CN117478785A - Methods, devices, storage media and electronic devices for exiting child mode - Google Patents

Abstract

This application discloses a method for exiting the child mode, which is applied to a first electronic device. The method includes: receiving request information to exit the child mode, which is a working mode of the first electronic device suitable for children; based on the request information, The second electronic device sends inquiry information, and the inquiry information is used to ask the user whether to agree to exit the child mode; receives feedback information from the second electronic device, the feedback information includes agreeing to exit the child mode or disagreeing to exit the child mode; if the feedback information is agree to exit the child mode, mode, the first electronic device exits the child mode. The embodiments of the present application improve the effect of restricting children's use of electronic devices through the child mode.

Description

Methods, devices, storage media and electronic devices for exiting child mode

Technical field

The present application belongs to the field of electronic technology, and in particular relates to a method, device, storage medium and electronic equipment for exiting child mode.

Background technique

With the development of technology, electronic devices such as smartphones are becoming more and more functional. More and more users, including children, are beginning to be exposed to smartphones. Children's physical and mental development is not yet mature. In order to make electronic devices adapt to the needs of children's physical and mental development, Therefore, a child mode that is different from the normal mode has been developed in electronic devices. Parents can pre-set the range of applications that children can access in the child mode, the duration of use, etc., thereby imposing certain restrictions on children's use of electronic devices. In related technologies, You can exit the children's mode by entering a password. Since many children know the password, they can easily exit the children's mode without their parents' knowledge. Therefore, the children's mode is less effective in restricting children's use of electronic devices.

Contents of the invention

Embodiments of the present application provide a method, device, storage medium, and electronic device for exiting the child mode. Children cannot easily exit the child mode on their own, thereby improving the restriction effect of the child mode on children's use of electronic devices.

In a first aspect, embodiments of the present application provide a method for exiting child mode, which is applied to a first electronic device. The method includes:

Receive request information to exit the child mode, where the child mode is an operating mode of the first electronic device suitable for use by children;

Based on the request information, send inquiry information to the second electronic device, where the inquiry information is used to ask the user whether to agree to exit the child mode;

Receive feedback information from the second electronic device, the feedback information including consent to exit the child mode or disagreement to exit the child mode;

If the feedback information indicates consent to exit the child mode, the first electronic device exits the child mode.

In a second aspect, embodiments of the present application provide a method for exiting child mode, which is applied to a second electronic device. The method includes:

Receive inquiry information sent by the first electronic device, the inquiry information being used to ask the user whether he agrees with the first electronic device to exit the child mode;

Based on the query information, obtain feedback information from the user, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

Send the feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode.

In a third aspect, embodiments of the present application also provide a device for exiting child mode, which is applied to a first electronic device. The device includes:

A first receiving module configured to receive request information to exit the child mode, where the child mode is a working mode of the first electronic device suitable for use by children;

A first sending module, configured to send inquiry information to the second electronic device based on the request information, where the inquiry information is used to ask the user whether to agree to exit the child mode;

a second receiving module, configured to receive feedback information from the second electronic device, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

An exit module, configured to exit the child mode if the feedback information indicates consent to exit the child mode.

In a fourth aspect, embodiments of the present application also provide a device for exiting child mode, which is applied to a second electronic device. The device includes:

A third receiving module, configured to receive inquiry information sent by the first electronic device, where the inquiry information is used to inquire whether the user agrees with the first electronic device to exit the child mode;

An acquisition module, configured to obtain feedback information from the user based on the query information, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

A sending module, configured to send the feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode.

In a fifth aspect, embodiments of the present application also provide a computer-readable storage medium on which a computer program is stored. When the computer program is run on a computer, the computer is caused to execute the method provided by any embodiment of the present application. Ways to exit Kids Mode or ways to exit Kids Mode.

In a sixth aspect, embodiments of the present application further provide an electronic device, including a processor and a memory. The memory has a computer program. The processor invokes the computer program to execute as provided in any embodiment of the present application. The method for exiting the child mode or the method for exiting the child mode provided by any embodiment.

In a seventh aspect, an embodiment of the present application provides a system for exiting the child mode, including a first electronic device and a second electronic device. The first electronic device includes the device for exiting the child mode described in the third aspect; the second electronic device The electronic device includes the device for exiting the child mode described in the fourth aspect.

In the embodiment of this application, the first electronic device used by the child is in the child mode. When the child needs to exit the child mode, he cannot exit the child mode by operating the first electronic device, such as entering a password. Instead, he will ask the parent to set the password. The second electronic device sends an inquiry message. Under normal circumstances, the parent holds the second electronic device. Therefore, first of all, the parent can be informed of the event that the child wants to exit the child mode. Secondly, the parent can determine whether to agree to exit the child mode. If the parent agrees to exit, child mode, the second electronic device can be controlled to return feedback information agreeing to exit the child mode to the first electronic device. The first electronic device receives the feedback information agreeing to exit the child mode, then exits the child mode, and the first electronic device works normally. mode, if the parent does not agree to exit the child mode, the second electronic device can be controlled to return feedback information that does not agree to exit the child mode to the first electronic device. The first electronic device will keep working after receiving the feedback information that it does not agree to exit the child mode. In the child mode; or if the parent does not agree to exit the child mode, feedback information does not need to be returned. Then the first electronic device does not receive the feedback information agreeing to exit the child mode and will continue to work in the child mode. Therefore, by adopting the method of exiting the child mode in the embodiment of the present application, the children will not easily exit the child mode without the parents' knowledge, thus preventing the children from performing inappropriate operations or using too much after exiting the child mode. time, so as to ensure the effect of restricting children's use of electronic devices through children's mode.

Description of the drawings

The technical solutions and beneficial effects of the present application will be apparent through a detailed description of the specific embodiments of the present application in conjunction with the accompanying drawings.

Figure 1 is a schematic flowchart of a first method for exiting the child mode provided by an embodiment of the present application.

Figure 2 is a schematic diagram of a scenario of a method for exiting the child mode provided by an embodiment of the present application.

FIG. 3 is a second flowchart of a method for exiting child mode provided by an embodiment of the present application.

FIG. 4 is a third flowchart of a method for exiting child mode provided by an embodiment of the present application.

FIG. 5 is a first structural schematic diagram of a device for exiting child mode provided by an embodiment of the present application.

FIG. 6 is a second structural schematic diagram of a device for exiting child mode provided by an embodiment of the present application.

FIG. 7 is a first structural schematic diagram of an electronic device provided by an embodiment of the present application.

FIG. 8 is a second structural schematic diagram of an electronic device provided by an embodiment of the present application.

Detailed ways

Please refer to the figures, in which the same component symbols represent the same components, and the principles of the present application are exemplified by implementation in a suitable computing environment. The following description is based on the illustrated specific embodiments of the present application, and should not be regarded as limiting other specific embodiments of the present application that are not described in detail here.

Please refer to FIG. 1 , which is a schematic flowchart of a first method for exiting the child mode provided by an embodiment of the present application. An embodiment of the present application provides a method for exiting the child mode, which is applied to a first electronic device. The method for exiting the child mode may include the following steps:

In 101, a request message to exit the child mode is received. The child mode is a working mode of the first electronic device suitable for use by children;

In 102, based on the request information, send query information to the second electronic device, where the query information is used to ask the user whether to agree to exit the child mode;

In 103, feedback information from the second electronic device is received, and the feedback information includes consent to exit the child mode or disagreement to exit the child mode;

In 104, if the feedback information indicates consent to exit the child mode, the first electronic device exits the child mode.

With the development of technology, electronic devices such as smartphones are becoming more and more functional. More and more users, including children, are beginning to be exposed to smartphones. Children's physical and mental development is not yet mature. In order to make electronic devices adapt to the needs of children's physical and mental development, Therefore, a child mode that is different from the normal mode has been developed in electronic devices. Parents can pre-set the range of applications that children can access in child mode, the duration of use, etc., thereby imposing certain restrictions on children's use of electronic devices. For example, in child mode, children can use applications that parents have preset to allow access to perform operations suitable for children, such as watching videos, listening to audio, viewing photos, playing games, reading, etc., but they cannot use applications that parents have restricted access to, such as Online shopping applications, chat software, email applications, work software, etc., so that in children's mode, electronic devices can not only meet the appropriate needs of children, but also prevent children from performing inappropriate operations, such as paying for purchases, accidentally deleting or changing data Wait for operations.

In related technologies, when parents initialize settings for the child mode, they generally need to set a password. The password can be the lock screen password of the electronic device, or it can be a specially set password. In the future, the child mode can be exited by entering the password each time. Since many children know the password and can easily exit the children's mode without their parents' knowledge, the child mode is less effective in restricting children's use of electronic devices.

The embodiment of the present application discloses an innovative method for exiting the child mode. When initializing the setting of the child mode, parents can choose to use a second electronic device to assist in confirming whether to exit the child mode. The second electronic device can be different from the first electronic device. The other electronic device, the first electronic device and the second electronic device may be, for example, a smartphone, a smart watch, a tablet computer, a handheld computer, a notebook computer, or a desktop computer and other electronic devices. The embodiments of the present application do not limit the first electronic device and the second electronic device. The first electronic device and the second electronic device only need to have capabilities in chip secure storage, system security features, etc., wherein the first electronic device and the second electronic device The two electronic devices may be of the same type of equipment or of different types of equipment.

Specifically, the first electronic device is currently running in the child mode. When the first electronic device receives the request information to exit the child mode, it will send inquiry information to the second electronic device based on the request information. The inquiry information is used to ask the user whether to agree to exit. Child mode; after receiving the inquiry information, the second electronic device sends feedback information to the first electronic device based on the inquiry information, and the feedback information includes agreeing to exit the child mode or disagreeing to exit the child mode; the first electronic device receives the feedback information, if If the feedback information indicates that the user agrees to exit the child mode, the first electronic device exits the child mode; if the feedback information indicates that the user disagrees with the child mode exit, the first electronic device continues to work in the child mode.

