<li>If a client provides a password when storing data, the data is encrypted with the password. This password must be provided when getting the data from the key manager.</li></ul></li>
</ul>
</li>
-<li>User login
-
-<p>The user login control is implemented as follows:</p>
-
-<ul>
-<li>A user's database file is encrypted by the user's DKEK (domain key encryption key). The user DKEK is randomly generated and stored encrypted with a user password when a user logs in for the first time.</li>
-<li>When a user logs in, the key manager decrypts the user DKEK with a user password. During the login session, any client can access the data which is protected by a user password. When a user logs out, the key manager removes the user DKEK from the memory.</li>
-<li>When a user logs in, logs out, or changes their password, the key manager must be notified. Only privileged applications, such as LockScreen or Setting, can notify the key manager.</li>
-<li>When a user changes their password, the key manager re-encrypts the user DKEK with the new password.</li>
-</ul>
-</li>
-
<li>Data access control
<p>By default, only the data owner can access the data. If the owner grants access to other applications, those applications can read or delete the data from the key manager database.</p>
</script>
</body>
-</html>
\ No newline at end of file
+</html>
<li>If a client provides a password when storing data, the data is encrypted with the password. This password must be provided when getting the data from the key manager.</li></ul></li>
</ul>
</li>
-<li>User login
-
-<p>The user login control is implemented as follows:</p>
-
-<ul>
-<li>A user's database file is encrypted by the user's DKEK (domain key encryption key). The user DKEK is randomly generated and stored encrypted with a user password when a user logs in for the first time.</li>
-<li>When a user logs in, the key manager decrypts the user DKEK with a user password. During the login session, any client can access the data which is protected by a user password. When a user logs out, the key manager removes the user DKEK from the memory.</li>
-<li>When a user logs in, logs out, or changes their password, the key manager must be notified. Only privileged applications, such as LockScreen or Setting, can notify the key manager.</li>
-<li>When a user changes their password, the key manager re-encrypts the user DKEK with the new password.</li>
-</ul>
-</li>
-
<li>Data access control
<p>By default, only the data owner can access the data. If the owner grants access to other applications, those applications can read or delete the data from the key manager database.</p>