设定的第三设备选择规则在显示的所述设备列表中选择所述第三设备。The second device determines the device selected by the user in the displayed device list as the third device; or selects the third device in the displayed device list according to the instructions of other devices; or according to the setting The third device selection rule selects the third device in the displayed device list. 15.根据权利要求11-14任一项所述的方法,其特征在于,所述第二设备根据所述共享数据执行所述第一授权业务,包括:15. The method according to any one of claims 11-14, wherein the second device executing the first authorized service according to the shared data comprises: 当所述第一授权业务包含验证业务时,所述第二设备获取用户输入的待验证数据;When the first authorization service includes a verification service, the second device obtains the data to be verified input by the user; 所述第二设备将所述共享数据与所述待验证数据进行比对;The second device compares the shared data with the to-be-verified data; 所述第二设备确定所述共享数据与所述待验证数据匹配时,确定所述业务验证成功。When the second device determines that the shared data matches the data to be verified, it determines that the service verification is successful. 16.根据权利要求11-15任一项所述的方法,其特征在于,所述方法还包括:16. The method according to any one of claims 11-15, wherein the method further comprises: 所述第二设备在接收所述第一设备发送的所述共享数据和所述第一使用策略信息的过程中,显示第二界面,所述第二界面包括所述共享数据和所述第一使用策略信息的传输进度。In the process of receiving the shared data and the first usage policy information sent by the first device, the second device displays a second interface, where the second interface includes the shared data and the first usage policy information. The progress of the transfer using policy information. 17.一种电子设备,其特征在于,所述电子设备包括:17. An electronic device, characterized in that the electronic device comprises: 一个或多个处理器,存储器,以及,一个或多个程序;其中,所述一个或多个程序被存储在所述存储器中,所述一个或多个程序包括指令,当所述指令被所述电子设备执行时,使得所述电子设备执行如权利要求1~10中任一项所述的方法,和/或执行如权利要求11~16中任一项所述的方法。one or more processors, a memory, and, one or more programs; wherein the one or more programs are stored in the memory, the one or more programs including instructions that when the instructions are When the electronic device executes, the electronic device is caused to execute the method according to any one of claims 1-10, and/or execute the method according to any one of claims 11-16. 18.一种共享数据分发系统,其特征在于,所述系统包括:第一设备以及第二设备;18. A shared data distribution system, wherein the system comprises: a first device and a second device; 所述第一设备用于:确定共享数据,并确定所述共享数据的授权业务,所述授权业务为其他设备能够使用所述共享数据执行的业务;向第二设备发送所述共享数据和使用策略信息,其中,所述使用策略信息用于指示所述授权业务;The first device is used to: determine the shared data, and determine an authorized service of the shared data, where the authorized service is a service that other devices can perform using the shared data; send the shared data and use the shared data to the second device Policy information, wherein the usage policy information is used to indicate the authorized service; 所述第二设备用于:接收第一设备发送的所述共享数据和所述使用策略信息;根据所述使用策略信息,使用所述共享数据执行所述授权业务。The second device is configured to: receive the shared data and the usage policy information sent by the first device; and perform the authorization service by using the shared data according to the usage policy information. 19.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质用于存储计算机程序,当所述计算机程序在计算机上运行时,使得所述计算机执行如权利要求1~10中任一项所述的方法,和/或执行如权利要求11~16中任一项所述的方法。19. A computer-readable storage medium, characterized in that, the computer-readable storage medium is used for storing a computer program, and when the computer program is run on a computer, the computer is made to execute the method according to claims 1 to 10. The method of any one of claims 11-16, and/or performing the method of any one of claims 11-16.
CN202011183202.6A 2020-10-29 2020-10-29 A shared data distribution method and electronic device Active CN114510178B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011183202.6A CN114510178B (en) 2020-10-29 2020-10-29 A shared data distribution method and electronic device
PCT/CN2021/127493 WO2022089599A1 (en) 2020-10-29 2021-10-29 Shared data distribution method and electronic devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011183202.6A CN114510178B (en) 2020-10-29 2020-10-29 A shared data distribution method and electronic device

Publications (2)

Publication Number Publication Date
CN114510178A true CN114510178A (en) 2022-05-17
CN114510178B CN114510178B (en) 2025-03-04

Family

ID=81383586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011183202.6A Active CN114510178B (en) 2020-10-29 2020-10-29 A shared data distribution method and electronic device

Country Status (2)