For example, please refer to Figure 2. Figure 2 is a schematic diagram of a scenario for exiting the child mode provided by an embodiment of the present application. The first electronic device can be a smartphone, the second electronic device can be a smart watch, and the parent can On the mobile phone’s settings page, pre-set the applications that children are allowed to access and the time that children are allowed to use when the smartphone is in child mode. The way to exit child mode is to confirm through the smart watch, that is, confirm whether you agree to the smart watch through the smart watch. The mobile phone exits child mode and establishes a communication connection between the smartphone and the smart watch. For example, a Bluetooth connection can be established between the smartphone and the smart watch and Bluetooth binding can be performed, so that both parties can communicate.

When a child uses a smartphone, switch the smartphone to work in child mode. The child can use the apps that are allowed to be accessed within the time that the parents have preset to allow use. When the time that is allowed to use ends or the child needs to access the apps that are not allowed, When a child operates a smartphone and wants to exit the child mode, and the smartphone receives the request message to exit the child mode, the smartphone can send a query message to the smart watch, and the query message is used to ask the user whether he agrees to exit the child mode. For example, a child is using a smartphone and a parent is wearing a smart watch. When the smart watch receives the inquiry information, the smart watch can display an inquiry interface to the user based on the inquiry information. Parents can use the inquiry interface to find out whether the current child wants to exit child mode. Click on the inquiry interface to choose to agree to the smartphone exiting the child mode or to disagree with the smartphone exiting the child mode. Specifically, if the parent agrees to exit the child mode, the parent will send feedback information agreeing to exit the child mode to the smartphone through the smart watch. When the smartphone receives feedback information agreeing to exit the child mode, it exits the child mode and the smartphone works in the normal mode; if the parent does not agree to exit the child mode, the smart watch sends feedback information not agreeing to exit the child mode to the smartphone, and the smart phone If the mobile phone receives the feedback message that it does not agree to exit the child mode, it will continue to work in the child mode. Therefore, unless the child also obtains a smart watch at the same time, the child cannot exit the child mode without the parent's knowledge, thus preventing the child from performing inappropriate operations or using the watch for too long after exiting the child mode. It should be noted that when the smart watch receives the query information, it can also ask the user through voice or other methods whether the user agrees to the smartphone exiting the child mode. Parents can also feedback through voice whether they agree to exit the child mode. The embodiment of this application is This is not limited.

Therefore, in the embodiment of the present application, the first electronic device used by the child is in the child mode. When the child needs to exit the child mode, he cannot exit the child mode by operating the first electronic device, such as entering a password. Instead, he will ask the parent to set the child mode. The second electronic device sends inquiry information. Under normal circumstances, the parent holds the second electronic device. Therefore, first of all, the parent can be informed of the event that the child wants to exit the child mode. Secondly, the parent can determine whether to agree to exit the child mode. If the parent agrees, To exit the child mode, the second electronic device can be controlled to return feedback information agreeing to exit the child mode to the first electronic device. The first electronic device receives the feedback information agreeing to exit the child mode, then exits the child mode, and the first electronic device works in In normal mode, if the parent does not agree to exit the child mode, the second electronic device can be controlled to return feedback information to the first electronic device indicating that the parent does not agree to exit the child mode. When the first electronic device receives feedback information indicating that the parent does not agree to exit the child mode, it will remain in normal mode. Work in the child mode; or if the parents do not agree to exit the child mode, they do not need to return feedback information. Then the first electronic device does not receive the feedback information agreeing to exit the child mode and will continue to work in the child mode. Therefore, by adopting the method of exiting the child mode in the embodiment of the present application, the children will not easily exit the child mode without the parents' knowledge, thus preventing the children from performing inappropriate operations or using too much after exiting the child mode. time, so as to ensure the effect of restricting children's use of electronic devices through children's mode.

Please refer to FIG. 3 , which is a second schematic flowchart of a method for exiting the child mode provided by an embodiment of the present application. Applied to first electronic equipment. The method may include the following steps:

In 201, the first electronic device establishes a communication connection with the second electronic device.

In one implementation, the parent can pre-set the method for the first electronic device to exit the child mode on the setting page of the first electronic device to allow the second electronic device to assist in confirming whether to exit the child mode. By selecting this method, when a child needs to exit the child mode of the first electronic device, he cannot exit the child mode just by operating the first electronic device, but needs to communicate with the second electronic device, and the second electronic device assists in confirming whether to exit the child mode. model.

For example, the first electronic device and the second electronic device can perform Bluetooth binding, so that the first electronic device and the second electronic device can quickly establish a Bluetooth connection. For example, parents can set on the settings page of the first electronic device to allow the second electronic device to assist in confirming whether to exit the child mode. The second electronic device can be loaded with corresponding application software, and the user can turn on the assistive confirmation through the application software. Whether the electronic device exits the child mode function.

In 202, generate a first random number, and generate a first temporary private key and a corresponding first temporary public key;

In 203, send the first random number and the first temporary public key to the second electronic device;

In 204, receive the second random number and the second temporary public key generated by the second electronic device;

In 205, a first shared secret value is generated based on the first temporary private key and the second temporary public key, and the first shared secret value is shared with a second shared secret value generated by the second electronic device based on the second temporary private key and the first temporary public key. The secret values are the same;

In 206, a symmetric session key is generated based on the first shared secret value, the first random number, and the second random number.

After the first electronic device and the second electronic device establish a communication connection, in order to establish a secure channel between the first electronic device and the second electronic device and prevent the transmitted information from being attacked, the first electronic device and the second electronic device use ECDHE -ECDSA algorithm generates symmetric session keys. The symmetric session key is used to encrypt and decrypt the information transmitted by both parties, thereby improving the security of the method for exiting the child mode in the embodiment of the present application.

Specifically, the first electronic device runs in the child mode. Every time the first electronic device receives a request to exit the child mode and needs to communicate with the second electronic device to transfer information, it will generate a first random number, and Generate the first temporary private key and the corresponding first temporary public key, and then send the first random number and the first temporary public key to the second electronic device; the second electronic device will also generate a second random number, and generate a third two temporary private keys and corresponding second temporary public keys, and then send the second random number and the second temporary public key to the first electronic device. Then the first electronic device will generate a first shared secret value based on the first temporary private key and the second temporary public key, and the second electronic device will generate a second shared secret value based on the second temporary private key and the first temporary public key, Among them, the first shared secret value and the second shared secret value. The first electronic device and the second electronic device generate a symmetric session key based on the first shared secret value, the first random number, and the second random number. Since every time the first electronic device receives the request information to exit the child mode and assists in confirming whether to exit the child mode through the second electronic device, the first electronic device and the second electronic device will temporarily generate a random number and generate a random number respectively. Perform key negotiation and derive a symmetric session key for the temporary public and private key pair, and encrypt and decrypt the transmitted information through the symmetric session key. That is, each time the child mode is exited, the first electronic device and the second electronic device will Generate a new symmetric session key to encrypt and decrypt the information transmitted this time, which can improve the security of information transmission and prevent information replay attacks, even if the attacker intercepts the previously encrypted feedback information and transmits it to the first The electronic device, the first electronic device cannot use the current symmetric session key to decrypt, and cannot deceive the first electronic device to exit the child mode.

In one implementation, each time the child mode is exited, the first electronic device and the second electronic device will transmit data for key agreement, in order to ensure that the first electronic device receives the correct and untampered key of the second electronic device. The second random number, the second temporary public key, and the first electronic device can safely send a random number and the first temporary public key to the second electronic device. Therefore, in the embodiment of the present application, the transmitted key agreement data will be Signature protection.

Specifically, the first electronic device includes a first long-term private key and a corresponding first long-term public key. If the first electronic device and the second electronic device generate a symmetric session key for the first time, the first long-term private key is used to convert the first electronic device to the second electronic device. Sign the first identification information, the first temporary public key, the first random number, and the first long-term public key of the electronic device to obtain the first signature value; combine the first identification information, the first temporary public key, the first random number, The first long-term public key and the first signature value are sent to the second electronic device, so that after the second electronic device passes the verification of the first signature value through the first long-term public key, it confirms receipt of the correct first identification information and the first signature value. A temporary public key, a first random number and a first long-term public key, and associate and save the first long-term public key with the first identification information; if the first electronic device and the second electronic device generate symmetry for the second and subsequent times session key, then use the first long-term private key to sign the first identification information, the first temporary public key, and the first random number of the first electronic device to obtain the second signature value; use the first identification information, the first temporary The public key, the first random number and the second signature value are sent to the second electronic device, so that the second electronic device obtains the first long-term public key according to the received first identification information, and signs the second signature through the first long-term public key After the value is verified and passed, it is confirmed that the correct first temporary public key and first random number of the first electronic device have been received.

In one implementation, if the first electronic device and the second electronic device generate a symmetric session key for the first time, the second electronic device receives the second identification information, the second temporary public key, and the second electronic device sent by the second electronic device. two random numbers, a second long-term public key and a third signature value. The third signature value is the second identification information, the second temporary public key, the second random number, the second long-term private key used by the second electronic device through the second long-term private key. The public key is obtained for signature; after the third signature value is verified through the second long-term public key, it is determined that the correct second identification information, the second temporary public key, the second random number and the second long-term public key are received. And associate and save the second long-term public key and the second identification information; if the first electronic device and the second electronic device generate a symmetric session key for the second time and later, receive the second electronic device's key sent by the second electronic device. The second identification information, the second temporary public key, the second random number and the fourth signature value. The fourth signature value is the second identification information, the second temporary public key, the second signature value that the second electronic device uses through the second long-term private key. The random number is obtained by signing; after the fourth signature value is verified through the second long-term public key, it is determined that the correct second identification information, the second temporary public key and the second random number have been received.

For example, the first electronic device is a smart phone, and the smart phone includes identification information such as ID_A. The smart phone also includes a pair of long-term public and private keys. For example, the first long-term private key of the smart phone is phoneLTSK, and the first long-term private key is phoneLTSK. The public key is phoneLTPK. The second electronic device is, for example, a smart watch. The smart watch also includes identification information, such as ID_B. The smart watch also includes a long-term public and private key pair. For example, the second long-term private key of the smart watch is watchLTSK. The second The long-term public key is watchLTPK.

