CN105447398A - Data safety protection method and device - Google Patents
Data safety protection method and device Download PDFInfo
- Publication number
- CN105447398A CN105447398A CN201410403731.0A CN201410403731A CN105447398A CN 105447398 A CN105447398 A CN 105447398A CN 201410403731 A CN201410403731 A CN 201410403731A CN 105447398 A CN105447398 A CN 105447398A
- Authority
- CN
- China
- Prior art keywords
- operating system
- encryption
- decryption
- system database
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a data safety protection method and device. The data safety protection method comprises following steps: adding an encryption and decryption function to an operation system of a terminal; fulfilling the encryption and decryption function of an operating system database to an upper layer application program in the form of an encryption and decryption interface such that the upper layer application program can execute following operation including calling an encryption interface and performing encryption protection to data of the upper layer application program saved in the operating system database. The data safety protection method and device have following beneficial effects: data, subjected to encryption protection, of the operation system database cannot be stolen even if Root authority of the operation system of a terminal is maliciously acquired so that data security of a terminal user is effectively ensured.
Description
Technical field
The application relates to field of computer technology, particularly relates to a kind of data security protection method and device.
Background technology
Along with the development of modern communication technology and improving constantly of mobile terminal self performance, the mobile terminals such as mobile phone have entered the intelligent digital epoch, and android system relies on its opening and ease for use to become one of mainstream operation system of current mobile terminal.The life privacy of mobile terminal and the user of application android system, the contacting more and more closely of business activity, but also bring the problem of data security and secret protection thereupon.In current android system; main employing " sandbox mechanism " (also referred to as sandbox mechanism) carrys out the safety of protected data; described " sandbox mechanism " its core security protection measure is: the mutually isolated operation in default situations of each application program, can not access mutually the data of the other side, and concrete grammar is described below:
Application program be placed within " sandbox ", the application program not possessing mutually trusting relationship is mutually isolated, runs alone.Each application program has the unique UID (UserIdentification of whole system, user identity proves), and set this application program to allow or refusal API (ApplicationProgrammingInterface, application programming interface) authority called, in default situations, the application program operated in process " sandbox " is not assigned with the authority of access system or resource, cannot access system or resource, as access file, catalogue, network, sensor, and cannot be mutual between application program.Therefore; no matter be the application program directly run on operating system; still the application program running on Dalvik virtual machine all obtains same Secure isolation and protection; the application program be limited in respective " sandbox " does not interfere with each other, and can be down to minimum to the infringement of system and other application programs.
At least there is following defect in the above-mentioned data security protecting mechanism of android system, thus the mobile terminal causing applying android system cannot the safety of available protecting user data:
First, due to android system, it is increased income, disclosed in its system vulnerability is also, therefore, be easy to be utilized by rogue program, thus the Root authority of the system of acquisition, the rogue program obtaining Root authority just arbitrarily can steal the data of any application in operating system database.
Secondly, the licensing scheme of android system only has " accepting whole authority mounting software " and " refusal mounting software " two selection, receiving portion authority cannot be selected, this just makes some application program dangerous authority can be mixed in the simple inspection sneaking out user in common authority, thus threatens to the data security of application program in operating system database.
Finally, third party's fail-safe softwares such as the mobile phone bodyguard that user depends on unduly, need to apply for Root authority to user, and the fail-safe software itself having Root authority exists the risk stealing the data of application program in operating system database equally.
In sum; the existing data security protecting mechanism of android system; because rogue program can cross the restriction of sandbox in several ways; thus steal the data of application program in operating system database easily, the mobile terminal therefore applying android system effectively cannot protect the safety of user data.
Summary of the invention
The embodiment of the present application provides a kind of data security protection method, for improve terminal operating system database in the security of data of application program, thus the safety of available protecting user data.
The embodiment of the present application also provides a kind of data security protecting device, for improve terminal operating system database in the security of data of application program, thus the safety of available protecting user data.
