CN106941473A - A kind of encryption method and device - Google Patents

A kind of encryption method and device Download PDF

Info

Publication number
CN106941473A
CN106941473A CN201610004418.9A CN201610004418A CN106941473A CN 106941473 A CN106941473 A CN 106941473A CN 201610004418 A CN201610004418 A CN 201610004418A CN 106941473 A CN106941473 A CN 106941473A
Authority
CN
China
Prior art keywords
file
data block
unit
data
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610004418.9A
Other languages
Chinese (zh)
Other versions
CN106941473B (en
Inventor
袁园
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201610004418.9A priority Critical patent/CN106941473B/en
Publication of CN106941473A publication Critical patent/CN106941473A/en
Application granted granted Critical
Publication of CN106941473B publication Critical patent/CN106941473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of encryption method, including:Obtain i-th of data block of the unencryption in the first file, first file be downloading process in be currently written into file to be downloaded data temporary file, i-th of data block is no more than the continuous data of the first preset range for size in file to be downloaded, wherein, i >=1;I-th of data block is encrypted;I-th of data block after encryption is write into the second file;When the i+1 data block of unencryption is not present in the first file, terminate ciphering process.The embodiment of the present invention further simultaneously discloses a kind of encryption device.

Description

A kind of encryption method and device
Technical field
The present invention relates to the data processing technique of the communications field, more particularly to a kind of encryption method and device.
Background technology
In current data age, Information Security is always all trades and professions focus of attention problem.Data add The close strong Means of Ensuring for being undoubtedly data safety.Nowadays, data encryption technology has been widely used In fields such as terminal, server, network services, various AESs also emerge in an endless stream.For Android System, the in the prior art encryption to data in equipment mainly has following several method:
First, the information pair of the data block used recorded using the file system of android terminal device The user partition of android terminal device is encrypted, it is to avoid user's invalid data is encrypted.Second, The Android files of presence are encrypted the method injected by dynamic link library.Specifically, passing through hook Related system function, finds application programming interface (API, the Application that file data is encrypted Programming Interface), so that file to be encrypted, when user reads file, hook phases again System function is closed, is decrypted using secret key pair this document.3rd, by built-in in Android device File in equipment is encrypted the method for encrypting module.Built-in encrypting module in android terminal device Can have a variety of, such as built-in encryption program, built-in hardware encryption module, built-in encryption card mode are to file It is encrypted.
However, using prior art implementation method, due to the development of Android device, memory headroom Increasing, when the Documents Comparison in system is big, the process that this document is encrypted and time will get over It is long, so, the encryption efficiency for big file can be caused extremely low.For example, using prior art to one The video file encryption of individual 1G sizes will sometimes reach that this is unacceptable 10 minutes or so.
The content of the invention
In order to solve the above technical problems, the embodiment of the present invention is expected to provide a kind of encryption method and device, can During larger file is encrypted, encryption times are reduced, the efficiency of file encryption is improved.
The technical proposal of the invention is realized in this way:
The embodiment of the present invention provides a kind of encryption method, including:
Obtain i-th of data block of the unencryption in the first file, first file be in downloading process just In the temporary file of the data of write-in file to be downloaded, i-th of data block is in the file to be downloaded Size is no more than the continuous data of the first preset range, wherein, i >=1;
I-th of data block is encrypted;
I-th of data block after encryption is write into the second file, second file is encrypted data Storage file;
When the i+1 data block of unencryption is not present in first file, terminate ciphering process.
In such scheme, before the end ciphering process, methods described also includes:
It is phase by first file synthesis when the file to be downloaded is write into the first file completion The first application file answered;
When the i+1 data block of unencryption is not present in first file, by the described second text Part synthesizes corresponding second application file;
First application file is replaced using second application file.
It is described before i-th of data block for obtaining the unencryption in the first file in such scheme Method also includes:
When detecting download instruction, first file and second file are generated.
In such scheme, after generation first file, not adding in the first file of the acquisition Before i-th close of data block, methods described also includes:
According to the download instruction, i-th of data block is write described from the file to be downloaded One file.
It is described that i-th of data block is encrypted in such scheme, including:
I-th of data block is encrypted the method injected using dynamic link library.
The embodiment of the present invention provides a kind of encryption device, including:
Acquiring unit, i-th of data block for obtaining the unencryption in the first file, first file For the temporary file for the data that file to be downloaded is currently written into downloading process, i-th of data block is institute The continuous data that size in file to be downloaded is no more than the first preset range is stated, wherein, i >=1;
Ciphering unit, for i-th of data block that the acquiring unit is obtained to be encrypted;
Writing unit, for i-th of data block after ciphering unit encryption to be write into the second file, Second file is the storage file of encrypted data;
End unit, for when in first file that the acquiring unit is obtained in the absence of the of unencryption During i+1 data block, terminate ciphering process.
In said apparatus, the encryption device also includes:Detection unit and generation unit;
The generation unit, i-th of data of the unencryption in the first file are obtained for the acquiring unit Before block, when the detection unit detects download instruction, first file and second file are generated.