On the one hand, if the smart phone and the smart phone are initialized and bound for the first time, for example, after the parent sets up the smart watch to allow the smart watch to assist in confirming whether to exit the child mode, the smart phone receives the request information to exit the child mode for the first time. , when the smartphone and the smartwatch perform key negotiation for the first time to generate a symmetric key, the smartphone generates the first random number RA_1, and generates the first temporary private key phoneSTSK_1 and the corresponding first temporary public key phoneSTPK_1, through phoneLTSK Sign {ID_A, phoneSTPK_1, RA_1, phoneLTPK} to obtain the first signature value Sig_phone_1, and send {ID_A, phoneSTPK_1, RA_1, phoneLTPK, Sig_phone_1} to the smart watch. The smart watch receives {ID_A, phoneSTPK_1 sent by the smart phone. , RA_1, phoneLTPK, Sig_phone_1}, the integrity check of Sig_phone_1 will be performed through the received phoneLTPK. If the verification passes, it means that the {ID_A, phoneSTPK_1, RA_1, phoneLTPK} received this time has not been tampered with, is correct and reliable data, and associate and save ID_A with phoneLTPK.

If the smartphone and the smartwatch generate a symmetric session key for the second time and thereafter, that is, it is not the first time that the smartphone and the smartwatch perform key negotiation, but they have already performed key negotiation before. Likewise, the smartphone will generate the key again. Another first random number RA_2, and generate another first temporary private key phoneSTSK_2 and the corresponding first temporary public key phoneSTPK_2. The smartphone signs {ID_A, phoneSTPK_2, RA_2} through phoneLTSK to obtain the second signature value Sig_phone_2, And send {ID_A, phoneSTPK_2, RA_2, Sig_phone_2} to the smart watch. It should be noted that since the smart watch has already saved the ID_A of the smart phone and the corresponding phoneLTPK, the smart phone will no longer The phoneLTPK needs to be sent to the smart watch. The smart watch only needs to obtain the corresponding phoneLTPK through the received ID_A, and then perform integrity verification on Sig_phone_2 through the obtained phoneLTPK. If the verification passes, it means that the {ID_A received by the smart watch this time , phoneSTPK_2, RA_2} are correct and reliable data that have not been tampered with.

On the other hand, if the smart phone and the smart watch perform key negotiation for the first time and generate a symmetric key, the smart watch will also generate the second random number RB_1, and generate the second temporary private key watchSTSK_1 and the corresponding second temporary public key. key watchSTPK_1, sign {ID_B, watchSTPK_1, RB_1, watchLTPK} through watchLTSK to obtain the third signature value Sig_watch_1, and send {ID_B, watchSTPK_1, RB_1, watchLTPK, Sig_watch_1} to the smartphone, so the smartphone can receive the smart phone {ID_B, watchSTPK_1, RB_1, watchLTPK, Sig_watch_1} sent by the watch, the smartphone can perform integrity verification on Sig_watch_1 through the received watchLTPK. If the verification passes, it means that the {ID_B, watchSTPK_1, RB_1, watchLTPK received this time } is untampered, correct and reliable data, and associates and saves ID_B and watchLTPK.

If the smartphone and the smart watch generate a symmetric session key for the second time and thereafter, that is, the smartphone and the smart watch do not perform key negotiation for the first time, but have already performed key negotiation before. Similarly, the smart watch will also perform key negotiation again. Generate another second random number RB_2, and generate another second temporary private key watchSTSK_2 and the corresponding second temporary public key watchSTPK_2. The smart watch signs {ID_B, watchSTPK_2, RB_2} through watchLTSK to obtain the second signature value Sig_watch_2 , and sends {ID_B, watchSTPK_2, RB_2, Sig_watch_2} to the smart watch. It should be noted that since the smart watch’s ID_B and the corresponding watchLTPK are saved in the smart phone, the smart phone will not Then the watchLTPK needs to be sent to the smart watch. The smart watch only needs to obtain the corresponding watchLTPK through the received ID_B, and then perform integrity verification on Sig_watch_2 through the obtained watchLTPK. If the verification passes, it means that the {ID_B, watchSTPK_2, RB_2} are correct and reliable data that have not been tampered with.

Therefore, when the smartphone and smartwatch first generate a symmetric session key, the smartwatch determines that it has received the correct {ID_B, watchSTPK_1, RB_1, watchLTPK}, and the smartwatch determines that it has received the correct {ID_A, phoneSTPK_1, RA_1, phoneLTPK}, then the smartphone can generate the first shared secret value based on its own phoneSTSK_1 and the smartwatch's watchSTPK_1; the smartwatch can generate the second shared secret value based on its own watchSTSK_1 and the smartphone's phoneSTPK_1. When the smartphone and the smartwatch generate a symmetric session key for the second and subsequent times, based on the smartphone determining to receive the correct {ID_B, watchSTPK_2, RB_2} and the smartwatch determining to receiving the correct {ID_A, phoneSTPK_2, RA_2}, then The smart phone can generate the first shared secret value based on its own phoneSTSK_2 and the watchSTPK_2 on the smart watch side; the smart watch can generate the second shared secret value based on its own watchSTSK_2 and the phoneSTPK_2 on the smart phone side, where the first shared secret value and the second shared secret value The values are the same, so that the smart phone and the smart watch can generate a symmetric session key based on the first shared secret value (the second shared secret value), the first random number, and the second random number, and the communication data transmitted through the symmetric session key pair Encrypt and decrypt to ensure the security of transmitted information. Moreover, in the embodiment of the present application, a secure channel can be established between the smart phone and the smart watch. By associating and storing the identification information of the peer with the corresponding long-term key, each time a request is made to exit the child mode, the corresponding long-term key is used. Perform signature verification and bidirectionally verify the peer's identity information to prevent identity spoofing attacks from malicious devices.

In one implementation, when the first electronic device and the second electronic device generate a symmetric session key for the first time, in order to further ensure the security of the first electronic device, the first long-term public key is sent to the second electronic device. The electronic device may also include a first ECC public key certificate, and the first ECC public key certificate includes the first long-term public key. That is, the first electronic device may directly send the first long-term public key to the second electronic device, or it may The first long-term public key is sent to the second electronic device in the form of the first ECC public key certificate, wherein the first long-term public key is sent to the second electronic device in the form of the first ECC public key certificate, so that the second electronic device receives the first ECC When issuing a public key certificate, the first ECC public key certificate can be verified through the industry standard verification process to prove that the current first ECC public key certificate was issued from a legal source, such as a legal outlet, and not from an illegal one. The source of the certificate can assist in verifying that the first long-term public key in the first ECC public key certificate has not been tampered with.

Similarly, the second electronic device may also include a second ECC public key certificate, and the second ECC public key certificate may include a second long-term public key. That is, the second electronic device may directly send the second long-term public key to the first The electronic device can also send the second long-term public key to the first electronic device in the form of a second ECC public key certificate. When the first electronic device receives the second ECC public key certificate, it can pass the industry standard verification process. Verify the second ECC public key certificate to prove that the current second ECC public key certificate was issued from a legal source, such as a legal outlet, and not from an illegal source, which can assist in verifying the content of the second ECC public key certificate. The second long-term public key is untampered with.

Specifically, on the one hand, if the first electronic device and the second electronic device generate a symmetric session key for the first time, the first identification information of the first electronic device, the first temporary public key, the first Sign the random number and the first ECC public key certificate to obtain the first signature value; combine the first identification information of the first electronic device, the first temporary public key, the first random number, the first ECC public key certificate and the first signature. The value is sent to the second electronic device, so that the second electronic device verifies that the first ECC public key certificate is valid, and after the integrity check of the first signature value passes through the first long-term public key in the first ECC public key certificate, Determine that the received first identification information, first temporary public key, first random number and first ECC public key certificate are correct, and associate and save the first ECC public key certificate and the first identification information. If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the first identification information of the first electronic device, the first temporary public key, and the first random number are processed through the first long-term private key. Sign to obtain the second signature value; send the first identification information, the first temporary public key, the first random number and the second signature value of the first electronic device to the second electronic device, so that the second electronic device can obtain the second signature value according to the received signature. The first identification information obtains the first ECC public key certificate, and after the integrity check of the second signature value passes through the first long-term public key in the first ECC public key certificate, it is determined that the correct first electronic device has been received. The first temporary public key and the first random number.

On the other hand, if the first electronic device and the second electronic device generate a symmetric session key for the first time, receive the second identification information, the second temporary public key, and the second random number of the second electronic device sent by the second electronic device. , the second ECC public key certificate and the third signature value. The third signature value is the second identification information, the second temporary public key, the second random number, and the second ECC public key that the second electronic device uses through the second long-term private key. The certificate is obtained by signing; by verifying that the second ECC public key certificate is valid and verifying the third signature value through the second long-term public key, it is determined that the correct second identification information, the second temporary public key, and the third signature value have been received. 2 random numbers and the second ECC public key certificate, and associate and save the second ECC public key certificate and the second identification information; if the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, Receive the second identification information, the second temporary public key, the second random number and the fourth signature value sent by the second electronic device. The fourth signature value is the second identification information, the second signature value sent by the second electronic device through the second long-term private key. The second temporary public key and the second random number are obtained by signing; the second ECC public key certificate is obtained according to the received second identification information, and the fourth signature value is processed through the second long-term public key in the second ECC public key certificate. After the integrity check passes, it is determined that the correct second identification information, the second temporary public key, and the second random number have been received.

It should be noted that in the embodiment of this application, the first long-term public key of the first electronic device and the second long-term public key of the second electronic device can also be transferred using other types of certificates, for example, they can also be ESA certificates, then it can The ECDHE-RSA algorithm is used for key negotiation. If the first long-term public key of the first electronic device and the second long-term public key of the second electronic device do not use certificate transmission, the long-term public keys of both exchange parties can also be randomly generated during the initialization phase. When it is necessary to generate a symmetric session key, The ECDHE-ECDSA algorithm can be used for key negotiation.

In one implementation, when the first electronic device generates a symmetric session key with the second electronic device based on the ECDHE-ECDSA algorithm, the first electronic device may also send the corresponding first time information to the second electronic device, so that The second electronic device can determine whether the currently received data is valid based on the first time information; and/or the second electronic device can also send the corresponding second time information to the first electronic device, so that the first electronic device can Determine whether the currently received data is valid based on the second time information.

Specifically, the first random number, the first time information, and the first temporary public key are sent to the second electronic device, so that the second electronic device determines that if the first time information is within the preset time range, then based on the second temporary The second shared secret value generated by the private key and the first temporary public key; and/or receiving the second random number, the second time information, and the second temporary public key generated by the second electronic device; if the second time information is in the preset Within the time range, a first shared secret value is generated based on the first temporary private key and the second temporary public key.