The embodiment of the present application adopts following technical proposals:
A kind of data security protection method, comprising:
For the operating system database of terminal increases encryption and decryption functions;
By the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system, following operation can be performed to make described upper level applications:
Call encipher interface, protection is encrypted to the data of the described upper level applications of preserving in described operating system database.
A kind of data security protecting device, comprising:
Encryption and decryption functions increases unit, increases encryption and decryption functions for the operating system database for terminal;
Encryption and decryption interface opening unit, for by the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system;
Ciphering unit, for application call encipher interface, is encrypted protection to the data of the described upper level applications of preserving in described operating system database.
At least one technical scheme above-mentioned that the embodiment of the present application adopts can reach following beneficial effect:
The application increases encryption and decryption functions by the operating system database for terminal, and by the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system, encipher interface can be called to make upper level applications, protection is encrypted to the data of the described upper level applications of preserving in described operating system database, even if the operating system achieving terminal is maliciously obtained Root authority, the data of the operating system database of its encipherment protection application program at the middle and upper levels also can not stolenly be got, effectively ensure that the safety of end-user listening data.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide further understanding of the present application, and form a application's part, the schematic description and description of the application, for explaining the application, does not form the improper restriction to the application.In the accompanying drawings:
The data security protection method operational flowchart that Fig. 1 provides for the embodiment of the present application;
Fig. 2 be the embodiment of the present application based on Android layer architecture, be that database increases open encryption and decryption interface diagram after encryption and decryption functions;
The data security protecting apparatus structure schematic diagram that Fig. 3 provides for the embodiment of the present application;
Fig. 4 is that the embodiment of the present application encryption and decryption functions increases cellular construction schematic diagram.
Embodiment
For making the object of the application, technical scheme and advantage clearly, below in conjunction with the application's specific embodiment and corresponding accompanying drawing, technical scheme is clearly and completely described.Obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
Below in conjunction with accompanying drawing, describe the technical scheme that each embodiment of the application provides in detail.
The embodiment of the present application provides a kind of data security protection method, is described method operational flowchart as shown in fig. 1, specifically comprises the steps:
S100, for terminal operating system database increase encryption and decryption functions;
The embodiment of the present application is the safety of the data of application program in the operating system database of protection terminal; after preventing the operating system of terminal from being obtained Root authority by malice; the data of random acquisition database application program at the middle and upper levels; employing makes operating system database have encryption and decryption functions, thus terminal can be encrypted protection to the data of operating system database application program at the middle and upper levels.
In the embodiment of the present application, the specific implementation increasing encryption and decryption functions for operating system database can comprise: terminal is by the bottom source code of retouching operation system database, and being embodied as operating system database increases encryption and decryption functions.Particularly, a kind of embodiment for operating system database increase encryption and decryption functions can comprise following operation:
First, from the operating system source code of terminal, extract the source code of operating system database;
Because the size of code of the operating system source code of terminal is large, complex structure, to revise in the operating system source code of whole terminal and the source code of debugging operations system database meeting more complicated, and it is consuming time, therefore the embodiment of the present application can by independent for the source code of operating system database, modify for the source code of independent operating system database, to increase encryption and decryption functions separately.
Afterwards, revise the source code of described operating system database, increase encryption and decryption functions;
Finally, the source code of the operating system database adding encryption and decryption functions is merged in the operating system source code of terminal of the source code being extracted described operating system database.The source code adding the operating system database of encryption and decryption functions can be called with encryption and decryption functions functional form.
To revise android system SQlite database source code, increasing AES (AdvancedEncryptionStandard, Advanced Encryption Standard) encryption and decryption functions is example, and the concrete process increasing AES encryption and decryption functions comprises:
First, the SQLite database source code by used for this version from Android source code is independent; SQLite database source code bit is in Android source code root directory/external/sqlite/dist, and it is than the more Android configuration file of the SQLite official source code of increasing income and make file.SQLite database source code under described catalogue is taken out, and is created as an independent software project, namely complete the operation of extracting SQLite database source code.