In said apparatus, said write unit, be additionally operable to the generation unit generate first file it Afterwards, before i-th of data block of the unencryption in the first file of the acquiring unit acquisition, according to the inspection The download instruction of unit detection is surveyed, i-th of data block that the acquiring unit is obtained is from described First file is write in file to be downloaded.
In said apparatus, the encryption device also includes:Synthesis unit and replacement unit;
The synthesis unit, for said write unit according to the download instruction, by i-th of data Block is write from the file to be downloaded before first file, when said write unit will be described to be downloaded It is corresponding by first file synthesis when the first file that file writes the generation unit generation is completed First application file;And said write unit writes i-th of data block after the second file, institute State before end unit terminates ciphering process, when be not present in the first file that the generation unit is generated plus During the close i+1 data block, second file synthesis that the generation unit is generated is corresponding The second application file;
The replacement unit, is closed for first file that the synthesis unit generates the generation unit As corresponding first application file, and second file synthesis that the generation unit is generated is corresponding The second application file after, using the synthesis unit synthesize second application file replace it is described close First application file synthesized into unit.
In said apparatus, the ciphering unit, specifically for the method using dynamic link library injection to institute I-th of the data block for stating acquiring unit acquisition is encrypted.
The embodiments of the invention provide a kind of encryption method and device, by obtaining the unencryption in the first file I-th of data block, first file be downloading process in be currently written into file to be downloaded data it is interim File, i-th of data block is no more than the continuous data of the first preset range for size in file to be downloaded, Wherein, i >=1;I-th of data block is encrypted;I-th of data block after encryption is write into the second file; When the i+1 data block of unencryption is not present in the first file, terminate ciphering process.Using above-mentioned skill Art implementation, due to the temporary file in load document downloading process data while, encryption device pair The data block that certain size of data and unencryption are met in temporary file is encrypted, until adding in temporary file Carried the data of file to be loaded, so, the encryption device can be after temporary file have loaded data compared with In short time, the ciphering process of above-mentioned data is completed, therefore, larger file is entered using such scheme During the process of row encryption, encryption times can be significantly decreased, so as to improve the efficiency of file encryption.
Brief description of the drawings
Fig. 1 is a kind of flow chart one of encryption method provided in an embodiment of the present invention;
Fig. 2 is a kind of flowchart 2 of encryption method provided in an embodiment of the present invention;
Fig. 3 is a kind of schematic flow sheet of exemplary encryption method provided in an embodiment of the present invention;
Fig. 4 is a kind of structural representation one of encryption device provided in an embodiment of the present invention;
Fig. 5 is a kind of structural representation two of encryption device provided in an embodiment of the present invention;
Fig. 6 is a kind of structural representation three of encryption device provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear Chu, it is fully described by.
It should be noted that the encryption device in the embodiment of the present invention can have text for terminal, server etc. Part loading, the electronic equipment of store function, or being integrated in outside above-mentioned electronic equipment has file Loading, the device or device of store function.The explanation of embodiment is carried out by executive agent of terminal below.
Embodiment one
The embodiments of the invention provide a kind of encryption method, as shown in figure 1, this method can include:
S101, the unencryption obtained in the first file i-th of data block, first file are downloading process In be currently written into file to be downloaded data temporary file, i-th of data block is big in file to be downloaded The small continuous data for being no more than the first preset range, wherein, i >=1.
The embodiment of the present invention is to be encrypted in above-mentioned terminal to carrying out the file after data download or loading When propose, its inventive concept is:In the terminal when the download or loading of one file of progress, while to The data division of download is encrypted, that is, make use of the method for space metathesis time to reduce encryption times, carry High encryption efficiency.
Optionally, the terminal in the embodiment of the present invention can be mobile terminal, can be specifically with file Loading, the smart mobile phone of store function, panel computer etc..
It should be noted that the terminal of described above can be the terminal with android system.
Optionally, file to be downloaded can be the files such as application, video or audio in the embodiment of the present invention.
It should be noted that in the embodiment of the present invention, android system is downloading the texts such as generation application, video During part, the downloading process of this document needs first to produce a temporary file (.temp files) i.e. first file, Then the data of file to be downloaded are constantly write into first file, finally synthesize what final needs were produced again File (e.g. .apk .mp4 etc.), i.e. the first application file.
Specifically, in embodiments of the present invention, when detecting download instruction, since the first file write The data for entering file to be downloaded rise, and terminal begins to read or obtains the text to be downloaded that is write in first file The data of part, then, when the terminal gets the i-th data block of unencryption in the first file, it is possible to It is synchronous that i-th data block is encrypted.
It should be noted that the size of the i-th data block in the embodiment of the present invention can be within a preset range A data block.Above-mentioned preset range can be 10k, and the setting of specific preset range can be according to reality Border situation and experiment are chosen, and the embodiment of the present invention is not restricted.
Particularly, in embodiments of the present invention, i-th of data block is to write first according to by downloading process The data of the file to be downloaded of file it is tactic.
Further, terminal, can be to i-th of data when the i-th data block in reading the first file Block is marked, and specific mark mode can be realized using prior art, so, and the terminal just can be with Know which of the first file data read or read where.