It can be understood that when the first electronic device receives the request information to exit the child mode, the first electronic device will promptly perform key negotiation with the second electronic device. Therefore, the second electronic device receives the key negotiation information for key negotiation. Data, such as the first random number and the first temporary public key, the corresponding first time information should be within a reasonable time difference range from the current time information, that is, within the preset time range. If the first time information is different from the current time information, If the current time information gap is too large, the second electronic device may consider that the currently received data is unreasonable key negotiation data, so the second electronic device will not generate the third temporary private key based on the second temporary private key and the first temporary public key. The two share the secret value, so that a symmetric session key will not be generated; similarly, when the second electronic device receives the data used for key negotiation sent by the first electronic device, it will also return its own data used for key negotiation in a timely manner. to the first electronic device, so the first electronic device receives the data used for key negotiation such as the second random number and the second temporary public key, and its corresponding second time information should also be in a reasonable position with the current time information. Within the time difference range, that is, within the preset time range, if the difference between the second time information and the current time information is too large, the first electronic device may also consider that the currently received data is unreasonable key negotiation data, so the first electronic device may An electronic device will not generate a first shared secret value based on the first temporary private key and the second temporary public key, and thus will not generate a symmetric session key. Therefore, the embodiment of the present application can prevent an attacker from intercepting the previous key negotiation data and then sending it again after a period of time, deceiving the first electronic device and the second electronic device to generate a symmetric session key to encrypt and decrypt the communication information, and avoid replay attacks. , to improve the security of this application’s method of exiting child mode.

For example, the first time information and the second time information may also be timestamp information. It can be understood that each time the first electronic device receives the data used for key negotiation sent by the second electronic device, the corresponding time The stamp information is incremental. If the first electronic device receives the timestamp information of the data used for key negotiation by the second electronic device and goes backwards, then the first electronic device can consider that the time stamp information used for key negotiation received this time. The data is invalid and unreasonable. In the same way, every time the second electronic device receives the data used for key negotiation sent by the first electronic device, its corresponding timestamp information is also incremented. If the second electronic device receives the data used by the first electronic device for key negotiation, If the timestamp information of the key negotiation data is regressed, the second electronic device may also consider that the data used for key negotiation received this time is invalid and unreasonable. Thus, replay attacks are avoided and the first electronic device cannot be tricked into exiting the child mode.

In one implementation, when the first electronic device and the second electronic device send data for key negotiation to each other based on the ECDHE-ECDSA algorithm, they can also send some other required data, for example, they can send some required business level data. Information at the business level is, for example, developer log information, etc., which is not limited in the embodiments of this application.

In 207, the query information is encrypted using the symmetric session key to obtain encrypted query information, and the encrypted query information is sent to the second electronic device;

In 208, receive the encrypted feedback information sent by the second electronic device. The encrypted feedback information is obtained by the second electronic device encrypting the feedback information using the symmetric session key;

In 209, the encrypted feedback information is decrypted using the symmetric session key to obtain the feedback information;

In 210, if the feedback information is consent to exit the child mode, the first electronic device exits the child mode.

The first electronic device and the second electronic device perform key negotiation based on the ECDHE-ECDSA algorithm. After generating a symmetric session key, the query information can be encrypted using the session key, and the encrypted query information can be sent to the second electronic device. The second electronic device can use the session key to decrypt the encrypted query information. When the second electronic device returns feedback information to the first electronic device, it can also encrypt the feedback information using the session key. The first electronic device uses the session key to decrypt the encrypted query information. The key decrypts the encrypted feedback information, thereby determining whether the first electronic device exits the child mode based on the decrypted feedback information. If the feedback information indicates consent to exit the child mode, the first electronic device exits the child mode and enters the normal mode. If the feedback information indicates that the user does not agree to exit the child mode, the first electronic device does not exit the child mode. The first electronic device and the second electronic device encrypt and transmit the information transmitted between them by using the session key, thereby reducing the possibility of information leakage during transmission. Even if the attacker obtains the encrypted communication information, such as The inquiry request or encrypted feedback information cannot be obtained without the session key, nor can the inquiry request or feedback information be maliciously tampered with, thereby improving the security of information transmission.

In one implementation, parents can also set the method of exiting the child mode on the settings page of the smartphone as: unlocking through fingerprints, and the parent's fingerprint must be entered to exit the child mode, so that children cannot bypass the parent by entering a key. Exiting the child mode will also increase the restriction effect of the child mode. In the embodiment of the present application, the first electronic device may provide multiple methods for exiting the child mode. For example, the settings page of the first electronic device may display methods for exiting the child mode including: entering a password to exit, entering a fingerprint to exit, and exiting through the second electronic device. Device-assisted confirmation and exit methods provide parents with flexible choices or combinations of choices.

Please refer to FIG. 4 , which is a third flowchart of a method for exiting the child mode provided by an embodiment of the present application. Applied to the second electronic device. This can include the following steps:

In 301, receive inquiry information sent by the first electronic device. The inquiry information is used to ask the user whether to agree to the first electronic device exiting the child mode;

In 302, based on the inquiry information, the user's feedback information is obtained, and the feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

In 303, feedback information is sent to the first electronic device so that the first electronic device exits or does not exit the child mode.

When initializing the child mode settings of the first electronic device, parents can choose to use the second electronic device to assist in confirming whether to exit the child mode. The second electronic device can be distinguished from another electronic device other than the first electronic device. Specifically, the second electronic device An electronic device is currently running in the child mode. When the first electronic device receives the request information to exit the child mode, it will send inquiry information to the second electronic device based on the request information. The inquiry information is used to ask the user whether to agree to exit the child mode; the third After the second electronic device receives the inquiry information, based on the inquiry information, for example, the inquiry interface can be displayed to the user. Parents can use the inquiry interface to understand that the current child wants to exit the child mode, and click on the inquiry interface to provide feedback and consent to exit the child mode. or does not agree to exit the child mode; for another example, the second electronic device can also ask the user whether to agree to the first electronic device exiting the child mode through voice or other methods, and the parent can also feedback through voice that he agrees to exit the child mode or does not agree to exit the child mode. ; After receiving the feedback information from the user, the second electronic device can send feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode. Specifically, if the first electronic device receives feedback information agreeing to exit the child mode, it will exit the child mode, and the smartphone works in the normal mode. If the first electronic device receives feedback information not agreeing to exit the child mode or does not receive feedback information , then keep working in child mode. Therefore, by adopting the method of exiting the child mode in the embodiment of the present application, the children will not bypass the parents' control and easily exit the child mode without the parents' knowledge, thus preventing the children from performing inappropriate actions after exiting the child mode on their own. operation, or using too much time, thereby ensuring the restriction effect on children's use of electronic devices through the children's mode, improving the completeness of the children's mode exit mechanism, and the method of exiting the children's mode in the embodiment of the present application is very easy to operate. Simple and conducive to improving user experience.

In one implementation, the first electronic device and the second electronic device can perform Bluetooth binding, so that the first electronic device and the second electronic device can automatically and quickly establish a Bluetooth connection. Wherein, the second electronic device can be loaded with corresponding application software, and the user can use the application software to enable a function to assist in confirming whether the first electronic device exits the child mode. For example, the user can also actively initiate a Bluetooth communication connection with the first electronic device through the application software of the second electronic device.

After the first electronic device and the second electronic device establish a communication connection, in order to establish a secure channel between the first electronic device and the second electronic device and prevent the transmitted information from being attacked, the first electronic device and the second electronic device use ECDHE -ECDSA algorithm performs key negotiation to generate symmetric session keys.

Each time the first electronic device requests to exit the child mode, the first electronic device and the second electronic device will generate data for key negotiation. Specifically, the first electronic device generates a first random number and generates a first random number. The temporary private key and the corresponding first temporary public key; the second electronic device generates a second random number, and generates a second temporary private key and the corresponding second temporary public key; the second electronic device receives the message sent by the first electronic device The data used for key negotiation: the first random number, the first temporary public key, and the second electronic device will also send the data used for key negotiation: the second random number, the second temporary public key to the first electronic device. . The first electronic device will generate a first shared secret value based on the first temporary private key and the second temporary public key, and the second electronic device will also generate a second shared secret value based on the second temporary private key and the first temporary public key, Among them, the first shared secret value and the second shared secret value. Both the first electronic device and the second electronic device generate a symmetric session key based on the first shared secret value, the first random number, and the second random number. Each time a request is made to exit the child mode, the first electronic device and the second electronic device will generate a new symmetric session key to encrypt and decrypt the communication information, so that the attacker cannot use the past symmetric session key to encrypt and decrypt the first electronic device. The inquiry information, feedback information, etc. transmitted by the electronic device and the second electronic device based on this request cannot be tampered with during the transmission process. Therefore, the security of the method of exiting the child mode can be improved.

In one implementation, each time the child mode is exited, the first electronic device and the second electronic device will transmit data for key agreement, in order to ensure that the second electronic device receives the correct first electronic device that has not been tampered with. The first random number and the first temporary public key, the second electronic device can safely send the second random number and the second temporary public key to the first electronic device. Therefore, in the embodiment of this application, the transmitted key agreement data will be Signature protection.

Specifically, the second electronic device includes a second long-term private key and a corresponding second long-term public key. If the first electronic device and the second electronic device generate a symmetric session key for the first time, the first electronic device can pass the first The long-term private key signs the first identification information of the first electronic device, the first temporary public key, the first random number, and the first long-term public key to obtain the first signature value, and the first identification information of the first electronic device, The first temporary public key, the first random number, the first long-term public key and the first signature value are sent to the second electronic device. The second electronic device verifies the first signature value through the first long-term public key. After the verification passes , confirm receipt of the correct first identification information, first temporary public key, first random number and first long-term public key, and associate and save the first long-term public key and the first identification information.