Afterwards, separately the read-write code of independent SQlite database is modified, to increase AES encryption and decryption functions; The core operation increasing SQLite database encryption and decryption functions is exactly realize the core interface such as sqlite3_key (), sqlite3_rekey () and sqlite3CodecAttach () reserved in SQLite database source code.Sqlite3_key () and sqlite3_rekey () is the interface defined in sqlite3.h, and wherein, sqlite3_key () is for receiving and transmitting encrypted ones; Sqlite3_rekey () is for revising encrypted ones; Sqlite3CodecAttach () is the function that key encrypted ones generated that realizes in the kernel program Codecext.c of encryption and decryption and page coding function and database carry out associating.
Finally, the SQLite source code with encryption and decryption functions is merged in the Android source code being extracted SQLite database source code.
S110, by the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system; to make described upper level applications that encipher interface can be called, protection is encrypted to the data of the described upper level applications of preserving in described operating system database.
A kind of embodiment of the application can use JNI technology to realize open described encryption and decryption interface to the upper level applications of operating system, is understandable that encryption and decryption interface described herein comprises: encipher interface and decryption interface.Upper level applications can be called the data of encipher interface to the described upper level applications of preserving in described operating system database and be encrypted protection; namely upper level applications uses JNI technology to call bottom encryption function function, is encrypted protection for data arrange encrypted ones.
For android system SQLite database, as shown in Figure 2, android system have employed layer architecture, is divided into four layers: ground floor is Linux inner core, wherein comprises: DisplayDriver, CameraDriver ... the modules such as PowerManagement; The second layer is C/C++ function library, is Native layer, wherein comprise SQLite storehouse, WebKit ... the modules such as libe, known SQLite warehouse compartment is in this layer; Third layer is application framework layer, wherein comprises: ActivityManger, Windowsmanger ... the modules such as XMPPService, SQLiteDatabase is positioned at this third layer; 4th layer is application program, or is called application layer, and it is Java layer, and it comprises the application programs such as Home, Phone, Browser, and its Android database application is positioned at this 4th layer.The embodiment of the present application is at the second layer, namely Native layer increases the encryption and decryption functions of SQLite database source code, as shown in Figure 2, Java layer (i.e. application program) uses JNI technology to call the encryption and decryption functions function of Native layer, namely, JNI technology is used organically to connect two-layer, can interactive operation mutually.
The embodiment of the present application is in the operating system source code of the terminal source code of the operating system database adding encryption and decryption functions being merged into the source code being extracted described operating system database, and opened encryption and decryption interface to after upper level applications, for the data making operating system identifiable design be encrypted the upper level applications of protection, the i.e. encrypt file of identifiable design upper level applications, can retouching operation system source code further, such as, a kind of specific embodiment can retouching operation system to the identifying of encrypt file, amended operating system identifiable design is made to be encrypted the data of the upper level applications of protection.For android system, all can verify the file header of database file before each reading android system database file, check whether the file header of database file has " SQLiteformat3 " to mark, but, the file header having carried out the database file of encipherment protection is just no longer " SQLiteformat3 ", but with the ciphertext tokens that corresponding secret key is encrypted " SQLiteformat3 ", therefore need to increase this ciphertext tokens in the source code of data base read-write verification, just this ciphertext tokens can be identified when system reads this ciphertext tokens, thus encrypt file can be considered as normal file and carry out subsequent operation, otherwise this ciphertext tokens of system None-identified, described encrypt file is considered as the file Force Deletion damaged.
At retouching operation system source code, after making amended operating system identifiable design be encrypted the data of the upper level applications of protection, namely complete the retouching operation of the embodiment of the present application to operating system source code.Afterwards, generation directly can run on terminal and support the operating system image file of operating system database encryption and decryption functions, and generate the SDK (softwaredevelopmentkit, SDK (Software Development Kit)) that operating system database encryption and decryption interface is provided.Generate described image file and described in provide the method for the SDK of operating system database encryption and decryption interface to comprise: compilation process is performed to amended operating system source code.This compilation process comprises the operating system after compiling amendment source code and SDK, and the embodiment of the present application is not specifically limited concrete Compilation Method.The described operating system image file generated after the embodiment of the present application compilation operations system comprises: hold the storehouse of direct operation system needs and instrument and at the storehouse of mobile terminal direct operation system needs and instrument, the operating system image file namely generated can compatible PC and mobile terminal at PC.In addition, the embodiment of the present application, on the basis of successful com operating system, can compile the new SDK with operating system database encryption and decryption interface further, and the SDK utilizing this new can develop the application program with encipherment protection its data function further.
Wherein, be understandable that, compiling system and SDK last as can revise the configuration file of system source code, the embodiment of the present application does not do concrete restriction to this operating process.
In addition, the embodiment of the present application considers that the limitation of mobile terminal hardware resource and application program are to factors such as the requirements of execution efficiency, and some application program does not relate to private data, therefore, the embodiment of the present application all can not be encrypted all data in the operating system database of terminal, according to the concealed degree of the data of application program, terminal can determine whether that calling the data of encipher interface to this application program is encrypted.Facilitate the encryption of the data of application programs like this, ensure that the security of end-user listening data, there is again very strong dirigibility simultaneously.
What the embodiment of the present application provided calls encipher interface, and the method data of the described upper level applications of preserving in described operating system database being encrypted to protection comprises the steps:
Step one: receive encrypted ones;
Encrypted ones that described encrypted ones can receive for application program, that arranged by user or application developer.
Step 2, call the encipher interface of the operating system database adding encryption and decryption functions, obtain be-encrypted data, and transmit described encrypted ones to described be-encrypted data;
Because described encipher interface is open, to application program, therefore application program directly calls this encipher interface, can obtain be-encrypted data, transmits described encrypted ones to described be-encrypted data simultaneously.
Step 3, utilize described encrypted ones generate key, for obtain described be-encrypted data be encrypted protection.
This step is the step for be-encrypted data is encrypted, and utilizes encrypted ones to generate key, and then utilizes double secret key be-encrypted data to be encrypted protection.The embodiment of the present application achieves terminal and according to the concealed degree of the data of application program, the data of application programs can be selected to arrange encrypted ones, be encrypted protection.
A kind of specific embodiment, for android system SQLite database is encrypted as example, specifically comprises following operation:
The encrypted ones that step 30, reception application developer or user are arranged;
Step 31, the mapping function using JNI technology to connect Java layer and Native layer transmit encrypted ones, and call the encipher interface of SQLite database, open SQLite database, obtain be-encrypted data;
Step 32, utilize described encrypted ones generate key, to data encryption in SQLite database.
The embodiment of the present application includes but not limited to the method that data in database are encrypted: AES, DES (DataEncryptionStandard, data encryption algorithm) etc.
In addition, the embodiment of the present application also can revise encrypted ones, namely resets encrypted ones, e.g., calls encipher interface, the encrypted ones of the data of amendment encipherment protection.A kind of operating process resetting encrypted ones for data in android system SQLite database specifically comprises following operation:
Step 40, reception reset encrypted ones;
Step 41, the mapping function transmission using JNI technology to connect Java layer and Native layer reset encrypted ones, and call the encipher interface of SQLite database, open SQLite database;
Whether this SQLite database that step 42, judgement are opened is encrypted;
If encrypt, then perform step 43; If not encryption, then perform step 44;
Step 43, utilization replacement encrypted ones generation replacement key amendment original cipher key complete the reset process to original cipher key.
Step 44, utilization reset encrypted ones and generate the key be used for for data encryption in database.
Be understandable that; for the data of the upper level applications of encipherment protection, i.e. the encrypt file of upper level applications, need perform decryption oprerations when calling; specifically comprise: call decryption interface, to the decrypt data of upper level applications being encrypted protection.
The embodiment of the present application is by increasing encryption and decryption functions for terminal operating system database, and by the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system, to make upper level applications can according to the concealed degree of data, the encryption and decryption interface in calling data storehouse, protection is encrypted to the data of described upper level applications, even if achieve terminal system maliciously obtained Root authority, the data of the operating system database of its encipherment protection application program at the middle and upper levels also can not stolenly be got, effectively ensure that the safety of user data in terminal.
The above-mentioned data security protection method that the application provides can be performed by terminal, also can be performed by the software that terminal is installed.
It should be noted that, the executive agent of each step of the embodiment of the present application institute supplying method can be all same equipment, or the method also can by distinct device as executive agent.
Be data security protection method that the embodiment of the present application provides above; based on same thinking; the embodiment of the present application also provides a kind of data security protecting device; as shown in Figure 3; for described apparatus structure schematic diagram, this device mainly comprises: encryption and decryption functions increases unit 300, encryption and decryption interface opening unit 310 and ciphering unit 320.Also can comprise amendment unit 330, generation unit 340 and decryption unit 350 further.
Wherein, encryption and decryption functions increases unit 300, and the operating system database be mainly used in as terminal increases encryption and decryption functions;
Wherein, as shown in Figure 4, described encryption and decryption functions increases unit 300 and can comprise a kind of embodiment:
Extract subelement 3010, for extracting the source code of operating system database from the operating system source code of terminal; Because the size of code of the operating system source code of terminal is large, complex structure, to revise in the operating system source code of whole terminal and the source code of debugging operations system database meeting more complicated, and it is consuming time, therefore, the embodiment of the present application extracts subelement 3010 can by independent for the source code of operating system database, modify for the source code of independent operating system database, to increase encryption and decryption functions separately.
Encryption and decryption functions increases subelement 3020, for revising the source code of described operating system database, increases encryption and decryption functions;
Merge subelement 3030, for being merged into by the source code of the operating system database adding encryption and decryption functions in the operating system source code of the terminal of the source code being extracted described operating system database.
Wherein, encryption and decryption interface opening unit 310; to be mainly used in the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system; following operation can be performed to make described upper level applications: call encipher interface, protection is encrypted to the data of the described upper level applications of preserving in described operating system database.Encryption and decryption interface opening unit 310 described in the embodiment of the present application can use JNI technology to realize open described encryption and decryption interface to the upper level applications of operating system.
Wherein, ciphering unit 320, is mainly used in application call encipher interface, is encrypted protection to the data of the described upper level applications of preserving in described operating system database.Described ciphering unit 320 can use Java local interface JNI technology to call bottom encryption and decryption functions function, is encrypted protection to data in operating system database.In addition, described ciphering unit 320 also can be used for resetting encrypted ones.
Described device also can comprise:
Amendment unit 330, for revising the identifying of system to encrypt file, makes amended system identifiable design be encrypted the data of the described upper level applications of protection.The embodiment of the present application is provided with the encrypt file of encrypted ones for ease of operating system identification; amendment unit 330 can retouching operation system source code further; make the encrypt file of operating system identifiable design upper level applications; described retouching operation system source code such as; amendment unit 330 can, by retouching operation system to the identifying of encrypt file, make operating system identifiable design be encrypted the data of the described upper level applications of protection.
Described device also can comprise further:
Generation unit 340, directly can run on terminal for generating, and support the operating system image file of operating system database encryption and decryption functions, and generate the SDK providing operating system database encryption and decryption interface.Generation unit 340 described in the embodiment of the present application generate described operating system image file and described in provide the method for the SDK of operating system database encryption and decryption interface to comprise: compilation process is performed to amended operating system source code.This compilation process comprises the operating system after compiling amendment source code and SDK, the described operating system image file that the embodiment of the present application generation unit 340 generates comprises: hold the storehouse of direct operation system needs and instrument and at the storehouse of mobile terminal direct operation system needs and instrument, the system image file namely generated can compatible PC and mobile terminal at PC.In addition; the embodiment of the present application is on the basis of generation unit 340 successful com operating system; can compile the new SDK with operating system database encryption and decryption interface further, the SDK utilizing this new can develop the application program with encipherment protection its data function further.
Decryption unit 350 described in the embodiment of the present application, is mainly used in calling decryption interface, to the decrypt data of upper level applications being encrypted protection.
In sum; the data security protection method that the embodiment of the present application provides and device; encryption and decryption functions is increased by the operating system database for terminal; and can according to the concealed degree of the data of application program; the encipher interface of call operation system database; the data of application programs are encrypted protection; even if achieve terminal operating system maliciously obtained Root authority; in the operating system database of its encipherment protection, the data of application program also can not stolenly be got, and effectively ensure that the safety of end-user listening data.
In addition, the embodiment of the present application all can not be encrypted all data in the operating system database of terminal, according to the concealed degree of the data of application program, terminal can determine whether that the data of application programs are encrypted.So namely, facilitate the encryption of the data of application programs, ensure that the security of end-user listening data, there is again very strong dirigibility, effectively ensure that the operational efficiency of terminal system simultaneously.
Simultaneously; the embodiment of the present application makes the data of the upper level applications being encrypted protection (data being encrypted protection in operating system database are present in operating system with encrypt file form) effectively be blended in the operating system of terminal, encrypt file described in the operating system identifiable design making terminal.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the process flow diagram of the method for the embodiment of the present invention, equipment (system) and computer program and/or block scheme.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block scheme and/or square frame and process flow diagram and/or block scheme and/or square frame.These computer program instructions can being provided to the processor of multi-purpose computer, special purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computing machine or other programmable data processing device produce device for realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be loaded in computing machine or other programmable data processing device, make on computing machine or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computing machine or other programmable devices is provided for the step realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
In one typically configuration, computing equipment comprises one or more processor (CPU), input/output interface, network interface and internal memory.
Internal memory may comprise the volatile memory in computer-readable medium, and the forms such as random access memory (RAM) and/or Nonvolatile memory, as ROM (read-only memory) (ROM) or flash memory (flashRAM).Internal memory is the example of computer-readable medium.
Computer-readable medium comprises permanent and impermanency, removable and non-removable media can be stored to realize information by any method or technology.Information can be computer-readable instruction, data structure, the module of program or other data.The example of the storage medium of computing machine comprises, but be not limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic RAM (DRAM), the random access memory (RAM) of other types, ROM (read-only memory) (ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc ROM (read-only memory) (CD-ROM), digital versatile disc (DVD) or other optical memory, magnetic magnetic tape cassette, tape magnetic rigid disk stores or other magnetic storage apparatus or any other non-transmitting medium, can be used for storing the information can accessed by computing equipment.According to defining herein, computer-readable medium does not comprise temporary computer readable media (transitorymedia), as data-signal and the carrier wave of modulation.
Also it should be noted that, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, commodity or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, commodity or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, commodity or the equipment comprising described key element and also there is other identical element.
It will be understood by those skilled in the art that the embodiment of the application can be provided as method, system or computer program.Therefore, the application can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the application can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) of computer usable program code.
The foregoing is only the embodiment of the application, be not limited to the application.To those skilled in the art, the application can have various modifications and variations.Any amendment done within all spirit in the application and principle, equivalent replacement, improvement etc., within the right that all should be included in the application.
Claims (12)
1. a data security protection method, is characterized in that, comprising:
For the operating system database of terminal increases encryption and decryption functions;
By the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system, following operation can be performed to make described upper level applications:
Call encipher interface, protection is encrypted to the data of the described upper level applications of preserving in described operating system database.
2. the method for claim 1, is characterized in that, the described operating system database for terminal increases encryption and decryption functions and specifically comprises:
The source code of operating system database is extracted from the operating system source code of terminal;
Revise the source code of described operating system database, increase encryption and decryption functions;
The source code of the operating system database adding encryption and decryption functions is merged in the operating system source code of the terminal of the source code being extracted described operating system database.
3. method as claimed in claim 2, is characterized in that, by the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to after the upper level applications of operating system, described method also comprises:
Retouching operation system, to the identifying of encrypt file, makes operating system identifiable design carry out the data of the upper level applications of encipherment protection.
4. method as claimed in claim 3, is characterized in that, amendment system is to after the identifying of encrypt file, and described method also comprises:
Generation directly can run on terminal, and supports the operating system image file of operating system database encryption and decryption functions, and generates the SDK (Software Development Kit) SDK providing operating system database encryption and decryption interface.
5. the method for claim 1, is characterized in that, is describedly specifically comprised to the upper level applications of operating system with the form opening of encryption and decryption interface by the encryption and decryption functions of operating system database:
Use encryption and decryption interface described in Java local interface JNI technology, opening up to the upper level applications of operating system.
6. the method for claim 1, is characterized in that, described method also comprises:
Call decryption interface, to the decrypt data of upper level applications being encrypted protection.
7. a data security protecting device, is characterized in that, comprising:
Encryption and decryption functions increases unit, increases encryption and decryption functions for the operating system database for terminal;
Encryption and decryption interface opening unit, for by the encryption and decryption functions of operating system database with the form opening of encryption and decryption interface to the upper level applications of operating system;
Ciphering unit, for application call encipher interface, is encrypted protection to the data of the described upper level applications of preserving in described operating system database.
8. device as claimed in claim 7, is characterized in that, described encryption and decryption functions increases unit and comprises:
Extract subelement, for extracting the source code of operating system database from the operating system source code of terminal;
Encryption and decryption functions increases subelement, for revising the source code of described operating system database, increases encryption and decryption functions;
Merge subelement, for being merged into by the source code of the operating system database adding encryption and decryption functions in the operating system source code of the terminal of the source code being extracted described operating system database.
9. device as claimed in claim 8, it is characterized in that, described device also comprises:
Amendment unit, for the identifying of retouching operation system to encrypt file, makes operating system identifiable design be encrypted the data of the upper level applications of protection.
10. device as claimed in claim 9, it is characterized in that, described device also comprises:
Generation unit, directly can run on terminal for generating, and support the operating system image file of operating system database encryption and decryption functions, and generate the SDK (Software Development Kit) SDK providing operating system database encryption and decryption interface.
11. devices as claimed in claim 7, is characterized in that, described encryption and decryption interface opening unit uses encryption and decryption interface described in Java local interface JNI technology, opening up to the upper level applications of operating system.
12. devices as claimed in claim 7, it is characterized in that, described device also comprises:
Decryption unit, for calling decryption interface, to the decrypt data of upper level applications being encrypted protection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410403731.0A CN105447398A (en) | 2014-08-15 | 2014-08-15 | Data safety protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410403731.0A CN105447398A (en) | 2014-08-15 | 2014-08-15 | Data safety protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105447398A true CN105447398A (en) | 2016-03-30 |
Family
ID=55557561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410403731.0A Pending CN105447398A (en) | 2014-08-15 | 2014-08-15 | Data safety protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105447398A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107193963A (en) * | 2017-05-24 | 2017-09-22 | 中国人民解放军后勤工程学院 | A kind of distributed development method of database application system |