S102, i-th of data block be encrypted.
Terminal is after i-th of data block of the unencryption in obtaining the first file, and the terminal just can be to this Process is encrypted in i-th of data block.
It should be noted that in the embodiment of the present invention, terminal begins to establishment and added after downloading process is started Close process, i-th of the file to be downloaded in the first file in downloading process is got by the crypto process During individual data block, it is possible to which i-th of data block that this gets is encrypted.
Specifically, i-th of data block is encrypted the method that terminal can be injected using dynamic link library. More specifically, terminal can be noted shell code (shellcode) by using dynamic link library injection mode Enter into the crypto process of terminal profile, then the application journey that searching system crypto process is used in shellcode Sequence DLL (API, Application Programming Interface), using the API as in Android The monitoring point set up or be implanted at system encryption process, capture and record android system terminal send and The i-th data block before the encryption of reception, and the i-th data block before the encryption is carried out based on Android platform Detection and analysis, and the i-th data block is encrypted.
S103, by after encryption i-th of data block write the second file, second file be encrypted data Storage file.
Terminal is after i-th of data block is encrypted, and the terminal just can be by i-th of data after encryption Block, which is written in, downloads storage file that terminal when starting is generated, for storing encrypted data, i.e., second In file.
Specifically, the present invention is when the downloading process of foregoing description produces the first file (.temp files), profit Capture current downloading process behavior with hook (hook) function, and simultaneously another disk space generate this The copy copy (.bak.temp files) of one file, i.e. the second file, then progressively by current downloading process Second file (.bak.temp files) is write after i-th of encryption of blocks of data for writing the first file (.temp) In.After terminal has all encrypted all data blocks in the first file, most .bak.temp files are closed at last As the final file destination (the second application file) for needing to produce, and cover the produced by .temp files One application file.So, the second application file finally exported is exactly the file by encryption.
That is, after i-th of data block has carried out encryption, or after the second file of write-in, should Just the i+1 data block in the first file can be encrypted for terminal, until the whole in the first file Untill the data encryption to be downloaded that write-in is completed is completed.
It should be noted that the i obtained from the uncertainty of file to be downloaded size, terminal number It is uncertain, still, the ciphering process for each data block is carried out according to above-mentioned S101-S103 's.
S104, when in the first file be not present unencryption i+1 data block when, end ciphering process.
Terminal is write in i-th of data block after by encryption after the second file, and the terminal is circulated to i+1 Individual data block carries out same encryption, when the i+1 data block that unencryption is not present in the first file, That is when the data in the first file have carried out encryption after being all acquired, the terminal will terminate current add Close process.
Further, when user reads the second file of synthesis, terminal can also hook related systems again Function, using secret key pair, second file is decrypted.
It is understood that encryption method provided in an embodiment of the present invention can effectively improve the encryption of file Efficiency, significantly shortens the time of file encryption, while safeguards system file security, enhances The usage experience of Android terminal user.It is various due to the encryption to small documents (file for being less than 1M) The efficiency of encryption method is almost without what difference (encryption times are all in Millisecond), so the embodiment of the present invention It is unobvious to too small file encryption improved efficiency.But for big file, such as video, audio, image, Encryption times can be shortened 95% by the encryption of the files such as application software, encryption method provided in an embodiment of the present invention More than.
A kind of encryption method that the embodiment of the present invention is provided, by obtain the unencryption in the first file the I data block, first file be downloading process in be currently written into file to be downloaded data temporary file, I-th of data block is no more than the continuous data of the first preset range for size in file to be downloaded, wherein, i >=1; I-th of data block is encrypted;I-th of data block after encryption is write into the second file;When the first file In be not present unencryption i+1 data block when, end ciphering process.Using above-mentioned technic relization scheme, Due to the temporary file in load document downloading process data while, meet one in terminal-pair temporary file The data block for determining size of data and unencryption is encrypted, until having loaded file to be loaded in temporary file Data, so, the terminal can be completed above-mentioned within the short period after temporary file has loaded data The ciphering process of data, therefore, can be with the process larger file being encrypted using such scheme Encryption times are significantly decreased, so as to improve the efficiency of file encryption.
Embodiment two
The embodiments of the invention provide a kind of encryption method, as shown in Fig. 2 this method can include:
S201, when detecting download instruction, the first file of generation and the second file, first file is downloads During be currently written into file to be downloaded data temporary file, second file deposits for encrypted data Store up file.
The embodiment of the present invention is to be encrypted in above-mentioned terminal to carrying out the file after data download or loading When propose, its inventive concept is:In the terminal when the download or loading of one file of progress, while to The data division of download is encrypted, that is, make use of the method for space metathesis time to reduce encryption times, carry High encryption efficiency.
Optionally, the terminal in the embodiment of the present invention can be mobile terminal, can be specifically with file Loading, the smart mobile phone of store function, panel computer etc..
It should be noted that the terminal of described above can be the terminal with android system.
Optionally, file to be downloaded can be the files such as application, video or audio in the embodiment of the present invention.