It should be noted that the first electronic device can directly send the first long-term public key to the second electronic device, and the first electronic device can also send the first long-term public key to the second electronic device in the form of a first ECC public key certificate. The first ECC public key certificate includes the first long-term public key. Specifically, the first electronic device can use the first long-term private key to obtain the first identification information, the first temporary public key, and the first random key of the first electronic device. number, and the first ECC public key certificate is signed to obtain the first signature value. The first identification information, the first temporary public key, the first random number, the first ECC public key certificate and the first signature value of the first electronic device will be sent to the second electronic device. When the second electronic device receives the first ECC public key certificate, it can verify the first ECC public key certificate through the industry standard verification process to prove that the current first ECC public key certificate is issued from a legal source, such as legal issued by a network rather than from an illegal source, thus helping to prove that the first long-term public key in the first ECC public key certificate has not been tampered with.

If the first electronic device and the second electronic device generate a symmetric session key for the first time, and the first long-term public key of the first electronic device is sent to the second electronic device in the form of a first ECC public key certificate, then the second electronic device The electronic device can associate and save the first identification information and the first ECC public key certificate.

If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the first electronic device uses the first long-term private key to transfer the first identification information of the first electronic device, the first temporary public key, and the third Sign a random number to obtain a second signature value; send the first identification information, the first temporary public key, the first random number and the second signature value of the first electronic device to the second electronic device, and the second electronic device receives the The first identification information obtained obtains the first long-term public key or the first long-term public key in the first ECC public key certificate, and after the integrity check of the second signature value is passed through the first long-term public key, it is determined that the received The correct first temporary public key and first random number of the first electronic device.

Similarly, if the first electronic device and the second electronic device generate a symmetric session key for the first time, the second electronic device can use the second long-term private key to transfer the second identification information, the second temporary public key, and the second temporary public key of the second electronic device to The second random number and the second long-term public key are signed to obtain a third signature value, and the second identification information, the second temporary public key, the second random number, the second long-term public key and the second signature value are sent to the second electronic device, the second electronic device verifies the first signature value through the first long-term public key, and after passing the verification, confirms receipt of the correct untampered first identification information, the first temporary public key, and the first random number. and the first long-term public key, and associate and save the first long-term public key with the first identification information.

It should be noted that the second electronic device can directly send the second long-term public key to the first electronic device, and the second electronic device can also send the second long-term public key to the first electronic device in the form of a second ECC public key certificate. device, the second ECC public key certificate includes a second long-term public key. Specifically, the second electronic device can use the second long-term private key to obtain the second identification information of the second electronic device, the second temporary public key, and the second random number, and the second ECC public key certificate is signed to obtain the third signature value. Send the second identification information, the second temporary public key, the second random number, the second ECC public key certificate and the third signature value to the first electronic device. When the first electronic device receives the second ECC public key certificate, it can verify the second ECC public key certificate through the industry standard verification process to prove that the current second ECC public key certificate is issued from two legal sources, such as It is issued by a legitimate network, rather than from two illegal sources, which can help prove that the second long-term public key in the second ECC public key certificate has not been tampered with.

If the first electronic device and the second electronic device generate a symmetric session key for the first time and send the second long-term public key to the first electronic device in the form of a second ECC public key certificate, then the first electronic device can send the second The identification information is associated and saved with the second ECC public key certificate.

If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the second electronic device uses the second long-term private key to obtain the second identification information of the second electronic device, the second temporary public key, and the second electronic device. Sign two random numbers to obtain a fourth signature value; send the second identification information, the second temporary public key, the second random number and the fourth signature value of the second electronic device to the first electronic device, and the first electronic device receives the The second identification information obtained obtains the second long-term public key or the second long-term public key in the second ECC public key certificate, and after the integrity check of the first signature value is passed through the second long-term public key, it is determined that the received The correct second temporary public key and second random number of the second electronic device.

For example, the first electronic device is a smart phone, and the smart phone includes identification information such as ID_A. The smart phone also includes a pair of long-term public and private keys. For example, the first long-term private key of the smart phone is phoneLTSK, and the first long-term private key is phoneLTSK. The public key is phoneLTPK. The smartphone is deployed with the first ECC public key certificate phoneCert (which contains phoneLTPK). The second electronic device is, for example, a smart watch. The smart watch also includes identification information such as ID_B. The smart watch also includes a pair of long-term Public and private key pairs, for example, the second long-term private key of a smart watch is watchLTSK, the second long-term public key is watchLTPK, and the smart watch is deployed with a second ECC public key certificate watchCert (which contains watchLTPK).

On the one hand, if the smart phone and the smart phone are initialized and bound for the first time, for example, after the parent sets up the smart watch to allow the smart watch to assist in confirming whether to exit the child mode, the smart phone receives the request information to exit the child mode for the first time. , when the smartphone and the smartwatch perform key negotiation for the first time to generate a symmetric key, the smartphone generates the first random number RA_1, and generates the first temporary private key phoneSTSK_1 and the corresponding first temporary public key phoneSTPK_1, through phoneLTSK Sign {ID_A, phoneSTPK_1, RA_1, phoneCert} to obtain the first signature value Sig_phone_1, and send {ID_A, phoneSTPK_1, RA_1, phoneCert, Sig_phone_1} to the smart watch. The smart watch receives {ID_A, phoneSTPK_1 sent by the smart phone. , RA_1, phoneCert, Sig_phone_1}, the phoneCert will be verified according to the industry standard process. After the verification is passed, the integrity of Sig_phone_1 will be verified through the phoneLTPK in phoneCert. If the verification passes, it means that the {ID_A, phoneSTPK_1, RA_1, phoneCert} are untampered, correct and reliable data, and ID_A and phoneCert are associated and saved.

If the smartphone and the smartwatch generate a symmetric session key for the second time and thereafter, that is, it is not the first time that the smartphone and the smartwatch perform key negotiation, but they have already performed key negotiation before. Likewise, the smartphone will generate the key again. Another first random number RA_2, and generate another first temporary private key phoneSTSK_2 and the corresponding first temporary public key phoneSTPK_2. The smartphone signs {ID_A, phoneSTPK_2, RA_2} through phoneLTSK to obtain the second signature value Sig_phone_2, And send {ID_A, phoneSTPK_2, RA_2, Sig_phone_2} to the smart watch. It should be noted that since the smart watch has already saved the ID_A of the smart phone and the corresponding phoneCert, during the subsequent key negotiation process, the smart phone will no longer The phoneCert needs to be sent to the smart watch to avoid the re-transmission of sensitive data. The smart watch only needs to obtain the corresponding phoneCert through the received ID_A, and then perform integrity verification on Sig_phone_2 through the phoneLTPK in phoneCert. If the verification passes, it means the smart watch The {ID_A, phoneSTPK_2, RA_2} received by the watch this time are correct and reliable data that have not been tampered with.

On the other hand, if the smart phone and the smart watch perform key negotiation for the first time and generate a symmetric key, the smart watch will also generate the second random number RB_1, and generate the second temporary private key watchSTSK_1 and the corresponding second temporary public key. key watchSTPK_1, sign {ID_B, watchSTPK_1, RB_1, watchCert} through watchLTSK, obtain the third signature value Sig_watch_1, and send {ID_B, watchSTPK_1, RB_1, watchCert, Sig_watch_1} to the smartphone, so the smartphone can receive the smart phone {ID_B, watchSTPK_1, RB_1, watchCert, Sig_watch_1} sent by the watch, the smartphone can verify the watchCert according to the industry process. After the verification is passed, the integrity verification of Sig_watch_1 is performed through the watchLTPK in the watchCert. If the verification is passed, it means The {ID_B, watchSTPK_1, RB_1, watchCert} received this time are untampered, correct and reliable data, and ID_B and watchCert are associated and saved.

If the smartphone and the smart watch generate a symmetric session key for the second time and thereafter, that is, the smartphone and the smart watch do not perform key negotiation for the first time, but have already performed key negotiation before. Similarly, the smart watch will also perform key negotiation again. Generate another second random number RB_2, and generate another second temporary private key watchSTSK_2 and the corresponding second temporary public key watchSTPK_2. The smart watch signs {ID_B, watchSTPK_2, RB_2} through watchLTSK to obtain the second signature value Sig_watch_2 , and sends {ID_B, watchSTPK_2, RB_2, Sig_watch_2} to the smart watch. It should be noted that since the smart watch’s ID_B and the corresponding watchCert are saved in the smart phone, the smart phone will not There is no need to send watchCert to the smart watch again. There is no need to transfer sensitive data again. The smart watch only needs to obtain the corresponding watchCert through the received ID_B, and then perform integrity verification on Sig_watch_2 through watchLTPK of watchCert. If the verification passes, it means this The {ID_B, watchSTPK_2, RB_2} received this time are correct and reliable data that have not been tampered with.

Therefore, when the smartphone and smartwatch first generate a symmetric session key, the smartwatch determines that it received the correct {ID_B, watchSTPK_1, RB_1, watchCert}, and the smartwatch determines that it received the correct {ID_A, phoneSTPK_1, RA_1, phoneCert}, then the smartphone can generate the first shared secret value based on its own phoneSTSK_1 and the smartwatch's watchSTPK_1; the smartwatch can generate the second shared secret value based on its own watchSTSK_1 and the smartphone's phoneSTPK_1. When the smartphone and smartwatch second When generating a symmetric session key twice and later, based on the smartphone confirming that it has received the correct {ID_B, watchSTPK_2, RB_2}, and the smartwatch confirming that it has received the correct {ID_A, phoneSTPK_2, RA_2}, then the smartphone can use its own phoneSTSK_2 and The watchSTPK_2 on the smart watch side generates the first shared secret value; the smart watch can generate the second shared secret value based on its own watchSTSK_2 and the phoneSTPK_2 on the smart phone side, where the first shared secret value and the second shared secret value are the same, so the smart phone and the smart phone The watch end can generate a symmetric session key based on the first shared secret value (the second shared secret value), the first random number, and the second random number, and use the symmetric session key to encrypt and decrypt the transmitted communication data to ensure the authenticity of the transmitted information. safety.

In one implementation, when the first electronic device and the second electronic device send data for key negotiation to each other based on the ECDHE-ECDSA algorithm, they can also send some other data, such as time information, service information, etc. Here, No longer.