Country Link
CN (1) CN114510178B (en)
WO (1) WO2022089599A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115037768A (en) * 2022-06-27 2022-09-09 京东方科技集团股份有限公司 Data processing method and related equipment
CN116248960A (en) * 2022-12-07 2023-06-09 深圳创维-Rgb电子有限公司 Authentication method, device, electronic equipment and storage medium for content sharing
WO2024221448A1 (en) * 2023-04-28 2024-10-31 华为技术有限公司 Function implementation method and apparatus, device, system, and readable storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278984B (en) * 2022-06-13 2025-10-28 荣耀终端股份有限公司 Call method and electronic device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101364884A (en) * 2007-08-10 2009-02-11 华为技术有限公司 Method and device for sending multimedia broadcast and multicast service data packets
CN101742415A (en) * 2008-11-25 2010-06-16 中兴通讯股份有限公司 Method for supporting multimedia broadcast/multicast service (MBMS) under shared network architecture
US20140082633A1 (en) * 2007-10-23 2014-03-20 Adobe Systems Incorporated Take and share indicator
US20150149491A1 (en) * 2007-01-05 2015-05-28 Digital Doors, Inc. Information Infrastructure Management Data Processing Tools With Tags, Configurable Filters and Output Functions
CN110535627A (en) * 2019-08-07 2019-12-03 中国联合网络通信集团有限公司 A kind of data query method and block platform chain
CN111066306A (en) * 2018-03-27 2020-04-24 华为技术有限公司 Method for sharing data in local area network and electronic equipment
CN111556479A (en) * 2020-04-24 2020-08-18 Oppo(重庆)智能科技有限公司 Information sharing method and related device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180082050A1 (en) * 2013-09-08 2018-03-22 Yona Flink Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
CN104992092A (en) * 2015-06-16 2015-10-21 小米科技有限责任公司 Method, device and system for fingerprint information verification
CN108156128A (en) * 2017-01-03 2018-06-12 中兴通讯股份有限公司 A kind of sharing method, apparatus and system
CN109408476A (en) * 2018-09-19 2019-03-01 腾讯科技(深圳)有限公司 A kind of file-sharing management method, equipment and storage medium
CN109376519B (en) * 2018-10-24 2021-01-08 维沃移动通信有限公司 Fingerprint unlocking method and terminal equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150149491A1 (en) * 2007-01-05 2015-05-28 Digital Doors, Inc. Information Infrastructure Management Data Processing Tools With Tags, Configurable Filters and Output Functions
CN101364884A (en) * 2007-08-10 2009-02-11 华为技术有限公司 Method and device for sending multimedia broadcast and multicast service data packets
US20140082633A1 (en) * 2007-10-23 2014-03-20 Adobe Systems Incorporated Take and share indicator
CN101742415A (en) * 2008-11-25 2010-06-16 中兴通讯股份有限公司 Method for supporting multimedia broadcast/multicast service (MBMS) under shared network architecture
CN111066306A (en) * 2018-03-27 2020-04-24 华为技术有限公司 Method for sharing data in local area network and electronic equipment
CN110535627A (en) * 2019-08-07 2019-12-03 中国联合网络通信集团有限公司 A kind of data query method and block platform chain
CN111556479A (en) * 2020-04-24 2020-08-18 Oppo(重庆)智能科技有限公司 Information sharing method and related device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
乔蕊;曹琰;王清贤;: "基于联盟链的物联网动态数据溯源机制", 软件学报, no. 06, 27 March 2019 (2019-03-27), pages 44 - 61 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115037768A (en) * 2022-06-27 2022-09-09 京东方科技集团股份有限公司 Data processing method and related equipment
CN115037768B (en) * 2022-06-27 2024-10-11 京东方科技集团股份有限公司 Data processing method and related equipment
CN116248960A (en) * 2022-12-07 2023-06-09 深圳创维-Rgb电子有限公司 Authentication method, device, electronic equipment and storage medium for content sharing
WO2024221448A1 (en) * 2023-04-28 2024-10-31 华为技术有限公司 Function implementation method and apparatus, device, system, and readable storage medium

Also Published As

Publication number Publication date
WO2022089599A1 (en) 2022-05-05
CN114510178B (en) 2025-03-04

Similar Documents

Publication Publication Date Title
US12323807B2 (en) Method for mutual recognition or mutual trust between bluetooth devices
EP3657370B1 (en) Methods and devices for authenticating smart card
RU2646390C1 (en) Method and device of binding device
US10810811B2 (en) Electronic device and method for managing electronic key thereof
RU2553102C2 (en) Device communication
CN114510178B (en) A shared data distribution method and electronic device
WO2020047710A1 (en) Login method, token sending method, and device
WO2020124579A1 (en) Method for verifying user identity, and electronic device
CN113259301A (en) Account data sharing method and electronic equipment
CN115174043B (en) Device sharing method and electronic device
WO2020047868A1 (en) Business processing method and device
US11888852B2 (en) Access management system and access management method
CN104618330A (en) Business processing method and device and terminal
US20240095329A1 (en) Cross-Device Authentication Method and Electronic Device
CN112585042B (en) Vehicle control method, communication device, and computer-readable storage medium
CN104967511A (en) Processing method for enciphered data, and apparatus thereof
CN114238900A (en) Data transmission method and electronic equipment
CN113645024B (en) Key distribution method, system, device and readable storage medium and chip
CN108600238B (en) Method, apparatus and system for transferring card data
CN114117461B (en) Data protection method, electronic device and storage medium
US20230401300A1 (en) Data transmission method and electronic device
CN115033864A (en) Identity verification method and system and electronic equipment
WO2022165939A1 (en) Cross-device authentication method and electronic devices
CN118629119A (en) A method for unlocking a smart door lock, a mobile terminal and a computer-readable storage medium
CN113556734B (en) Authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant