The asset store service (ASSET) provides secure storage and management of sensitive data less than 1024 bytes in size, including passwords, app tokens, and other critical data (such as bank card numbers).
The following figure shows the ASSET architecture.
An application can perform the following operations using ASSET:
The secure storage of assets depends on the underlying HUKS. Specifically, HUKS implements the asset encryption, decryption, and access control in a secure environment (such as a TEE). The sensitive user data will never be disclosed even if the system is attacked.
For the scenarios demanding higher security, ASSET allows access to assets only after a successful user identity authentication. Before accessing assets that require identity access control, an application needs to launch a user prompt for user identity authentication (PIN, fingerprint, or facial authentication). After the application sends the user authentication result to ASSET, ASSET invokes HUKS to verify the authentication result. If the verification is successful, HUKS decrypts the asset in a secure environment and returns the plaintext.
With the APIs provided by ASSET, you can quickly integrate system-wide encrypted storage and access control mechanisms for short sensitive data.
├── frameworks # Framework code
│ ├── definition # Definitions of common data types
│ ├── ipc # IPC APIs
│ ├── js # Code for interaction between JS and C/C++
│ ├── os_dependency # Adaptation of universal system capabilities
│ └── utils # Utility APIs
├── interfaces # APIs exposed externally
│ ├── inner_api # APIs for system abilities (SAs)
│ └── kits # APIs for user applications
├── sa_profile # SA profiles
└── services # Service layer code
├── constants # Constants of the service layer
├── core_service # Core service module
├── crypto_manager # Data encryption/decryption module
├── db_operator # Data management module
└── os_dependency # System capability adaptation module
The following uses rk3568 as an example.
# Build the source code of the module.
./build.sh --product-name rk3568 --ccache --build-target asset
# Build the test code of the module.
./build.sh --product-name rk3568 --ccache --build-target asset_bin_test
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。