| CN108985096A (en) * | 2018-07-13 | 2018-12-11 | 厦门市美亚柏科信息股份有限公司 | A kind of enhancing of Android SQLite database security, method for safely carrying out and device |
| CN110851849A (en) * | 2019-11-12 | 2020-02-28 | 西安中科星图空间数据技术有限公司 | Encryption method and device for free map image data |
| CN112035860A (en) * | 2020-09-03 | 2020-12-04 | 深圳市百富智能新技术有限公司 | File encryption method, terminal, device, equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101587479A (en) * | 2008-06-26 | 2009-11-25 | 北京人大金仓信息技术股份有限公司 | Database management system kernel oriented data encryption/decryption system and method thereof |
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN103378971A (en) * | 2012-04-27 | 2013-10-30 | 厦门雅迅网络股份有限公司 | Data encryption system and method |
| CN103455520A (en) * | 2012-06-04 | 2013-12-18 | 北京三星通信技术研究有限公司 | Method and device for accessing Android database |
| CN103686716A (en) * | 2013-12-19 | 2014-03-26 | 复旦大学 | Android access control system for enhancing confidentiality and integrality |
-
2014
- 2014-08-15 CN CN201410403731.0A patent/CN105447398A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101587479A (en) * | 2008-06-26 | 2009-11-25 | 北京人大金仓信息技术股份有限公司 | Database management system kernel oriented data encryption/decryption system and method thereof |
| CN103378971A (en) * | 2012-04-27 | 2013-10-30 | 厦门雅迅网络股份有限公司 | Data encryption system and method |
| CN103455520A (en) * | 2012-06-04 | 2013-12-18 | 北京三星通信技术研究有限公司 | Method and device for accessing Android database |
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN103686716A (en) * | 2013-12-19 | 2014-03-26 | 复旦大学 | Android access control system for enhancing confidentiality and integrality |
Non-Patent Citations (1)
| Title |
|---|
| 刘汉烨: "Web信息管理系统数据库加密技术研究", 《电子设计工程》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107193963A (en) * | 2017-05-24 | 2017-09-22 | 中国人民解放军后勤工程学院 | A kind of distributed development method of database application system |
| CN107193963B (en) * | 2017-05-24 | 2020-04-21 | 中国人民解放军陆军勤务学院 | Distributed development method of database application system |
| CN108985096A (en) * | 2018-07-13 | 2018-12-11 | 厦门市美亚柏科信息股份有限公司 | A kind of enhancing of Android SQLite database security, method for safely carrying out and device |
| CN110851849A (en) * | 2019-11-12 | 2020-02-28 | 西安中科星图空间数据技术有限公司 | Encryption method and device for free map image data |
| CN112035860A (en) * | 2020-09-03 | 2020-12-04 | 深圳市百富智能新技术有限公司 | File encryption method, terminal, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10853270B2 (en) | Cryptographic pointer address encoding | |
| CN110245506B (en) | Intelligent contract management method and device based on block chain and electronic equipment | |
| CN105637800B (en) | Key Infrastructures | |
| US20220006617A1 (en) | Method and apparatus for data storage and verification | |
| JP6227772B2 (en) | Method and apparatus for protecting a dynamic library | |
| KR102433011B1 (en) | Method of apk file protection, apk file protection system performing the same, and storage medium storing the same | |
| CN105408912A (en) | Process authentication and resource permissions | |
| CN110826031B (en) | Encryption method, device, computer equipment and storage medium | |
| CN113010856A (en) | Dynamic asymmetric encryption and decryption JavaScript code obfuscation method and system | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| US9563754B2 (en) | Method of generating a structure and corresponding structure | |
| CN104021335B (en) | Password service method based on extensible password service framework | |
| CN107111728A (en) | Safe key export function | |
| CN105447398A (en) | Data safety protection method and device | |
| CN111159658B (en) | Byte code processing method, system, device, computer equipment and storage medium | |
| CN107871066B (en) | Code compiling method and device based on android system | |
| WO2017181968A1 (en) | Method for processing application file, method and device for accessing application file, and storage medium | |
| CN101799852B (en) | Hardware cryptographic module and method for protecting bank counter sensitive data | |
| WO2015154469A1 (en) | Database operation method and device | |
| CN105095784A (en) | Terminal data writing and reading methods and devices | |
| CN105844170A (en) | File processing method and device | |
| CN112559980B (en) | Applet runtime capable of embedding a plurality of random APP | |
| US11934539B2 (en) | Method and apparatus for storing and processing application program information | |
| US20230058046A1 (en) | Apparatus and Method for Protecting Shared Objects | |
| CN111625814B (en) | Processing device, processing method, processing device and storage medium for wind control calculation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160330 |