It should be noted that the monitoring point that terminal can be set up or be implanted at android system crypto process, When the terminal of capture and record android system sends download instruction.So, terminal just can be real-time Know the progress of down operation, be that the unlatching of crypto process below is prepared.
Specifically, when terminal detects download instruction, text to be downloaded can be proceeded by downloading process The downloading process of part, then generates the first file, meanwhile, crypto process can also be created in the terminal, it is raw It is used to store encrypted data into the second file, wherein, first file is treated to be currently written into downloading process Download the temporary file of the data of file.
It should be noted that the download downloading process in the embodiment of the present invention can use the side of dynamic link library Method is realized.
S202, according to download instruction, i-th of data block is write into the first file from file to be downloaded, should I-th of data block is no more than the continuous data of the first preset range for size in file to be downloaded, wherein, i >=1.
It should be noted that in the embodiment of the present invention, android system is downloading the texts such as generation application, video During part, the downloading process of this document needs first to produce a temporary file (.temp files) i.e. first file, Then the data of file to be downloaded are constantly write into first file, finally synthesize what final needs were produced again File (e.g. .apk .mp4 etc.), i.e. the first application file.
When detecting download instruction, terminal is generated after the first file, and the terminal can be according to download instruction Carry out the downloading process of file to be downloaded.Because downloading process is the process of data packing transmission, therefore, Write the first file can have i with data block.
It should be noted that the size of the i-th data block in the embodiment of the present invention can be within a preset range A data block.Above-mentioned preset range can be 10k, and the setting of specific preset range can be according to reality Border situation and experiment are chosen, and the embodiment of the present invention is not restricted.
Particularly, in embodiments of the present invention, i-th of data block is to write first according to by downloading process The data of the file to be downloaded of file it is tactic.
S203, the unencryption obtained in the first file i-th of data block.
Terminal writes i-th of data block after the first file according to download instruction from file to be downloaded, Because encryption will expend the time, and in the first file still in endlessly write-in data, therefore, the end End is creating crypto process, after generating the second file, just reads the of unencryption in the first file I data block.
Specifically, in embodiments of the present invention, when detecting download instruction, since the first file write The data for entering file to be downloaded rise, and terminal begins to read or obtains the text to be downloaded that is write in first file The data of part, then, when the terminal gets the i-th data block of unencryption in the first file, it is possible to It is synchronous that i-th data block is encrypted.
Further, terminal, can be to i-th of data when the i-th data block in reading the first file Block is marked, and specific mark mode can be realized using prior art, so, and the terminal just can be with Know which of the first file data read or read where.
I-th of data block is encrypted for S204, the method injected using dynamic link library.
Terminal is after i-th of data block of the unencryption in obtaining the first file, and the terminal just can be to this Process is encrypted in i-th of data block.
It should be noted that in the embodiment of the present invention, terminal begins to establishment and added after downloading process is started Close process, i-th of the file to be downloaded in the first file in downloading process is got by the crypto process During individual data block, it is possible to which i-th of data block that this gets is encrypted.
Specifically, i-th of data block is encrypted the method that terminal can be injected using dynamic link library. More specifically, terminal can be noted shell code (shellcode) by using dynamic link library injection mode Enter into the crypto process of terminal profile, then the application journey that searching system crypto process is used in shellcode Sequence DLL (API, Application Programming Interface), using the API as in Android The monitoring point set up or be implanted at system encryption process, capture and record android system terminal send and The i-th data block before the encryption of reception, and the i-th data block before the encryption is carried out based on Android platform Detection and analysis, and the i-th data block is encrypted.
S205, by after encryption i-th of data block write the second file, second file be encrypted data Storage file.
Terminal is after i-th of data block is encrypted, and the terminal just can be by i-th of data after encryption Block, which is written in, downloads storage file that terminal when starting is generated, for storing encrypted data, i.e., second In file.
Specifically, the present invention is when the downloading process of foregoing description produces the first file (.temp files), profit Capture current downloading process behavior with hook (hook) function, and simultaneously another disk space generate this The copy copy (.bak.temp files) of one file, i.e. the second file, then progressively by current downloading process Second file (.bak.temp files) is write after i-th of encryption of blocks of data for writing the first file (.temp) In.After terminal has all encrypted all data blocks in the first file, most .bak.temp files are closed at last As the final file destination (the second application file) for needing to produce, and cover the produced by .temp files One application file.So, the second application file finally exported is exactly the file by encryption.
That is, after i-th of data block has carried out encryption, or after the second file of write-in, should Just the i+1 data block in the first file can be encrypted for terminal, until the whole in the first file Untill the data encryption to be downloaded that write-in is completed is completed.
It should be noted that the i obtained from the uncertainty of file to be downloaded size, terminal number It is uncertain, still, the ciphering process for each data block is carried out according to above-mentioned S202-S205 's.
S206, when by file to be downloaded write the first file complete when, be corresponding by first file synthesis First application file.
Terminal writes i-th of data block after the first file according to download instruction from file to be downloaded, Due to the size of file to be downloaded be it is certain, therefore, the data write in the first file be also it is certain, And when the data of file to be downloaded all write the first file Chinese style, according to downloading process, the terminal is by first File synthesis is corresponding first application file.
S207, when in the first file be not present unencryption i+1 data block when, by the second file synthesis For corresponding second application file.
Terminal writes i-th of data block after encryption after the second file, and the terminal can just be proceeded by The acquisition and encryption of i+1 data block, if now terminal will write the first file of data to be downloaded In data when all encrypting, i.e. when the i+1 data block of unencryption being not present in the first file, the terminal Just can be the second application file by the second file synthesis.
It should be noted that the synthesis side of the first application file and the second application file in the embodiment of the present invention Method is consistent, and the file type of synthesis is also consistent.
S208, using the second application file replace the first application file.
Terminal is synthesized after the first application file and the second application file, and the terminal is just using the encrypted Two application files replace the first application file of unencryption, so, and the file of output is exactly encrypted text Part.
It is understood that because the embodiment of the present invention is when carrying out the data write-in of the first file, it is possible to Synchronous i-th of the encryption of blocks of data for having been written into unencryption carried out in the first file, therefore, in the case where download is treated After the completion of the process of part of publishing papers soon, terminal just completes the encrypted work of the data of first file, and deposits Storage is in the second file.And the first application file is the file exported at the end of normal downloading process, second should With the second file synthesis that file is encryption, therefore, belong to the file encrypted.Therefore, under null terminator Null Carry in the very short time completed, just obtained the second application file by encryption.
S209, end ciphering process.
Terminal is replaced using the second application file after the first application file, and the terminal will terminate current add Close process.
Further, when user reads the second file of synthesis, terminal can also hook related systems again Function, using secret key pair, second file is decrypted.
It is understood that encryption method provided in an embodiment of the present invention can effectively improve the encryption of file Efficiency, significantly shortens the time of file encryption, while safeguards system file security, enhances The usage experience of Android terminal user.It is various due to the encryption to small documents (file for being less than 1M) The efficiency of encryption method is almost without what difference (encryption times are all in Millisecond), so the embodiment of the present invention It is unobvious to too small file encryption improved efficiency.But for big file, such as video, audio, image, Encryption times can be shortened 95% by the encryption of the files such as application software, encryption method provided in an embodiment of the present invention More than.
Exemplary, as shown in Figure 3, it is assumed that the program X in terminal needs to download one from certain server Example.mp4 video file.Downloading process X is ready, and terminal calls API in system kernel (download interface), then it is dynamic to call Libc.so to implement data download by being invoked at the Libtrans.so of system Make.Specifically, generating the first file (temporary file) .temp by Libc.so, downloading process X is to .temp The data to be downloaded on program X are write, after data to be downloaded all write-in .temp, by the .temp The first example.mp4 (the first application file) of unencryption is synthesized, downloading process is completed.Meanwhile, terminal After download interface is called, the Libtrans.so injected by system thinks intercepting and capturing to create crypto process E Downloading process X download instructions simultaneously open new crypto process, for implementing ciphering process.Specifically, terminal The second file, i.e. .bak.temp are created after crypto process is created;When have in .temp write-in data start, The data for starting to obtain in .temp are encrypted, and the data after encryption are write in .bak.temp, when .temp write-ins data are finished, and during the data without unencryption, the .bak.temp is synthesized the by terminal Two example.mp4 (the second application file), finally, the terminal replace using the 2nd example.mp4 One example.mp4 is exported, and terminates ciphering process.So far, terminal is downloading regarding for example.mp4 The encryption of example.mp4 video file is completed while frequency file.
A kind of encryption method that the embodiment of the present invention is provided, by obtain the unencryption in the first file the I data block, first file be downloading process in be currently written into file to be downloaded data temporary file, I-th of data block is no more than the continuous data of the first preset range for size in file to be downloaded, wherein, i >=1; I-th of data block is encrypted;I-th of data block after encryption is write into the second file;When the first file In be not present unencryption i+1 data block when, end ciphering process.Using above-mentioned technic relization scheme, Due to the temporary file in load document downloading process data while, meet one in terminal-pair temporary file The data block for determining size of data and unencryption is encrypted, until having loaded file to be loaded in temporary file Data, so, the terminal can be completed above-mentioned within the short period after temporary file has loaded data The ciphering process of data, therefore, can be with the process larger file being encrypted using such scheme Encryption times are significantly decreased, so as to improve the efficiency of file encryption.
Embodiment three
As shown in figure 4, the embodiments of the invention provide a kind of terminal 1, the terminal 1 can include:
Acquiring unit 10, i-th of data block for obtaining the unencryption in the first file, first text Part is is currently written into the temporary file of the data of file to be downloaded in downloading process, i-th of data block is Size is no more than the continuous data of the first preset range in the file to be downloaded, wherein, i >=1.
Ciphering unit 11, for i-th of data block that the acquiring unit 10 is obtained to be encrypted.
Writing unit 12, for the ciphering unit 11 to be encrypted after i-th of data block write-in second File, second file is the storage file of encrypted data.
End unit 13, for when in first file that the acquiring unit 10 is obtained be not present plus During close i+1 data block, terminate ciphering process.