The first electronic device and the second electronic device perform key negotiation based on the ECDHE-ECDSA algorithm. After generating a symmetric session key, the query information can be encrypted using the session key, and the encrypted query information can be sent to the second electronic device. The second electronic device can use the session key to decrypt the encrypted query information. When the second electronic device returns feedback information to the first electronic device, it can also encrypt the feedback information using the session key. The first electronic device uses the session key to decrypt the encrypted query information. The key decrypts the encrypted feedback information, thereby determining whether the first electronic device exits the child mode based on the decrypted feedback information. The first electronic device and the second electronic device encrypt and transmit the information transmitted between them by using the session key. Even if the attacker obtains the encrypted inquiry request or the encrypted feedback information, since there is no symmetric session The key cannot obtain the plain text of the inquiry request or feedback information, nor can the inquiry request or feedback information be maliciously tampered with, thereby improving the security of the communication information.

Please refer to Figure 5. Figure 5 is a first structural schematic diagram of a device for exiting the child mode provided by an embodiment of the present application. The device 400 for exiting the child mode is applied to a first electronic device. The device 400 for exiting the child mode includes a third A receiving module 401, a first sending module 402, a second receiving module 403 and an exit module 404, as follows:

The first receiving module 401 is used to receive request information to exit the child mode. The child mode is a working mode of the first electronic device suitable for use by children;

The first sending module 402 is configured to send inquiry information to the second electronic device based on the request information, where the inquiry information is used to ask the user whether to agree to exit the child mode;

The second receiving module 403 is configured to receive feedback information from the second electronic device, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

The exit module 404 is used to exit the child mode of the first electronic device if the feedback information indicates consent to exit the child mode.

In one implementation, the device for exiting the child mode further includes a first communication module 405. The first communication module 405 can be used for: the first electronic device to establish a communication connection with the second electronic device; the first electronic device to communicate with the second electronic device. The electronic device generates a symmetric session key based on the ECDHE-ECDSA algorithm; the first sending module 402 can be used to: encrypt the query information using the symmetric session key, obtain the encrypted query information, and send the encrypted query information to the second electronic device. device; the second receiving module 403 may be used to: receive encrypted feedback information sent by the second electronic device, where the encrypted feedback information is obtained by encrypting the feedback information by the second electronic device through a symmetric session key; through a symmetric session key pair The encrypted feedback information is decrypted to obtain the feedback information.

In one implementation, the first communication module 405 may be used to: generate a first random number, and generate a first temporary private key and a corresponding first temporary public key; send the first random number and the first temporary public key. to the second electronic device; receiving the second random number and the second temporary public key generated by the second electronic device; generating a first shared secret value based on the first temporary private key and the second temporary public key, and the first shared secret value is the same as the second temporary public key. The second shared secret value generated by the two electronic devices based on the second temporary private key and the first temporary public key is the same; and the symmetric session secret key is generated based on the first shared secret value, the first random number, and the second random number.

In one implementation, the first electronic device includes a first long-term private key and a corresponding first long-term public key. The first sending module 402 can be used to: if the first electronic device and the second electronic device generate symmetry for the first time, The session key uses the first long-term private key to sign the first identification information of the first electronic device, the first temporary public key, the first random number, and the first long-term public key to obtain the first signature value; the first identification The information, the first temporary public key, the first random number, the first long-term public key and the first signature value are sent to the second electronic device, so that the second electronic device verifies the first signature value through the first long-term public key. Afterwards, it is confirmed that the correct first identification information, first temporary public key, first random number and first long-term public key are received, and the first long-term public key and the first identification information are associated and saved; if the first electronic When the device and the second electronic device generate a symmetric session key for the second and subsequent times, the first identification information, the first temporary public key, and the first random number are signed using the first long-term private key to obtain the second signature value; The first identification information, the first temporary public key, the first random number and the second signature value are sent to the second electronic device, so that the second electronic device obtains the first long-term public key according to the received first identification information, and passes the first identification information to the second electronic device. After a long-term public key passes the verification of the second signature value, it is confirmed that the correct first temporary public key and first random number of the first electronic device have been received.

In one implementation, the second electronic device includes a second long-term private key and a corresponding second long-term public key. The second receiving module 403 can be used to: if the first electronic device and the second electronic device generate symmetry for the first time, The session key receives the second identification information of the second electronic device, the second temporary public key, the second random number, the second long-term public key and the third signature value sent by the second electronic device, and the third signature value is the second The electronic device uses the second long-term private key to sign the second identification information, the second temporary public key, the second random number, and the second long-term public key; after the third signature value is verified and passed through the second long-term public key , confirm that the correct second identification information, second temporary public key, second random number and second long-term public key are received, and associate and save the second long-term public key and the second identification information; if the first electronic device Generate a symmetric session key with the second electronic device for the second and subsequent times, receive the second identification information, the second temporary public key, the second random number and the fourth signature value of the second electronic device sent by the second electronic device, The four-signature value is obtained by the second electronic device signing the second identification information, the second temporary public key, and the second random number through the second long-term private key; obtaining the second long-term public key according to the received second identification information, and After the fourth signature value is verified through the second long-term public key, it is determined that the correct second identification information, the second temporary public key and the second random number have been received.

In one embodiment, the first electronic device includes a first ECC public key certificate, the first ECC public key certificate includes a first long-term public key, the second electronic device includes a second ECC public key certificate, and the second ECC public key certificate Including the second long-term public key, the first sending module 402 can be used to: if the first electronic device and the second electronic device generate a symmetric session key for the first time, send the first identification of the first electronic device through the first long-term private key. The information, the first temporary public key, the first random number, and the first ECC public key certificate are signed to obtain the first signature value. The first identification information, the first temporary public key, the first random number, the first ECC public key certificate and the first signature value of the first electronic device are sent to the second electronic device, so that the second electronic device verifies the first ECC public key. The key certificate is valid, and after the integrity verification of the first signature value passes through the first long-term public key in the first ECC public key certificate, the first identification information, the first temporary public key, the first random number and the first random number are obtained. An ECC public key certificate, and associate and save the first ECC public key certificate with the first identification information; if the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, through the first long-term The private key signs the first identification information of the first electronic device, the first temporary public key, and the first random number to obtain the second signature value; the first identification information of the first electronic device, the first temporary public key, and the first random number are signed. A random number and a second signature value are sent to the second electronic device, so that the second electronic device obtains the first ECC public key certificate according to the received first identification information, and passes the first long-term public key certificate in the first ECC public key certificate. After the key passes the integrity check on the second signature value, it is determined that the correct first temporary public key and first random number of the first electronic device are received;

The second receiving module 403 may be used to: if the first electronic device and the second electronic device generate a symmetric session key for the first time, receive the second identification information and the second temporary public key of the second electronic device sent by the second electronic device. , the second random number, the second ECC public key certificate and the third signature value. The third signature value is the second identification information, the second temporary public key, the second random number, The second ECC public key certificate is signed; by verifying that the second ECC public key certificate is valid and verifying the third signature value through the second long-term public key, it is determined that the correct second identification information and the second The temporary public key, the second random number and the second ECC public key certificate, and associate and save the second ECC public key certificate and the second identification information; if the first electronic device and the second electronic device generate the second and subsequent The symmetric session key receives the second identification information, the second temporary public key, the second random number and the fourth signature value sent by the second electronic device. The fourth signature value is the second electronic device using the second long-term private key. The second identification information, the second temporary public key, and the second random number are obtained by signing; the second ECC public key certificate is obtained according to the received second identification information, and the second long-term public key pair in the second ECC public key certificate is obtained. After the fourth signature value passes the integrity check, it is determined that the correct second identification information, the second temporary public key, and the second random number of the second electronic device have been received.

In one implementation, the first sending module 402 may be used to: send the first random number, the first time information, and the first temporary public key to the second electronic device, so that the second electronic device determines if the first time If the information is within the preset time range, the second shared secret value generated based on the second temporary private key and the first temporary public key; the second receiving module 403 may be used to: receive the second random number generated by the second electronic device, The second time information and the second temporary public key enable the first electronic device to determine that if the second time information is within the preset time range, generate a first shared secret value based on the first temporary private key and the second temporary public key.

Please refer to Figure 6. Figure 6 is a second structural schematic diagram of a device for exiting the child mode provided by an embodiment of the present application. The device 500 for exiting the child mode is applied to a second electronic device. The device 500 for exiting the child mode includes a third Three receiving modules 501, obtaining modules 502 and sending modules 503 are as follows:

The third receiving module 501 is used to receive inquiry information sent by the first electronic device. The inquiry information is used to ask the user whether he agrees with the first electronic device to exit the child mode;

The acquisition module 502 is used to obtain the user's feedback information based on the inquiry information. The feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

The sending module 503 is used to send feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode.

An embodiment of the present application provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed on a computer, the computer is caused to execute the process of the method for exiting child mode provided by this embodiment.

An embodiment of the present application also provides an electronic device. The electronic device may be a first electronic device or a second electronic device. Please refer to FIG. 7 . FIG. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Electronic device 600 includes processor 601 and memory 602. Among them, the processor 601 is electrically connected to the memory 602.

The processor 601 is the control center of the electronic device 600. It uses various interfaces and lines to connect various parts of the entire electronic device, and executes electronic tasks by running or calling computer programs stored in the memory 602 and calling data stored in the memory 602. The various functions of the device and process data to provide overall monitoring of the electronic device.

Memory 602 may be used to store computer programs and data. The computer program stored in memory 602 contains information that can be executed in the processor. Computer programs can be composed of various functional modules. The processor 601 executes various functional applications and data processing by calling computer programs stored in the memory 602 .

In this embodiment, when the electronic device 600 is a first electronic device, the processor 601 in the first electronic device will load information corresponding to the processes of one or more computer programs into the memory 602 according to the following steps. , and the processor 601 runs the computer program stored in the memory 602 to implement the functions:

Receive request information to exit the child mode, which is a working mode of the first electronic device suitable for use by children;

Based on the request information, send inquiry information to the second electronic device, where the inquiry information is used to ask the user whether to agree to exit the child mode;

Receive feedback information from the second electronic device, the feedback information includes consent to exit the children's mode or disagreement to exit the children's mode;

If the feedback information is consent to exit the child mode, the first electronic device exits the child mode.

In one implementation, before the processor 601 receives the request information to exit the child mode, it may perform: the first electronic device establishes a communication connection with the second electronic device;

The first electronic device and the second electronic device generate a symmetric session key based on the ECDHE-ECDSA algorithm;

Sending query information to the second electronic device includes:

Encrypt the query information using the symmetric session key to obtain the encrypted query information, and send the encrypted query information to the second electronic device;

Receiving feedback information from the second electronic device includes:

Receive encrypted feedback information sent by the second electronic device, where the encrypted feedback information is obtained by the second electronic device encrypting the feedback information using the symmetric session key;

The encrypted feedback information is decrypted using the symmetric session key to obtain the feedback information.

In one implementation, when the first electronic device and the second electronic device generate a symmetric session key based on the ECDHE-ECDSA algorithm, the processor 601 may perform: generate a first random number, and generate a first temporary private key and the corresponding the first temporary public key;

Send the first random number and the first temporary public key to the second electronic device;

Receive the second random number and the second temporary public key generated by the second electronic device;

Generate a first shared secret value based on the first temporary private key and the second temporary public key, the first shared secret value being the same as the second shared secret value generated by the second electronic device based on the second temporary private key and the first temporary public key;

Generate a symmetric session key based on the first shared secret value, the first random number, and the second random number.

In one implementation, the first electronic device includes a first long-term private key and a corresponding first long-term public key. When sending the first random number and the first temporary public key to the second electronic device, the processor 601 can Execution: If the first electronic device and the second electronic device generate a symmetric session key for the first time, use the first long-term private key to combine the first identification information of the first electronic device, the first temporary public key, the first random number, and the first random number. Sign with a long-term public key to obtain the first signature value;

The first identification information, the first temporary public key, the first random number, the first long-term public key and the first signature value are sent to the second electronic device, so that the second electronic device uses the first long-term public key to verify the first signature value. After passing the verification, confirm receipt of the correct first identification information, first temporary public key, first random number and first long-term public key, and associate and save the first long-term public key and the first identification information;

If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the first identification information, the first temporary public key, and the first random number are signed using the first long-term private key to obtain the second signature value;

Send the first identification information, the first temporary public key, the first random number and the second signature value to the second electronic device, so that the second electronic device obtains the first long-term public key according to the received first identification information and passes After the first long-term public key passes the verification of the second signature value, it is confirmed that the correct first temporary public key and first random number of the first electronic device have been received.

In this embodiment, the second electronic device includes a second long-term private key and a corresponding second long-term public key. In receiving the second random number and the second temporary public key generated by the second electronic device, the processor 601 can execute : If the first electronic device and the second electronic device generate a symmetric session key for the first time, receive the second identification information, the second temporary public key, the second random number and the second random number of the second electronic device sent by the second electronic device. The long-term public key and the third signature value, the third signature value is obtained by the second electronic device signing the second identification information, the second temporary public key, the second random number, and the second long-term public key through the second long-term private key;

After the third signature value is verified through the second long-term public key, it is determined that the correct second identification information, the second temporary public key, the second random number and the second long-term public key are received, and the second long-term public key is received. The key and the second identification information are associated and saved;

If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, receive the second identification information, the second temporary public key, the second random number and the second random number of the second electronic device sent by the second electronic device. Four signature values, the fourth signature value is obtained by the second electronic device signing the second identification information, the second temporary public key, and the second random number through the second long-term private key;

The second long-term public key is obtained according to the received second identification information, and after the fourth signature value is verified through the second long-term public key, it is determined that the correct second identification information, the second temporary public key and the third signature value are received. Two random numbers.

In one embodiment, the first electronic device includes a first ECC public key certificate, the first ECC public key certificate includes a first long-term public key, the second electronic device includes a second ECC public key certificate, and the second ECC public key certificate Including the second long-term public key, when sending the first random number and the first temporary public key to the second electronic device, the processor 600 can perform: If the first electronic device and the second electronic device generate a symmetric session key for the first time, Key, use the first long-term private key to sign the first identification information of the first electronic device, the first temporary public key, the first random number, and the first ECC public key certificate to obtain the first signature value;

The first identification information, the first temporary public key, the first random number, the first ECC public key certificate and the first signature value of the first electronic device are sent to the second electronic device, so that the second electronic device verifies the first ECC public key. The key certificate is valid, and after the integrity check of the first signature value is passed through the first long-term public key in the first ECC public key certificate, it is determined that the correct first identification information, first temporary public key, first The random number and the first ECC public key certificate, and associate and save the first ECC public key certificate and the first identification information;

If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the first identification information of the first electronic device, the first temporary public key, and the first random number are processed through the first long-term private key. Sign to obtain the second signature value; send the first identification information, the first temporary public key, the first random number and the second signature value of the first electronic device to the second electronic device, so that the second electronic device can obtain the second signature value according to the received signature. The first identification information obtains the first ECC public key certificate, and after the integrity check of the second signature value passes through the first long-term public key in the first ECC public key certificate, it is determined that the correct first electronic device has been received. The first temporary public key, the first random number;

In receiving the second random number and the second temporary public key generated by the second electronic device, the processor 600 may perform: if the first electronic device and the second electronic device generate a symmetric session key for the first time, receive the second electronic device The second identification information of the second electronic device, the second temporary public key, the second random number, the second ECC public key certificate and the third signature value are sent. The third signature value is the second electronic device through the second long-term private key. Sign the second identification information, the second temporary public key, the second random number, and the second ECC public key certificate to obtain;

By verifying that the second ECC public key certificate is valid and verifying the third signature value through the second long-term public key, it is determined that the correct second identification information, the second temporary public key, the second random number and the third signature value have been received. two ECC public key certificates, and associate and save the second ECC public key certificate and the second identification information;

If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times and receive the second identification information, the second temporary public key, the second random number and the fourth signature value sent by the second electronic device, the second The four-signature value is obtained by the second electronic device signing the second identification information, the second temporary public key, and the second random number through the second long-term private key;

The second ECC public key certificate is obtained according to the received second identification information, and after the integrity check of the fourth signature value is passed through the second long-term public key in the second ECC public key certificate, it is determined that the correct third signature value has been received. 2. identification information, 2nd temporary public key, 2nd random number.

In one implementation, when sending the first random number and the first temporary public key to the second electronic device, the processor 600 may perform: sending the first random number, the first time information, and the first temporary public key. To the second electronic device, so that the second electronic device determines that if the first time information is within the preset time range, the second shared secret value generated based on the second temporary private key and the first temporary public key; and/or

Receiving the second random number and the second temporary public key generated by the second electronic device, and generating the first shared secret value based on the first temporary private key and the second temporary public key includes:

Receive the second random number, the second time information, and the second temporary public key generated by the second electronic device, so that the first electronic device determines that if the second time information is within the preset time range, based on the first temporary private key and The second temporary public key generates the first shared secret value.

When the electronic device 600 is a second electronic device, the processor 601 in the second electronic device will load the information corresponding to the process of one or more computer programs into the memory 602 according to the following steps, and the processor 601 will To run the computer program stored in memory 602 to implement the functions:

Receive inquiry information sent by the first electronic device, where the inquiry information is used to ask the user whether he agrees with the first electronic device to exit the child mode;

Based on the inquiry information, obtain the user's feedback information. The feedback information includes agreement to exit the child mode or disagreement to exit the child mode;

Send feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode.

Please refer to FIG. 8 , which is a second structural schematic diagram of an electronic device provided by an embodiment of the present application. The electronic device 600 also includes: a radio frequency circuit 603, a display screen 604, a control circuit 605, an input unit 606, an audio circuit 607, a sensor 608 and a power supply 609. Among them, the processor 601 is electrically connected to the radio frequency circuit 603, the display screen 606, the control circuit 605, the input unit 606, the audio circuit 607, the sensor 608 and the power supply 609 respectively.

The radio frequency circuit 603 is used to transmit and receive radio frequency signals to communicate with network equipment or other electronic equipment through wireless communication.

The display screen 606 can be used to display information input by the user or information provided to the user as well as various graphical user interfaces of the electronic device. These graphical user interfaces can be composed of images, text, icons, videos, and any combination thereof.

The control circuit 605 is electrically connected to the display screen 604 and is used to control the display screen 604 to display information.

The input unit 606 may be used to receive inputted numbers, character information, or user characteristic information (such as fingerprints), and to generate keyboard, mouse, joystick, optical, or trackball signal input related to user settings and function control. The input unit 606 may include a fingerprint recognition module.

The audio circuit 607 can provide an audio interface between the user and the electronic device through speakers and microphones. Among them, the audio circuit 607 includes a microphone. The microphone is electrically connected to the processor 601. The microphone is used to receive voice information input by the user.

Sensor 608 is used to collect external environment information. The sensor 608 may include one or more sensors such as an ambient brightness sensor, an acceleration sensor, and a gyroscope.

The power supply 609 is used to power various components of the electronic device 600 . In some embodiments, the power supply 609 can be logically connected to the processor 601 through a power management system, so that functions such as charging, discharging, and power consumption management can be implemented through the power management system.

Although not shown in the figure, the electronic device 600 may also include a camera, a Bluetooth module, etc., which will not be described again here.

An embodiment of the present application also provides a system for exiting child mode, including: a first electronic device and a second electronic device.

The first electronic device is used to receive request information to exit the child mode. The child mode is a working mode suitable for children to use the first electronic device; based on the request information, send inquiry information to the second electronic device, and the inquiry information is used to ask the user whether Agree to exit the children's mode; receive feedback information from the second electronic device, the feedback information includes agreement to exit the children's mode or disagreement to exit the children's mode; if the feedback information is agreement to exit the children's mode, the first electronic device exits the children's mode.

The second electronic device is used to receive inquiry information sent by the first electronic device. The inquiry information is used to inquire whether the user agrees with the first electronic device to exit the child mode; based on the inquiry information, obtain feedback information from the user, and the feedback information includes consent to exit the child mode. mode or does not agree to exit the child mode; sending feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode.

Since the first electronic device can execute any of the methods for exiting the child mode provided by the embodiments of the present application, the specific implementation process can be found in the above-mentioned method embodiments for exiting the child mode, which will not be described again here. The second electronic device can perform any of the methods for exiting the child mode provided by the embodiments of the present application. The specific implementation process can be found in the above-mentioned method embodiments for exiting the child mode, which will not be described again here.

It should be noted that those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above embodiments can be completed by computer programs and information-related hardware, and the computer programs can be stored in computer-readable storage media. The storage medium may include but is not limited to: read only memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, etc.

In addition, the terms “first”, “second”, “third”, etc. in this application are used to distinguish different objects, rather than describing a specific sequence. Furthermore, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device that includes a series of steps or modules is not limited to the listed steps or modules, but some embodiments also include unlisted steps or modules, or some embodiments Other steps or modules inherent to such processes, methods, products or devices are also included.

The method for exiting the child mode, the method, the device, the storage medium and the electronic device for exiting the child mode provided by the embodiments of the present application have been introduced in detail. This article uses specific examples to illustrate the principles and implementation methods of the present application. The description of the above embodiments is only used to help understand the method of the present application and its core ideas; at the same time, for those skilled in the art, based on the application of Thoughts, there may be changes in the specific implementation and scope of application. In summary, the content of this specification should not be understood as a limitation of the present application.

Claims (12)

1. A method for exiting child mode, characterized in that it is applied to a first electronic device, and the method includes: Receive request information to exit the child mode, where the child mode is an operating mode of the first electronic device suitable for use by children; Based on the request information, send inquiry information to the second electronic device, where the inquiry information is used to ask the user whether to agree to exit the child mode; Receive feedback information from the second electronic device, the feedback information including consent to exit the child mode or disagreement to exit the child mode; If the feedback information indicates consent to exit the child mode, the first electronic device exits the child mode. 2. The method for exiting the child mode according to claim 1, wherein before receiving the request information for exiting the child mode, the method further includes: The first electronic device establishes a communication connection with the second electronic device; The first electronic device and the second electronic device generate a symmetric session key based on the ECDHE-ECDSA algorithm; The sending of query information to the second electronic device includes: Encrypt the query information using the symmetric session key to obtain encrypted query information, and send the encrypted query information to the second electronic device; The receiving feedback information from the second electronic device includes: Receive encrypted feedback information sent by the second electronic device, where the encrypted feedback information is obtained by encrypting the feedback information by the second electronic device using the symmetric session key; The encrypted feedback information is decrypted using the symmetric session key to obtain the feedback information. 3. The method for exiting child mode according to claim 2, wherein the first electronic device and the second electronic device generate a symmetric session key based on the ECDHE-ECDSA algorithm including: Generate a first random number, and generate a first temporary private key and a corresponding first temporary public key; Send the first random number and the first temporary public key to the second electronic device; Receive the second random number and the second temporary public key generated by the second electronic device; A first shared secret value is generated based on the first temporary private key and the second temporary public key, and the first shared secret value is shared with the second electronic device based on the second temporary private key and the first The second shared secret value generated by the temporary public key is the same; The symmetric session key is generated based on the first shared secret value, the first random number, and the second random number. 4. The method for exiting child mode according to claim 3, wherein the first electronic device includes a first long-term private key and a corresponding first long-term public key, and the first random number, The first temporary public key sent to the second electronic device includes: If the first electronic device and the second electronic device generate a symmetric session key for the first time, the first identification information of the first electronic device and the first temporary public key are stored in the first long-term private key. key, the first random number, and the first long-term public key to sign, and obtain the first signature value; Send the first identification information, the first temporary public key, the first random number, the first long-term public key and the first signature value to the second electronic device, so that the first After the two electronic devices pass the verification of the first signature value through the first long-term public key, they confirm that they have received the correct first identification information, the first temporary public key, and the first random number. and the first long-term public key, and associate and save the first long-term public key and the first identification information; If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the first identification information, the first temporary public key, The first random number is signed to obtain a second signature value; The first identification information, the first temporary public key, the first random number and the second signature value are sent to the second electronic device, so that the second electronic device receives the first Obtaining the first long-term public key through identification information, and verifying the second signature value through the first long-term public key, confirming that the correct first signature of the first electronic device has been received. Temporary public key, the first random number. 5. The method for exiting child mode according to claim 3, wherein the second electronic device includes a second long-term private key and a corresponding second long-term public key, and the receiving second electronic device generates The second random number and the second temporary public key include: If the first electronic device and the second electronic device generate a symmetric session key for the first time, receive the second identification information of the second electronic device and the second temporary public key sent by the second electronic device. key, the second random number, the second long-term public key and a third signature value. The third signature value is the second identification information transmitted by the second electronic device through the second long-term private key. , the second temporary public key, the second random number, and the second long-term public key are obtained by signing; After the third signature value is verified by the second long-term public key, it is determined that the correct second identification information, the second temporary public key, the second random number and the correct a second long-term public key, and associate and save the second long-term public key and the second identification information; If the first electronic device and the second electronic device generate a symmetric session key for the second time and thereafter, receive the second identification information of the second electronic device and the second electronic device sent by the second electronic device. The temporary public key, the second random number and a fourth signature value, the fourth signature value is the second identification information, the second temporary The public key and the second random number are obtained by signing; Obtain a second long-term public key according to the received second identification information, and after verifying the fourth signature value through the second long-term public key, it is determined that the correct second identification information has been received. , the second temporary public key and the second random number. 6. The method for exiting child mode according to claim 3, wherein the first electronic device includes a first ECC public key certificate, and the first ECC public key certificate includes the first long-term public key, The second electronic device includes a second ECC public key certificate, the second ECC public key certificate includes the second long-term public key, and the first random number and the first temporary public key are sent to The second electronic device includes: If the first electronic device and the second electronic device generate a symmetric session key for the first time, the first identification information of the first electronic device and the first temporary public key are stored in the first long-term private key. The key, the first random number, and the first ECC public key certificate are used to sign to obtain the first signature value; Send the first identification information of the first electronic device, the first temporary public key, the first random number, the first ECC public key certificate and the first signature value to the second electronic device , so that the second electronic device verifies that the first ECC public key certificate is valid, and performs integrity verification on the first signature value through the first long-term public key in the first ECC public key certificate. After passing the verification, it is determined that the correct first identification information, the first temporary public key, the first random number and the first ECC public key certificate are received, and the first ECC public key certificate is Associate with the first identification information and save it; If the first electronic device and the second electronic device generate a symmetric session key for the second and subsequent times, the first identification information of the first electronic device, the first identification information of the first electronic device and the second electronic device are stored in the first electronic device using the first long-term private key. Sign with a temporary public key and the first random number to obtain a second signature value; combine the first identification information of the first electronic device, the first temporary public key, the first random number and the The second signature value is sent to the second electronic device, so that the second electronic device obtains the first ECC public key certificate according to the received first identification information, and passes the first ECC public key certificate in the first ECC public key certificate. After the first long-term public key passes the integrity check on the second signature value, it is determined that the correct first temporary public key and the first random number of the first electronic device are received; The receiving the second random number and the second temporary public key generated by the second electronic device includes: If the first electronic device and the second electronic device generate a symmetric session key for the first time, receive the second identification information of the second electronic device and the second temporary public key sent by the second electronic device. key, the second random number, the second ECC public key certificate and a third signature value. The third signature value is the second identity that the second electronic device uses through the second long-term private key. The information, the second temporary public key, the second random number, and the second ECC public key certificate are obtained by signing; By verifying that the second ECC public key certificate is valid and verifying the third signature value through the second long-term public key, it is determined that the correct second identification information, the second The temporary public key, the second random number and the second ECC public key certificate, and associate and save the second ECC public key certificate and the second identification information; If the first electronic device and the second electronic device generate a symmetric session key for the second time and thereafter, receive the second identification information, the second temporary public key, and the second electronic device sent by the second electronic device. The second random number and the fourth signature value, the fourth signature value is the second identification information, the second temporary public key, the second temporary public key, the second electronic device and the second long-term private key. The second random number is obtained by signing; Obtain the second ECC public key certificate according to the received second identification information, and perform integrity verification on the fourth signature value through the second long-term public key in the second ECC public key certificate. Afterwards, it is determined that the correct second identification information, the second temporary public key and the second random number are received. 7. The method for exiting child mode according to claim 3, wherein sending the first random number and the first temporary public key to the second electronic device includes: Send the first random number, the first time information, and the first temporary public key to the second electronic device, so that the second electronic device determines if the first time information is within a preset time range within, a second shared secret value generated based on the second temporary private key and the first temporary public key; and/or The receiving the second random number and the second temporary public key generated by the second electronic device, and generating the first shared secret value based on the first temporary private key and the second temporary public key includes: Receive the second random number, second time information, and second temporary public key generated by the second electronic device, so that the first electronic device determines that if the second time information is within a preset time range, then based on The first temporary private key and the second temporary public key generate a first shared secret value. 8. A method for exiting child mode, applied to a second electronic device, characterized in that the method includes: Receive inquiry information sent by the first electronic device, the inquiry information being used to ask the user whether he agrees with the first electronic device to exit the child mode; Based on the query information, obtain feedback information from the user, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode; Send the feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode. 9. A device for exiting child mode, applied to a first electronic device, characterized in that the device includes: A first receiving module configured to receive request information to exit the child mode, where the child mode is a working mode of the first electronic device suitable for use by children; A first sending module, configured to send inquiry information to the second electronic device based on the request information, where the inquiry information is used to ask the user whether to agree to exit the child mode; a second receiving module, configured to receive feedback information from the second electronic device, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode; An exit module, configured to exit the child mode if the feedback information indicates consent to exit the child mode. 10. A device for exiting child mode, applied to a second electronic device, characterized in that the device includes: A third receiving module, configured to receive inquiry information sent by the first electronic device, where the inquiry information is used to inquire whether the user agrees with the first electronic device to exit the child mode; An acquisition module, configured to obtain feedback information from the user based on the query information, where the feedback information includes agreement to exit the child mode or disagreement to exit the child mode; A sending module, configured to send the feedback information to the first electronic device so that the first electronic device exits or does not exit the child mode. 11. A computer-readable storage medium, characterized in that the storage medium stores a computer program, and when the computer program is loaded by the processor of the first electronic device, it executes any one of claims 1 to 7 The method of exiting the child mode, or executing the method of exiting the child mode of claim 8 when the computer program is loaded by the processor of the second electronic device. 12. An electronic device, including a processor and a memory, the memory having a computer program, characterized in that the processor calls the computer program to execute the child exit process described in any one of claims 1 to 7. mode, or perform the method of exiting the child mode described in claim 8.