Optionally, as shown in figure 5, the terminal 1 also includes:Detection unit 14 and generation unit 15.
The generation unit 15, i-th of the unencryption in the first file is obtained for the acquiring unit 10 Before individual data block, when the detection unit 14 detects download instruction, first file is generated and described Second file.
Optionally, said write unit 12, be additionally operable to the generation unit 17 generate first file it Afterwards, before i-th of data block of the unencryption in first file of the acquisition of acquiring unit 10, according to described The download instruction that detection unit 14 is detected, i-th of data that the acquiring unit 10 is obtained Block writes first file that the generation unit 15 is generated from the file to be downloaded.
Optionally, as shown in fig. 6, the terminal 1 also includes:Synthesis unit 16 and replacement unit 17.
The synthesis unit 16, for said write unit 12 according to the download instruction, by described i-th Individual data block is write from the file to be downloaded before first file, when said write unit 12 is by institute When stating first file completion that the file to be downloaded write-in generation unit 15 is generated, by the described first text Part synthesizes corresponding first application file;And said write unit 12 writes i-th of data block After second file, the end unit 13 terminates before ciphering process, when the generation unit 15 is generated The first file in be not present unencryption the i+1 data block when, the generation unit 15 is generated Second file synthesis be corresponding second application file.
The replacement unit 17, generate the generation unit 15 for the synthesis unit 16 described One file synthesis is corresponding first application file, and second file that the generation unit 15 is generated After synthesizing corresponding second application file, second practical writing synthesized using the synthesis unit 16 Part replaces first application file that the synthesis unit 16 is synthesized.
Optionally, the ciphering unit 11, is obtained specifically for the method injected using dynamic link library to described I-th of the data block for taking unit 10 to obtain is encrypted.
Optionally, the terminal in the embodiment of the present invention can be mobile terminal, can be specifically with file Loading, the smart mobile phone of store function, panel computer etc..
In actual applications, above-mentioned acquiring unit 10, ciphering unit 11, writing unit 12, end unit 13rd, detection unit 14, generation unit 15, synthesis unit 16 and replacement unit 17 can be by positioned at terminals 1 On processor realize, specially central processing unit (CPU), microprocessor (MPU), at data signal Manage device (DSP) or field programmable gate array (FPGA) etc. to realize, can also include depositing in the terminal 1 Reservoir, specifically, i-th of the data block and its software code of unencryption, i-th of the data block encrypted and Its software code, the first file and its software code, the second file and its software code, download instruction and its Software code, the first application file and its software code, and the second application file and its software code can be with Preserve in memory, the memory can be connected by system bus with processor, wherein, memory is used In storage executable program code, the program code includes computer-managed instruction, and memory may include height Fast RAM memory, it is also possible to also including nonvolatile memory, for example, at least one magnetic disk storage.
A kind of terminal that the embodiment of the present invention is provided, by i-th that obtains the unencryption in the first file Data block, first file, should to be currently written into the temporary file of the data of file to be downloaded in downloading process I-th of data block is no more than the continuous data of the first preset range for size in file to be downloaded, wherein, i >=1; I-th of data block is encrypted;I-th of data block after encryption is write into the second file;When the first file In be not present unencryption i+1 data block when, end ciphering process.Using above-mentioned technic relization scheme, Due to the temporary file in load document downloading process data while, meet one in terminal-pair temporary file The data block for determining size of data and unencryption is encrypted, until having loaded file to be loaded in temporary file Data, so, the terminal can be completed above-mentioned within the short period after temporary file has loaded data The ciphering process of data, therefore, can be with the process larger file being encrypted using such scheme Encryption times are significantly decreased, so as to improve the efficiency of file encryption.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can using hardware embodiment, software implementation or combine software and The form of the embodiment of hardware aspect.Moreover, the present invention can be used wherein includes calculating one or more The computer-usable storage medium of machine usable program code (includes but is not limited to magnetic disk storage and optical storage Device etc.) on the form of computer program product implemented.
The present invention is with reference to method according to embodiments of the present invention, equipment (system) and computer program product Flow chart and/or block diagram describe.It should be understood that flow chart and/or side can be realized by computer program instructions Each flow and/or square frame in block diagram and flow and/or the knot of square frame in flow chart and/or block diagram Close.Can provide these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or The processor of other programmable data processing devices is to produce a machine so that by computer or other can The instruction of the computing device of programming data processing equipment is produced for realizing in one flow or multiple of flow chart The device for the function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices In the computer-readable memory worked in a specific way so that be stored in the computer-readable memory Instruction, which is produced, includes the manufacture of command device, and the command device is realized in one flow of flow chart or multiple streams The function of being specified in one square frame of journey and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made Obtain and series of operation steps performed on computer or other programmable devices to produce computer implemented processing, So as to which the instruction performed on computer or other programmable devices is provided for realizing in one flow of flow chart Or specified in one square frame of multiple flows and/or block diagram or multiple square frames function the step of.
The above, only presently preferred embodiments of the present invention is not intended to limit the protection model of the present invention Enclose.

Claims (10)

1. a kind of encryption method, it is characterised in that including:
Obtain i-th of data block of the unencryption in the first file, first file be in downloading process just In the temporary file of the data of write-in file to be downloaded, i-th of data block is in the file to be downloaded Size is no more than the continuous data of the first preset range, wherein, i >=1;
I-th of data block is encrypted;
I-th of data block is write into the second file, second file is literary for the storage of encrypted data Part;
When the i+1 data block of unencryption is not present in first file, terminate ciphering process.
2. according to the method described in claim 1, it is characterised in that not adding in the first file of the acquisition Before i-th close of data block, methods described also includes:
When detecting download instruction, first file and second file are generated.
3. method according to claim 2, it is characterised in that after generation first file, And before i-th of data block for obtaining the unencryption in the first file, methods described also includes:
According to the download instruction, i-th of data block is write described from the file to be downloaded One file.
4. method according to claim 3, it is characterised in that described according to the download instruction, will I-th of data block is write from the file to be downloaded before first file, and methods described is also wrapped Include:
It is phase by first file synthesis when the file to be downloaded is write into the first file completion The first application file answered;
Accordingly, it is described to write i-th of data block after the second file, the end ciphering process Before, methods described also includes:
When the i+1 data block of unencryption is not present in first file, by the described second text Part synthesizes corresponding second application file;
Accordingly, described is corresponding first application file by first file synthesis, and the general is described Second file synthesis is after corresponding second application file, methods described also includes:
First application file is replaced using second application file.
5. according to the method described in claim 1, it is characterised in that described that i-th of data block is entered Row encryption, including:
I-th of data block is encrypted the method injected using dynamic link library.
6. a kind of encryption device, it is characterised in that including:
Acquiring unit, i-th of data block for obtaining the unencryption in the first file, first file For the temporary file for the data that file to be downloaded is currently written into downloading process, i-th of data block is institute The continuous data that size in file to be downloaded is no more than the first preset range is stated, wherein, i >=1;
Ciphering unit, for i-th of data block that the acquiring unit is obtained to be encrypted;
Writing unit, for i-th of data block after ciphering unit encryption to be write into the second file, Second file is the storage file of encrypted data;
End unit, for when in first file that the acquiring unit is obtained in the absence of the of unencryption During i+1 data block, terminate ciphering process.
7. device according to claim 6, it is characterised in that the encryption device also includes:Detection Unit and generation unit;
The generation unit, i-th of data of the unencryption in the first file are obtained for the acquiring unit Before block, when the detection unit detects download instruction, first file and second file are generated.
8. device according to claim 7, it is characterised in that
Said write unit, is additionally operable to after the generation unit generation first file, described to obtain single Member is obtained before i-th of data block of the unencryption in the first file, the institute detected according to the detection unit Download instruction is stated, i-th of data block that the acquiring unit is obtained is write from the file to be downloaded Enter first file of the generation unit generation.
9. device according to claim 8, it is characterised in that the encryption device also includes:Synthesis Unit and replacement unit;
The synthesis unit, for said write unit according to the download instruction, by i-th of data Block is write from the file to be downloaded before first file, when said write unit will be described to be downloaded It is phase by first file synthesis when first file that file writes the generation unit generation is completed The first application file answered;And said write unit writes i-th of data block after the second file, The end unit terminates before ciphering process, when the generation unit generate the first file in be not present not During the i+1 data block of encryption, second file synthesis that the generation unit is generated is phase The second application file answered;
The replacement unit, is closed for first file that the synthesis unit generates the generation unit As corresponding first application file, and second file synthesis that the generation unit is generated is corresponding The second application file after, using the synthesis unit synthesize second application file replace it is described close First application file synthesized into unit.
10. device according to claim 6, it is characterised in that
The ciphering unit, is obtained specifically for the method injected using dynamic link library to the acquiring unit I-th of data block be encrypted.
CN201610004418.9A 2016-01-04 2016-01-04 Encryption method and device Active CN106941473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610004418.9A CN106941473B (en) 2016-01-04 2016-01-04 Encryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610004418.9A CN106941473B (en) 2016-01-04 2016-01-04 Encryption method and device

Publications (2)

Publication Number Publication Date
CN106941473A true CN106941473A (en) 2017-07-11
CN106941473B CN106941473B (en) 2020-05-19

Family

ID=59469768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610004418.9A Active CN106941473B (en) 2016-01-04 2016-01-04 Encryption method and device

Country Status (1)

Country Link
CN (1) CN106941473B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115914677A (en) * 2022-09-19 2023-04-04 上海辰锐信息科技有限公司 Intelligent video safety networking device and server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040064485A1 (en) * 2002-09-30 2004-04-01 Kabushiki Kaisha Toshiba File management apparatus and method
CN101155296A (en) * 2006-09-29 2008-04-02 中国科学技术大学 Method for transmitting data
CN102882923A (en) * 2012-07-25 2013-01-16 北京亿赛通科技发展有限责任公司 Secure storage system and method for mobile terminal
CN103825885A (en) * 2014-01-23 2014-05-28 广东顺德中山大学卡内基梅隆大学国际联合研究院 Internet content encryption release method and system
CN103916477A (en) * 2014-04-09 2014-07-09 曙光云计算技术有限公司 Data storage method and device and data downloading method and device for cloud environment
CN103944721A (en) * 2014-04-14 2014-07-23 天津艾宝卓越科技有限公司 Method and device for protecting terminal data security on basis of web

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040064485A1 (en) * 2002-09-30 2004-04-01 Kabushiki Kaisha Toshiba File management apparatus and method
CN101155296A (en) * 2006-09-29 2008-04-02 中国科学技术大学 Method for transmitting data
CN102882923A (en) * 2012-07-25 2013-01-16 北京亿赛通科技发展有限责任公司 Secure storage system and method for mobile terminal
CN103825885A (en) * 2014-01-23 2014-05-28 广东顺德中山大学卡内基梅隆大学国际联合研究院 Internet content encryption release method and system
CN103916477A (en) * 2014-04-09 2014-07-09 曙光云计算技术有限公司 Data storage method and device and data downloading method and device for cloud environment
CN103944721A (en) * 2014-04-14 2014-07-23 天津艾宝卓越科技有限公司 Method and device for protecting terminal data security on basis of web

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115914677A (en) * 2022-09-19 2023-04-04 上海辰锐信息科技有限公司 Intelligent video safety networking device and server

Also Published As

Publication number Publication date
CN106941473B (en) 2020-05-19

Similar Documents

Publication Publication Date Title
CN108053211B (en) Transaction processing method and device based on block chain
US20160117518A1 (en) File Encryption/Decryption Device And File Encryption/Decryption Method
CN111522784B (en) Metadata synchronization method, device and equipment for unstructured data files
CN106599629B (en) Android application program reinforcing method and device
CN107070656B (en) Method and system for encrypting and decrypting so file in application program
CN109062582A (en) A kind of encryption method and device of application installation package
CN107516045A (en) Document protection method and device
CN107766096A (en) The generation method of application program installation kit, the operation method of application program and device
CN109840400B (en) Apparatus and method for providing security and apparatus and method for performing security for universal intermediate language
CN111669434B (en) Method, system, device and equipment for establishing communication group
JP2007233426A (en) Application execution device
KR101734663B1 (en) Method for preventing reverse engineering of android application and apparatus for performing the method
CN107148627A (en) Transparent execution to private content
CN111241556A (en) Data security storage method and device, storage medium and terminal
CN106941473A (en) A kind of encryption method and device
CN107180168A (en) File loading, generation method and device, and intelligent terminal
CN109660852A (en) Video previewing method, storage medium, equipment and system before recorded video publication
CN104680083A (en) Method and device for managing image
CN105989075A (en) Method, device and system for displaying image by browser
CN110968885A (en) Model training data storage method and device, electronic equipment and storage medium
CN113391811A (en) Function compiling method and device, electronic equipment and computer readable storage medium
CN114444725B (en) Pre-training service system and service providing method based on pre-training service system
JP5596612B2 (en) Decoding control system and decoding control method
CN109560927A (en) A kind of device-fingerprint implementation method and device
CN105824608B (en) Processing, plug-in unit generation method and the device of process object

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant